Vyper currently doesn't have a bug bounty program (see policy). Partly this is due to the the expansive scope one would have (how do we determine impact of a potential codegen issue?), and partly it's practical in that there is currently no budget available for it (although that could change in the future). Regardless, Vyper does today have several production users, including Yearn, Curve, and Lido. This proposal would be in 3 parts, each would be opt-in that would help the Vyper language find greater adoption by security researchers, which will in turn make both the language and the users of the language (who adopt this agreement) stronger. Step 1: Add Vyper to your Bug Bounty Program Easy first step is to mention the versions of the Vyper compiler (that you support in production deployments) to your bug bounty program, under the Scope heading of your program. This would look something like the following: ### Vyper Compiler

--- eip: <to be assigned> title: Indexing Internal Deployments description: Registration and indexing of deployments made from factory-style contracts author: Ser Doggo (@fubuloubu) discussions-to: <URL> status: Draft type: Standards category: ERC created: 2022-06-20