Improved security

Hello everyone! I have a proposal that i want to run by the community: It appears Mir has really nailed its launch and has entered into a perfect storm of potential black swan events and the price is reflecting this sentiment. In order to gain mass adoption we must above all else provide 2 things: Security and Liquidity. I go with the assumption that market forces will eventually self regulate this aspect once the true benefits of staking vs arbitrage vs holding mir are weighed in. This leaves us with the second point of security. If we want whales to start using Mirror we need the contract to be bulletproof, and currently there is bounty of up to 150k USt for exposing a vulnerability and bring it to the attention of the team instead of exploiting it for malicious gain. I propose to allocate a lot more resources from the community fund to the Bug Bounty Program, so that the brightest minds in the world literally have million dollar incentives to constantly pour over all aspects of the protocol as it evolves and patch any potential vulnerabilities before they become exploitable, while getting handsomely rewarded. See this as hiring a top notch cyber security team to watch over the protocol. What is your opinion on a proposal to allocate 1m Mir to the bounty bug program and expand it to include higher prizes, up to 1 million USt, so that in the odd chance a serious vulnerability is found, the person discovering it can cash in a huge reward without attempting an exploit. It appears at though 150k is too little incentive for someone who could potentially cost the protocol and its users hundreds of millions in losses + reputational damage. Let’s secure our bags to the max and get the highest paid rewards for exposing security vulnerabilities in the industry! Please share your thoughts and proposals on who can be contracted and wether you would be willing to vote it in, thank you!

2 Likes

This is a good initiative , I would be in favor of it but more details on the payouts should be provided.
I think you should reach out to the below email to understand the current structure and see if the community fund can provide better incentives to battle test the protocol:

(From @AG_1000 )
We consider the security of the Mirror protocol extremely important. Our development team has worked with the Cyber Unit team and third-party consultants to create a safe and trustworthy protocol. See the Mirror Smart Contract audit by Cyberunit here (Link: DocSend). All contract code and balances can be publicly verified (Link: Mirror Protocol · GitHub).

If you discover an original vulnerability, refer to our Bug Bounty guidelines and let us know at security@mirror.finance. We promise to reward you generously depending on the severity of the discovery, granted that it fulfills our requirements.

1 Like