Chiming in here. Apologies as I wasn’t tagged. I’m part of the alliance for this proposal.
We’ve had 1 critical payout for the Velodrome team that resulted in a $100K USD bounty. Half of the bounty was fronted by the project and 40k OP tokens was taken out of this grant. Immunefi takes a 10% on top of the bounty since managing this program uses up internal resources and time. This means that there is a total of 56K OP tokens left in the grant bucket since Immunefi takes 4K OP tokens as its cut.
The vuln in the bounty had a TVL at-risk of roughly 7 figures in USD.
Edit: modified amounts to correctly reflect amount of OP tokens denominated in USD payout