Thanks for the transparency, I really appreciate that. I was already reading about it on Discord yesterday.
Personally, I do think it’s fair to pay some sort of amount, though I honestly can’t put a price on it. If wallets were potentially at risk, that alone is already worth something.
I even think situations like this can be handled without going through a full proposal process, simply to be able to act fast together with the treasury. I trust them to make solid decisions, but only if we keep the transparency. Don’t solve everything purely in Discord where only a limited group will read about it.
In cases like this, “better to ask for forgiveness than permission” might actually apply.
And regarding the vulnerability itself, I think we should be thankful someone reported it without bad intentions. Again, what price do you put on that?
Chatgpt:
Honestly, in the crypto space, a zero-day vulnerability for a DAO could easily be worth anywhere from a few hundred to thousand dollars to more, depending on the impact and exploitability. Preventing a serious exploit could literally save the treasury.
Thanks for the reply. But from someone like you I was really hoping for a personal opinion and NOT a chat GPT prompt response because I can do that :)
Now please give me your personal opinion on a $amount
Let’s break it down.
A self-employed professional charging around $100/hour who spent several days working on the report, communicating with Splinterlands, and following up based on his previous post would probably land somewhere around $2,500 in value (if the actual discovery was a potential big risk). That seems like a fair estimate to me.
The bigger question is: has he actually asked for anything yet? Is there even an open price discussion, or is he making demands?
Thank you! Now this is the answer I was hoping for.
He sort of thrown various numbers but nothing officially so I am not disclosing it. Also if I disclose how can I independently ask for a fair value to other professionals like you?