A project can prove their proof of assets deploying a vault via Immunefi's Dashboard and depositing assets. A Vault is implemented as a Gnosis Safe, with the attachment of a Guard - Immunefi Guard - and a module - Immunefi Module, set in the moment of Safe setup.
Assets inside a project's Vault are displayed to the bug reporter, serving as proof of funds for bug report reward. Projects can withdraw their assets or a portion of them by queuing a withdrawal operation. This operation is timelocked and can only be executed after a certain cooldown period.
A project pays a successful report submission by a whitehat using the RewardSystem. Proper bounty reward distribution logic will be borrowed from the VaultDelegate, which handles automatically the whitehat reward and the Immunefi fee processing.
The RewardSystem component also allows for reward enforcement if the project does not act on the decision made by mediation.
If either project or whitehat is unsatisfied with the mediation outcome, an arbitration request can be done using the Arbitration component. An external party will be called on to decide the final outcome. Any reward distribution will be enforced.
You will need the following software on your machine:
- Run
forge test
If you discover any security issues, please follow the Immunefi Bounty Program to submit.