ApeCoin DAO Board Member Proposes $4.5M Bug Bounty Program
An ApeCoin DAO board member submitted a bug bounty program proposal that includes the delay of the ApeCoin staking launch by about 2-4 weeks.
Maaria Bajwa, a board member and a principal in the investment fund Sound Ventures, submitted the AIP idea to "provide an additional layer of security to identify bugs and keep users safe" in the face of notable exploits such as the recent incident where more than $560 million was stolen from Binance. Bajwa added that it is "prudent" to implement the program, which would set aside 1 million $APE (about $4.5 million) "prior to going live." The AIP idea deals only with AIP-21, the first of two approved staking proposals for ApeCoin.
"Though bounty programs can often be months long, we propose a 2-4 week program prior to staking going live. This offers sufficient time to surface vulnerabilities while still allowing staking to go live in a timely manner," the proposal said.
Bajwa's AIP idea was submitted on Oct. 13, and now needs to wait for the seven-day feedback window to complete before moving it forward in the lengthy AIP process. Assuming it passed quickly through the AIP analysis report, moderation, post-moderation, and administrative review stages, the earliest day the bug bounty program could be voted on would be Oct. 27 (live AIPs are released in batches on Thursdays).
Horizen Labs co-founder Dean Steinbeck, who is on the ApeCoin DAO board, said in direct messages on social media that he wasn't the "best person to speak about the bug bounty" but that a bug bounty program "wasn't part of AIPs 21 and 22 and therefore never considered it."
"I think, in general, the idea of a bug bounty is good," said Steinbeck. "In this case we'll defer to the community."
The AIP idea was already being heavily discussed by board and community members with more than 1,200 users (the most on the ideas page) viewing the proposal. AIPs 21 and 22 were approved by the community in May.
"This timing can’t be serious...This proposal should have been done months ago, not two weeks before the staking date," said user Piair. "The contract has been professionally audited. It’s totally fine to have a bug bounty program but it should not delay the all thing again. Let’s open a bug bounty program while ApeCoin staking is live, it will be perfectly fine like this."