Thanks for the feedback so far!
- In my opinion, auditing firms are known for their “dynamic” pricing. Prices vary quite a lot depending on the type of project (for example: is the project well-funded by VC? Does it have known teams or partners endorsing the project? etc.). I am afraid we will not get fair pricing since the client here is Arbitrum. How can we make sure that we get fair pricing?
It’ll be up to the council, and the wider Arbitrum Foundation, to make sure that prices negotiated are fair relative to the skills / offerings of the auditor. We have experience with these types of negotiations already and expect it to go reasonably well.
Additionally, we anticipate the program to be competitive amongst auditors, so we will always seek to matchmake projects with auditors who offer the best value for money (without compromising on quality).
- I suggest inviting multiple auditing firms and run some kind of bidding process for each project. I would suggest the “Sealed bid” method or something similar. What do you think about this idea?
During the matchmaking phase, it is quite common for a project to retrieve quotes from different audit providers. It is “sort of” like a sealed bid auction, since the project shouldn’t share the quotes with the competitors.
- Is it realistic for a team of 3 committee members (while 2 of them are not being paid for this) working part-time to vet 100 projects? We are talking about paying up to $100k to audit one project, which is a significant amount. How can we make sure to really support the right projects? Maybe expand to 5 committee members?
Committee members will be responsible for evaluating the projects and ultimately making decisions, but the AF will take on the operational and volume work. We expect 3 committee members to be sufficient for running the program.
- I think with the power and reputation of Arbitrum DAO, we can ask audit firms to be paid in ARB tokens (instead of selling to USD). This would lower the selling pressure. Since the price of ARB tokens is low, they might even hold it for some time or even better; get involved in governance.
Service providers typically quote their services in USD. We can have a combination of USD and ARB for alignment, but we generally can’t force service providers to accept ARB only.
From the pool of relevant auditors, who will be responsible for selecting the final one for each project? Will it be the committee or the project? I’m not entirely clear on who will make the final decision.
All auditors must be pre-approved for the program. This will predominantly be performed by the Arbitrum Foundation with support of the council members. Will clarify this in the proposal.
Also, is there a clear maximum amount per project that will be spent on auditing? The 100K assumption per project seems rather vague. I believe there should be a maximum amount, and even a maximum percentage for the cost subsidy everyone should have skin on the game.
We decided against a maximum cap in favour of offering the option to invest in projects as opposed to simply grants. If there is a subsidy that is larger than normal, it could be issued as an investment, and ultimately help align the project with the Arbitrum ecosystem. In nearly all cases, projects will also be expected to have skin in the game and pay for a portion of the audit.
Will this be converted immediately, or on an ongoing basis as needed? i suggest this is ongoing to reduce selling preassure.
It is a year-long program; so there is no requirement to exchange the funds immediately.
funding projects that then migrate to other ecos => why not make these audits some sort of investment or what sort of mitigation can be put in place?
In the proposal, we are offering the option to also use the subsidy to invest in the project, although we’d prefer if the project made its own in Arbitrum first 
How are projects selected? there can be a lot of failures with early stage projects => having more structured programs for systematic validation and derisking (like e.g. the Hackathon Continuation Program) could mitigate this risk. Otherwise requiring some sort of traction in a PoC, letters of intent to purchase if B2B, or doing DD on validation… tricky.
In the proposal, it mentions the committee will screen based on scope, likelihood of success, team experience, due diligence of the tech, etc. Behind the scenes, it will form a matrix that will score the project and offer confidence that the project should be eligible to receive a subsidy.
Of course, like any selection process, the final decision will depend on whether the committee believes the project is likely to get product market fit and the team is truly focused on building for the long term.