[NON-CONSTITUTIONAL] Arbitrum Audit Program | proposals.app

posted 1 year ago

Hi all, we wanted to post an update here following the Office Hours on 24 February and conversations we’ve had with the Arbitrum Foundation. As stated in the call, we are in the process of supporting the handover of the program to Arbitrum Foundation to support their internalisation approach.

We are proud of the outcome of the program, and that the work of structuring and running the pilot program is now continuing as a core program of the ecosystem with more funds being allocated to it. It's a moment to celebrate our achievements that we outline in the final Outcome Report linked here, and we thank everyone for the positive feedback.

Our ultimate goal and that of the Foundation’s are aligned: to help grow the Arbitrum ecosystem. As such, we will support the Arbitrum Foundation in an advisory function during the roll-out and make sure our expertise and learnings will carry on.

As individual service providers, we believe each of us can positively impact the Arbitrum ecosystem in a multitude of ways and double down on the value creation and the success case of the Security Subsidy Fund. There are a lot of problems to be solved and a lot of ways in which the ecosystem can grow, be it by supporting the vibrant builder ecosystem with critical services and infrastructure, through growth programs that focus on sustainably growing the number of quality apps and bring in net new users to the ecosystem, or through meeting the needs of builders across the builder funnel in an effort to provide them with consistent support across all stages of their growth.

As individual service providers outside of the remit of the ADPC, we’re looking forward to working in concert with the Foundation and the rest of the DAO on such efforts to grow the ecosystem, ensuring that their design, strategy, and execution is handled as professionally as we have managed to do so far.

adpc

posted 1 year ago

Q12

posted 1 year ago

I am writing on behalf of the Arbitrum Governance Collective (AGC), a newly formed group of significant token holders focused on active participation in governance and value creation for the Arbitrum ecosystem.

Before addressing the proposal's structural flaws, we must address a critical credibility issue: The Foundation claims to be "heavily involved in the process of selecting which teams get the subsidy." The ADPC explicitly states this is false - that "the Foundation did not review a single application." One of these statements is untrue. Token holders deserve to know which version is accurate before being asked to trust the Foundation with $10M in DAO funds.

Let me outline our major concerns:

Amateur Hour Management Structure

The Foundation proposes to run a $10M program with part-time, unpaid committee members "next to their everyday duties." This is frankly absurd. You don't run what you yourself call a "mission-critical" program as a side hobby. The proposed structure screams of inexperience in running professional investment operations.

False Economy & Hidden Costs

The Foundation's claim they will "waive fees" is either naive or deliberately misleading. These costs will simply be absorbed into their DAO-funded operational budget. More concerning is the opportunity cost of running this critical program sub-optimally. One bad investment decision could cost multiples of any supposed savings.

Fundamental Misunderstanding of Required Expertise

The Foundation's fixation on "technical expertise" demonstrates a basic misunderstanding of what this program requires. What's needed is deep knowledge of the security services market and audit space - not generic technical knowledge. The ADPC demonstrated this understanding by engaging DeDaub, an established security firm. Why would a random technical person from the Foundation or OCL have more relevant expertise than actual auditing professionals? This misalignment of expertise requirements raises serious concerns about the Foundation's ability to even properly scope this program.

Lack of Investment Expertise

This is fundamentally an investment program requiring sophisticated venture capital and private equity experience in evaluating early-stage projects. The Foundation's emphasis on technical expertise while completely ignoring the need for investment acumen shows a fundamental misunderstanding of what drives successful project selection and portfolio management. Where is the venture capital expertise on their proposed committee? Who has experience managing comparable investment programs?

Concerning Pattern of Unilateral Actions & Misuse of Operational Budget

The Foundation states they have been "stepping in via our grant program to sponsor audits for builders over the past year." This raises serious governance concerns. The DAO funded the Foundation for specific operational purposes and the ADPC was explicitly voted in to manage audit subsidies. The Foundation's operational budget was not intended as a shadow grant program. While we appreciate the desire to support builders, this pattern of unilateral actions outside established governance frameworks and apparent repurposing of operational funds demands immediate scrutiny. We request:

Full transparency regarding these expenditures
Clarification on which operational budget lines were used
Explanation of how this aligns with their DAO-approved mandate

Organizational Dysfunction

The Foundation's complete failure to coordinate internally is alarming. They were actively working with the ADPC on this exact initiative, received a detailed proposal, and then launched a competing proposal without any communication. This level of organizational dysfunction raises serious questions about their capacity to manage complex programs.

Misdiagnosis of Current Issues

While the current ADPC structure has inefficiencies, we believe these primarily stem from the three-party structure and alignment with the Foundation. The solution isn't to add more bureaucracy - it's to streamline operations.

Our Solution:

Rather than allowing the Foundation to experiment with DAO funds or maintaining a complex multi-party structure, we propose selecting ONE premier service provider with:

Proven track record in initiative management
Established relationships with top audit firms
Clear accountability structure
Performance-based compensation alignment
Deep venture capital/private equity expertise

This is how professional investment operations work. Not through part-time committees, not through complex multi-party structures, and certainly not through foundation bureaucrats playing venture capitalist.

Questions the Foundation Must Answer:

Will you address the discrepancy between your claim of involvement in project selection and ADPC's statement?
Can you name a single successful program of this magnitude you've managed?
How do you justify running a $10M program as a part-time endeavor?
What governance framework guided your unilateral audit funding decisions?

We urge all token holders to vote NO on this proposal and support bringing in a qualified professional firm to manage this critical program.

The DAO deserves professional management of its resources, not amateur hour experiments with critical infrastructure.

adpc

posted 1 year ago

Hi all, given the Foundation’s response concerning the ADPC, we thought it was important to respond and clarify the facts.

In regards to the Foundation's proposal, it needs to be mentioned that we shared a detailed proposal for continuing the Subsidy Fund — including a proposed $10M fund size and other specifics, such as a detailed scope — with the Foundation a week prior to their announcement to internalise the extension, and discussed it with them until the day they posted this Audit Program proposal.

Hi all, given the Foundation’s response concerning the ADPC, we thought it was important to respond and clarify the facts.

We had also spent several weeks educating the Foundation on the operation of the framework, including a session in Bangkok with the core members of the team to walk through the tasks involved in running such a procurement framework and fund. On the basis of the feedback during that session, as well as strong support from the community, the industry and project teams involved in the initial 8 week run, we concluded that the ADPC was best placed to manage this for the DAO and prepared a proposal to submit last week.

The Foundation promised to get back with feedback, but instead posted this proposal by themselves without informing us. At no point in the past 12 months did the Foundation raise any concerns with us about ADPC operations, timeliness or cost effectiveness despite us having near daily communications with them. We strongly believe that the Foundation is a key stakeholder in the operation of the DAO and wanted to ensure they were not blindsided by any work being undertaken by the ADPC as poor communication between us could result in the DAO being ambushed by events. The ADPC is proud of its exemplary professionalism shown to date and are deeply troubled by any implications suggesting otherwise.

In summary it is incorrect to state that the DAO would not have had another subsidy fund - this was, in fact, on the horizon and we had planned on posting it imminently after receiving the Foundation’s feedback which, in the end, we never received.

We can discuss what it means to work for a DAO, the associated costs, and how pricing is determined among various stakeholders. However, we would have appreciated a more transparent communication process from the Foundation.

Respectfully, we can understand a business decision of wanting to run an ecosystem like a corporation and not a DAO. This is not what we are arguing against.

We, delegates, and other service providers have contributed to the ecosystem, effectively taking a bet on its success. This also means working together in a partnership. We understand the Foundation’s decision to internalise the DAO and its key initiatives run by service providers and would only ever want them success in continuing the innovative procurement models designed by the ADPC team.

More broadly, we think the Foundation’s expertise and resources (which the DAO has significantly funded) could be better utilised in spinning up programs that are not already tackled by contributors vs. going on a hiring sprint to internalise these functions.

Considering the history of the DAO and involvement of its participants (delegates and service providers) who have spent 2 years to try to get this experiment right, our strong preference is a continuation of the direct communication we had had with the Foundation until very recently as this shift by the Foundation to internalise a proposal that external contributors had been working on (and that the Foundation were aware of) could have resulted in a more streamlined approach and more seamless transition planning. The current approach is sub-optimal for the DAO, and we believe other delegates and ecosystem participants would tend to agree. The ADPC remains prepared to work with the Foundation on the understanding this can be done with mutual respect and transparency.

This is not an effort to challenge who runs the program, we are happy to support the transition to make sure the value we created is not lost, if the push to internalize continues.

Rather, we hope the Foundation will reconsider its overall communication and collaboration approach.

Otherwise, we are concerned it may lead to the offboarding of other remaining DAO contributors and delegates, who have long been the core of the ecosystem - as this is not how partners should be treated.

Find below responses to some of the statements:

Quoted from Arbitrum

Time to action. The ADPC was approved by the DAO on the 8th February 2024 to put together a framework for subsidising audits. ADPC received funds from the subsidy program on 25th July 2024 to run an 8 week program. Final allocations for the 8 week program were completed in December 2024.

jump to post →

The first step towards running the subsidy fund was creating the procurement framework for whitelisting security auditors for the DAO. As we mentioned in the Phase I Outcome Report, we began operations for ADPC Phase I from February 21, 2024, while the RFP process to whitelist auditors took place between June 19 and July 22, 2024.

During this period, the Foundation took more than a month to get back to us on our proposed framework (as mentioned in the Phase I Outcome Report), and ultimately told us that the legal terms would be redundant due to the Foundation having its own preferred model. This introduced significant delays into the process.

Moreover, the ADPC was ready to begin the Subsidy Fund even earlier and we announced the whitelisted security service providers in August - another month’s delay took place since the providers had to undergo KYB and sign the Head Agreement with the Foundation.

Quoted from Arbitrum

Technical expertise. One of the anticipated lessons learnt from the security subsidy program run by the ADPC is the need for involvement of technical experts who can evaluate the project that needs an audit and ensure the quote from the auditor is indeed a fair/accurate assessment.

jump to post →

The ADPC took this feedback into consideration early on and onboarded DeDaub as a technical expert. This was based on feedback from the DAO and actioned immediately. DeDaub was funded for a total cost of 12K ARB, which we think is very fair for a technical party of their calibre.

If the Arbitrum Foundation preferred to use technical members at the AF to sense-check audit proposals, we would have been happy to implement this feedback had this been communicated to us.

Regardless, we think engaging a third-party audit expert as an impartial referee makes much more sense than involving technical AF members who do not have a keen view into the dynamics of the audit market.

Quoted from Arbitrum

AF involvement in ADPC program. In most DAO programs, we are not involved in the day-to-day operations of the program, but for the security subsidy fund, we found ourselves heavily involved in the process of selecting which teams get the subsidy to pay auditors and engaging with these stakeholders.

jump to post →

This is not correct - the Foundation did not review a single application or was in any other way involved in the selection of projects. The Foundation was only involved in (1) an investigation of potential malicious behaviour (as they are the legal counterparty) and (2) aligning with ADPC on adherence to legal terms (as they are the legal counterparty).

For further questions, we will join the office hours later and then plan to refrain from further comments.

Q12

posted 1 year ago

Let me outline our major concerns:

Amateur Hour Management Structure

False Economy & Hidden Costs

Fundamental Misunderstanding of Required Expertise

Lack of Investment Expertise

Concerning Pattern of Unilateral Actions & Misuse of Operational Budget

Full transparency regarding these expenditures
Clarification on which operational budget lines were used
Explanation of how this aligns with their DAO-approved mandate

Organizational Dysfunction

Misdiagnosis of Current Issues

Our Solution:

Rather than allowing the Foundation to experiment with DAO funds or maintaining a complex multi-party structure, we propose selecting ONE premier service provider with:

Proven track record in initiative management
Established relationships with top audit firms
Clear accountability structure
Performance-based compensation alignment
Deep venture capital/private equity expertise

Questions the Foundation Must Answer:

Will you address the discrepancy between your claim of involvement in project selection and ADPC's statement?
Can you name a single successful program of this magnitude you've managed?
How do you justify running a $10M program as a part-time endeavor?
What governance framework guided your unilateral audit funding decisions?

We urge all token holders to vote NO on this proposal and support bringing in a qualified professional firm to manage this critical program.

The DAO deserves professional management of its resources, not amateur hour experiments with critical infrastructure.

adpc

posted 1 year ago

Hi all, given the Foundation’s response concerning the ADPC, we thought it was important to respond and clarify the facts.

Respectfully, we can understand a business decision of wanting to run an ecosystem like a corporation and not a DAO. This is not what we are arguing against.

This is not an effort to challenge who runs the program, we are happy to support the transition to make sure the value we created is not lost, if the push to internalize continues.

Rather, we hope the Foundation will reconsider its overall communication and collaboration approach.

Find below responses to some of the statements:

Quoted from Arbitrum

jump to post →

Quoted from Arbitrum

jump to post →

If the Arbitrum Foundation preferred to use technical members at the AF to sense-check audit proposals, we would have been happy to implement this feedback had this been communicated to us.

Quoted from Arbitrum

jump to post →

For further questions, we will join the office hours later and then plan to refrain from further comments.

Maets23

posted 1 year ago

edited 1 year ago

Here is the SimScore Report during the Snapshot Round of forum replies.

image|591x500

Arbitrum Audit Program: Consensus Evolution

Key Insights

The visualization shows how community consensus has evolved from the Forum to Snapshot round:

Here is the SimScore Report during the Snapshot Round of forum replies.

image|591x500

Arbitrum Audit Program: Consensus Evolution

Key Insights

The visualization shows how community consensus has evolved from the Forum to Snapshot round:

Stronger Preference for DAO Governance
- Forum round (red dot) showed mixed governance preferences
- Snapshot round (green dot) shifted significantly toward DAO control
- Top response (51% similarity): "I don't agree with internalizing into the Arbitrum Foundation"
Consistent Support for Audit Program Concept
- Both positions remain high on the value curve
- Second top response (51% similarity): "The DAO currently lacks an active audit program, and launching this initiative at the earliest could be highly beneficial"
- Strong recognition that "audit support is one of the most frequently requested forms of assistance"
Historical Context Recognition
- Increased acknowledgment of ADPC's past contributions
- References to "ADPC has been exceptionally strong at ecosystem growth"
- Concern about whether new program can "replicate or improve upon these ecosystem-building efforts"

The snapshot position approaches what appears to be a higher-value point on the curve - maintaining support for the program while showing stronger preference for DAO governance rather than Foundation control."

Top 10 Responses

Top 1 voting Against on the current offchain vote because I don’t agree with internalizing into the Arbitrum Foundation, a job that the DAO was previously doing. Even when the service providers doing that job for the DAO were taking too long, wasting resources, denying audit subsidies to worthy projects, porting the whole program to competing ecosystems, etc. I don’t condone the way the ADPC acted in their past 2 terms, but I also don’t think internalizing this job into the Foundation is the right approach. What I think we need is an Arbitrum DAO run, dedicated Audit Subsidy program, that would run continuously and would report their actions to the DAO with the utmost transparency possible. And executed by new and fresh service providers that are exclusive to Arbitrum. @paulofonseca

Top 2 The DAO currently lacks an active audit program, and launching this initiative at the earliest could be highly beneficial for the ecosystem. Based on our daily interactions with builders, audit support is one of the most frequently requested forms of assistance. The first iteration of the ADPC’s audit program was highly successful, and this new proposal builds on that foundation while addressing previous gaps. @Saurabh

Top 3 I think the Arbitrum Audit Program has a lot of potential and addresses an important need. Smart contract audits are essential, especially for early-stage projects that might not have the resources to afford them. Helping these teams launch securely not only protects users but also strengthens the entire Arbitrum ecosystem. I also appreciate the idea of offering subsidies as investments in some cases, which could help align projects with Arbitrum over the long term. @TodayInDeFi

Top 4 Overall, we believe that key, high-impact projects within the Arbitrum ecosystem should have the opportunity to be part of this initiative. This would allow the Audit Program not only to support the growth of new participants but also to strengthen the projects that currently contribute the most on-chain value. @Camelot

Top 5 Voted For: Controversy about this proposal comes from how this was handled and not the content of the proposal itself. From my understanding, the audit program at the moment doesn’t exist, which is a bad thing. For many new projects (especially DeFi), audits are a crucial and most expensive task to do before launch. To be a welcoming chain, it would be awesome to help high-end projects with this. This is the reason I voted and support this proposal. @Tekr0x.eth

Top 6 I think Arbitrum Audit Program will help new projects on Arbitrum pay for security audits, which are very expensive but very important. It will make sure smart contracts are safe and protect users’ money. @danielM

Top 7 Given ADPC’s track record, I am uncertain whether the Arbitrum Audit Program will be able to replicate or improve upon these ecosystem-building efforts. While this new program may enhance the technical side of audits, it is unclear if it will achieve the same level of community engagement, exposure, and long-term protocol support that ADPC has demonstrated. @TodayInDeFi

Top 8 Camelot is voting “Abstain” on the Arbitrum Audit Program. @Camelot

Top 9 While I see the potential benefits of this proposal, I remain uncertain about whether it will be a significant improvement over ADPC. The Arbitrum Foundation may have better technical expertise to optimize the audit selection and facilitation process, but ADPC has been exceptionally strong at ecosystem growth, marketing, and building lasting relationships with protocols. Additionally the cost savings is not enough that it’s a major deciding factor for this proposal. @TodayInDeFi

Top 10 I voted FOR the proposal on Snapshot. I’d like to add here that the Arbitrum DAO has recently begun the process of selecting Arbitrum’s strategic objectives (SOS). Eventually this will lead to initiatives that will help launch apps/projects on Arbitrum that align with these objectives. Why do I mention that? I hope Arbitrum Audit Committee will prioritize such projects and dApps. @TempeTechie

SimScore: Crowd Wisdom Beyond Votes

SimScore finds the center of collective thinking. The top responses by similarity represent the replies closest to the community's collective mindset.

The visualization above shows how this collective wisdom evolved from the open forum round to the Snapshot forum round.

Maets23

posted 1 year ago

edited 1 year ago

Here is the SimScore Report during the Snapshot Round of forum replies.

image|591x500

Arbitrum Audit Program: Consensus Evolution

Key Insights

The visualization shows how community consensus has evolved from the Forum to Snapshot round:

Here is the SimScore Report during the Snapshot Round of forum replies.

image|591x500

Arbitrum Audit Program: Consensus Evolution

Key Insights

The visualization shows how community consensus has evolved from the Forum to Snapshot round:

Stronger Preference for DAO Governance
- Forum round (red dot) showed mixed governance preferences
- Snapshot round (green dot) shifted significantly toward DAO control
- Top response (51% similarity): "I don't agree with internalizing into the Arbitrum Foundation"
Consistent Support for Audit Program Concept
- Both positions remain high on the value curve
- Second top response (51% similarity): "The DAO currently lacks an active audit program, and launching this initiative at the earliest could be highly beneficial"
- Strong recognition that "audit support is one of the most frequently requested forms of assistance"
Historical Context Recognition
- Increased acknowledgment of ADPC's past contributions
- References to "ADPC has been exceptionally strong at ecosystem growth"
- Concern about whether new program can "replicate or improve upon these ecosystem-building efforts"

Top 10 Responses

Top 8 Camelot is voting “Abstain” on the Arbitrum Audit Program. @Camelot

SimScore: Crowd Wisdom Beyond Votes

SimScore finds the center of collective thinking. The top responses by similarity represent the replies closest to the community's collective mindset.

The visualization above shows how this collective wisdom evolved from the open forum round to the Snapshot forum round.

Maets23

posted 1 year ago

edited 1 year ago

SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

This analysis is based on SimScore-selected responses. SimScore analyzed all 261 forum responses and identified the top 10 most representative perspectives (similarity scores ranging 0.381-0.430). This algorithmic approach ensures we're working with the most relevant community feedback, removing potential bias in response selection.

image|603x500

Methodology Highlight

image|603x500

Value Distribution Analysis

Using Vitalik Buterin's concave disposition framework, we visualized governance value distribution. The graph below shows:

Point A	Point B	Red Dot	Blue Curve
Foundation Control	DAO Control	Current Proposal Position	Value Disposition

Key Findings from SimScore Top 10

Current Position (Based on 0.430 and 0.415 SimScore responses)
- Proposal shows stronger Foundation control
- Multiple high-scoring responses suggest need for increased DAO oversight.
Historical Context (Based on 0.406 SimScore response)
- ADPC's track record shows value of DAO involvement
- Established governance frameworks prove effective
Optimization Potential (Consensus from top SimScore responses)
- Current proposal is viable but not optimal
- Value could be enhanced by increasing DAO oversight while retaining Foundation operational efficiency

SimScore Source Data

Top 10 responses used in this analysis had similarity scores of:

Top 1 At this time, the DAO has no way of providing a security audit subsidy to projects, given that the previous subsidy fund from the ADPC has run out and there have been no steps to renew it. In our view, it makes sense for the Foundation to administer the security subsidy fund, given its position and proximity to both builders and Arbitrum’s tech.
@krst SimScore 43.0%

Top 2 The foundation has a grant program that can also include audits for what I know. This has been true and known since the very beginning. You can find more info here. Beside, in every ecosystem foundations have internal grant programs to sponsor protocols and builders. I agree tho that more transparency in this sense would be something good for the dao as well. @JoJo SimScore 42.7%

Top 3 One thing we’d like to point out about the proposal itself is that the Foundation will run the subsidy fund on behalf of the DAO using the DAO’s funds. As such, we’ll hold them to the same standard as any and all other contributors and service providers, and we actually expect them to be an example of what a DAO-funded program should look like. @krst SimScore 42.0%

Top 4
Besides, I don’t understand why the Arbitrum Foundation takes money for the program from DAO, and DAO barely participates in it. @cp0x SimScore 41.5%

Top 5
The Foundation states they have been “stepping in via our grant program to sponsor audits for builders over the past year.” This raises serious governance concerns. The DAO funded the Foundation for specific operational purposes and the ADPC was explicitly voted in to manage audit subsidies. The Foundation’s operational budget was not intended as a shadow grant program. While we appreciate the desire to support builders, this pattern of unilateral actions outside established governance frameworks and apparent repurposing of operational funds demands immediate scrutiny. We request: @Q12 SimScore 40.7%

Top 6 Considering the history of the DAO and involvement of its participants (delegates and service providers) who have spent 2 years to try to get this experiment right, our strong preference is a continuation of the direct communication we had had with the Foundation until very recently as this shift by the Foundation to internalise a proposal that external contributors had been working on (and that the Foundation were aware of) could have resulted in a more streamlined approach and more seamless transition planning. The current approach is sub-optimal for the DAO, and we believe other delegates and ecosystem participants would tend to agree. The ADPC remains prepared to work with the Foundation on the understanding this can be done with mutual respect and transparency. @adpc SimScore 40.7%

Top 7 I think we could give money for audit projects together with the AVI (Arbitrum Venture Initiative) project. @cp0x SimScore 39.4%

Top 8 I really like this proposal. Audit costs are a significant barrier to entry for early-stage projects, and subsidizing them for valuable teams is a highly effective way to support builders in the Arbitrum ecosystem. Security is critical, especially for new projects, and reducing the financial burden of audits will help ensure that promising teams can launch safely without cutting corners. @bertani SimScore 39.0%

Top 9 Thank you for posting a well-structured proposal. It is very straightforward. Overall, I like the idea of helping projects cover audit costs, especially the projects that have good potential for Arbitrum. I do have some concerns about a few points of the proposal. Tek0x.eth SimScore 39.0%

Top 10 We would also like to emphasize that we see this program as a BD initiative that should first and foremost drive the growth of the Arbitrum ecosystem. Therefore, we expect that whoever the OCL and AF representatives will be in the committee, they will coordinate internally to make sure that the projects selected to receive audit grants are in line with Arbitrum’s long-term growth strategy. @krst SimScore 38.4%

SimScore Worksheets https://docs.google.com/spreadsheets/d/1G4OnDFY93SQ_wVuGnx79_vsPLSng5iYMmEwGsn3QTdI/edit?usp=sharing

Arbitrum

posted 1 year ago

The ADPC's post was published 5 minutes before the governance call yesterday and led to a discussion during the governance call. The discussion lasted about ~40 minutes.

The AF acknowledged that Patrick (who authored this proposal) was unaware of the ADPC's plan to run another subsidy program and had been working on the proposal for a few weeks (since mid-January). The AF governance team received the ADPC's proposal 2 days prior to the AF posting their own version and it was not yet reviewed by Patrick / the governance team. Patrick had communicated with some delegates on a call that the AF was working on an audit program and that it was due to be published in the coming days. On hindsight, he should have communicated to the ADPC that the AF was working on a subsidy program.

The ADPC's post was published 5 minutes before the governance call yesterday and led to a discussion during the governance call. The discussion lasted about ~40 minutes.

There were also discussions behind why the program had been delayed, but the general conclusion (from our perspective) was that the ADPC might be better suited to focus on topics and procurement that matches their core competencies as this will empower them to run with initiatives without relying on third parties. Topics that are very technical in nature, like this subsidy fund, might be best handled by the AF / OCL / OpCo.

There are two more planned governance calls (on 24th Feb and 3rd Mar) for the auditing program already. The topic could be rehashed, but generally, it is good to focus on the content of this proposal so we can make sure it has the best chance of success.

Maets23

posted 1 year ago

edited 1 year ago

SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

image|603x500

Methodology Highlight

image|603x500

Value Distribution Analysis

Using Vitalik Buterin's concave disposition framework, we visualized governance value distribution. The graph below shows:

Point A	Point B	Red Dot	Blue Curve
Foundation Control	DAO Control	Current Proposal Position	Value Disposition

Key Findings from SimScore Top 10

Current Position (Based on 0.430 and 0.415 SimScore responses)
- Proposal shows stronger Foundation control
- Multiple high-scoring responses suggest need for increased DAO oversight.
Historical Context (Based on 0.406 SimScore response)
- ADPC's track record shows value of DAO involvement
- Established governance frameworks prove effective
Optimization Potential (Consensus from top SimScore responses)
- Current proposal is viable but not optimal
- Value could be enhanced by increasing DAO oversight while retaining Foundation operational efficiency

SimScore Source Data

Top 10 responses used in this analysis had similarity scores of:

Top 4
Besides, I don’t understand why the Arbitrum Foundation takes money for the program from DAO, and DAO barely participates in it. @cp0x SimScore 41.5%

Top 7 I think we could give money for audit projects together with the AVI (Arbitrum Venture Initiative) project. @cp0x SimScore 39.4%

SimScore Worksheets https://docs.google.com/spreadsheets/d/1G4OnDFY93SQ_wVuGnx79_vsPLSng5iYMmEwGsn3QTdI/edit?usp=sharing

Arbitrum

posted 1 year ago

The ADPC's post was published 5 minutes before the governance call yesterday and led to a discussion during the governance call. The discussion lasted about ~40 minutes.

Before moving forward with the details, I’d love to hear your thoughts on the Subsidy Fund implemented by the ADPC. Do you think it was well executed? What is your opinion on the results? And why do you propose making such a drastic change to that model instead of, for instance, suggesting that this new committee execute the v2?

There are a few reasons why we believe it is better for the AF (or potentially the future OpCo, when it is up and running) to take on the work for the security subsidy fund and allow the procurement committee to pursue other initiatives:

Time to action. The ADPC was approved by the DAO on the 8th February 2024 to put together a framework for subsidising audits. ADPC received funds from the subsidy program on 25th July 2024 to run an 8 week program. Final allocations for the 8 week program were completed in December 2024.

It took around ~10 months to stand up and complete the 8 week program. Unfortunately, this meant there was no security subsidy fund by the ArbitrumDAO for most of 2024. Due to this shortcoming, (the AF) have stepped in via our grant program to sponsor audits for builders over the past year. Furthermore, ADPC is now focused on RPC providers until April 2025 and has also included multiple other work packages in its scope for this term. This implies the DAO will not have a subsidy fund for a further few months.

We believe the security subsidy fund is essential for supporting early stage builders and it should be stood up as soon as possible. We (Arbitrum) cannot afford to further delay a fully fledged program that is openly available at any time.

Technical expertise. One of the anticipated lessons learnt from the security subsidy program run by the ADPC is the need for involvement of technical experts who can evaluate the project that needs an audit and ensure the quote from the auditor is indeed a fair/accurate assessment.

The ADPC’s membership lacks the technical expertise to evaluate applications for a security subsidy program and will need to fund external parties for assistance. We’d recommend the DAO approve programs that match the ADPC’s core competencies so they can have a greater impact without relying on third parties.

Financial cost. To date, the ADPC’s has charged the DAO $24k per month for the first 6 months and the current fee is $60k per month for 6 months (150% pay increase). By April 2025, they will have charged the DAO $540k. If the next iteration of the ADPC continues at $60k per month, then it will cost $720k per year ($20k per member excluding other costs such as $54k for operational expenses).

We believe this is a very high overhead to pay for running a $10m security subsidy program. At $720k per year, the AF or upcoming OpCo can hire full time staff to run this alongside other programs that we all deem as mission critical for Arbitrum.

AF involvement in ADPC program. In most DAO programs, we are not involved in the day-to-day operations of the program, but for the security subsidy fund, we found ourselves heavily involved in the process of selecting which teams get the subsidy to pay auditors and engaging with these stakeholders. Additionally, with the RPC program, the ADPC is insistent that we take on responsibility for their framework from April 2025 onwards.

Our increased involvement was a sign that it may be better for the ADPC to focus on topics that match their core competencies and not necessarily run an audit subsidy program. Additionally, if we are expected to carry on the continuation of a framework and execute it on behalf of others, then we (AF) should just set it up ourselves.

Are there any lessons from that experience that could be applied?

Yes, some of the lessons we can share:

Funds up front. The ADPC started in February, but only got the funds in July 2025 as there was a requirement to go back to the DAO’s voting process to request the funds. The lesson here is to ensure the DAO allocates funds to new programs and enable it to get started more quickly.
Technical expertise. Evaluating the cost of an audit requires domain expertise and it is not something a general committee is well-suited for handling. This is why we have put forth this proposal as we can request technical members at the AF and OCL to evaluate audit proposals.
Services in kind. Some audit firms prefer to not charge a project for the audit in return for tokens/equity later. We should be explicit on whether this type of behaviour should be allowed as it can be beneficial to early-stage projects, but also potentially unfair for competing audit firms.
Flexibility in scope. After agreements were made between all parties, many projects/auditors also wanted to change the scope of the audits, and requested different terms, accordingly. Flexibility is possible when there is an on-going application process as opposed to the 8-week trial that effectively allocated the entire budget all at once.
Towards fixed rates. All auditors have different costs, but for each auditor, we should work towards a fixed cost of “per auditor week”, so all projects can benefit from discounted rates.

We think this proposal is valuable, though we see some possible issues. The ARDC v1 saw an issue where proposals would come to the security member to audit contracts for new protocols. Similarly, we can see some issue where these protocols receive auditing work, launch on Arbitrum, but then do the bare minimum in ecosystem management and development after launch, while prioritizing other L2s (eg. Base). With this in mind, does it make sense to have this structure for all apps or for only specific applications (i.e., those built with Stylus) and structure the committee differently for other types of applications, or make a priority pathway instead?

We’d avoid overcomplicating the structure of the committee for other type of applications. The motivation to pick team members from AF or OCL is to take advantage of the domain expertise across the organisations. If there is an application that the committee alone cannot evaluate, then they can request assistance from the wider organisation.

On the final point, how to avoid projects getting a grant and then launching on another chain, this is generally the same problem that all grant programs encounter:

We will prioritise projects who are leveraging Arbitrum’s core technology stack, like a smart contract for stylus or deploying their own chain.
We may decide to invest in the project over a simple grant as that offers a closer partnership with the project and helps align incentives for all parties involved to remain on Arbitrum.
Depending on subsidy size, there may be clauses that require projects to launch on Arbitrum before other projects.

However, for the most part, it is more of an art than a science to avoid the above issue.

Furthermore, could we have some elaboration on the option for investment offered by the subsidy? How would this agreement work, what does DAO involvement look like here, etc? We understand that it may be more difficult to lock in apps (and that the auditing program may not be the right place to bundle this), though it is worth noting.

The AF will perform the investment on behalf of the ArbitrumDAO. We decided to include investing as an option in the program to ensure that if an investment makes sense, then we will be able to do it for the community.

Also, on what metrics should we evaluate the success of this program? Projects safely launched on Arbitrum and consistently used?

The metrics should be 1) how many projects that received a subsidy eventually launched on Arbitrum, 2) the growth of each project relative to similar deployments on other chains, 3) the total funds secured and 4) total funds lost due to smart contract vulnerabilities.

Note, it is always worth keeping in mind, audits are not full-proof to avoid bugs, and the main metric is supporting new projects to launch on Arbitrum with some sanity checking by experts and ultimately trying to avoid projects from being forced to ‘test in production.’

Converting 30M ARB to USD immediately is not the play here coz it creates unnecessary sell pressure.

It is a 1 year program and we will not be converting the ARB to USD upfront.

Our goal is to minimize the total ARB that is exchanged and 30m ARB is just a very conservative estimate for the total budget based on the current exchange rate.

How about this solution: can we take obligations from sponsored projects to remain in the Arbitrum ecosystem? And if they want to leave the ecosystem, they will have to return the money spent on the audit and preferably in Arbitrum tokens. I think this would avoid additional risks

We expect to add exclusivity clauses to nearly all agreements for new projects who have not yet launched or existing projects whenever it is reasonably doable.

In the last iteration of the security subsidy funds, there was a committee that made projects compile a rather long (as far as I can read) form, that resulted in some protocols being selected and others not with criteria that were not super clear… How would it work here? Can existing projects already apply?

We will have an application process and example questions/information requested is already outlined in the proposal. This will be used to help us screen the project before performing more due diligence. All projects will be welcome to apply, but we will prioritise early stage projects or projects that really require the financial assistance.

How will the application process work for projects applying? Will communication with the projects and selection decisions be made publicly, similar to how the Questbook DDA and Stylus Sprint rounds were handled, as they have set a good standard for this?

Many early stage projects will still be in stealth mode when they apply for the audit program and will not want to publicly disclose their audit details. Additionally, we expect this program to be very popular, and many projects who apply will not be accepted simply due to volume & grants available. We are expecting the applications to remain private, but the winners to be announced.

Just to clarify, multiple auditors will be chosen, right? We assume that no single audit firm will dominate the program. Will there be a cap on the number of projects any individual auditor can take on to ensure diversity and prevent monopolization?

Yes, the intention is to have auditors compete amongst each other for the project, hopefully leading to better prices for the project. We should avoid caps to ensure the marketplace remains competitive, but will also ensure that there is not a monopoly.

Also, will there be a marketing push to ensure more projects are aware of it? The success of this program also depends on outreach. Visibility could help attract high-quality projects to apply and build on Arbitrum.

The AF will focus significant resources to market this to all projects building on Arbitrum. As you mention, our goal is to get high quality projects, so they need to be aware of this program!

How are teams determined to be eligible for this support? I think its good that its removing that financial barrier from those teams but we should be a tad cautious not to overspend and audit every team.

We put together a list of points that we will evaluate like team background, likelihood of success, etc. There are not enough funds to audit every project. Additionally, we believe it is better to return funds to the DAO than to overspend it / make sure the full budget is exhausted on projects we do not believe will ‘make it’.

You are talking about a long term perspective and setting a budget for only 1 year. In my opinion, this is not a long term perspective and Arbitrum already had a program of audit compensation during the year. How is this program better?

All DAO programs should have an expiry time to ensure the authors have to return to the DAO, show results, and then continue the program. We set the expiry time to 1 year with the option to continue via a snapshot vote if there are still funds available. In regards to ADPC program, we have put an answer at the top of this post :)

I think this budget is greatly overstated. I don’t see 100 projects a year that Arbitrum needs so much that we are ready to give them 30 million ARB. Will we proceed from how much money we have or from what projects we need?

100 projects is an illustration to simply show the number of audit subsidies a $10m budget can cover. However, there are hundreds of projects that will likely apply to this program. The committee’s job is to spot the winners that can move the needle for Arbitrum and ensure they are supported. We do not have a metric to sponsor ‘100 projects in 1 year’ and will only sponsor projects that require the assistance.

Differentiation from ADPC Subsidy Fund: Could you elaborate on how this new program significantly improves upon the revised ADPC Subsidy Fund? What specific shortcomings of the previous program does this address?

There was a simpler question before and we provided an answer earlier in this post.

Timing and Evaluation: The ADPC has announced that they will be posting the Subsidy Fund Outcome report (ADPC Update Thread (Phase II) - #22 by sid_areta) in the coming days. Wouldn’t it be prudent to wait for this report before proceeding with a similar program / giving final shape to a new one? This would allow us to learn from issues of the previous program, identify areas for improvement and ensure we’re not duplicating efforts unnecessarily.

We (the AF) were heavily involved in the ADPC’s security subsidy program and how the funds were allocated. So, we are aware of several lessons learnt that can be applied to this program. The report will be helpful to the wider DAO and it should be publicly available before we reach the on-chain voting stage.

What is the criteria for the election and for onboarding the auditors? There will be a request for a commitment from the auditors to have “X” hours available? One thing is to be part of a “whitelist” with no real commitment, and a different thing is to be aligned with the DAO and have manpower available.

We do not expect an auditor to participate in the program if they are not able to commit time to audit projects. Additionally, if they do not audit any projects, then they will be removed from the whitelist.

Can you share the expected skills/knowledge for both this elected member and the auditors?

We expect the elected member to have a strong technical background with experience of writing smart contracts and obtaining audits for their own project in the past. In regards to auditors, we plan to only accept reputable firms.

Can you share more details about the threshold between grant/investment? Who will decide that? The Audit Commitee?

It’ll be decided by the Audit committee, but the difference in grant or investment will really come down to the individual project and their subsidy request. We do not believe it is wise to advertise or commit to a threshold in advance.

104

Arbitrum

posted 1 year ago

Thanks for the feedback so far!

In my opinion, auditing firms are known for their “dynamic” pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?

114

Thanks for the feedback so far!

In my opinion, auditing firms are known for their “dynamic” pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?

It'll be up to the council, and the wider Arbitrum Foundation, to make sure that prices negotiated are fair relative to the skills / offerings of the auditor. We have experience with these types of negotiations already and expect it to go reasonably well.

Additionally, we anticipate the program to be competitive amongst auditors, so we will always seek to matchmake projects with auditors who offer the best value for money (without compromising on quality).

I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the “Sealed bid” method or something similar. What do you think about this idea?

During the matchmaking phase, it is quite common for a project to retrieve quotes from different audit providers. It is "sort of" like a sealed bid auction, since the project shouldn't share the quotes with the competitors.

Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?

Committee members will be responsible for evaluating the projects and ultimately making decisions, but the AF will take on the operational and volume work. We expect 3 committee members to be sufficient for running the program.

I think with the power and reputation of Arbitrum DAO, we can ask audit firms to be paid in ARB tokens (instead of selling to USD). This would lower the selling pressure. Since the price of ARB tokens is low, they might even hold it for some time or even better; get involved in governance.

Service providers typically quote their services in USD. We can have a combination of USD and ARB for alignment, but we generally can’t force service providers to accept ARB only.

From the pool of relevant auditors, who will be responsible for selecting the final one for each project? Will it be the committee or the project? I’m not entirely clear on who will make the final decision.

All auditors must be pre-approved for the program. This will predominantly be performed by the Arbitrum Foundation with support of the council members. Will clarify this in the proposal.

Also, is there a clear maximum amount per project that will be spent on auditing? The 100K assumption per project seems rather vague. I believe there should be a maximum amount, and even a maximum percentage for the cost subsidy everyone should have skin on the game.

We decided against a maximum cap in favour of offering the option to invest in projects as opposed to simply grants. If there is a subsidy that is larger than normal, it could be issued as an investment, and ultimately help align the project with the Arbitrum ecosystem. In nearly all cases, projects will also be expected to have skin in the game and pay for a portion of the audit.

Will this be converted immediately, or on an ongoing basis as needed? i suggest this is ongoing to reduce selling preassure.

It is a year-long program; so there is no requirement to exchange the funds immediately.

funding projects that then migrate to other ecos => why not make these audits some sort of investment or what sort of mitigation can be put in place?

In the proposal, we are offering the option to also use the subsidy to invest in the project, although we'd prefer if the project made its own in Arbitrum first :)

How are projects selected? there can be a lot of failures with early stage projects => having more structured programs for systematic validation and derisking (like e.g. the Hackathon Continuation Program) could mitigate this risk. Otherwise requiring some sort of traction in a PoC, letters of intent to purchase if B2B, or doing DD on validation… tricky.

In the proposal, it mentions the committee will screen based on scope, likelihood of success, team experience, due diligence of the tech, etc. Behind the scenes, it will form a matrix that will score the project and offer confidence that the project should be eligible to receive a subsidy.

Of course, like any selection process, the final decision will depend on whether the committee believes the project is likely to get product market fit and the team is truly focused on building for the long term.

Before moving forward with the details, I’d love to hear your thoughts on the Subsidy Fund implemented by the ADPC. Do you think it was well executed? What is your opinion on the results? And why do you propose making such a drastic change to that model instead of, for instance, suggesting that this new committee execute the v2?

Time to action. The ADPC was approved by the DAO on the 8th February 2024 to put together a framework for subsidising audits. ADPC received funds from the subsidy program on 25th July 2024 to run an 8 week program. Final allocations for the 8 week program were completed in December 2024.

Technical expertise. One of the anticipated lessons learnt from the security subsidy program run by the ADPC is the need for involvement of technical experts who can evaluate the project that needs an audit and ensure the quote from the auditor is indeed a fair/accurate assessment.

Financial cost. To date, the ADPC’s has charged the DAO $24k per month for the first 6 months and the current fee is $60k per month for 6 months (150% pay increase). By April 2025, they will have charged the DAO $540k. If the next iteration of the ADPC continues at $60k per month, then it will cost $720k per year ($20k per member excluding other costs such as $54k for operational expenses).

AF involvement in ADPC program. In most DAO programs, we are not involved in the day-to-day operations of the program, but for the security subsidy fund, we found ourselves heavily involved in the process of selecting which teams get the subsidy to pay auditors and engaging with these stakeholders. Additionally, with the RPC program, the ADPC is insistent that we take on responsibility for their framework from April 2025 onwards.

Are there any lessons from that experience that could be applied?

Yes, some of the lessons we can share:

Funds up front. The ADPC started in February, but only got the funds in July 2025 as there was a requirement to go back to the DAO’s voting process to request the funds. The lesson here is to ensure the DAO allocates funds to new programs and enable it to get started more quickly.
Technical expertise. Evaluating the cost of an audit requires domain expertise and it is not something a general committee is well-suited for handling. This is why we have put forth this proposal as we can request technical members at the AF and OCL to evaluate audit proposals.
Services in kind. Some audit firms prefer to not charge a project for the audit in return for tokens/equity later. We should be explicit on whether this type of behaviour should be allowed as it can be beneficial to early-stage projects, but also potentially unfair for competing audit firms.
Flexibility in scope. After agreements were made between all parties, many projects/auditors also wanted to change the scope of the audits, and requested different terms, accordingly. Flexibility is possible when there is an on-going application process as opposed to the 8-week trial that effectively allocated the entire budget all at once.
Towards fixed rates. All auditors have different costs, but for each auditor, we should work towards a fixed cost of “per auditor week”, so all projects can benefit from discounted rates.

We think this proposal is valuable, though we see some possible issues. The ARDC v1 saw an issue where proposals would come to the security member to audit contracts for new protocols. Similarly, we can see some issue where these protocols receive auditing work, launch on Arbitrum, but then do the bare minimum in ecosystem management and development after launch, while prioritizing other L2s (eg. Base). With this in mind, does it make sense to have this structure for all apps or for only specific applications (i.e., those built with Stylus) and structure the committee differently for other types of applications, or make a priority pathway instead?

On the final point, how to avoid projects getting a grant and then launching on another chain, this is generally the same problem that all grant programs encounter:

We will prioritise projects who are leveraging Arbitrum’s core technology stack, like a smart contract for stylus or deploying their own chain.
We may decide to invest in the project over a simple grant as that offers a closer partnership with the project and helps align incentives for all parties involved to remain on Arbitrum.
Depending on subsidy size, there may be clauses that require projects to launch on Arbitrum before other projects.

However, for the most part, it is more of an art than a science to avoid the above issue.

Furthermore, could we have some elaboration on the option for investment offered by the subsidy? How would this agreement work, what does DAO involvement look like here, etc? We understand that it may be more difficult to lock in apps (and that the auditing program may not be the right place to bundle this), though it is worth noting.

Also, on what metrics should we evaluate the success of this program? Projects safely launched on Arbitrum and consistently used?

Converting 30M ARB to USD immediately is not the play here coz it creates unnecessary sell pressure.

It is a 1 year program and we will not be converting the ARB to USD upfront.

Our goal is to minimize the total ARB that is exchanged and 30m ARB is just a very conservative estimate for the total budget based on the current exchange rate.

How about this solution: can we take obligations from sponsored projects to remain in the Arbitrum ecosystem? And if they want to leave the ecosystem, they will have to return the money spent on the audit and preferably in Arbitrum tokens. I think this would avoid additional risks

We expect to add exclusivity clauses to nearly all agreements for new projects who have not yet launched or existing projects whenever it is reasonably doable.

In the last iteration of the security subsidy funds, there was a committee that made projects compile a rather long (as far as I can read) form, that resulted in some protocols being selected and others not with criteria that were not super clear… How would it work here? Can existing projects already apply?

How will the application process work for projects applying? Will communication with the projects and selection decisions be made publicly, similar to how the Questbook DDA and Stylus Sprint rounds were handled, as they have set a good standard for this?

Just to clarify, multiple auditors will be chosen, right? We assume that no single audit firm will dominate the program. Will there be a cap on the number of projects any individual auditor can take on to ensure diversity and prevent monopolization?

Also, will there be a marketing push to ensure more projects are aware of it? The success of this program also depends on outreach. Visibility could help attract high-quality projects to apply and build on Arbitrum.

The AF will focus significant resources to market this to all projects building on Arbitrum. As you mention, our goal is to get high quality projects, so they need to be aware of this program!

How are teams determined to be eligible for this support? I think its good that its removing that financial barrier from those teams but we should be a tad cautious not to overspend and audit every team.

You are talking about a long term perspective and setting a budget for only 1 year. In my opinion, this is not a long term perspective and Arbitrum already had a program of audit compensation during the year. How is this program better?

I think this budget is greatly overstated. I don’t see 100 projects a year that Arbitrum needs so much that we are ready to give them 30 million ARB. Will we proceed from how much money we have or from what projects we need?

Differentiation from ADPC Subsidy Fund: Could you elaborate on how this new program significantly improves upon the revised ADPC Subsidy Fund? What specific shortcomings of the previous program does this address?

There was a simpler question before and we provided an answer earlier in this post.

Timing and Evaluation: The ADPC has announced that they will be posting the Subsidy Fund Outcome report (ADPC Update Thread (Phase II) - #22 by sid_areta) in the coming days. Wouldn’t it be prudent to wait for this report before proceeding with a similar program / giving final shape to a new one? This would allow us to learn from issues of the previous program, identify areas for improvement and ensure we’re not duplicating efforts unnecessarily.

What is the criteria for the election and for onboarding the auditors? There will be a request for a commitment from the auditors to have “X” hours available? One thing is to be part of a “whitelist” with no real commitment, and a different thing is to be aligned with the DAO and have manpower available.

Can you share the expected skills/knowledge for both this elected member and the auditors?

Can you share more details about the threshold between grant/investment? Who will decide that? The Audit Commitee?

104

Arbitrum

posted 1 year ago

Thanks for the feedback so far!

In my opinion, auditing firms are known for their “dynamic” pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?

114

Thanks for the feedback so far!

In my opinion, auditing firms are known for their “dynamic” pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?

I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the “Sealed bid” method or something similar. What do you think about this idea?

Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?

I think with the power and reputation of Arbitrum DAO, we can ask audit firms to be paid in ARB tokens (instead of selling to USD). This would lower the selling pressure. Since the price of ARB tokens is low, they might even hold it for some time or even better; get involved in governance.

Service providers typically quote their services in USD. We can have a combination of USD and ARB for alignment, but we generally can’t force service providers to accept ARB only.

From the pool of relevant auditors, who will be responsible for selecting the final one for each project? Will it be the committee or the project? I’m not entirely clear on who will make the final decision.

All auditors must be pre-approved for the program. This will predominantly be performed by the Arbitrum Foundation with support of the council members. Will clarify this in the proposal.

Also, is there a clear maximum amount per project that will be spent on auditing? The 100K assumption per project seems rather vague. I believe there should be a maximum amount, and even a maximum percentage for the cost subsidy everyone should have skin on the game.

Will this be converted immediately, or on an ongoing basis as needed? i suggest this is ongoing to reduce selling preassure.

It is a year-long program; so there is no requirement to exchange the funds immediately.

funding projects that then migrate to other ecos => why not make these audits some sort of investment or what sort of mitigation can be put in place?

In the proposal, we are offering the option to also use the subsidy to invest in the project, although we'd prefer if the project made its own in Arbitrum first :)

How are projects selected? there can be a lot of failures with early stage projects => having more structured programs for systematic validation and derisking (like e.g. the Hackathon Continuation Program) could mitigate this risk. Otherwise requiring some sort of traction in a PoC, letters of intent to purchase if B2B, or doing DD on validation… tricky.

SEEDGov from cattin.seedlatam.eth

7.8M TOKEN

posted 1 year ago

edited 1 year ago

After consideration, the @SEEDgov delegation has decided to vote “FOR” on this proposal at the Tally Vote.

Rationale

Although this is our first time joining the discussion, we wanted to share some thoughts on the process this proposal has gone through.

After consideration, the @SEEDgov delegation has decided to vote “FOR” on this proposal at the Tally Vote.

Rationale

Although this is our first time joining the discussion, we wanted to share some thoughts on the process this proposal has gone through.

At the beginning, we must admit there was quite a bit of confusion, as it was evident that there were frictions between the ADPC and the AF. Given how important this proposal is for the ecosystem, we believe this “transition” could have been handled under better conditions.

Having said that, we understand that the AF wants to take on a more active role in the DAO, and we actually welcome this decision, knowing that it’s one of the most Arbitrum-aligned entities that can bring significant value both to various initiatives and to decision-making.

However, it is important to mention that, despite this new approach, the DAO will still need Service Providers and other contributors to help achieve the objectives set through the S.O.S. That is why we emphasize the importance of ensuring that processes like this one are carried out in a structured and orderly manner. Otherwise, not only does it create uncertainty for potential SPs, but it also fosters an environment that can become toxic—not just in terms of governance dynamics but also for conducting business.

Regarding the program itself, we align with @krst’s perspective: the AF should meet the same standards required of any SP, as this is an initiative funded by the DAO. At the same time, we view the adjustments made after the initial feedback phase positively. In this regard, we believe the suggestions from various delegates have been valuable in improving this proposal and giving the DAO greater oversight over its execution.

gi0rgos from gi0rgos.eth

30.47 TOKEN

posted 1 year ago

Considerations:

I am sharing my considerations with the intent of being helpful, not judgmental. Everything that benefits our DAO should be pursued and completed.

Considerations:

I am sharing my considerations with the intent of being helpful, not judgmental. Everything that benefits our DAO should be pursued and completed.

The 100K figure might be a rough estimate of the total cost. Similarly, setting a target of 100 projects may not be a highly professional approach. However, the more projects we complete, the better. This approach is honest and alleviates some pressure from those managing the project. I understand the DAO’s response to a similar comment, but I still believe that reducing stress for the members is important. My concern stems from past experiences where project costs were miscalculated.

I also believe that assistance with auditing is necessary, as it could help reduce overall costs. However, before investing resources into auditing, each project should be carefully evaluated. If a project has fundamental issues that are likely to lead to its abandonment, spending money on auditing it would be wasteful. Pushing a problematic project forward only for it to be abandoned later would result in unnecessary expenses.

Pros:

More projects will be completed, hopefully at a lower cost, leading to increased income for the DAO. ADPC, one of our core components, will have another opportunity to provide value to the DAO by ensuring projects reach completion rather than being abandoned. A point that I find noteworthy is that two committee members are waiving their payment. While I do not oppose committee payments in general, I have observed cases where committees charge excessively high fees, which makes me more skeptical about certain proposals. In this case, the fact that members are voluntarily forgoing their compensation reflects a commitment to the DAO’s success rather than personal gain. (In general, I believe that fair compensation aligned with market standards is reasonable. However, when fees are disproportionately high, it raises concerns about whether the primary motivation is the DAO’s well-being or financial gain)

There is much more to discuss regarding this proposal, but I do not wish to repeat arguments that have already been analyzed. Instead, I have focused on the key points that justify my FOR vote.

SEEDGov from cattin.seedlatam.eth

7.8M TOKEN

posted 1 year ago

edited 1 year ago

After consideration, the @SEEDgov delegation has decided to vote “FOR” on this proposal at the Tally Vote.

Rationale

Although this is our first time joining the discussion, we wanted to share some thoughts on the process this proposal has gone through.

After consideration, the @SEEDgov delegation has decided to vote “FOR” on this proposal at the Tally Vote.

Rationale

Although this is our first time joining the discussion, we wanted to share some thoughts on the process this proposal has gone through.

gi0rgos from gi0rgos.eth

30.47 TOKEN

posted 1 year ago

Considerations:

I am sharing my considerations with the intent of being helpful, not judgmental. Everything that benefits our DAO should be pursued and completed.

Considerations:

I am sharing my considerations with the intent of being helpful, not judgmental. Everything that benefits our DAO should be pursued and completed.

Pros:

There is much more to discuss regarding this proposal, but I do not wish to repeat arguments that have already been analyzed. Instead, I have focused on the key points that justify my FOR vote.

DonOfDAOs from donofdaos.eth

posted 1 year ago

I will ABSTAIN from [NON-CONSTITUTIONAL] Arbitrum Audit Program:

As a builder in the space myself who had to complete security compliance and benefitted from support from DAO initiatives, I can strongly emphasize A. the importance of proper security auditing B. the significance of supporting early ventures in making it happen. The capacity of a new protocol or project to internally fund all security requirements is not a mark of its potential value to the ecosystem. Many projects simply don't have the funds to establish compliance and are left unable to proceed forward. Without supporting these ventures, Arbitrum as an ecosystem would likely lose a tremendous amount of potential value.

I will ABSTAIN from [NON-CONSTITUTIONAL] Arbitrum Audit Program:

That said, I am unsure why the conversion of ARB to USDC has to occur immediately and place downward pressure on the value of the ARB token (unless there is an OTC process I am missing). I imagine it may be to keep the total number of potentially supported projects at the rounded 100. However, candidly, 100 seems excessive to begin with, so in the event of downside price action, I’m not sure fewer than 100 would be a tragedy. And, given price action is bi-directional and markets are fairly compressed at present, we may actually see an expansion in token value and room for even more than 100 projects. Ultimately, I believe periodic (ideally OTC) swaps would be preferable. For this reason, I will ABSTAIN from this proposal. Should the community support it broadly, I would happily see it pass. However, should it not pass and need revision the above would be my suggestion.

DonOfDAOs from donofdaos.eth

posted 1 year ago

I will ABSTAIN from [NON-CONSTITUTIONAL] Arbitrum Audit Program:

JoJo from jojothecow.eth

2.6M TOKEN

posted 1 year ago

Several good improvements that i see here:

Quoted from Arbitrum

any code audited will need to remain exclusive to our ecosystem for a fixed period of time.

Several good improvements that i see here:

Quoted from Arbitrum

any code audited will need to remain exclusive to our ecosystem for a fixed period of time.

Quoted from Arbitrum

We are targeting relatively early stage projects, projects that have demonstrated product market fit on Arbitrum, and finally projects that have remained loyal to our ecosystem with an upcoming launch or upgrade that has the potential to help grow the ecosystem.

Quoted from Arbitrum

Native deployment. Projects that are operational on Arbitrum must demonstrate either a strong product market fit or a committed alignment with the Arbitrum ecosystem with expectations that subsequent product launches will be successful.
Migrating deployment. Project is planning to migrate from another blockchain ecosystem to Arbitrum
New audits only. Only new code, or code that has undergone significant modifications.
Arbitrum exclusivity. Audited code must remain exclusive to Arbitrum for a fixed period of time.

Quoted from Arbitrum

and a team member from the OpCo (when operational).

I like all of these addition which address most of what was proposed by several delegates. I also like adding one member of the opco because the sheer amount of work could potentially be important, and having more members involved in the DAO can be beneficial even just for comms and to keep context.

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Snapshot voting.

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Snapshot voting.

We attended both office hours for this proposal and, after reviewing the details, we believe this initiative is worth funding. We support initiatives that remove financial barriers for new projects. Many early-stage teams struggle to secure funding, and audits are one of the most expensive yet essential steps before launching.

Looking at the ADPC’s Security Subsidy Fund Report, we see strong demand for such programs. In just 8 weeks of the program, ADPC received a competitive number of applications from teams. Extending this support for a full year makes sense given the clear demand and potential impact on ecosystem growth.

Quoted from JoJo

the nature of protocols who could apply. Understanding that this proposal has a growth nature, we need to clarify if current protocols in arbitrum can apply, if protocols migrating/expanding from other chains can apply. And the answer likely can’t just be a single “yes” otherwise everybody who has to do an audit in arbitrum will come here making life of the committee miserable, there has to be some sort of wording on whom can apply

jump to post →

We also agree with @JoJo’s point that clear eligibility criteria should be outlined for protocols. It is important to define which protocols can apply to prevent the committee from being overwhelmed with applications. We would like to see these details clarified before the Tally vote.

And regarding the miscommunication between ADPC and the AF, we believe a structured communication channel between AF and DAO could help with which initiatives they are working on or planning for the future. Whether through monthly Governance Reporting Calls (GRCs) or forum updates, the DAO should be kept informed about ongoing initiatives. This will help avoid such overlapping efforts and improve coordination in the future.

Tane from tanegov.eth

43.6K TOKEN

posted 1 year ago

We vote FOR the proposal on Snapshot.

After reviewing the proposal, Foundation clarifications, delegate feedback, and recent calls, we support running the program under the new organization led by the Foundation and a technical expert, with OpCo participation in the future. This setup better accommodates the audit program's unique requirements, including a strong business development perspective and the need for projects to remain as stealth as possible.

We vote FOR the proposal on Snapshot.

While it's unfortunate that miscommunications happened between the program authors and ADPC, we believe the DAO can look forward to more streamlined communication and collaboration moving forward. Both parties share a common goal, and the outputs from the ADPC program will be effectively leveraged to achieve a successful outcome.

Quoted from Arbitrum

If we assume, conservatively, that each project will receive a $100k subsidy, then with a $10m budget, we can subsidize around 100 projects to build on Arbitrum which is approximately 1.9 projects per week for 1 year.

One concern that we have is that a team of a few might struggle to manage about 1.9 projects per week. Considering that audit subsidy needs are ongoing and permanent, the program could evolve from a one-year initiative into a continuous support model. The allocated budget in this proposal could be reviewed after an initial six-month phase and then reused as needed.

JoJo from jojothecow.eth

2.6M TOKEN

posted 1 year ago

Several good improvements that i see here:

Quoted from Arbitrum

any code audited will need to remain exclusive to our ecosystem for a fixed period of time.

Several good improvements that i see here:

Quoted from Arbitrum

any code audited will need to remain exclusive to our ecosystem for a fixed period of time.

Quoted from Arbitrum

Native deployment. Projects that are operational on Arbitrum must demonstrate either a strong product market fit or a committed alignment with the Arbitrum ecosystem with expectations that subsequent product launches will be successful.
Migrating deployment. Project is planning to migrate from another blockchain ecosystem to Arbitrum
New audits only. Only new code, or code that has undergone significant modifications.
Arbitrum exclusivity. Audited code must remain exclusive to Arbitrum for a fixed period of time.

Quoted from Arbitrum

and a team member from the OpCo (when operational).

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Snapshot voting.

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Snapshot voting.

Quoted from JoJo

jump to post →

Tane from tanegov.eth

43.6K TOKEN

posted 1 year ago

We vote FOR the proposal on Snapshot.

Quoted from Arbitrum

Saurabh

8.0M TOKEN

posted 1 year ago

The following reflects the views of GMX’s Governance Committee and is based on the combined research, evaluation, consensus, and ideation of various committee members.

The Arbitrum Audit Committee is an initiative led by the Arbitrum Foundation (AF) and Offchain Labs (OCL). The committee will consist of members from AF, OCL, one member elected by the DAO, and one member from the OpCo (once operational). The program is planned to run for one year.

The following reflects the views of GMX’s Governance Committee and is based on the combined research, evaluation, consensus, and ideation of various committee members.

◦ The Foundation had initially planned to run this program before the ADPC (Arbitrum DAO Procurement Committee). CoinFlip, one of the contributors, was actively involved in discussions with the Foundation. However, the ADPC implemented a similar program first, which was highly successful and well-managed. GMX was one of the recipients of this successful program. ◦ The proposal addresses a critical need in the ecosystem by subsidizing audit costs for projects, which is a significant barrier for many builders. ◦ It outlines a well-defined process for project selection, auditor approval, and fund allocation. The inclusion of a committee with technical expertise ensures rigorous evaluation of projects—a gap that existed in the ADPC program. ◦ The commitment to publish quarterly updates ensures accountability and allows the DAO to track the program’s progress and impact. ◦ The ADPC, in its second iteration, did not include the audit program in its scope of work. Even if they were to implement it, the process would take considerable time. Therefore, the Foundation leading this initiative is logical and timely. ◦ Implement a competitive bidding process for auditors to ensure fair pricing and prevent monopolization. Consider capping the number of projects per auditor to promote diversity. ◦ The handling of this proposal could have been more professional between the Foundation and the ADPC. Future proposals should be developed in consultation with key stakeholders to avoid duplication of efforts and foster a cooperative ecosystem. ◦ Will the application be on a rolling basis? How much will these audits be capped and how much % of the audit does the committee plan to cover? ADPC created their own tooling infrastructure for the program will the foundation utilise it or create their own? how do you decide who gets audits approved? what is the strategy?

The DAO currently lacks an active audit program, and launching this initiative at the earliest could be highly beneficial for the ecosystem. Based on our daily interactions with builders, audit support is one of the most frequently requested forms of assistance. The first iteration of the ADPC’s audit program was highly successful, and this new proposal builds on that foundation while addressing previous gaps.

dragonawr

2.05 TOKEN

posted 1 year ago

edited 1 year ago

I will be voting AGAINST this proposal on Snapshot. While the overall sentiment and goals behind a separate Audit Program are more than justified, I think there is some clear overlap between it and what should ultimately be part of the ADPC's mission.

Reading @adpc's response it's obvious this proposal was born out of dissatisfaction with the ADPC's results or its failure to be deployed quickly, but there was miscommunication between both parties and we should really be asking ourselves if that alone warrants shelling out an extra $10M on a different program.

Procurement of proper auditors should be the number one concern for any audit program, and I think this could/should be achieved with involvement from both actors, if the audit program were to be passed.

Would it be worth considering giving the ADPC a seat at the committee in a revised version of this proposal?

I appreciate adding a seat for an OpCo representative, and have no objections towards the budget and structure, save for the immediate need to request the 30M ARB, in spite of not knowing how much will actually be spent and thus possibly adding a bit of unneeded selling pressure (even if unused funds are returned in USDC and ARB).

Recapping, I don't think this proposal should move forward without establishing a better integration of it within the ADPC's goals or its role within the proposed Audit Program.

Saurabh

8.0M TOKEN

posted 1 year ago

The following reflects the views of GMX’s Governance Committee and is based on the combined research, evaluation, consensus, and ideation of various committee members.

dragonawr

2.05 TOKEN

posted 1 year ago

edited 1 year ago

Would it be worth considering giving the ADPC a seat at the committee in a revised version of this proposal?

Recapping, I don't think this proposal should move forward without establishing a better integration of it within the ADPC's goals or its role within the proposed Audit Program.

We voted Against the proposal on Snapshot.

Although we support the overall goal of the proposed program, we believe the Arbitrum Foundation (AF) has moved forward without adequately addressing existing concerns, particularly those raised by delegates around why the ADPC framework wasn’t fully utilized. These should have been addressed before the proposal goes to Snapshot. We believe these points should first be resolved in a way that satisfies everyone involved, as suggested by @KlausBrave:

Quoted from KlausBrave

I would even go so far as to say AF should not proceed to snapshot without and before doing a repeat call, including ADPC/the relevant service providers & it must be recorded so all global DAO participants can access the information as part of decision making.

jump to post →

Right now, the proposal appears to stand apart from the existing ADPC framework and we agree with @PGov that there should be a more streamlined and consistent process to ensure that leverages existing structures:

Quoted from PGov

Since the ADPC has established procurement frameworks and whitelisted security service providers, prolly makes sense to move these existing structures to streamline the implementation of the new program,

jump to post →

In line with what @pedrob and @krst have highlighted, we think it’s essential for the AF to incorporate or at least improve upon already established frameworks rather than proposing an entirely separate approach:

Quoted from pedrob

I want to see those learnings materialized in a framework that is sustainable over time and does not rely on the Foundation stepping into the DAO and taking full ownership of the proposal, as I believe that is not a viable long-term solution.

jump to post →

Quoted from krst

We want to thank the ADPC for all the work they’ve done in setting up the framework and whitelisting security service providers. We hope to see the Foundation use the groundwork the ADPC has done and build on top of it.

jump to post →

While we have no objection to the ultimate aim of this proposal, we oppose the current process of pushing the proposal to Snapshot without first addressing the issues, and the feedback raised left a negative impression. A more inclusive approach would have strengthened the proposal, but seeing as it has moved to snapshot, we would prefer that the proposal be overhauled based on feedback received and have voted AGAINST.

I think the Arbitrum Audit Program has a lot of potential and addresses an important need. Smart contract audits are essential, especially for early-stage projects that might not have the resources to afford them. Helping these teams launch securely not only protects users but also strengthens the entire Arbitrum ecosystem. I also appreciate the idea of offering subsidies as investments in some cases, which could help align projects with Arbitrum over the long term.

That said, I have some reservations about whether this program will be more effective than the ADPC Security Subsidy Fund, which has already demonstrated strong results.

Key Considerations:

Fair Pricing for Audits: With a large budget, there’s always a risk of inflated costs from audit firms. More clarity on pricing strategies—such as benchmarks, a bidding system, or transparency requirements—would be reassuring.
Committee Workload: A small, part-time team may struggle to review applications thoroughly. Ensuring a detailed yet manageable review process will be key to the program’s success.
Project Retention in the Arbitrum Ecosystem: The proposal includes safeguards against projects taking the subsidy and migrating elsewhere, but enforcing this might be challenging. More details on how this would be handled could strengthen the proposal.
Token Management and Market Impact: Selling a large amount of ARB at once could put downward pressure on the token price. A phased approach or allowing auditors to accept ARB directly might help mitigate this concern.
Defining Clear ROI Metrics: A $10M budget is a big commitment, and measuring success purely by the number of projects audited may not be sufficient. KPIs should focus on real impact—such as user adoption, TVL growth, and increased network activity.

Comparing Arbitrum Foundation and ADPC’s Strengths

One of the strengths of this proposal is that it is cheaper than ADPC, as it only requires hiring one technical expert at $60K per year, compared to $360K per year under ADPC. However, cost efficiency alone does not necessarily mean better results.

I believe the Arbitrum Foundation has stronger technical expertise, which likely makes it better positioned to select the best auditing service providers and ensure a smooth audit facilitation process. This could help improve the quality and efficiency of audits under the new program.

However, ADPC has proven to be highly effective in other critical areas, particularly in maximizing Arbitrum’s exposure among protocols, building strong relationships, and creating synergies that support protocol growth beyond just audits. The Security Subsidy Fund Outcome Report highlights how ADPC successfully connected with top-tier protocols like GMX, Gamma Strategies, and D2 Finance, ensuring they remained within the Arbitrum ecosystem.

Additionally, ADPC’s marketing strategy was highly effective—they not only actively promoted the subsidy fund to attract top protocols but also leveraged their connections to amplify outreach. By collaborating with selected protocols, ADPC was able to use their marketing resources to further promote both the Security Subsidy Fund and Arbitrum’s ecosystem as a whole.

Given ADPC’s track record, I am uncertain whether the Arbitrum Audit Program will be able to replicate or improve upon these ecosystem-building efforts. While this new program may enhance the technical side of audits, it is unclear if it will achieve the same level of community engagement, exposure, and long-term protocol support that ADPC has demonstrated.

ADPC Security Subsidy Fund Outcome Report

Decision: Abstaining from the Vote

While I see the potential benefits of this proposal, I remain uncertain about whether it will be a significant improvement over ADPC. The Arbitrum Foundation may have better technical expertise to optimize the audit selection and facilitation process, but ADPC has been exceptionally strong at ecosystem growth, marketing, and building lasting relationships with protocols. Additionally the cost savings is not enough that it's a major deciding factor for this proposal.

Until there is more clarity on how this program will build upon ADPC’s successes in those areas, I have decided to abstain from the vote.

I look forward to hearing more perspectives from the community and seeing how this discussion evolves as I am not totally against this proposal but feel it needs to be better constructed for me to support it.

pedrob from pedrobreuer.eth

581.3K TOKEN

posted 1 year ago

I vote in favor of this proposal in the temp-check.

However, I want to clarify something: my signal in the temp-check specifically means that I agree with the motivation behind the proposal and the idea of “quickly” setting up a subsidy fund for audits—something essential to supporting developers in Arbitrum.

I vote in favor of this proposal in the temp-check.

That being said, I believe the proposal still needs some modifications for me to maintain this vote on Tally.

I attended the unrecorded call where the ADPC and the Foundation exchanged views on the execution of the subsidy fund and their approach moving forward. I understand there is an intention to collaborate, share ADPC's learnings, and strengthen the program. However, for me, that intention alone is not enough—I want to see those learnings materialized in a framework that is sustainable over time and does not rely on the Foundation stepping into the DAO and taking full ownership of the proposal, as I believe that is not a viable long-term solution.

Quoted from pedrob

I believe the process developed by the ADPC did have value, mainly in the criteria outlined for both auditors and projects selection. Maintaining continuity in the process and criteria provides predictability for auditors and projects looking to apply and how to improve for future applications. It also allows the DAO to replace program managers without friction or negatively impacting the program.

In that sense, building a new program from scratch will cause the very delays you are trying to avoid. And of course, this will happen again in the future.

I’m very happy to see you stepping up and getting more directly involved in the DAO. What concerns me, however, is the possibility of you taking ownership of the initiatives and starting from scratch, which could lead to the loss of sustainable frameworks that don’t rely on a single provider or manager (or at least with the intention of reaching that point.). It’s true that you may be the most suitable to execute this work and lead the committee, but I’d prefer that, as a DAO, we can be a bit more inefficient if it means developing frameworks that are sustainable over time for when you decide to step back again.

jump to post →

Additionally, I echo @krst comments and would like to see them explicitly incorporated into the proposal text.

Quoted from krst

One thing we’d like to point out about the proposal itself is that the Foundation will run the subsidy fund on behalf of the DAO using the DAO’s funds. As such, we’ll hold them to the same standard as any and all other contributors and service providers, and we actually expect them to be an example of what a DAO-funded program should look like.

jump to post →

KlausBrave from klausbrave.eth

50.2K TOKEN

posted 1 year ago

edited 1 year ago

I agree with @CastleCapital and @paulofonseca.
As a matter of policy all calls in Arbitrum should be recorded so all people can access relevant information in the deliberation and decision-making process, either real-time or async according to one's need and style.
I think every call in Arbitrum should be recorded as a policy and be on the record. This needs to be solved. i.e. its not ok this controversial Audit call from earlier in this week was not recorded, I was not on it and don't have the required information to make a decision on this matter. That's not good enough in my mind as a way for Arbitrum to operate and as a matter of priority this needs to get solved.
I would even go so far as to say AF should not proceed to snapshot without and before doing a repeat call, including ADPC/the relevant service providers & it must be recorded so all global DAO participants can access the information as part of decision making.
In addition for a controversial proposal I am not in favour of proposals being rushed to snapshot exactly at 7 days if forum dialogue isn't resolving/converging to a state that makes sense to move to Snapshot. I'm seeing more of this behaviour DAO wide and don't think its a good practice. I think proposal authors should take extra time and care if there is strong divergent sentiment to dig deeper and extend the deliberative process.
This proposal isn't only about this proposal it strikes to the heart of settling the expectations and agreements people understand and are experiencing unclarity in the social contract between Arbitrum Foundation and DAO service providers.
@stonecoldpat and those stewarding this from the Foundation, I invite slowing down at this pivotal moment staying with the tension and working through resolving/converging to something encompassing the real feedback of contributors.
Can we pause on taking this to Snapshot today and setup another meeting?

danielo from mrjackalop.eth

0.00 TOKEN

posted 1 year ago

Quoted from JoJo

The program afaik is not intended to do investments. So why are you mentioning it? I can agree that, de facto, financing an important audit for a project is an indirect investment in the ecosystem, but is not the main focus here. @danielo above proposed this approach, which I could like, but we currently don’t have the structures/infra/legal to support this and is a bit soon (but also soon we could have the avi, we will have the opco, we will have sos goals that might match this). Anyway, feels like someone asking what time is it, and having as an answer “thursday”.

jump to post →

Quoted from JoJo

jump to post →

we don't have a fully streamlined setup for investments (that's coming) but we do have the ability to make investments and we already broke a lot of ground here with the Hackathon Continuation program. The Foundation has capabilities to sign investment contracts so if they're willing to allocate capacity here, I don't see why this would be a problem. Once a template contract is setup, the responsibility then falls to the team operating the program to negotiate these (which could be a challenge but not necessarily insurmountable).

What I'm understand is that the program proposed here moves us from partial subsidy of Audits to full subsidy, and this creates incentive misalignment (projects can abuse the program by getting crap audited). That seems like a move in the wrong direction and could be rectified by getting projects to bear part of the costs (current system as I understand) or otherwise by making audit subsidies an investment (with the complications mentioned above)

krst from delegate.l2beat.eth

10.0M TOKEN

posted 1 year ago

The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas. It’s based on their combined research, fact-checking, and ideation.

We want to thank the ADPC for all the work they’ve done in setting up the framework and whitelisting security service providers. We hope to see the Foundation use the groundwork the ADPC has done and build on top of it.

The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas. It’s based on their combined research, fact-checking, and ideation.

In our view, this is an expected pathway for many different initiatives the DAO undertakes; a third-party contributor proposes something and leads the charge, and once the concept is proven, the AF (or in the future, the OpCo) internalizes it and optimizes it to be as efficient as possible, creating value within the DAO structures.

At this time, the DAO has no way of providing a security audit subsidy to projects, given that the previous subsidy fund from the ADPC has run out and there have been no steps to renew it. In our view, it makes sense for the Foundation to administer the security subsidy fund, given its position and proximity to both builders and Arbitrum’s tech.

We would also like to emphasize that we see this program as a BD initiative that should first and foremost drive the growth of the Arbitrum ecosystem. Therefore, we expect that whoever the OCL and AF representatives will be in the committee, they will coordinate internally to make sure that the projects selected to receive audit grants are in line with Arbitrum's long-term growth strategy.

JoJo from jojothecow.eth

2.6M TOKEN

posted 1 year ago

Hello and welcome @Q12 in the arbitrum forum. Quite a way to enter the arena.

I have no horse in this race but I am quite curious about your approach and several statements, to which I would gladly read some clarification if you would be kind enough to answer my questions.

Quoted from Q12

One of these statements is untrue. Token holders deserve to know which version is accurate before being asked to trust the Foundation with $10M in DAO funds.

Hello and welcome @Q12 in the arbitrum forum. Quite a way to enter the arena.

I have no horse in this race but I am quite curious about your approach and several statements, to which I would gladly read some clarification if you would be kind enough to answer my questions.

Quoted from Q12

One of these statements is untrue. Token holders deserve to know which version is accurate before being asked to trust the Foundation with $10M in DAO funds.

jump to post →

I agree that there should be more clarity on this. I also think that there could be a disconnection between contributing as evaluating proposals, and contributing as taking care of other tasks such as the legal part or avoiding frauds. Both tasks are contributing to the initiative, both have also a different degree of importance in term of outcome for the end user (in this case, the protocol) and the broad ecosystem (the dao, the foundation).

Quoted from Q12

The Foundation proposes to run a $10M program with part-time, unpaid committee members “next to their everyday duties.” This is frankly absurd. You don’t run what you yourself call a “mission-critical” program as a side hobby. The proposed structure screams of inexperience in running professional investment operations.

jump to post →

This seems stretched. AFAIK the foundation didn't publish the amount of workforce they would employee in this; nor we do know how much opco will be able to take on, nor how many fte will OCL put on the table. Finally, there is a third paid member.

Quoted from Q12

The Foundation’s claim they will “waive fees” is either naive or deliberately misleading. These costs will simply be absorbed into their DAO-funded operational budget.

jump to post →

This is, honestly, just taking a situation and bending it around. I could answer in several ways; will do by quoting the official docs:

The Foundation operates as a neutral steward in order to support the ArbitrumDAO, the continuous innovation of the Arbitrum technology and the development and education of the Arbitrum community.

The Foundation literally has a budget to support the DAO. In the statement above you are trying to highlight in a negative light the equivalent of saying "the sky is blue". IMHO, of course.

Quoted from Q12

The Foundation’s fixation on “technical expertise” demonstrates a basic misunderstanding of what this program requires. What’s needed is deep knowledge of the security services market and audit space - not generic technical knowledge. The ADPC demonstrated this understanding by engaging DeDaub, an established security firm. Why would a random technical person from the Foundation or OCL have more relevant expertise than actual auditing professionals? This misalignment of expertise requirements raises serious concerns about the Foundation’s ability to even properly scope this program.

jump to post →

I honestly think you are putting the cart in front of the horse here. There is a third, paid member, that could be literally dedaub or someone working for an audit firm. In the recent stylus program, we had 2 person from open zeppelin for example. More than saying that foundation has a "fixation", wouldn't it be better to highlight that the third member should be, in your opinion, someone with a deep knowledge of the security market? And so, maybe, only nominated and not elected by the DAO? (and btw i would tend to agree with this). As a final note, slamming ocl/af about technical expertise here feels excessive and uncalled. This is not to simply be a cheerleader: but all of this that we have now, this whole ecosystem, would not exists without these people. Saying that this expertise, paired with a third member that is vertical in security, doesn't count, is being short-sighted at best, ill intended at worst.

Quoted from Q12

This is fundamentally an investment program requiring sophisticated venture capital and private equity experience in evaluating early-stage projects. The Foundation’s emphasis on technical expertise while completely ignoring the need for investment acumen shows a fundamental misunderstanding of what drives successful project selection and portfolio management. Where is the venture capital expertise on their proposed committee? Who has experience managing comparable investment programs?

jump to post →

A bit puzzled by this. The program afaik is not intended to do investments. So why are you mentioning it? I can agree that, de facto, financing an important audit for a project is an indirect investment in the ecosystem, but is not the main focus here. @danielo above proposed this approach, which I could like, but we currently don't have the structures/infra/legal to support this and is a bit soon (but also soon we could have the avi, we will have the opco, we will have sos goals that might match this). Anyway, feels like someone asking what time is it, and having as an answer "thursday".

Quoted from Q12

The Foundation’s operational budget was not intended as a shadow grant program.

jump to post →

The foundation has a grant program that can also include audits for what I know. This has been true and known since the very beginning. You can find more info here. Beside, in every ecosystem foundations have internal grant programs to sponsor protocols and builders. I agree tho that more transparency in this sense would be something good for the dao as well.

Quoted from Q12

The Foundation’s complete failure to coordinate internally is alarming. They were actively working with the ADPC on this exact initiative, received a detailed proposal, and then launched a competing proposal without any communication. This level of organizational dysfunction raises serious questions about their capacity to manage complex programs.

jump to post →

Defining this situation as a complete failure seems a mix of being excessive or slandering. You choose what applies here best. Looking at the answer from the Foundation, there has been indeed miscommunication with both one party (areta/axis/daimon) and internally (people talking with adpc vs people preparing the proposal). This is something that yes, can improve and should improve. Looking at the opening roles for the AF, they are indeed looking for further people for dao relationship, and at the same time we as a dao need to better organize single PoC for verticals. Because I know for a fact that AF gets pinged by tons of individuals for tons of different things, with the people being pinged not necessarily in charge of taking this inbound request. I am digressing a bit here and I am not trying to justify anybody here. There is definitely margin of improvement in comms on all sides.

Quoted from Q12

than allowing the Foundation to experiment with DAO funds

jump to post →

I don't honestly think this initiative is AF experimenting with dao funds: they want to pay audits for protocols in arbitrum.

Quoted from Q12

we propose selecting ONE premier service provider with:

jump to post →

This is where you fall short. Coming in an anon form, to the dao, criticising at an horizontal level, and then proposing "a single one premier service" without knowing if you might have a conflict in proposing this is where everything that you wrote can just fall in credibility. To be clear: is not that the idea of subsidizing through a third party is necessarily wrong.

Now, you likely lost a decent amount of time in writing the above. I for sure lost at least 40 minutes trying to answer here, so let's try to take out something good for everybody involved in this discussion:

There is a merit for AF to improve comms, both internally and with the DAO. From what I understand, looking at recent changes, recent hiring proposals, this should hopefully happen, but is gonna take time and won't happen in a single day or week. At the same time, we as a DAO need one or more steward capable of taking inbound requests and proposals, big or small, to avoid losing track of stuff. This last part doesn't necessarily apply to this situation but is still relevant imho
There is also a merit for the AF to open a bit the transparency regarding grants. One thing we have seen is that AF has certain criterias to select protocols, and the various DAO programs might have others. Increasing transparency, while not necessarily disclosing the amounts or other sensitive data, could probably benefit the coordination of all stakeholders
There is indeed a merit for the Foundation to potentially negotiate privately with entities (areta, axis, single delegates and contributor) to be part of certain initiatives. I am honestly not sure if AF has the legal capabilities to do so; if not possible, opco should be able help in this sense, and AF should find a way to leverage it. This because if an entity or a person has been contributing to the Arbitrum ecosystem for 3 months, 6 months, 1 year or more, just replacing that entity with someone else has a cost exactly like replacing any person or SP in a company has a cost. A cultural cost, an alignment cost, a time cost and so on. I am not saying that in this specific case AF should have for example negotiated with the current ADPC member for a different structure, a different payment etc, even tho it would have been maybe ideal; but if we think about Areta, Axis, Daimon, DeDaub hypothetically not contributing anymore to the DAO, it would honestly be a pity if the reason is just due to the monetary compensation or miscommunications when these entities have run several programs in arbitrum. We should always find ways to preserve the value we create more than destroy it

there is a merit for the DAO to start having a profound discussion on having point of focus capable of coordinating the hundreds of initiatives that we have to also make life of OCL/AF easier. We just can't pretend that answering to a lot of messages coming everyday from very different people is normal from the AF side
finally @Q12 would be interesting to know who you do effectively represent. Understanding that we have a bovine asking an anon his identity, if this is not impossible I strongly invite you to participate to the next governance call, happening tuesday, 25th, at 4PM utc or the audit call happening monday, 24th, 2PM utc. I have added the links to the call. It would be quite good to be able to talk about the points you raised.

We voted Against the proposal on Snapshot.

Quoted from KlausBrave

I would even go so far as to say AF should not proceed to snapshot without and before doing a repeat call, including ADPC/the relevant service providers & it must be recorded so all global DAO participants can access the information as part of decision making.

jump to post →

Quoted from PGov

Since the ADPC has established procurement frameworks and whitelisted security service providers, prolly makes sense to move these existing structures to streamline the implementation of the new program,

jump to post →

Quoted from pedrob

I want to see those learnings materialized in a framework that is sustainable over time and does not rely on the Foundation stepping into the DAO and taking full ownership of the proposal, as I believe that is not a viable long-term solution.

jump to post →

Quoted from krst

We want to thank the ADPC for all the work they’ve done in setting up the framework and whitelisting security service providers. We hope to see the Foundation use the groundwork the ADPC has done and build on top of it.

jump to post →

That said, I have some reservations about whether this program will be more effective than the ADPC Security Subsidy Fund, which has already demonstrated strong results.

Key Considerations:

Fair Pricing for Audits: With a large budget, there’s always a risk of inflated costs from audit firms. More clarity on pricing strategies—such as benchmarks, a bidding system, or transparency requirements—would be reassuring.
Committee Workload: A small, part-time team may struggle to review applications thoroughly. Ensuring a detailed yet manageable review process will be key to the program’s success.
Project Retention in the Arbitrum Ecosystem: The proposal includes safeguards against projects taking the subsidy and migrating elsewhere, but enforcing this might be challenging. More details on how this would be handled could strengthen the proposal.
Token Management and Market Impact: Selling a large amount of ARB at once could put downward pressure on the token price. A phased approach or allowing auditors to accept ARB directly might help mitigate this concern.
Defining Clear ROI Metrics: A $10M budget is a big commitment, and measuring success purely by the number of projects audited may not be sufficient. KPIs should focus on real impact—such as user adoption, TVL growth, and increased network activity.

Comparing Arbitrum Foundation and ADPC’s Strengths

ADPC Security Subsidy Fund Outcome Report

Decision: Abstaining from the Vote

Until there is more clarity on how this program will build upon ADPC’s successes in those areas, I have decided to abstain from the vote.

pedrob from pedrobreuer.eth

581.3K TOKEN

posted 1 year ago

I vote in favor of this proposal in the temp-check.

That being said, I believe the proposal still needs some modifications for me to maintain this vote on Tally.

Quoted from pedrob

In that sense, building a new program from scratch will cause the very delays you are trying to avoid. And of course, this will happen again in the future.

jump to post →

Additionally, I echo @krst comments and would like to see them explicitly incorporated into the proposal text.

Quoted from krst

jump to post →

KlausBrave from klausbrave.eth

50.2K TOKEN

posted 1 year ago

edited 1 year ago

danielo from mrjackalop.eth

0.00 TOKEN

posted 1 year ago

Quoted from JoJo

jump to post →

Quoted from JoJo

jump to post →

krst from delegate.l2beat.eth

10.0M TOKEN

posted 1 year ago

The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas. It’s based on their combined research, fact-checking, and ideation.

JoJo from jojothecow.eth

2.6M TOKEN

posted 1 year ago

Hello and welcome @Q12 in the arbitrum forum. Quite a way to enter the arena.

I have no horse in this race but I am quite curious about your approach and several statements, to which I would gladly read some clarification if you would be kind enough to answer my questions.

Quoted from Q12

One of these statements is untrue. Token holders deserve to know which version is accurate before being asked to trust the Foundation with $10M in DAO funds.

Hello and welcome @Q12 in the arbitrum forum. Quite a way to enter the arena.

I have no horse in this race but I am quite curious about your approach and several statements, to which I would gladly read some clarification if you would be kind enough to answer my questions.

Quoted from Q12

One of these statements is untrue. Token holders deserve to know which version is accurate before being asked to trust the Foundation with $10M in DAO funds.

jump to post →

Quoted from Q12

jump to post →

Quoted from Q12

The Foundation’s claim they will “waive fees” is either naive or deliberately misleading. These costs will simply be absorbed into their DAO-funded operational budget.

jump to post →

This is, honestly, just taking a situation and bending it around. I could answer in several ways; will do by quoting the official docs:

The Foundation operates as a neutral steward in order to support the ArbitrumDAO, the continuous innovation of the Arbitrum technology and the development and education of the Arbitrum community.

The Foundation literally has a budget to support the DAO. In the statement above you are trying to highlight in a negative light the equivalent of saying "the sky is blue". IMHO, of course.

Quoted from Q12

jump to post →

Quoted from Q12

jump to post →

Quoted from Q12

The Foundation’s operational budget was not intended as a shadow grant program.

jump to post →

Quoted from Q12

jump to post →

Quoted from Q12

than allowing the Foundation to experiment with DAO funds

jump to post →

I don't honestly think this initiative is AF experimenting with dao funds: they want to pay audits for protocols in arbitrum.

Quoted from Q12

we propose selecting ONE premier service provider with:

jump to post →

There is a merit for AF to improve comms, both internally and with the DAO. From what I understand, looking at recent changes, recent hiring proposals, this should hopefully happen, but is gonna take time and won't happen in a single day or week. At the same time, we as a DAO need one or more steward capable of taking inbound requests and proposals, big or small, to avoid losing track of stuff. This last part doesn't necessarily apply to this situation but is still relevant imho
There is also a merit for the AF to open a bit the transparency regarding grants. One thing we have seen is that AF has certain criterias to select protocols, and the various DAO programs might have others. Increasing transparency, while not necessarily disclosing the amounts or other sensitive data, could probably benefit the coordination of all stakeholders
There is indeed a merit for the Foundation to potentially negotiate privately with entities (areta, axis, single delegates and contributor) to be part of certain initiatives. I am honestly not sure if AF has the legal capabilities to do so; if not possible, opco should be able help in this sense, and AF should find a way to leverage it. This because if an entity or a person has been contributing to the Arbitrum ecosystem for 3 months, 6 months, 1 year or more, just replacing that entity with someone else has a cost exactly like replacing any person or SP in a company has a cost. A cultural cost, an alignment cost, a time cost and so on. I am not saying that in this specific case AF should have for example negotiated with the current ADPC member for a different structure, a different payment etc, even tho it would have been maybe ideal; but if we think about Areta, Axis, Daimon, DeDaub hypothetically not contributing anymore to the DAO, it would honestly be a pity if the reason is just due to the monetary compensation or miscommunications when these entities have run several programs in arbitrum. We should always find ways to preserve the value we create more than destroy it

there is a merit for the DAO to start having a profound discussion on having point of focus capable of coordinating the hundreds of initiatives that we have to also make life of OCL/AF easier. We just can't pretend that answering to a lot of messages coming everyday from very different people is normal from the AF side
finally @Q12 would be interesting to know who you do effectively represent. Understanding that we have a bovine asking an anon his identity, if this is not impossible I strongly invite you to participate to the next governance call, happening tuesday, 25th, at 4PM utc or the audit call happening monday, 24th, 2PM utc. I have added the links to the call. It would be quite good to be able to talk about the points you raised.

Thank you very much for your detailed response. I agree with many of the opinions and learnings you've shared.

Quoted from Arbitrum

It took around ~10 months to stand up and complete the 8 week program. Unfortunately, this meant there was no security subsidy fund by the ArbitrumDAO for most of 2024.

jump to post →

Since you mention that you’ve been very involved in the execution of the Subsidy Fund, why do you think this took so long? The DAO is usually not this inefficient in the administration and execution of its programs.

Quoted from Arbitrum

jump to post →

I'm in complete agreement with this. In fact, it was a suggestion I made when the Subsidy Fund was being discussed. However, for some reason, it led to a vote for a new committee rather than incorporating an expert, which was ultimately rejected by the DAO.

Quoted from Arbitrum

jump to post →

To be clear, I wasn't suggesting that the ADPC (or at least its current composition) continue managing the Subsidy Fund. In fact, I've shared my concerns about its execution and am still waiting for the final report, which I understand will be published this week.

However, I don’t necessarily agree with your last point about taking over a framework developed by others and the idea that just because it was developed by others (others would be the DAO in this case), it should be discarded, and you should start from scratch with your own framework.

In that sense, building a new program from scratch will cause the very delays you are trying to avoid. And of course, this will happen again in the future.

I'm very happy to see you stepping up and getting more directly involved in the DAO. What concerns me, however, is the possibility of you taking ownership of the initiatives and starting from scratch, which could lead to the loss of sustainable frameworks that don't rely on a single provider or manager (or at least with the intention of reaching that point.). It's true that you may be the most suitable to execute this work and lead the committee, but I’d prefer that, as a DAO, we can be a bit more inefficient if it means developing frameworks that are sustainable over time for when you decide to step back again.

That’s why, for instance::

Quoted from Arbitrum

Approving Auditors

The Arbitrum Foundation will take on the role of evaluating auditors who want to apply for this program which includes an interview, reference checks, compliance, and agreement to the terms & conditions of this program. It should be noted that we will conduct an individual negotiation with all approved auditors to take into account potential different rates and offerings from the auditors. Additionally, auditors can apply at any time to join the program.

This aspect seems a bit concerning when considering the continuity of the program in the future. We can certainly trust you AF to manage it, and you will likely do it great. But the day you decide to step away, it will become a problem. That’s precisely why the procurement process was created.

In this same regard:

Quoted from Arbitrum

On the final point, how to avoid projects getting a grant and then launching on another chain, this is generally the same problem that all grant programs encounter:

We will prioritise projects who are leveraging Arbitrum’s core technology stack, like a smart contract for stylus or deploying their own chain.
We may decide to invest in the project over a simple grant as that offers a closer partnership with the project and helps align incentives for all parties involved to remain on Arbitrum.
Depending on subsidy size, there may be clauses that require projects to launch on Arbitrum before other projects.

jump to post →

This is something you can set up and execute, but since it’s not a standardized process, it could eventually be lost (with the criterias applied and the knowledge obtained).

Quoted from Arbitrum

A subsidy will be offered as a grant or an investment in the project depending on size and long-term alignment.

The same goes for the idea of offering investments. It’s very interesting and may be appropriate, but as it's structured, it’s not creating a framework that can be replicated in the future for other PMs.

Quoted from Arbitrum

Arbitrum Audit Committee

We propose a committee with a mixture of technical expertise and DAO representation who will have the necessary skills and time to review proposals on an on-going basis.

Chair: Team Member - Arbitrum Foundation (Waiving Payment)
Team Member - Offchain Labs (Waiving Payment)
Technical Expert - Elected by DAO
Team Member - ArbitrumDAO’s OpCo (when operational)

I think this composition of the committee is appropriate. That’s why I believe using the existing framework, with the lessons you’ve pointed out as areas for improvement, can be a great complement to create a kind of v2 program that is sustainable over time, regardless of who makes up the committee.

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

edited 1 year ago

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

Thank you for putting forward this proposal.

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

Thank you for putting forward this proposal.

We’re glad to see the Arbitrum Foundation leading this initiative. Definitely, audits play a critical role in securing on-chain projects, but they are often too expensive for early-stage teams. By offering subsidies, this program removes a major financial barrier, making it easier for developers to launch safely on Arbitrum instead of choosing other chains.

We are generally in favor of the proposal but would appreciate some clarification -

Quoted from Arbitrum

The Arbitrum Audit Subsidy Program invites projects to apply via an open applications track with a standardised form to gather the following information:

How will the application process work for projects applying? Will communication with the projects and selection decisions be made publicly, similar to how the Questbook DDA and Stylus Sprint rounds were handled, as they have set a good standard for this?

Quoted from Arbitrum

An auditor will be picked based on the rate charged, discount offered, availability to begin the audit and other relevant factors such as experience with similar projects and reputation.

Quoted from Arbitrum

Additionally, auditors can apply at any time to join the program.

Just to clarify, multiple auditors will be chosen, right? We assume that no single audit firm will dominate the program. Will there be a cap on the number of projects any individual auditor can take on to ensure diversity and prevent monopolization?

Also, will there be a marketing push to ensure more projects are aware of it? The success of this program also depends on outreach. Visibility could help attract high-quality projects to apply and build on Arbitrum.

Overall, we fully support this initiative and appreciate the effort to strengthen security in the ecosystem.

Gabriel from gabrielcortes.eth

192.15 TOKEN

posted 1 year ago

Thanks for the proposal. I really think it is very well constructed and has goals that can bring great benefits to the chain by helping projects launch in a safer way for users. I believe this is a crucial step for the ecosystem, especially since hacks have caused significant reputational damage.

Quoted from Arbitrum

An auditor will be picked based on the rate charged, discount offered, availability to begin the audit and other relevant factors such as experience with similar projects and reputation. In regards to the payment schedule, we expect the subsidy to be paid when the audit is completed by the auditor, subject to project’s and Foundation’s satisfaction

121

Quoted from Arbitrum

From the pool of relevant auditors, who will be responsible for selecting the final one for each project? Will it be the committee or the project? I'm not entirely clear on who will make the final decision.

Also, is there a clear maximum amount per project that will be spent on auditing? The 100K assumption per project seems rather vague. I believe there should be a maximum amount, and even a maximum percentage for the cost subsidy everyone should have skin on the game.

Quoted from Arbitrum

We are requesting a $10m USD budget to subsidise audits for 1 year and $60k to pay for the technical expert. All other costs including legal, management of the program, etc, will be covered by the Arbitrum Foundation.

Our proposal will:

Request 30m ARB from the treasury,
Convert ARB into $10m and $60k (compensation),
Return all remaining and unused ARB back to the DAO

Whenever the program ends, the remaining funds in USDC and ARB, will be returned to the ArbitrumDAO unless the DAO approves the continuation of the program via an off-chain vote.

Will this be converted immediately, or on an ongoing basis as needed? i suggest this is ongoing to reduce selling preassure.

Thanks

Tekr0x.eth from tekrox.eth

17.7K TOKEN

posted 1 year ago

edited 1 year ago

Thank you for posting a well-structured proposal. It is very straightforward. Overall, I like the idea of helping projects cover audit costs, especially the projects that have good potential for Arbitrum. I do have some concerns about a few points of the proposal.

In my opinion, auditing firms are known for their "dynamic" pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?
I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the "Sealed bid" method or something similar. What do you think about this idea?
Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?

140

In my opinion, auditing firms are known for their "dynamic" pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?
I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the "Sealed bid" method or something similar. What do you think about this idea?
Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?

Quoted from Arbitrum

Convert ARB into $10m and $60k (compensation),

I think with the power and reputation of Arbitrum DAO, we can ask audit firms to be paid in ARB tokens (instead of selling to USD). This would lower the selling pressure. Since the price of ARB tokens is low, they might even hold it for some time or even better; get involved in governance. ;)

Thank you for considering my feedback.

Thank you very much for your detailed response. I agree with many of the opinions and learnings you've shared.

Quoted from Arbitrum

It took around ~10 months to stand up and complete the 8 week program. Unfortunately, this meant there was no security subsidy fund by the ArbitrumDAO for most of 2024.

jump to post →

Quoted from Arbitrum

jump to post →

Quoted from Arbitrum

jump to post →

In that sense, building a new program from scratch will cause the very delays you are trying to avoid. And of course, this will happen again in the future.

That’s why, for instance::

Quoted from Arbitrum

Approving Auditors

In this same regard:

Quoted from Arbitrum

On the final point, how to avoid projects getting a grant and then launching on another chain, this is generally the same problem that all grant programs encounter:

We will prioritise projects who are leveraging Arbitrum’s core technology stack, like a smart contract for stylus or deploying their own chain.
We may decide to invest in the project over a simple grant as that offers a closer partnership with the project and helps align incentives for all parties involved to remain on Arbitrum.
Depending on subsidy size, there may be clauses that require projects to launch on Arbitrum before other projects.

jump to post →

This is something you can set up and execute, but since it’s not a standardized process, it could eventually be lost (with the criterias applied and the knowledge obtained).

Quoted from Arbitrum

A subsidy will be offered as a grant or an investment in the project depending on size and long-term alignment.

Quoted from Arbitrum

Arbitrum Audit Committee

We propose a committee with a mixture of technical expertise and DAO representation who will have the necessary skills and time to review proposals on an on-going basis.

Chair: Team Member - Arbitrum Foundation (Waiving Payment)
Team Member - Offchain Labs (Waiving Payment)
Technical Expert - Elected by DAO
Team Member - ArbitrumDAO’s OpCo (when operational)

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

edited 1 year ago

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

Thank you for putting forward this proposal.

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

Thank you for putting forward this proposal.

We are generally in favor of the proposal but would appreciate some clarification -

Quoted from Arbitrum

The Arbitrum Audit Subsidy Program invites projects to apply via an open applications track with a standardised form to gather the following information:

Quoted from Arbitrum

An auditor will be picked based on the rate charged, discount offered, availability to begin the audit and other relevant factors such as experience with similar projects and reputation.

Quoted from Arbitrum

Additionally, auditors can apply at any time to join the program.

Overall, we fully support this initiative and appreciate the effort to strengthen security in the ecosystem.

Gabriel from gabrielcortes.eth

192.15 TOKEN

posted 1 year ago

Quoted from Arbitrum

121

Quoted from Arbitrum

Our proposal will:

Request 30m ARB from the treasury,
Convert ARB into $10m and $60k (compensation),
Return all remaining and unused ARB back to the DAO

Whenever the program ends, the remaining funds in USDC and ARB, will be returned to the ArbitrumDAO unless the DAO approves the continuation of the program via an off-chain vote.

Will this be converted immediately, or on an ongoing basis as needed? i suggest this is ongoing to reduce selling preassure.

Thanks

Tekr0x.eth from tekrox.eth

17.7K TOKEN

posted 1 year ago

edited 1 year ago

In my opinion, auditing firms are known for their "dynamic" pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?
I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the "Sealed bid" method or something similar. What do you think about this idea?
Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?

140

In my opinion, auditing firms are known for their "dynamic" pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?
I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the "Sealed bid" method or something similar. What do you think about this idea?
Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?

Quoted from Arbitrum

Convert ARB into $10m and $60k (compensation),

Thank you for considering my feedback.

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

Arbitrum Audit Committee

Abstract

Rationale and Goals

Application Process

Eligibility Requirements

Subsidy Payment Conditions

Approving Auditors

Arbitrum Audit Committee

Transparency Report

Budget Request

Timeline

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

Arbitrum Audit Committee

Abstract

Rationale and Goals

Application Process

Eligibility Requirements

Subsidy Payment Conditions

Approving Auditors

Arbitrum Audit Committee

Transparency Report

Budget Request

Timeline

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

[NON-CONSTITUTIONAL] Arbitrum Audit Program

Arbitrum Audit Committee

Abstract

Rationale and Goals

Application Process

Eligibility Requirements

Subsidy Payment Conditions

Approving Auditors

Arbitrum Audit Committee

Transparency Report

Budget Request

Timeline

Arbitrum Audit Committee

Abstract

Rationale and Goals

Application Process

Eligibility Requirements

Subsidy Payment Conditions

Approving Auditors

Arbitrum Audit Committee

Transparency Report

Budget Request

Timeline

Arbitrum Audit Program: Consensus Evolution

Key Insights

Arbitrum Audit Program: Consensus Evolution

Key Insights

SimScore: Crowd Wisdom Beyond Votes

Arbitrum Audit Program: Consensus Evolution

Key Insights

Arbitrum Audit Program: Consensus Evolution

Key Insights

SimScore: Crowd Wisdom Beyond Votes

SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

Value Distribution Analysis

Key Findings from SimScore Top 10

SimScore Source Data

SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

Value Distribution Analysis

Key Findings from SimScore Top 10

SimScore Source Data