- Introduction and Background
As GMX continues to scale, the security of traders, liquidity providers, and the broader community has always been paramount, with the majority of the GMX Treasury allocated to back our industry-leading Immunefi bug bounty program. Despite this strong foundation, large-scale exploits or black swan events could still pose significant risks to our protocol, as they do for all DeFi protocols. To bolster GMX’s resilience and cover for any significant compensation or bug bounty payouts that might otherwise impair the protocol, we propose creating a GMX Safety Reserve (GSR) overseen by the already-elected GMX Security Committee (see the Committee’s formation and role here).
- Funding and Growth
The GSR will be initially funded by transferring the protocol’s existing bug bounty reserves—currently comprised of ETH, ARB, and stablecoins—into a dedicated fund. To ensure the GSR’s long-term viability, we recommend allocating a percentage of the DAO’s fee revenue on an ongoing basis. Such allocation is presumed to be from the existing 10% of GMX V2 protocol fees allocated to the DAO, but both the size and source would be subject to a subsequent governance vote. Additionally, to harness additional resources beyond our existing ones, GMX contributors will seek grants, vested tokens, pledges, or conditional guarantees from key ecosystem partners such as oracle providers, chains, bridging platforms, and risk specialists.
Note: Many of these partner commitments may not directly enlarge the DAO’s treasury but would instead serve as conditional backstops, ensuring GMX has sufficient capital available in the event of catastrophic incidents. In the event these pledged assets must be deployed, a dispute resolution mechanism will be in place to determine whether and how they can be utilized, recognizing that ecosystem partner contributions are not the first line of defense. Notably, the upcoming bridging partner tender is expected to include a material contribution to the GSR, emphasizing the importance of these partnerships for GMX’s long-term security.
- Administration and Governance
The GMX Security Committee, already elected by the community, will administer the GSR. They and Labs contributors may manage a portion of the funds via a multisig wallet, allowing for more direct and efficient distribution. Smaller or urgent bug bounty payouts—particularly for critical vulnerabilities—could then be reimbursed or disbursed swiftly in coordination with contributors. However, more substantial payouts, such as large-scale compensation programs following a severe exploit, will be subject to an on-chain governance vote to ensure transparent, community-driven decision-making. This two-tiered approach balances the need for rapid response with robust oversight.
- Transparency and Oversight
To maintain community trust, regular reports will detail the GSR’s balance, partner contributions, and any disbursements. If the community decides to explore a low-risk yield strategy for idle funds including holding yield-bearing stables, a separate governance proposal will be required—preventing unilateral decisions that could expose the GSR’s heightened risk. This emphasis on transparency, combined with the Security Committee’s focused administration, reinforces GMX’s commitment to a secure and open ecosystem.
- Conclusion and Call to Action
By placing oversight of the GSR under the already-established GMX Security Committee, GMX can more effectively respond to security threats, reward researchers who disclose critical vulnerabilities, and provide compensation if unforeseen events occur.
We invite all community members to share feedback on this proposal during the designated discussion period and to participate in the on-chain vote. With collective support and thorough oversight, the GSR can become a cornerstone of GMX’s enduring focus on safety and reliability.