Reward Amendments to CUIP-003 (Bug Bounty)

Draft Proposals
1

Abstract

We believe in encouraging and supporting community members to continually invest in and participate in the success of the project. Rewarding participation in bug hunts and community moderation enables us to collectively take ownership of what we are building together. This proposal seeks to amend how incentives are disbursed for CUIP-003.

Motivation

  • We wish to continually incentivize the community’s participation in finding bugs that cover in-game usability issues and issues with the official websites.

Details

Bug Bounty Program

We want our players to help improve the quality of the game. This program will reward players for submitting novel issues to the team with rewards commensurate with the severity of the issue submitted. The program only rewards the original reporter, and the Laguna Games team will judge the severity of each issue.

Tier Description Reward (USD)
Tier 1 high significance issues that are game-breaking or pose critical issues 2500
Tier 2 medium-high significance issues that directly affect in-game or site usage or block a game loop 1000
Tier 3 medium significance issues that directly affect in-game or site usage but possess a workaround or do not significantly impact a game loop 500
Tier 4 minor significance issues that have potential to directly affect in-game or site usage 250
Tier 5 minor significance issues that do not directly affect in-game or site usage 100

  • What is considered a novel issue?

    • Issues that haven’t been announced prior.
    • Issues that are not connected to a prior issue.

  • Who is considered the original reporter?

    • The first player to report to Zendesk about a particular issue that falls within the scope and limitations of the program who is also:
      • A member of the Discord community
      • Not currently on the running blacklist, and;
      • Complied with the Bug Bounty ticket format on Zendesk

  • How will the reward be disbursed?

    • As the reward is denominated in USD, the Laguna Games team shall have the discretion to pay the rewards in either RBW or USDC. This will follow a monthly cadence.

Validity

These two programs will be valid for six (6) months, starting from when the current cycle ends. The current cycle must first be concluded using the existing model before this can take effect. Once the validity period ends, the team will re-evaluate the programs and, if appropriate, propose to extend them.

Conclusion

We believe that these programs appropriately align rewards to further strengthen community participation as we gear towards the growth phase. We leave the approval of this proposal to the DAO.

3 Likes
2

What a weak reward for critical bugs or vulnerabilities…
The stash event clearly cost much more (the amount from the stash, as well as the subsequent redemption of it all from the market)

3

This does not include the white hat/security bug bounty. We’re preparing a separate proposal for that. As mentioned in the proposal, this is for in-game usability issues and issues with the official websites.

3 Likes
4

Thanks for the clarification
It just wasn’t obvious to me. :+1:

5

No worries! Glad you brought it up since others might be wondering about it as well. Thank you.

6

I am 100% for this amendment to the Bug bounty reward. My only thoughts is it enough. I believe I read somewhere else that there is a white hat bounty as well for something really bad being relayed to team to be fixed. If so should that information be here as well. Would want some one who was a gray hat to see that they could receive more then 2500.00 if It would make them choose to be a white hat.

1 Like
7

Okay yes this is where I read it of course. Great idea. Look forward to this proposal asap. Thank you

1 Like
8

Hi Nessa,

Do we have a special format announced somewhere in discord? . if yes can we link them ?.
last time i check you just follow the format “required” in the bug bounty. there are no special formatting in the description side right ?

like mentioned from the past thread. i like this proposal. but if its any Tier 1 Game breaking events like a hack. i think it needs to have a special reward system so those who find it. if its not indicated on the proposal tho . those white hats might not report it and just take advantage of it.

[I also read they are not included here based on the response, but it can also maybe indicate above a certain X and Y when a hack is discoverred]

wanting to know other peoples view.

Thanks!

9

The format was posted on Medium in June when the Bug Bounty was launched.

In addition, it can also be accessed by going to the Zendesk submit ticket section, specifically choosing “Bug Bounty Report” and inputting all the required items.

1 Like
10

Hello, everyone! This proposal has been forwarded for the governance council to review. I will post the result as soon as it’s concluded. :bowing_woman:t2:

11

The council session for the Bug Bounty Program Amendment proposal has just concluded, and I am pleased to announce that we’re now ready to share the result:

Bug Bounty Program Amendment Proposal
Yes to moving to Snapshot: 11
No to moving to Snapshot: 0

With this, the Bug Bounty Program Amendment proposal has been moved to Snapshot for the sRBW holders’ consideration.

Snapshot: Snapshot
Start: December 09, 12:52 PM UTC
End: December 14, 12:52 PM UTC

12

The voting period for this proposal has ended. Snapshot

For: 59,744,622.57
Against: 0

Total Votes: 59,744,622.57
% Participation: 41.58%

We have successfully passed CUIP-008 - Bug Bounty Reward Amendments. As the December cycle has already started using the previously-approved program, this program will be applied to all valid reports received from January 2023.

Thank you for taking part in governance. :handshake:

1 Like