SimScore Analysis: Arbitrum Audit Program

Methodology Highlight

This analysis is based on SimScore-selected responses. SimScore analyzed all 261 forum responses and identified the top 10 most representative perspectives (similarity scores ranging 0.381-0.430). This algorithmic approach ensures we’re working with the most relevant community feedback, removing potential bias in response selection.

image705×584 61.3 KB

Value Distribution Analysis

Using Vitalik Buterin’s concave disposition framework, we visualized governance value distribution. The graph below shows:

Key Findings from SimScore Top 10

1. Current Position (Based on 0.430 and 0.415 SimScore responses)
   • Proposal shows stronger Foundation control
   • Multiple high-scoring responses suggest need for increased DAO oversight.
2. Historical Context (Based on 0.406 SimScore response)
   • ADPC’s track record shows value of DAO involvement
   • Established governance frameworks prove effective
3. Optimization Potential (Consensus from top SimScore responses)
   • Current proposal is viable but not optimal
   • Value could be enhanced by increasing DAO oversight while retaining Foundation operational efficiency

SimScore Source Data

Top 10 responses used in this analysis had similarity scores of:

Top 1
At this time, the DAO has no way of providing a security audit subsidy to projects, given that the previous subsidy fund from the ADPC has run out and there have been no steps to renew it. In our view, it makes sense for the Foundation to administer the security subsidy fund, given its position and proximity to both builders and Arbitrum’s tech.
@krst SimScore 43.0%

Top 2
The foundation has a grant program that can also include audits for what I know. This has been true and known since the very beginning. You can find more info here. Beside, in every ecosystem foundations have internal grant programs to sponsor protocols and builders. I agree tho that more transparency in this sense would be something good for the dao as well.
@JoJo SimScore 42.7%

Top 3
One thing we’d like to point out about the proposal itself is that the Foundation will run the subsidy fund on behalf of the DAO using the DAO’s funds. As such, we’ll hold them to the same standard as any and all other contributors and service providers, and we actually expect them to be an example of what a DAO-funded program should look like.
@krst SimScore 42.0%

Top 4
Besides, I don’t understand why the Arbitrum Foundation takes money for the program from DAO, and DAO barely participates in it.
@cp0x SimScore 41.5%

Top 5
The Foundation states they have been “stepping in via our grant program to sponsor audits for builders over the past year.” This raises serious governance concerns. The DAO funded the Foundation for specific operational purposes and the ADPC was explicitly voted in to manage audit subsidies. The Foundation’s operational budget was not intended as a shadow grant program. While we appreciate the desire to support builders, this pattern of unilateral actions outside established governance frameworks and apparent repurposing of operational funds demands immediate scrutiny. We request:
@Q12 SimScore 40.7%

Top 6
Considering the history of the DAO and involvement of its participants (delegates and service providers) who have spent 2 years to try to get this experiment right, our strong preference is a continuation of the direct communication we had had with the Foundation until very recently as this shift by the Foundation to internalise a proposal that external contributors had been working on (and that the Foundation were aware of) could have resulted in a more streamlined approach and more seamless transition planning. The current approach is sub-optimal for the DAO, and we believe other delegates and ecosystem participants would tend to agree. The ADPC remains prepared to work with the Foundation on the understanding this can be done with mutual respect and transparency.
@adpc SimScore 40.7%

Top 7
I think we could give money for audit projects together with the AVI (Arbitrum Venture Initiative) project.
@cp0x SimScore 39.4%

Top 8
I really like this proposal. Audit costs are a significant barrier to entry for early-stage projects, and subsidizing them for valuable teams is a highly effective way to support builders in the Arbitrum ecosystem. Security is critical, especially for new projects, and reducing the financial burden of audits will help ensure that promising teams can launch safely without cutting corners.
@bertani SimScore 39.0%

Top 9 Thank you for posting a well-structured proposal. It is very straightforward. Overall, I like the idea of helping projects cover audit costs, especially the projects that have good potential for Arbitrum. I do have some concerns about a few points of the proposal.
Tek0x.eth SimScore 39.0%

Top 10
We would also like to emphasize that we see this program as a BD initiative that should first and foremost drive the growth of the Arbitrum ecosystem. Therefore, we expect that whoever the OCL and AF representatives will be in the committee, they will coordinate internally to make sure that the projects selected to receive audit grants are in line with Arbitrum’s long-term growth strategy.
@krst SimScore 38.4%

SimScore Worksheets

I vote in favor of this proposal in the temp-check.

However, I want to clarify something: my signal in the temp-check specifically means that I agree with the motivation behind the proposal and the idea of “quickly” setting up a subsidy fund for audits—something essential to supporting developers in Arbitrum.

That being said, I believe the proposal still needs some modifications for me to maintain this vote on Tally.

I attended the unrecorded call where the ADPC and the Foundation exchanged views on the execution of the subsidy fund and their approach moving forward. I understand there is an intention to collaborate, share ADPC’s learnings, and strengthen the program. However, for me, that intention alone is not enough—I want to see those learnings materialized in a framework that is sustainable over time and does not rely on the Foundation stepping into the DAO and taking full ownership of the proposal, as I believe that is not a viable long-term solution.

Additionally, I echo @krst comments and would like to see them explicitly incorporated into the proposal text.

I support subsidies for new projects to ensure that outstanding ones can get through the difficult early stages. However, I’ve seen many such proposals in the forum, but I haven’t seen suggestions for providing subsidies to real users. In the new year, 2025, I hope to see such proposals so that everyone can gain tangible benefits from the Arbitrum ecosystem. You have forgotten the users.FOR

I voted FOR the proposal on Snapshot. I’d like to add here that the Arbitrum DAO has recently begun the process of selecting Arbitrum’s strategic objectives (SOS). Eventually this will lead to initiatives that will help launch apps/projects on Arbitrum that align with these objectives. Why do I mention that? I hope Arbitrum Audit Committee will prioritize such projects and dApps.

While it is true that some projects within the Arbitrum ecosystem have delayed launches due to insufficient audit funding, this proposal still has notable shortcomings:

1. Lack of Post-Funding Accountability
   The open application process (available year-round) creates scheduling conflicts with quarterly reporting cycles. More critically, there are no binding mechanisms to address scenarios where funded projects fail to launch even after exhausting subsidies. The proposal lacks provisions for recouping losses, such as implementing clawback clauses for non-deploying projects.
2. Undifferentiated Subsidy Criteria
   The current framework applies uniform standards to all project types without addressing critical variations.
3. Unrealistic Operational Scale
   We all fully aware what does 30m ARB from the treasury means. Also, supporting 100 projects simultaneously poses substantial execution risks: Monitoring 100+ audit reports requires dedicated review teams and Premature scaling may dilute support for high-impact projects. I recommend implementing a pilot phase – initially subsidizing 20 rigorously vetted, high-potential projects – to stress-test processes before full deployment.

We voted Against the proposal on Snapshot.

Although we support the overall goal of the proposed program, we believe the Arbitrum Foundation (AF) has moved forward without adequately addressing existing concerns, particularly those raised by delegates around why the ADPC framework wasn’t fully utilized. These should have been addressed before the proposal goes to Snapshot. We believe these points should first be resolved in a way that satisfies everyone involved, as suggested by @KlausBrave:

Right now, the proposal appears to stand apart from the existing ADPC framework and we agree with @PGov that there should be a more streamlined and consistent process to ensure that leverages existing structures:

In line with what @pedrob and @krst have highlighted, we think it’s essential for the AF to incorporate or at least improve upon already established frameworks rather than proposing an entirely separate approach:

While we have no objection to the ultimate aim of this proposal, we oppose the current process of pushing the proposal to Snapshot without first addressing the issues, and the feedback raised left a negative impression. A more inclusive approach would have strengthened the proposal, but seeing as it has moved to snapshot, we would prefer that the proposal be overhauled based on feedback received and have voted AGAINST.

I will be voting AGAINST this proposal on Snapshot. While the overall sentiment and goals behind a separate Audit Program are more than justified, I think there is some clear overlap between it and what should ultimately be part of the ADPC’s mission.

Reading @adpc’s response it’s obvious this proposal was born out of dissatisfaction with the ADPC’s results or its failure to be deployed quickly, but there was miscommunication between both parties and we should really be asking ourselves if that alone warrants shelling out an extra $10M on a different program.

Procurement of proper auditors should be the number one concern for any audit program, and I think this could/should be achieved with involvement from both actors, if the audit program were to be passed.

Would it be worth considering giving the ADPC a seat at the committee in a revised version of this proposal?

I appreciate adding a seat for an OpCo representative, and have no objections towards the budget and structure, save for the immediate need to request the 30M ARB, in spite of not knowing how much will actually be spent and thus possibly adding a bit of unneeded selling pressure (even if unused funds are returned in USDC and ARB).

Recapping, I don’t think this proposal should move forward without establishing a better integration of it within the ADPC’s goals or its role within the proposed Audit Program.

I voted FOR, as I believe this is something the DAO can provide for the builders of the ecosystem.

However, I still hope that the text is amended to clarify the item regarding turning the grant into an investment. That was lost in the conversation, and should be addressed before going to Tally vote.

“The committee will enforce a strict conflict of interest policy such that no member should have any financial ties to an approved auditing firm that is taking part in the program and they should not have a significant conflict of interest with competing blockchain projects.”

What about the projects that end up receiving the security subsidy though? Since there are individuals in the foundation and the offchain labs team that also vcs/investors, will the committee disclose their personal/professional investments publicly and then recuse themselves in cases of such project applications?

One only needs to look at the stylus sprint grant receivers to substantiate this simple need…

Arbitrum Audit Program - Office Hours - 2025/02/24 13:59 GMT - Recording - Google Drive here is the link to the recording of today’s office hours.

After reviewing the proposal, forum discussions, and the last calls, I’ve found several practical considerations worth sharing.

Regarding the audit costs, I was not aware of the barrier this represents for projects building on Arbitrum. Considering what @stonecoldpat mentioned in the meeting about audit costing “anything between like $50k $100k or $200k depending on the size of your code”, I understand the hurdles teams face in early-stage funding. It is important to make these subsidies readily available for the growth of the ecosystem.

Accepting applications for only two weeks as previously approached could limit audit support for projects, so I believe that having a continuous application process, as proposed, would eliminate those service gaps. Builders should be allowed to seek support when they need it, not just when a window happens to be open.

The ADPC established a solid framework for the concept to be optimized further and scaled by the AF, additionally I agree with @pedrob’s comment on the need to develop a long-term, sustainable framework. Regarding the increased budget, I think it is fair to say that given the substantial demand shown in the Arbitrum Security Subsidy Fund: Outcome Report (56 applications with 22 selected) and considering a year-round availability of the program, this seems practical and beneficial overall.

A key final takeaway is that this is less about “who should run the program” and more about ensuring the ecosystem has consistent, funded audit support with minimal bureaucratic overhead.

Voting FOR in Snapshot.

I think the Arbitrum Audit Program has a lot of potential and addresses an important need. Smart contract audits are essential, especially for early-stage projects that might not have the resources to afford them. Helping these teams launch securely not only protects users but also strengthens the entire Arbitrum ecosystem. I also appreciate the idea of offering subsidies as investments in some cases, which could help align projects with Arbitrum over the long term.

That said, I have some reservations about whether this program will be more effective than the ADPC Security Subsidy Fund, which has already demonstrated strong results.

Key Considerations:

• Fair Pricing for Audits: With a large budget, there’s always a risk of inflated costs from audit firms. More clarity on pricing strategies—such as benchmarks, a bidding system, or transparency requirements—would be reassuring.
• Committee Workload: A small, part-time team may struggle to review applications thoroughly. Ensuring a detailed yet manageable review process will be key to the program’s success.
• Project Retention in the Arbitrum Ecosystem: The proposal includes safeguards against projects taking the subsidy and migrating elsewhere, but enforcing this might be challenging. More details on how this would be handled could strengthen the proposal.
• Token Management and Market Impact: Selling a large amount of ARB at once could put downward pressure on the token price. A phased approach or allowing auditors to accept ARB directly might help mitigate this concern.
• Defining Clear ROI Metrics: A $10M budget is a big commitment, and measuring success purely by the number of projects audited may not be sufficient. KPIs should focus on real impact—such as user adoption, TVL growth, and increased network activity.

Comparing Arbitrum Foundation and ADPC’s Strengths

One of the strengths of this proposal is that it is cheaper than ADPC, as it only requires hiring one technical expert at $60K per year, compared to $360K per year under ADPC. However, cost efficiency alone does not necessarily mean better results.

I believe the Arbitrum Foundation has stronger technical expertise, which likely makes it better positioned to select the best auditing service providers and ensure a smooth audit facilitation process. This could help improve the quality and efficiency of audits under the new program.

However, ADPC has proven to be highly effective in other critical areas, particularly in maximizing Arbitrum’s exposure among protocols, building strong relationships, and creating synergies that support protocol growth beyond just audits. The Security Subsidy Fund Outcome Report highlights how ADPC successfully connected with top-tier protocols like GMX, Gamma Strategies, and D2 Finance, ensuring they remained within the Arbitrum ecosystem.

Additionally, ADPC’s marketing strategy was highly effective—they not only actively promoted the subsidy fund to attract top protocols but also leveraged their connections to amplify outreach. By collaborating with selected protocols, ADPC was able to use their marketing resources to further promote both the Security Subsidy Fund and Arbitrum’s ecosystem as a whole.

Given ADPC’s track record, I am uncertain whether the Arbitrum Audit Program will be able to replicate or improve upon these ecosystem-building efforts. While this new program may enhance the technical side of audits, it is unclear if it will achieve the same level of community engagement, exposure, and long-term protocol support that ADPC has demonstrated.

ADPC Security Subsidy Fund Outcome Report

Decision: Abstaining from the Vote

While I see the potential benefits of this proposal, I remain uncertain about whether it will be a significant improvement over ADPC. The Arbitrum Foundation may have better technical expertise to optimize the audit selection and facilitation process, but ADPC has been exceptionally strong at ecosystem growth, marketing, and building lasting relationships with protocols. Additionally the cost savings is not enough that it’s a major deciding factor for this proposal.

Until there is more clarity on how this program will build upon ADPC’s successes in those areas, I have decided to abstain from the vote.

I look forward to hearing more perspectives from the community and seeing how this discussion evolves as I am not totally against this proposal but feel it needs to be better constructed for me to support it.

I think this proposal makes a lot of sense. Audits are costly, and allocating $10M from the Arbitrum DAO to cover part of these costs can significantly alleviate this burden. As previously mentioned in some of my comments, investing in and boosting the Arbitrum ecosystem is essential with the L2 competition going on, and this proposal is a step in the right direction.

Two key considerations:

1. Ensure that projects demonstrate high potential, have an MVP, and possess a real user base
2. Ensure that projects are committed to Arbitrum first and won’t migrate to another ecosystem. I support @danielM idea of setting up an agreement requiring projects to maintain their development efforts on Arbitrum, with a reimbursement clause if they fully migrate to another L2. I would love to hear some feedbacks on the feasibility of this from @Arbitrum.

Implementing such a program can give Arbitrum a competitive edge in attracting builders and value in the Layer 2 landscape. I find the proposal well-designed and the overall cost related to the committee to be small and very competitive.

While I strongly support this proposal, I will vote ‘Abstain’ to help reach the quorum and avoid any potential COI. As mentionned I work for Kleros, which is building its V2 natively on Arbitrum (more information here), and we could potentially benefit from this program in the future.

I abstained from voting because while security audits are crucial, this proposal lacks sufficient justification for creating a new program instead of improving the existing ADPC Security Subsidy Fund. Also, I’d like to see a stronger commitment to treasury management (keeping funds in ARB) and clearer accountability mechanisms. Until these concerns are addressed, I prefer not to take a stance.

We vote against the proposal because, despite its good intentions, the process has been rushed without addressing key concerns. The recent unrecorded governance call, as highlighted by @KlausBrave, has left many without crucial context, and bypassing the established ADPC framework, as noted by @CastleCapital, consolidates too much power in the Foundation. Until these transparency and integration issues are resolved through a more inclusive, recorded, and deliberative process, we cannot support the proposal.

Reflecting most comments made, I do support it for the current stage but it needs to address concerns made by several people like Klaus.
Voting yes.

This is a really big budget. The comparable program at Optimism tends to be running at ~2m OP per year. 30m ARB seems hard to deploy in a meaningful way over 12 months.

Currently voting in favor as support, with few things to address in tally that have been mentioned in the calls but are not clear enough in the proposal:

1. the nature of protocols who could apply. Understanding that this proposal has a growth nature, we need to clarify if current protocols in arbitrum can apply, if protocols migrating/expanding from other chains can apply. And the answer likely can’t just be a single “yes” otherwise everybody who has to do an audit in arbitrum will come here making life of the committee miserable, there has to be some sort of wording on whom can apply
2. I would like to know, being this a 1 year initiative, if we will be able to morph it over time based on SOS outcomes and in general other more robust framework we might have in the DAO to create long life tracks for protocols in Arbitrum, ie: a path in which you first get a grant, then an audit, then an investment, all over time.

We vote FOR the proposal on Snapshot.

After reviewing the proposal, Foundation clarifications, delegate feedback, and recent calls, we support running the program under the new organization led by the Foundation and a technical expert, with OpCo participation in the future. This setup better accommodates the audit program’s unique requirements, including a strong business development perspective and the need for projects to remain as stealth as possible.

While it’s unfortunate that miscommunications happened between the program authors and ADPC, we believe the DAO can look forward to more streamlined communication and collaboration moving forward. Both parties share a common goal, and the outputs from the ADPC program will be effectively leveraged to achieve a successful outcome.

One concern that we have is that a team of a few might struggle to manage about 1.9 projects per week. Considering that audit subsidy needs are ongoing and permanent, the program could evolve from a one-year initiative into a continuous support model. The allocated budget in this proposal could be reviewed after an initial six-month phase and then reused as needed.

I vote abstain because while I believe audit expenses can eat up/exceed available funds, funding audits in this way is basically handing out a grant with a purpose.

While I know that having a more holistic approach to grant disbursement (aka less silos, more of a one stop shop for small, medium, large grants and audit grants as separate entity) is utopian, I believe we can do a better job at making sure that the $ we spend is well invested/ incentives are aligned.

Some ideas have already been mentioned but maybe we should include clauses that projects cannot deploy on other chains within x months? Or if further funds/support is needed (after the audit) put them in contact with relevant teams (disclaimer: I do not know if this is already being done)?

This being said I do believe it makes sense to have the AF is heavily involved/partially runs this program. Excited to see a V2 of this proposal, or having it go to Tally with some adjustments.