The ArbitrumDAO has approved the launch of the Arbitrum Audit Program, an initiative to subsidize third-party smart contract audits for projects building in the Arbitrum ecosystem. The program will run for one year and is designed to enhance protocol security, support early-stage developers, and ensure responsible scaling of our ecosystem.
As part of this effort, the Arbitrum Foundation is now inviting audit firms to apply for inclusion in the program. Approved firms will be matched with eligible projects and compensated (partially or fully) via the program’s subsidy fund, depending on scope, availability, and negotiation outcomes.
What We’re Looking For
The Arbitrum Audit Program aims to bolster the security and reliability of the Arbitrum ecosystem. We are seeking applications from established and reputable audit firms that possess demonstrable expertise in securing complex blockchain protocols and decentralized applications. Ideal candidates will have a strong track record and a deep understanding of various security domains:
- Proven experience auditing Solidity smart contracts, with references from the past 12 months.
- In case the firm has experience auditing Stylus (Rust) or Vyper, have references in the last 12 months.
- Strong understanding of blockchain security fundamentals, vulnerability classifications, and threat modeling.
- Familiarity with the Arbitrum ecosystem, architecture, and tooling.
Evaluation Criteria
As part of the process, the Arbitrum Foundation will do a two step due diligence of the Audit firm. The first step includes a screening based on submitted documents and references. The second step is a session with the Foundation’s Technical Team (45–60 mins).
The firm is assessed based on:
- Track record and credibility (e.g. past audits, client references).
- Technical depth across languages, tooling and methodologies.
- Pricing and delivery model (per auditor per week, per project, contest, etc.).
- Availability and bandwidth for incoming audits on the different expertise (e.g. Solidity, Stylus, etc.).
- Qualification and experience of the auditors allocated to the program.
Keep in mind, we will be very strict in our evaluation, and not all firms will be accepted into the program.
Audit Firm Responsibilities
If accepted, audit firms will be expected to:
- Deliver full audit reports using industry-standard formatting and severity grading.
- Be upfront about the exact code to be audited, the automated tooling used, and how the auditor(s)’ time will be allocated.
- Participate in pre-audit briefings and/or post-audit reviews when needed.
- Assist the Audit Committee with technical input during firm-project matchmaking.
- Uphold strong communication and documentation practices.
We invite everyone interested in the role to submit an application here.
Other information
- Approved firms will be listed publicly as part of the Arbitrum Audit Program.
- Any firm that participated in the ADPC Security Subsidy Program is also welcome to apply, although inclusion in the new program is not automatic.
- Arbitrum Audit Committee will include membership of Arbitrum Foundation, Offchain Labs, a technical expert elected by the DAO, and a team member from the OpCo (when operational).
- Audit firms must not have affiliations with any current member of the Audit Committee.
The applications will be open until Friday, May 30th at 12pm UTC and we will continue to assess firms on an on-going basis. A further announcement will be made once the application window has closed.