Giveth Bug Bounty VAULT

Operating the vault

After successful creation of our bug bounty vault DOCS - we need to fund it to complete the onboarding process.

Proposal description:
I propose on behalf of the bounty committee to initally fund the vault with 100.000 GIV (1350USD at the point of writing this) and after a period of a few weeks with another 200.000 GIV to arrive at a total bounty value of 300.000 (currently ~4050USD).

Some info about VAULTS:

  • funds can be extended by ourselves and others
  • funds can be escaped anytime with a 1 week grace period
  • there is a tokenomics aspect with $HATS that are staked on the vault
  • The vault is denominated in GIV
  • The vault is deployed on Ethereum Mainnet
  • The vault currently protects one contract only - Token Distro ( - but that is needed to initialize - we will add more contracts once the vault is active

Proposal Rationale
The propsal is designed to maximize efficiency of our deployment. Once the vault is funded and greenlit by the hats DAO, the bounty_committee would like to send the first 100.000 GIV to it, leaving 200.000 in the bounty_committee multisig.

Our reasoning for splitting the funds is that inital creation (followed by some comms work by might attract substantially more activity where people poke at things.

Expected duration or delivery date (if applicable):
We took a really long time setting up the vault itself - it would be awesome to move fast. Hence I already initiated a transaction from the Liquidity Multisig to move 300.000 GIV to the bounty committee multisig.

Team Information (For Funding Proposals)

The vault is controlled by the Giveth bounty committee - operating a multisig on our side with these participants:

  • Griff
  • Jim
  • MoeShehab
  • Kay

The role of the committee is to control funding streams from Giveth, edit the vault and most importantly ingest and process incoming vulnerability reports.

Skills and previous experience in related or similar work:
What are some of your skills or related experience that might help inform GIV holders about your ability to execute on your proposal

Funding Information (For Funding Proposals)

Amount of GIV requested:

Ethereum address where funds shall be transferred:

More detailed description of how funds will be handled and used:
Initially 100.000 GIV will be sent to the bug bounty vault provided by After an undefined period we will send another 200.000 GIV to the vault. By this point we will also have increased the vaults coverage.

This is the funding transaction:


Love the idea of having the bug bounty.

Thanks @geleeroyale !

1 Like

I am working on a tweet about this and talking to @Griff about it…

100k GIV is kind of low. He suggested we put more like 1M GIV. Is there a reason we didn’t want to put something bigger?

$1000 (or even $5000) isn’t much of an incentive for finding a critical bug.