eIP 62: Proposal to increase Euler's Cantina bug bounty program to $5M

EulerLabs · February 22, 2025, 4:31am

Author

Euler Labs

Date

2025-02-20

Summary

As Euler has grown significantly in recent months, we propose increasing Euler’s bug bounty program from its current $1M USDC to $2.5M USDC + $2.5M rEUL. The resources would be provided by the DAO in the event of a valid high white hat report (criteria detailed in the Cantina documentation). This enhancement aims to strengthen Euler’s security posture, attract top-tier security researchers to explore Euler’s code, and further incentivize responsible disclosure of vulnerabilities.

Motivation

Security is paramount for Euler’s long-term success. A well-funded bug bounty program:

Enhances security by attracting the best security researchers.
Encourages responsible disclosure, reducing the risk of undisclosed vulnerabilities.
Demonstrates Euler’s commitment to security and decentralization.
Aligns with industry standards, where leading DeFi protocols have substantial bounties.

Whilst $2.5M USDC is already a large incentive for responsible disclosure of a critical issue, adding an additional $2.5M in rEUL helps further attract attention to the bounty program and align successful white hats with the long-term success of Euler. By increasing the bounty program, Euler will solidify its security-first approach, enhance trust within the DeFi community, and proactively mitigate potential vulnerabilities.

Let’s work together to make Euler more secure!

Voting

Given Euler’s recent move to an optimistic governance framework, no formal on or off-chain voting is currently required for this proposal to pass. However, we encourage the Euler DAO and community members to provide feedback, share suggestions, and voice their opinions on this initiative. Community input will, as always, be crucial to ensuring that Euler remains relevant, competitive, and risk-managed.

Implementation

Unless any concerns are raised or the DAO would like more time for consideration of this proposal, the Prime market will be actioned by the Euler Foundation in 2 days’ time.

Disclosures, disclaimers and copyright

The author of this proposal, Euler Labs, is contracted to provide software development services by Euler DAO. Copyright is waived via CC0.

tributary0x · February 24, 2025, 1:52pm

We support this effort. Spending on security is always worthwhile, and it is especially worth increasing our offering to those looking to disclose responsibly as our TVL continues to balloon. A bug bounty should never be static and this revision aligns incentives well.

Topic		Replies	Views
[RFC] DAO Global Hackathon Grant Proposal Grants	10	1512	February 9, 2023
eIP 60 Ecosystem Initiatives Proposal Rewards	8	496	October 22, 2024
eIP 37: Encode Club Grant Proposal Grants	9	2305	December 23, 2022
Announcement of Euler Treasury Transactions - 14 May 2024 Foundation	0	153	May 14, 2024
eIP 62 Euler V2 “Capture The Flag” Competition Protocol	2	282	August 20, 2024