Research Bounty

Each bounty defines a precise scope of work and deliverables to eliminate ambiguity. This includes:

• Target Protocol: The specific smart contract, layer-2, or application to be analyzed.
• Research Questions: Defined hypotheses or areas of investigation (e.g., "Assess the economic security of the staking mechanism").
• Acceptance Criteria: The format (e.g., technical report, exploit PoC, data dashboard) and quality standards required for payout.

Rewards are structured to align incentives with research quality and impact. Common models include:

• Fixed-Price Bounties: A predetermined payout for completing the specified scope.
• Tiered/KPI-Based Bounties: Payout scales with the severity of a discovered vulnerability (e.g., Critical, High, Medium) or the depth of analysis.
• Success Fees: A percentage of funds saved or value generated from the research findings, common in economic security audits.

A clear process governs how work is submitted and judged, ensuring fairness.

• Public or Private Submission: Findings may be submitted via a platform (e.g., Immunefi, Sherlock) or directly to a committee.
• Objective Evaluation: Assessment by a panel of domain experts or against predefined verification scripts.
• Dispute Resolution: Formalized process for researchers to contest evaluation outcomes, often involving third-party adjudicators.

Unlike bug bounties focused solely on vulnerabilities, research bounties aim to generate new, actionable intelligence. Deliverables often include:

• Technical Reports: Deep-dive analysis of mechanism design, tokenomics, or cryptographic implementations.
• Data Analysis & Models: Scripts, dashboards, or simulation frameworks that model system behavior under stress.
• Strategic Recommendations: Actionable insights for protocol developers or governance stakeholders based on the findings.

Bounties operate within a defined timeline to ensure research is relevant and actionable. Key phases include:

• Submission Window: The period during which researchers can register and submit work.
• Evaluation Period: The time allocated for sponsors to assess submissions.
• Payout Schedule: Clear terms for when rewards are distributed post-acceptance, which may be contingent on remediation of any found issues.

Research bounties intersect with other key security and incentive mechanisms in Web3.

• Bug Bounty: A subset focused exclusively on finding technical security vulnerabilities for a reward.
• Audit Contest: A time-boxed, competitive audit where multiple researchers review the same codebase.
• Grants Program: Broader, less-specified funding for ecosystem development, often without strict deliverables.
• Verification Condition: A formal logic statement that must be proven or disproven by the research.

Projects often lack high-quality technical documentation. Bounties can fund the creation of developer tutorials, architecture explainers, and glossaries to improve ecosystem understanding and onboarding.

• Example: A Layer 2 scaling solution bounties the creation of a step-by-step guide for building a custom rollup.
• Impact: Lowers the barrier to entry for new developers and users.

DAOs use bounties to solicit detailed governance proposals or community improvement plans. This formalizes the process for suggesting and funding new initiatives.

• Example: A protocol's treasury DAO posts a bounty for a comprehensive proposal on how to allocate a $10M ecosystem fund.
• Outcome: The winning proposal is often executed by the submitter or a designated team, funded by the bounty and subsequent grants.

A research bounty is a crowdsourced funding model where a sponsor posts a reward for a specific research task. The process typically involves:

• Bounty Posting: A sponsor defines the research question, scope, deliverables, reward amount, and evaluation criteria.
• Submission: Researchers or analysts submit their findings, often in the form of a detailed report or analysis.
• Evaluation & Payment: The sponsor or a designated committee reviews submissions and disburses the reward to the winning entry, often paid in the protocol's native token or a stablecoin.

Bounties target specific, actionable research to fill knowledge gaps. Common objectives include:

• Protocol Design: Analyzing tokenomics, governance mechanisms, or incentive structures.
• Security Audits: Identifying vulnerabilities in smart contracts or system architecture before a formal audit.
• Economic Analysis: Modeling token flows, liquidity dynamics, or potential attack vectors.
• Competitive Landscape: Researching competing protocols or emerging technological trends.
• User & Data Analysis: Investigating on-chain behavior, adoption metrics, or community sentiment.

Specialized platforms facilitate the creation and management of research bounties, connecting sponsors with a global talent pool.

• Gitcoin Grants & Bounties: A pioneer in quadratic funding and bounty campaigns for public goods and open-source research.
• Immunefi: Primarily for security bounties, but also hosts research on vulnerability classification and threat landscapes.
• DAO-Specific Platforms: Many DAOs (e.g., MakerDAO, Compound) use forums and dedicated workflow tools like Coordinape or SourceCred to manage research initiatives.
• Protocol Documentation: Projects often post ongoing research requests directly in their governance forums or developer documentation.

For protocols and DAOs, research bounties offer a strategic tool for decentralized knowledge acquisition.

• Cost-Effective Expertise: Access a global network of specialists without long-term hiring commitments.
• Diverse Perspectives: Crowdsourcing invites a variety of analytical approaches, reducing blind spots.
• Community Engagement: Incentivizes deep, meaningful contribution from the community beyond simple governance voting.
• Risk Mitigation: Early research on economic or security models can prevent costly failures post-launch.

For analysts and developers, bounties provide tangible opportunities.

• Monetize Expertise: Earn cryptocurrency for conducting and publishing specialized analysis.
• Build Reputation: Successful bounty submissions establish credibility within a protocol's community and can lead to further opportunities.
• Direct Impact: Research can directly influence the technical roadmap or economic policy of a major protocol.
• Learning & Access: Deep engagement with cutting-edge protocols provides unparalleled insight into their inner workings.

While similar in structure, research and bug bounties have distinct scopes.

• Research Bounty: Focuses on analysis, modeling, and investigation. The deliverable is knowledge—a report, model, or design proposal. It answers "what if" or "how does this work?" questions.
• Bug Bounty: Focuses on exploit discovery and security vulnerabilities. The deliverable is a specific, actionable bug report that demonstrates a security flaw. It answers "is this system secure?" questions.
• Overlap: A research bounty on "economic security" might uncover a novel attack vector, blurring the lines, but the primary intent differs.

Defines the legal and technical boundaries for ethical hacking. A clear scope is critical for operational security and legal protection.

• In-Scope Assets: Specifies which smart contracts, APIs, or applications are open for testing.
• Out-of-Scope: Explicitly lists prohibited activities (e.g., social engineering, DDoS attacks).
• Rules: Establishes testing methodologies, disclosure policies, and terms for safe harbor, protecting researchers from legal action.

A standardized framework for assessing and rewarding reported vulnerabilities based on their potential impact. This ensures fair and consistent payouts.

• Uses scales like the CVSS (Common Vulnerability Scoring System) or project-specific criteria.
• Severity Tiers: Typically categorized as Critical, High, Medium, and Low, with corresponding bounty rewards.
• Example: A critical bug enabling fund theft commands a higher reward than a medium-severity logic error.

The formal process for submitting, validating, and resolving vulnerability reports. A secure workflow is essential to prevent public exploitation.

• Private Submission: Researchers report via encrypted channels on platforms like Immunefi or HackerOne.
• Triage: The project's security team validates the report's authenticity and severity.
• Remediation & Payout: The bug is fixed, and a bounty is paid after verification, often following a coordinated disclosure timeline.

The reward model designed to attract top security talent. Rewards must be competitive to ensure critical vulnerabilities are reported responsibly.

• Reward Types: Can be a flat fee, a percentage of funds at risk, or a sliding scale based on severity.
• Budget & Payout Speed: A publicly stated budget and fast payout history build trust with the researcher community.
• Key Consideration: Incentives must outweigh the potential black-market value of the exploit.

Measures to protect both the project and the researchers, ensuring the program operates within legal boundaries.

• Safe Harbor Agreement: A legal clause that shields researchers from prosecution if they follow the rules.
• KYC/AML Checks: Often required for large payouts to comply with financial regulations.
• Dispute Resolution: A predefined process for handling disagreements over bug severity or reward eligibility.

How bug bounties complement, rather than replace, professional security audits in a defense-in-depth strategy.

• Continuous Coverage: Bounties provide ongoing, crowd-sourced review after a formal audit is complete.
• Different Skill Sets: Audits find systematic issues; bounties often uncover novel, edge-case exploits.
• Best Practice: Projects should conduct at least one professional audit before launching a public bounty to catch obvious flaws.

A non-competitive funding mechanism where a project allocates capital to support specific, pre-defined development, research, or community initiatives. Unlike bounties, grants are typically awarded proactively based on proposals, not for completing a predefined task. They fund longer-term work such as:

• Building core protocol infrastructure.
• Creating developer tools or SDKs.
• Producing in-depth analytical reports.

A funding model that rewards contributors for work that has already proven valuable to an ecosystem, popularized by Optimism's RetroPGF rounds. It differs from bounties and grants by being retrospective and merit-based. The community or a panel assesses the impact of past work (like research, tooling, or education) and distributes rewards accordingly, reducing upfront proposal overhead.

A formal submission to a protocol's decentralized autonomous organization (DAO) to request treasury funds or enact a change. A research bounty program might itself be initiated via a governance proposal. These proposals involve:

• On-chain voting by token holders.
• A detailed specification of the ask (budget, scope, deliverables).
• A community discussion period before voting.

A phase in a blockchain's launch where participants are rewarded for stress-testing the network, finding bugs, and validating operations before mainnet. Rewards are often distributed for completing specific tasks, blurring the line with bounties. Key activities include:

• Running validator nodes.
• Testing transaction throughput and stability.
• Identifying consensus or networking issues.