Hey all! Sharing some thoughts here.
12,000 NXM is almost 5% of the Nexus community fund treasury. Nexus has a smaller treasury than most other DeFi projects so I want to be prudent in spending. The token mint to set up the community fund was contentious enough so I want to avoid the slippery slope of doing more token mints and diluting NXM holders to recapitalize the treasury.
That said, I’m open to starting with a small amount, say $100k worth of NXM, to see if the partnership is worthwhile and then periodically get approvals for future NXM rather than most upfront. This should be enough to cover the first critical vulnerability bug bounty payout, and then reevaluate whether the program is effective a reducing claim payments (e.g. bug bounty payout < active cover on such project). Immunifi also has a strong brand that could be worthwhile for Nexus to be a long-term partner.
The key part of the proposal is “could have led to a claim payout on Nexus Mutual”. Nexus has the proof-of-loss requirement, which means users have to sign a message proving they control a wallet that lost money in the hack; in the recent Yearn hack for example Nexus only paid $2.8M worth of claims out of $63.4M worth of active covers. Furthermore projects often reimburse affected users (e.g. Thorchain), which obviates the need for claims on Nexus. So even if critical bug is disclosed on Immunifi, Nexus wouldn’t necessarily pay claims on the full amount of active covers if that bug got exploited.