Proposal for Enforcing Timely Payouts in Line with Immunefi’s SLA

In the context of web3, where security is paramount, maintaining trust and transparency with whitehats is essential to ensure the continued protection and resilience of our ecosystem.

According to Immunefi’s Service Level Agreement (SLA), projects are expected to process payouts within 7 days of report confirmation. This standard exists to foster a positive and reliable relationship between projects and researchers. However, recent whitehat submissions — and direct feedback gathered from several researchers who have submitted reports to Hydration — suggest that payouts have been delayed for over a month in some cases, significantly exceeding the agreed-upon timeline.

Delays in payouts not only breach Immunefi’s rules but also risk discouraging whitehats from continuing to engage with our program. Many of them invest substantial time and expertise in finding vulnerabilities that protect the protocol and its users. Failing to reward their efforts promptly can damage Hydration’s reputation and reduce future engagement from top security researchers.

For this reason, I would like to propose a policy to consistently uphold the 7-day SLA for confirmed reports and ensure that all whitehats are rewarded within the timeframe defined by Immunefi. This would demonstrate Hydration’s commitment to ethical security practices and strengthen its position as a trustworthy and researcher-friendly protocol.

Let’s lead by example and make timely payouts a core part of our commitment to security and community trust.