Incentives matter. Approving this proposal sends a strong message. If you see a problem and you fix it for ENS in a responsible way, you will be rewarded.
One concern is the perceived overlap of duties.
[Gov] Security review for executable proposals
As discussed in multiple working group meetings, it would be great to have a third party verifying executable proposals. At Blockful, we also do security reviews (audits). - source
Rereading their initial application, it is quite clear that their governance portion was limited to reviewing executable proposals. This is not that.
The other issue is the amount of compensation. Per Netto, this could have cost ENS $150M; this understates the true cost due to incalculable reputational damage to ENS.
ENS’s official bug bounty has a max payout of $250k for a critical smart contract bug. That’s done to prevent existential threats to ENS by encouraging responsible disclosure. While I do not think this falls into the parameters of that program, it is useful as a point of reference for how ENS views critical problems.
The value of this proposal as presented is roughly $370k. This seems priced right with positive externalities, especially considering the vesting. I appreciate Netto handling this discussion with grace.
I will be voting for this.