Voted For: Controversy about this proposal comes from how this was handled and not the content of the proposal itself. From my understanding, the audit program at the moment doesn’t exist, which is a bad thing. For many new projects (especially DeFi), audits are a crucial and most expensive task to do before launch. To be a welcoming chain, it would be awesome to help high-end projects with this. This is the reason I voted and support this proposal.
I do believe there is some room for improvement based on my feedback, like how we can make sure to get fair pricing. I suggested the “Sealed bid” method or any other to make sure we use all mechanisms to get a fair price. Also, I would love to see a push for collecting bids (offers) in ARB tokens, not in USD, so we would lower the ARB selling pressure.
The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.
We are voting FOR this proposal in the Snapshot voting.
We attended both office hours for this proposal and, after reviewing the details, we believe this initiative is worth funding. We support initiatives that remove financial barriers for new projects. Many early-stage teams struggle to secure funding, and audits are one of the most expensive yet essential steps before launching.
Looking at the ADPC’s Security Subsidy Fund Report, we see strong demand for such programs. In just 8 weeks of the program, ADPC received a competitive number of applications from teams. Extending this support for a full year makes sense given the clear demand and potential impact on ecosystem growth.
We also agree with @JoJo’s point that clear eligibility criteria should be outlined for protocols. It is important to define which protocols can apply to prevent the committee from being overwhelmed with applications. We would like to see these details clarified before the Tally vote.
And regarding the miscommunication between ADPC and the AF, we believe a structured communication channel between AF and DAO could help with which initiatives they are working on or planning for the future. Whether through monthly Governance Reporting Calls (GRCs) or forum updates, the DAO should be kept informed about ongoing initiatives. This will help avoid such overlapping efforts and improve coordination in the future.
The following reflects the views of GMX’s Governance Committee and is based on the combined research, evaluation, consensus, and ideation of various committee members.
The Arbitrum Audit Committee is an initiative led by the Arbitrum Foundation (AF) and Offchain Labs (OCL). The committee will consist of members from AF, OCL, one member elected by the DAO, and one member from the OpCo (once operational). The program is planned to run for one year.
◦ The Foundation had initially planned to run this program before the ADPC (Arbitrum DAO Procurement Committee). CoinFlip, one of the contributors, was actively involved in discussions with the Foundation. However, the ADPC implemented a similar program first, which was highly successful and well-managed. GMX was one of the recipients of this successful program.
◦ The proposal addresses a critical need in the ecosystem by subsidizing audit costs for projects, which is a significant barrier for many builders.
◦ It outlines a well-defined process for project selection, auditor approval, and fund allocation. The inclusion of a committee with technical expertise ensures rigorous evaluation of projects—a gap that existed in the ADPC program.
◦ The commitment to publish quarterly updates ensures accountability and allows the DAO to track the program’s progress and impact.
◦ The ADPC, in its second iteration, did not include the audit program in its scope of work. Even if they were to implement it, the process would take considerable time. Therefore, the Foundation leading this initiative is logical and timely.
◦ Implement a competitive bidding process for auditors to ensure fair pricing and prevent monopolization. Consider capping the number of projects per auditor to promote diversity.
◦ The handling of this proposal could have been more professional between the Foundation and the ADPC. Future proposals should be developed in consultation with key stakeholders to avoid duplication of efforts and foster a cooperative ecosystem.
◦ Will the application be on a rolling basis? How much will these audits be capped and how much % of the audit does the committee plan to cover? ADPC created their own tooling infrastructure for the program will the foundation utilise it or create their own? how do you decide who gets audits approved? what is the strategy?
The DAO currently lacks an active audit program, and launching this initiative at the earliest could be highly beneficial for the ecosystem. Based on our daily interactions with builders, audit support is one of the most frequently requested forms of assistance. The first iteration of the ADPC’s audit program was highly successful, and this new proposal builds on that foundation while addressing previous gaps.
I did a bit of a dive into this but as I am currently at ETHDenver and need more time to dive deep into this one, so I will abstain for now, and save my vote for Tally if it get there. I hope (and trust) that the Arbitrum Foundation collaborates closely with the ADPC to refine the program, ensuring it complements existing initiatives without redundancy.
I’ve decided to vote in favor of this proposal at the temp-check stage, as I agree with the need for an efficient and consistently available audit support system for projects. However, I believe some aspects require further elaboration before proceeding to the tally stage.
Even though the proposal shows consideration of lessons learned from the previous ADPC program (among which the involvement of an expert), I have concerns about the potential for this program to become a misallocation of resources (especially given the budget that is being requested). Echoing @pedrob ’s sentiment, I’d like to see more concrete measures to ensure this program doesn’t go in that direction with also vendors potentially taking advantage of it.
Hi all, we wanted to post an update here following the Office Hours on 24 February and conversations we’ve had with the Arbitrum Foundation. As stated in the call, we are in the process of supporting the handover of the program to Arbitrum Foundation to support their internalisation approach.
We are proud of the outcome of the program, and that the work of structuring and running the pilot program is now continuing as a core program of the ecosystem with more funds being allocated to it. It’s a moment to celebrate our achievements that we outline in the final Outcome Report linked here, and we thank everyone for the positive feedback.
Our ultimate goal and that of the Foundation’s are aligned: to help grow the Arbitrum ecosystem. As such, we will support the Arbitrum Foundation in an advisory function during the roll-out and make sure our expertise and learnings will carry on.
As individual service providers, we believe each of us can positively impact the Arbitrum ecosystem in a multitude of ways and double down on the value creation and the success case of the Security Subsidy Fund. There are a lot of problems to be solved and a lot of ways in which the ecosystem can grow, be it by supporting the vibrant builder ecosystem with critical services and infrastructure, through growth programs that focus on sustainably growing the number of quality apps and bring in net new users to the ecosystem, or through meeting the needs of builders across the builder funnel in an effort to provide them with consistent support across all stages of their growth.
As individual service providers outside of the remit of the ADPC, we’re looking forward to working in concert with the Foundation and the rest of the DAO on such efforts to grow the ecosystem, ensuring that their design, strategy, and execution is handled as professionally as we have managed to do so far.
Since you have reassured me about my fear that projects will use the audit money and then move on to other solutions: Voted For
I think Arbitrum Audit Program will help new projects on Arbitrum pay for security audits, which are very expensive but very important. It will make sure smart contracts are safe and protect users’ money.
I believe that the safety of users who use Arbitrum should come first. Everything is simple here. It’s like a bank. The more reliable the bank, the more clients it has. It follows from this that the more reliable the projects on Arbitrum, the more users trust us with their funds. It turns out that the higher the security, the more people use Arbitrum!
Im going to ABSTAIN mi vote on this one, even though I do think it is importan to have a an audition before launching a new project, it is not clear enough why do we need to improve the audit selection and facilitation process. I’m trusting that the Arbitrum Foundation has well qualify expertise on selecting wich projects should be executed.
We have full faith in OCL & the AF to execute a well-managed program on behalf of the DAO. Ultimately, this proposal continues to add to Arbitrum’s attractiveness for builders while promoting a safer ecosystem.
Some concerns we have:
Projects utilising this program to receive an audit from Arbitrum but shortly after using the audited code to launch across other L2s or EVM chains.
The budget does seem rather large and we’d hope there is no strong expectation from the committee that we need to exhaust these funds. Providing Audits for ~2 projects a week ~100/yr - how many of these protocols do we actually expect to drive value back to the ecosystem? Furthermore, we hope there is going to be a positive bias towards more experimental protocols vs. forks/copy cats with little difference.
Voting “Abstain” for the moment. Broadly, I support the idea as I think both audits are important to the security of the network and audits can be a roadblock to prospective builders. However, I’m still a little torn on the execution, and would like to see how continued refinement with a Tally proposal goes. I’m generally not a huge fan of the AF asking the DAO for funds, but I acknowledge there is also an element of ‘filling a void’ here as there hasn’t really been a DAO led / third-party funded solution to this that has gained much traction. A lot of discussion around this - look forward to seeing the final interation w’/ tally
Overall, we agree that setting up an audit program would be valuable, as lowering one of the most prohibitive costs that early-stage teams face can be a great way to attract more projects to the ecosystem and help them reach mainnet faster/safer. We also appreciate the Foundation’s plan to include exclusivity clauses so that funded projects are committed to keep building on Arbitrum.
That said, while we understand that audits can be costly, the $10M budget seems high compared to similar programs. We’re also not fully convinced that negotiating with auditors on a one-off basis for each approved project is the best approach in terms of both price and scheduling.
Have you considered purchasing bulk audit packages with select auditors upfront? Based on our experience running similar programs, these pre-negotiated deals often come with significant discounts (10–30% below standard rates) and let you reserve audit slots months in advance. This can be especially useful given that audit firms typically have lengthy wait times, which can stall project launches.
voting Against on the current offchain vote because I don’t agree with internalizing into the Arbitrum Foundation, a job that the DAO was previously doing. Even when the service providers doing that job for the DAO were taking too long, wasting resources, denying audit subsidies to worthy projects, porting the whole program to competing ecosystems, etc. I don’t condone the way the ADPC acted in their past 2 terms, but I also don’t think internalizing this job into the Foundation is the right approach. What I think we need is an Arbitrum DAO run, dedicated Audit Subsidy program, that would run continuously and would report their actions to the DAO with the utmost transparency possible. And executed by new and fresh service providers that are exclusive to Arbitrum.
Camelot is voting “Abstain” on the Arbitrum Audit Program.
We believe the initiative is well-intended and necessary. We also welcome the formation of an evaluation committee in which the Foundation and Offchain Labs play a predominant role, as they are uniquely positioned to properly assess the value a protocol can bring to our ecosystem.
That said, several aspects remain unclear, such as the disclosure mechanism for information. Most importantly, there should be clarification on whether this program is exclusively for newly launched protocols or if it also includes existing ones. In the former case, we believe the initiative is overbudgeted. In the latter case, there should be clear guidelines on which projects are eligible to participate.
Overall, we believe that key, high-impact projects within the Arbitrum ecosystem should have the opportunity to be part of this initiative. This would allow the Audit Program not only to support the growth of new participants but also to strengthen the projects that currently contribute the most on-chain value.
I’m voting FOR this initiative. This is one of those proposals that empower startup apps that need those audits to start operating and polishing their code bases from vulnerabilities. However, I propose two changes to the current proposal:
First, while I understand the necessity of exchanging Arbitrum for USD to pay for auditing services, exchanging the $10 million in one swoop seems excessive. It can be done in three or four tranches whenever necessary, avoiding putting more selling pressure on the market.
Also, I suggest contacting already-known auditors from large firms for this task and negotiating a price for bulk operations.
If done correctly, this could help several projects to get their first leg up in defi, expediting processes that could take a considerable amount of time when done via individual proposals.
Are you speaking on behalf of ADPC or the service provider?
If on behalf of ADPC, did you reject your proposal?
What significant differences did it have?
What do you agree or disagree with in the proposal from the Foundation?
I want to name the observation of an anti-pattern which I don’t think is a good habit, and not serving of the DAO. It is evident in the current Audit proposal.
Observation: Overuse of Yes & Abstain at tempcheck stage hoping issues will be addressed doesn’t work.
I have noticed a technique of delegates saying on the Forum I hope… I begrudgingly vote FOR at tempcheck but want to see x, y, z issues addressed before it goes to onchain voting (Tally).
Looking at history those issues are in the majority of time not addressed, the author gets a pass and the proposal sails through Tally stage because people don’t read, it’s too much effort, no mechanism to force accountability.
This technique doesn’t work and delegates should not expect it to work, and imo should make use of the No in tempcheck more frequently.
I think that’s more honouring of how the forum to tempcheck feedback loop should work, not expecting: snapshot pass + and all feedback is incorporated in the transition to Tally, history doesn’t reflect this “hope” being the case.
I’d invite delegates to stop doing this, use No as a valid step in an iterative feedback loop the DAO uses to converge and require proposal to take onboard feedback before going to onchain voting.
Blockworks Advisory will be voting Abstain on this proposal at the temperature check stage.
Similar to others, we have faith in OCL and AF to properly manage this program. The foundation likely has better expertise in this area, which position it better for selecting auditing services. We still are concerned about lock-in for protocols and would sincerely like this to be addressed. Otherwise it is very similar to just a grant, and thus the investment angle should be explored much further. We would especially like this to be elaborated on prior to any onchain vote.
Furthermore, like both @WintermuteGovernance and @GFXLabs have said, the budget seems rather large both in general and in relation to other existing programs. There’s also the matter that there is still some details that we would like to see, disclosures, additional clarity for protocols eligibility, outcome reporting, etc. As @krst stated, should this proposal pass we will expect the same level of transparency as we would from the ADPC team/other DAO teams.
The issue you bring up is affecting decision quality.
Another approach I have been experimenting with is unbiased aggregation of forum replies.
Here’s a spreadsheet that calculates consensus priority of forum replies. In this case, forum replies from the Snapshot round are prioritized. The top 20 responses are displayed along with a relationship graph:
Unbiased aggregation is considered necessary step of wisdom of crowds technology.
If proposers edited proposals bases on the aggregated forum feedback for each of the open, snapshot and Tally rounds, I feel decision quality would be improved because it would reflect the Delegates Wisdom.