Arbitrum Research & Development Collective: Elections & Applications

Dear all,

Firstly, our team over at Axis Advisory would like to thank the ArbitrumDAO for supporting our proposal to establish the Arbitrum Research & Development Collective; either by providing feedback, by voicing your support or by directly voting for this initiative!

Hereunder, prospective applicants can find details and ancillary documentation that will aid them in applying for the respective roles of the Arbitrum Research & Development Collective:


  • Timeline [UPDATED]

‘Application Submission’ Period:

  • Start Date: 26/01/2024 [12:01 AM UTC]
  • End Date: 12/02/2024 [11:59 PM UTC]

‘KYC/KYB + Proposal Review Period’:

  • Start Date: 13/02/2024 [12:01 AM UTC]
  • End Date: 22/02/2024 [11:59 PM UTC]

‘Amendment Period’:

  • Start Date: 23/02/2024 [12:01 AM UTC]
  • End Date: 29/02/2024 [11:59 PM UTC]

Snapshot Elections [Weighted Voting]:

  • Date: 04/03/2024

  • Documentation

Election Template: ARDC Election Template - Google Docs

Guidance Note: ARDC Guidance Note - Google Docs

5 Likes

Hello @Immutablelawyer, where do we need to submit the applications? Here itself on the forums or there is a separate application link?

Applicant Information

Name of Applicant & Applicant’s Representative [If Applicable]: Pavel Fedotov

Email Address: pfedprog@gmail.com

Telegram Handle (if applicable): pfedprog

LinkedIn Profile (if applicable): Pavel Fedotov - Pin Save | LinkedIn

Twitter / X : https://twitter.com/pfedprog

Role being applied for: DAO Advocate

Background Information [Applicable to all]

Please provide a brief overview of your experience in the digital asset industry and, more specifically, Ethereum & Arbitrum Ecosystems. Include any relevant projects, contributions, or roles within the ArbitrumDAO, if applicable. (400 words max)

Throughout my career, I have accumulated extensive experience and established a notable presence in the digital asset industry, particularly within the Ethereum and Arbitrum Ecosystems. As a seasoned Full Stack Blockchain Developer, my contribution to decentralizing applications (dApps) and advancing blockchain technology has been impactful.

Within the context of the ArbitrumDAO, my role as an elected member of the Mini-Grants Council - Plurality Labs: "Our Biggest Minigrants Yet" (JokeRace) has been instrumental in fostering innovation and growth within the ecosystem. I have actively participated in the review and allocation of grants, driving the development of projects that align with the core values of the Arbitrum Ecosystem. In particular, I am very proud that we sponsored web3.beach – providing food and education to a community in Venezuela

One of my most significant achievements within the Ethereum and Arbitrum Ecosystems includes the successful completion of a Filecoin grant focused on advancing decentralized identity (ERC-725) in collaboration with NFT privacy-focused standards. This project exemplifies my commitment to leveraging blockchain technology to catalyze meaningful developments within both ecosystems.

As the Founder of Pin Save, a decentralized Pinterest dApp, I have led its active involvement in the Mina Navigators program. Currently I am actively contributing to developing the ERC-20 and ERC-721 like standards on Mina, which is a layer-1 blockchain with a 22KB blockchain & zero knowledge smart contracts (“zkApps”) written in TypeScript.

Securing the RetroPGF 3 grant for Pin Save with inclusion in multiple lists by badgeholders, underscores the potential for substantial contributions and innovation within the Arbitrum Ecosystem.

My commitment to nurturing talent and driving progress within the blockchain space is evidenced by my role as a mentor in the Mina ZkIgnite 2 cohort, which receives substantial funding from the 500k USDC and 500k MINA tokens grant. This exemplifies my dedication to fostering growth and innovation within the blockchain space.

Furthermore, my active involvement in governance proposals and grant programs within Developer DAO, Algovera, Ocean Marketplace, Mina, and Gitcoin signifies my continuous and dedicated participation in driving the decentralized evolution of the Ethereum and Arbitrum Ecosystems.

In summary, my track record, marked by successful grant applications, active involvement in mini-grant programs, and leadership roles within significant projects, serves as a testament to my unwavering commitment to advancing public goods and fostering innovation within the digital asset industry, particularly within the Ethereum and Arbitrum Ecosystems.

Specify the subject-matter area(s) you are interested in contributing to within ARDC (e.g., Research, Framework Development, Risk Assessment, etc.). Explain why you believe your skills align with the chosen area(s). (500 words max)

As a prospective DAO Advocate for the Arbitrum Research & Development Collective (ARDC), my primary area of interest lies in ensuring governance optimization and strategic alignment between the ARDC and the ArbitrumDAO. My background and expertise uniquely equip me for this role, demonstrating a strong alignment with the responsibilities and mandates associated with the DAO Advocate position.

My dedication to fostering transparent governance and accountability within DAO structures positions me effectively to contribute in this capacity. Through my experience and understanding, I am committed to overseeing that the ARDC’s efforts are directed in a manner that aligns with the objectives of the ArbitrumDAO, ultimately working towards the broader goals of the collective.

Here is my Gitcoin Grants analysis that achieved 2.5k views and 40 likes: Lifetime Gitcoin Grants Data Analysis and Hypothesis Testing - :mage: :woman_mage: Ideas and Open Discussion - Gitcoin Governance

I possess a comprehensive understanding of the legal and ethical obligations integral to the DAO Advocate role. My professional background equips me to navigate complex governance structures and facilitate open dialogue to ensure that the ARDC acts in the best interests of the ArbitrumDAO. This skill set involves mediating decisions and enforcing accountability when necessary, further aligning with the advocacy responsibilities stipulated within the DAO Advocate role.

Furthermore, my capabilities as a communicator and relationship-builder are assets that I will leverage to effectively bridge the gap between the ArbitrumDAO and the ARDC. Through transparent and coherent communication, I will facilitate informed decision-making and ensure that the respective objectives align seamlessly. Additionally, my proficiency in fostering productive collaboration will be instrumental in driving mutual understanding and achieving constructive outcomes that benefit both entities.

In conclusion, my aptitude for governance optimization, commitment to transparent and ethical decision-making, and proficiency in building collaborative relationships ideally position me to champion the interests of the ArbitrumDAO as the DAO Advocate within the ARDC. I am dedicated to fostering cooperative synergy between the two entities, ensuring that the ARDC’s efforts are aligned with the mandates and strategic objectives of the ArbitrumDAO for the continued growth and success of the collective.

Objectives & Motivation [Applicable to all]

What motivates you to join ARDC, and what do you hope to achieve as a member? (300 words max)

As a Full Stack Blockchain Developer, joining the Arbitrum Research & Development Collective (ARDC) presents a compelling opportunity to contribute meaningfully to the growth and evolution of the Arbitrum ecosystem. My motivation to join the ARDC stems from my genuine drive to apply my skills and expertise in governance optimization, risk assessment, and secure code reviews to facilitate the realization of governance proposals within the ArbitrumDAO.

I am committed to leveraging my quantitative analysis capabilities to provide informed insights necessary for economic risk mitigation, design optimization, and overall proposal viability. Additionally, my background in project management equips me to assist in efficient coordination and effective communication between the ArbitrumDAO, stakeholders, and service providers, thus bolstering the effective execution of proposals.

As a member of the ARDC, I aim to actively contribute to the creation and enhancement of tools dedicated to security assessment, thus fortifying the integrity of the ecosystem. Furthermore, I am eager to partake in the development of innovative mechanisms that promote data-driven decision-making, furthering the ecosystem’s capabilities.

Ultimately, my aspiration is to play an integral role in fostering a more engaged and collaborative governance community within the Arbitrum ecosystem. I am dedicated to working towards the continuous growth, security, and transparency of the platform, advocating for the successful execution of proposals, and contributing to the expansion and enrichment of the Arbitrum ecosystem as a whole.

Explain how you envision contributing to the primary mandate of ARDC, which is to provide objective assessment of ArbitrumDAO Forum proposals & discussions and expedite governance decision-making within the Arbitrum ecosystem. (300 words max)

As the DAO Advocate within the ARDC, my approach to fulfilling the primary mandate of providing objective assessments of ArbitrumDAO Forum proposals and discussions will be rooted in promoting transparency, informed decision-making, and efficiency within the governance framework of the Arbitrum ecosystem.

I envision contributing by conducting impartial, data-driven research to offer comprehensive understandings of proposal contexts, competitive landscapes, and potential risks. These objective assessments will provide the necessary insights for delegates to make well-informed decisions, ultimately expediting governance processes.

Furthermore, I will actively engage with proposal authors, serving as an assistant to provide valuable feedback and assistance to optimize and structure proposals. This proactive support will aid proposers in enhancing their submissions, ensuring that the proposals are primed to contribute positively to the Arbitrum ecosystem.

I will work diligently to identify suitable partners to execute proposed ideas, thereby further promoting the implementation of viable and impactful proposals. Additionally, I will prioritize the iterative refinement of proposals, working to cultivate delegate awareness and participation in the forum and voting stages.

My goal is to foster an environment conducive to open dialogue, collaboration, and informed decision-making. I aim to streamline the governance process by expediting decision-making, enabling participants in the ArbitrumDAO to make better-informed choices through the facilitation of reliable and comprehensive assessments of forum proposals.

Ultimately, my approach is centered on ensuring that the governance decision-making process within the Arbitrum ecosystem is efficient, transparent, and aligned with the best interests of the community, thereby furthering the collective’s strategic objectives.

Skills and Experience [Applicable to all]

Provide details about your relevant skills and experience, including any previous work or contributions related to the subject-matter area(s) you are interested in within ARDC. (300 words max)

In my pursuit of the DAO Advocate role within the ARDC, my relevant skills and experience are deeply aligned with the subject-matter areas crucial to the collective’s mandate. As a seasoned Full Stack Blockchain Developer, I bring a comprehensive understanding of decentralized technologies, governance optimization, risk assessment, and secure code reviews.

My previous contributions within the blockchain space have honed my ability to meticulously assess and optimize governance structures. I have actively participated in the assessment and refinement of governance proposals, demonstrating my capacity to provide robust, data-driven insights for informed decision-making within decentralized ecosystems.

Furthermore, my expertise in quantitative analysis equips me to navigate economic risks, design optimization, and proposal viability, thereby ensuring that proposal assessments are comprehensive and meticulous. Additionally, my experience in project management has fortified my aptitude for efficient coordination, effective communication, and streamlined execution of proposals, all of which align closely with the primary objectives of the ARDC.

Moreover, my track record in providing tailored solutions for security enhancement and innovative mechanism development bolsters my ability to contribute meaningfully to the ARDC’s objectives. Through my previous work, I have actively fostered engagement within governance communities, encouraging collaboration and informed dialogue.

In summary, my rich background in blockchain development, project management, and governance optimization positions me ideally to contribute significantly to the ARDC. I am dedicated to leveraging my skills and experience to expedite governance decision-making, optimize proposal assessment, and ensure that the ARDC’s operations align seamlessly with the best interests of the Arbitrum ecosystem.

Proposal Review & Assistance [Applicable to all]

Share what approach you would implement to conducting objective research and providing assistance to proposers to enhance their proposals. (300 words max)

In conducting objective research and providing assistance to proposers to enhance their proposals, I would adopt a thorough and transparent approach that prioritizes the best interests of the ArbitrumDAO. Firstly, I would conduct impartial, data-driven research to comprehensively understand the context and competitive landscapes of forum proposals. This approach ensures that my assessments are unbiased and factual, facilitating well-informed decision-making by delegates.

Furthermore, I would actively engage with proposers to provide constructive feedback and tailored assistance, leveraging my expertise to optimize and structure proposals in a value-added manner. This collaborative approach ensures that proposers receive actionable insights to enhance the quality and viability of their proposals, ultimately contributing to the positive evolution of the Arbitrum ecosystem.

Additionally, I would foster an environment of open dialogue and transparency, encouraging proposers to embrace iterative refinement and improvement. This approach promotes the cultivation of delegate awareness and participation in the forum and voting stages, ensuring that proposals are well-received and aligned with the collective’s strategic priorities.

Ultimately, my approach emphasizes the facilitation of reliable and comprehensive assessments, coupled with proactive support tailored to proposers’ needs. By adhering to these principles, I aim to expedite governance decision-making, optimize proposal assessment, and promote the continuous advancement of the ArbitrumDAO’s objectives, in alignment with the primary mandate of the ARDC.

Project Management [Applicable to all]

Describe your project management experience. (250 words max)

Throughout my career, I have accrued significant project management experience that has equipped me with skills essential for optimizing the DAO Advocate role within the ARDC. As a Full Stack Blockchain Developer, I have overseen the end-to-end execution of numerous projects, exemplifying my proficiency in strategic planning, resource allocation, and performance monitoring.

Furthermore, my capacity to effectively manage and coordinate projects has been strengthened by practical experience in utilizing project management tools such as Asana, Airtable, and Multi-Sigs. These tools have been pivotal in ensuring the seamless coordination of team efforts and the successful delivery of projects, reflecting my adeptness at streamlining processes for optimal results.

In my role as a founder, I have actively led and executed projects that have involved complex negotiations and the forging of partnerships with key stakeholders. This trajectory has allowed me to harness and hone my negotiation skills, essential for fostering mutually beneficial agreements and securing resources vital to organizational growth and success.

My involvement in governance proposals and mini-grant program has further fortified my project management acumen. By actively engaging in these initiatives, I’ve demonstrated my capability to drive successful developments, leveraging resources to maximize their impact and aligning them with overarching objectives.

Overall, my extensive project management experience, sharpened through hands-on involvement in blockchain development, strategic negotiations, and governance initiatives, positions me as a valuable asset to effectively contribute to the optimization of governance decision-making and proposal refinement within the ARDC.

Purpose/Mandate of the ARDC [Applicable to all]

How do you intend to objectively contribute to achieving the purposes/mandate of the ARDC? (500 words max)

As I envision my role as the DAO Advocate within the ARDC, my intention is to bring an objective and strategic approach to contributing to the purposes and mandate of the collective. I plan to achieve this by focusing on fostering transparent governance, promoting accountability, and expediting decision-making processes.

One of my primary objectives is to provide objective assessments of ArbitrumDAO Forum proposals and discussions. To achieve this, I will employ a rigorous research methodology, ensuring that all assessments are based on credible data, analysis, and due diligence. By offering comprehensive analyses that consider the potential impact, feasibility, and alignment with the collective’s goals, I aim to equip delegates with the insights required to make informed decisions.

In addition to objective assessments, I am committed to expediting governance decision-making within the Arbitrum ecosystem. This entails emphasizing efficiency, transparency, and alignment with the best interests of the community. By actively engaging with proposal authors, I will offer tailored assistance aimed at enhancing the quality and viability of their proposals. This will involve providing constructive feedback, guiding proposers in optimizing their submissions, and encouraging iterative refinement to foster proposals that align with the strategic vision of the collective.

Furthermore, I intend to leverage my project management experience to facilitate the smooth coordination of proposals and governance processes. Through strategic planning, resource allocation, and performance monitoring, I will work to ensure that proposed ideas are effectively executed to contribute positively to the Arbitrum ecosystem. This will involve fostering collaboration, streamlining processes, and leveraging my negotiation skills to forge partnerships that support the successful implementation of proposals.

Additionally, I am dedicated to promoting accountability within the governance framework. I recognize the importance of transparent and ethical decision-making, and I intend to uphold these values by actively engaging with community members, mediating discussions, and ensuring that proposals are thoroughly evaluated for their potential risks and benefits.

Ultimately, my objective contribution to the ARDC’s mandate will be rooted in a commitment to serving the best interests of the community. By providing reliable and comprehensive assessments of forum proposals, facilitating informed and efficient decision-making, and promoting transparency and accountability, I aim to optimize the governance processes within the Arbitrum ecosystem. Through these efforts, I seek to align with the strategic objectives of the collective and contribute to its sustained growth and success.

Additional Contributions [Applicable to all]

How can you contribute to the creation and enhancement of tools for security assessment, the development of educational materials, research into new mechanisms, delegate engagement, and growth initiatives, as outlined in ARDC’s objectives? (500 words max)

In the capacity of the DAO Advocate within the ARDC, I am well-positioned to contribute significantly to the creation and enhancement of tools for security assessment, development of educational materials, research into new mechanisms, delegate engagement, and growth initiatives while aligning with the collective’s objectives effectively.

Security Assessment Tools:
Drawing from my experience as a Full Stack Blockchain Developer, I can collaborate with security-oriented members within the ARDC to contribute to the creation and enhancement of tools for security assessment. By leveraging my expertise in secure code reviews and threat modeling, I aim to support the development of robust assessment tools that ensure the integrity of the Arbitrum ecosystem. This includes conducting rigorous white-box security assessments, identifying design flaws, and promoting a culture of security compliance within the ecosystem.

Development of Educational Materials:
I intend to contribute to the development of educational materials by leveraging my experience in creating content related to blockchain technology. As a contributor to podcasts, Twitter threads, and newsletters, I can craft educational materials that promote awareness, engagement, and understanding of the Arbitrum ecosystem. This may involve simplifying complex concepts, sharing best practices, and disseminating valuable insights to foster a knowledgeable and informed community.

Research into New Mechanisms:
My background in research-oriented areas such as governance proposals, risk assessment, and framework development arms me with the capabilities to actively engage in research into new mechanisms. By objectively analyzing and contributing to the development of innovative mechanisms, I aim to promote data-driven decision-making and enhance the ecosystem’s capabilities. Through meticulous research and strategic insights, I aspire to assist in pioneering new mechanisms that better serve the interests of the ArbitrumDAO.

Delegate Engagement:
In line with the ARDC’s objectives, I am committed to fostering delegate engagement within the governance community. Through active participation in forum discussions, proposal refinement, and collaborative initiatives, I seek to incentivize delegates to contribute to the refinement and implementation of proposals. Furthermore, by actively soliciting feedback, fostering open dialogue, and advocating for inclusive governance practices, I aim to promote a governance community that is informed, engaged, and actively shaping the trajectory of the ecosystem.

Growth Initiatives:
I am dedicated to contributing to growth initiatives by attracting developers and users to the Arbitrum ecosystem. This may involve creating engaging content, hosting educational events, and collaborating with community partners to drive awareness and adoption. By leveraging my communication skills and industry insights, I aim to spearhead initiatives that promote growth, enrich the community, and attract diverse stakeholders to participate in the ecosystem’s expansion.

In summary, I am committed to contributing to ARDC’s objectives by leveraging my expertise, skills, and dedication to facilitate the creation of security assessment tools, develop educational materials, conduct valuable research, engage with delegates, and spearhead growth initiatives. It is my firm belief that through these contributions, the ARDC can achieve sustained growth, resilience, and success within the Arbitrum ecosystem.

Summary [Applicable to all]

In summary, please highlight your key qualifications and what you believe you can bring to ARDC. (400 words max)

In summary, my key qualifications and what I believe I can bring to the ARDC are deeply rooted in a wealth of experience, skills, and a steadfast commitment to optimizing governance processes and fostering community growth within the Arbitrum ecosystem.

My extensive background as a Full Stack Blockchain Developer equips me with a comprehensive understanding of decentralized technologies, governance optimization, risk assessment, and secure code reviews. Through years of active involvement in blockchain development, governance, and project management, I have honed my ability to conduct critical analysis, foster collaboration, and execute strategic initiatives. My involvement in assessing and refining governance proposals within blockchain communities demonstrates my capacity to provide robust, data-driven insights for informed decision-making.

I bring a wealth of project management experience, enabling me to efficiently organize resources, coordinate teams, and monitor performance to ensure projects are executed with precision and purpose. This capability aligns with the imperative to facilitate efficient decision-making processes and ensures the successful execution of proposals and growth initiatives within ARDC.

My commitment to strengthening governance communities and fostering engagement aligns with the ARDC’s objectives. By actively engaging with community members, promoting transparency, and advocating for inclusive governance practices, I aim to cultivate a governance environment that is informed, engaged, and aligned with the best interests of the collective.

Furthermore, my proficiency in creating educational content related to blockchain technology positions me ideally to contribute to the development of educational materials and research into new mechanisms as outlined in ARDC’s objectives. Through the creation of accessible and informative content, I aim to promote awareness, understanding, and engagement within the community, thereby enriching the ecosystem’s capabilities and fostering a knowledgeable and informed community.

Here is the data from dspyt.com that I have founded as an educational platform in data science and blockchain.

image

I stand committed to promoting accountability, transparent decision-making, and the creation of tools for security assessment within the ARDC. My dedication to ensuring the integrity of the ecosystem through rigorous security assessments, fostering a culture of compliance, and advocating for robust governance practices will further contribute to the collective’s objectives.

Ultimately, I believe that my unique blend of technical expertise, project management acumen, community engagement, and commitment to ethical governance aligns closely with the ARDC’s mandate. I am confident in my ability to facilitate the acceleration of governance decision-making processes, optimize proposal assessment, and promote sustained growth and success within the Arbitrum ecosystem. Through my contributions, I aim to fuel the ARDC’s mission and strategic objectives, furthering its impact within the blockchain space.

2 Likes

Applicant Information

Name of Applicant: DoDAO Team(Representative - Robin Nagpal - Founder).

Email Address: robinnagpal.tiet@gmail.com

Telegram Handle (if applicable): @robinnagpal

LinkedIn Profile (if applicable): https://www.linkedin.com/in/robin-nagpal-08498614/

Role being applied for - Security-Oriented Member

Background Information [Applicable to all]

DoDAO has been working on many educational and governance tooling initiatives with some of the top projects
Educational Initiatives
https://uniswap.university
https://arbitrum.education
https://compound.education
https://optimism.university/
&& many more

Other Initiatives
Onchain Governance Proposal Analyzer and Simulator for Compound (In Progress)

Our skills and background align with multiple areas. Based on our focus and research priorities, we would like to work as a “Research-Oriented Member,” focusing on the “Adoption of Gaming” and the “Promotion of Orbit Chains.” We will be working on very specific topics, as detailed below, and will produce detailed research reports and recommendations.

Alignment as The Research Member.
Our team aims to concentrate on specific areas to promote the adoption of Arbitrum and Ethereum overall. We have observed Arbitrum One performing well in the DeFi sector, yet there remains a substantial amount of work to be done to make the Arbitrum ecosystem appealing to game developers.
Instead of reinventing the wheel of game distribution, we should assist game developers by enabling them to focus on the most significant use case, which includes the trading of in-game assets, without having to concentrate on that alone. We should avoid adding further complexities related to game distribution, user authentication and authorization, in-game transactions, etc. All these aspects should be facilitated by the blockchain, and we have already seen some other blockchains making good progress in this area.

In addition to focusing on games, we aim to encourage the adoption of orbit chains. Over the next two or three years, we expect to see many applications launching their own chains. Solidity will become the standard language for developing financial solutions. Thanks to existing libraries and protocols, even traditional banks will be utilizing Solidity, along with one of the custom L2 or L3 solutions. However, they will have a different set of requirements related to security, risk, and privacy. Another issue we anticipate in orbit chains is fragmented liquidity and cross-chain communication. We aim to work towards providing solutions in this direction.

Objectives & Motivation [Applicable to all]

Ethereum and Arbitrum can be compared to AWS, Google Cloud, or Azure. Both Ethereum and Arbitrum provide the underlying execution layer, data availability, and security (with decentralization). There are hundreds of billion-dollar businesses that run on these cloud providers. These businesses don’t have to worry about scaling, uptime, data centers, etc.

Similarly, we need to focus on enabling and creating businesses, but at Arbitrum we need to provide all the reusable features needed by various sectors so that the developers building these new decentralized apps can concentrate solely on their use cases and problems, while the infrastructure provider, which is Arbitrum, can focus on cross-cutting concerns. Billions of dollars have been poured into the ecosystem, yet we have just a few social apps that have gained some adoption, a couple of games that have attracted real users, and a handful of real-world assets that have been tokenized and put on-chain. The end-user does care about decentralization, but they seek trust, ease of use, one-click logins, and they don’t want to pay for each and every update that happens in the system. As Arbitrum, we should pave the way forward where apps can provide this seamless user experience without compromising decentralization, security, and trust.

Therefore, our focus as part of the Arbitrum Research Group will be on technical areas in gaming so that game developers, using their existing channels, can distribute and promote their games, while simultaneously leveraging the underlying benefits provided by Arbitrum to enable the trading of in-game assets. At the same time, we want to promote the adoption of orbit chains as we believe Ethereum provides the core layer for global finance and orbit chains enable different entities to configure Layer 2s and L3s and hook into this global financial system. This vision is shared by many, but there are still many technical challenges that need to be addressed, including cross-chain communication, privacy, sharing liquidity, etc. These will also be our focus areas as part of the Arbitrum Research Group.

Skills and Experience [Applicable to all]

We are one of the leading companies in providing in-depth education on Blockchain and DeFi, having collaborated with top projects on the Ethereum platform.

We also possess extensive blockchain development experience and are currently working with Compound on initiative that includes the decoding of calldata, as well as the simulation and testing of proposals.

We have worked both at a very detailed level and on high-level research and are now collaborating with Ivey Business School to create case studies and attract the best fresh graduates into the ecosystem. Having a top-notch customer education platform, on which we run academy websites for the leading projects, we understand the importance of the end user.

Proposal Review & Assistance [Applicable to all]

All the tools we develop will enhance the safety and transparency of the proposals. Our goal is to reuse all the existing libraries that have been built around proposals, and then open-source our work so that other projects can combine these modules and further integrate into the ecosystem, bringing more clarity and security to the proposals when they are submitted on-chain.

We will also work on standardizing the evaluation of the milestones and completion of the grants, so that other developers can develop UIs on top of this information and display it in multiple formats.

Review on Chain Proposal Code Updates [Only applicable to Security]

Below are the features, separated by the proposal phases, that will be part of the Arbitrum Proposal Analyzer. This tool will allow us to vet each proposal in detail.

On Proposal Submission (before voting):

Consider the example of the proposal below. Perhaps only one or two people who are voting actually understand what is happening in the executable code of the proposal. Even with the best intentions, a mistake in composing the payload can lead to the loss of millions of dollars.

Here are the first three steps we plan to implement to enhance the readability and testability of these proposals:

  1. Decoding of the Call Data: Based on the type of target being called, we can decode the information executed in the proposal.
  2. Simulation and Tagging Proposals: Using the decoded information, we can categorize actions as Critical or Non-Critical, assisting the community in paying closer attention. By utilizing tools like Tenderly, we can often simulate the actions that will be implemented once the proposal is executed. This approach helps in gaining confidence about the changes well before the proposal is submitted.
  3. Proposal CLI: Most proposals are currently generated via a UI, which can lead to numerous issues regarding the type of actions selected. Moreover, there is presently no method to write test cases for these proposals and verify them in advance. We intend to develop a CLI that will enable users to generate Solidity-based proposal code. This development will provide an opportunity to write tests before the proposal is submitted on-chain. Though it might appear excessive, this strategy is one of the most effective ways to ensure maximum value for the effort and to prevent million-dollar mistakes.

During its approval

Currently, there is no method to notify about the status of changes being applied. To support the post-proposal execution steps, we plan to extend the “Proposal” CLI and enable people to add these actions. In the current phase, we do not intend to modify any of the existing smart contracts. Instead, we will create new CLI/tooling which submits proposals on-chain using the existing smart contracts.

Being worked upon

At present, there is a lack of clarity after a proposal is accepted. We aim to integrate with existing tools like Safe Multisig, Hedgey, Superfluid, etc., to display feedback and allow the release of funds after consensus is reached on the completion of the tasks.

We plan to follow the same principles as “Stage 1 - Arbitrum One.” This means there will be one program manager issuing the grants, but multiple validators will validate the outcomes of the proposals. Validators will stake, and if they report incorrect results, they will be fined. For accurate reviews, they will be compensated.

Note: This is an ambitious plan, so for the initial release, we will be launching a Minimum Viable Product (MVP) that integrates with one or two multisig/payment vesting solutions. We will implement a simpler flow for validation. Additionally, other grant tools might want to utilize this feature of our tool. Therefore, we will develop it as a module so that it can be integrated into or with other existing tools.

We will be doing extensive user/grantee study to make sure the experience for both the grantee and the program manager is as simple as possible.

In subsequent revisions, we believe the UI should also display on-chain information, such as the funds allocated, funds streamed, funds remaining, along with qualitative outcomes from the milestones.

Upon Completion of the Grant:

Capturing all the information, impact, and feedback from the grantees, as well as the grant program manager, is crucial, with the outcomes being published. Subsequent grantees working in the same area should be able to build upon the work that has already been done. This step in the process can be somewhat laborious, but it is necessary to ensure the quality of the deliverables and the effectiveness of the program manager’s execution.

This will also adhere to a similar validation logic, i.e., multiple validators will verify that the grant completion has been successfully achieved.

Note: This phase also is an ambitious plan, so for the initial release, we will be launching a Minimum Viable Product (MVP). Even this part will be developed as a module so that it can be integrated into or with other existing tools.

Project Management

Robin will be the representative of Team DoDAO. Robin has over 16 years of experience in developing software and delivering it. We work in an iterative way and would be more than happy to share bi-weekly updates on our progress.

We also have a proven track record in the Ethereum ecosystem and would be more than happy to connect with the projects we have worked with for reference checks, etc.

Purpose/Mandate of the ARDC [Applicable to all]

Our role at ARDC as Security Members is fully aligned with our current projects and our future plans. We aim to enhance tooling around the transparency and security of on-chain proposals. Even a single erroneous proposal, despite good intentions, can have catastrophic consequences for the DAO.

As builders, our objective is to develop modular code that functions like interlocking lego pieces, facilitating seamless integration and extension by others. While there are numerous tools for grant provisioning, there is a notable lack of tools for grant reporting. We plan to research how to integrate these tools and develop common abstractions.

Furthermore, we will establish best practices and tools for processing grant payments.

Additional Contributions [Applicable to all]

We have begun collaborating with Ivey Business School, one of Canada’s top business schools. We aim to publish several case studies on topics related to DeFi and DAO Governance.

Our team also completed the new Uniswap V4 docs.

Cost Breakdown

We commit to a providing regular updates on our development progress.

Team Composition

  • 2 Developers full-time
  • 1 Developer, 28 hours per week
  • 1 Product Person, 28 hours per week
Roles Hourly rate Total Hours Total Cost
2 developers full time 75/hr 176 hrs/month * 6 months 158400
1 developer and 1 product 75/hr 128 hrs/month * 6 months 115200
Total = 273600 ARB

Reiterating again: The amount requested is significant, and it is our responsibility to deliver something concrete that can be used and extended by future members. Therefore, we have included very clear deliverables. Furthermore, we will conduct a thorough review of all existing tools related to proposal safety.

Summary

We DoDAO Team(representative - Robin Nagpal), is applying for the role of Security-Oriented Member, focusing on enhancing the safety and efficiency of on-chain proposals. We have a strong background in educational and governance tooling initiatives, collaborating with top projects to provide in-depth blockchain and DeFi education. Our current project with Compound Finance involves developing tools to decode, simulate, and test proposals before submission, addressing the risk of costly errors in proposal payloads.

Our proposal includes developing the “Arbitrum Proposal Analyzer,” a tool designed to improve the proposal process by verifying, simulating, and testing proposals pre-submission to prevent potential losses. This initiative aims to bring more clarity and security to the proposal process, with plans to open-source their work for broader community benefit. Our team, comprising full-time developers and a product person will be working to deliver concrete tools and best practices for the community, highlighting our commitment to transparency, security, and efficiency in DAO governance.

1 Like

Below is a joint ARDC application submitted by both @BlockworksResearch and @Delphi-Digital. You can find a link to the full application here.

Thanks @Immutablelawyer and the Axis Advisory team for leading this initiative!

Applicant Information

  • Name of Applicant & Applicant’s Representative [If Applicable]:
    • Blockworks Research
      • Applicants: MattOnChain, EffortCapital, Pibblez0x
    • Delphi Research
      • Applicants: Ashwath Balakrishnan, Jake, Gutz, Mo
  • Email Address:
  • Telegram Handle (if applicable):
    • Blockworks Research: effortcapital, hut4, pibblez0x, TriciaLin
    • Delphi Research: ashwathbk, deployed_0, Gutzman9816, momilio
  • LinkedIn Profile (if applicable):
  • Role being applied for: Research-Oriented Member

Background Information [Applicable to all]

Please provide a brief overview of your experience in the digital asset industry and, more specifically, Ethereum & Arbitrum Ecosystems. Include any relevant projects, contributions, or roles within the ArbitrumDAO, if applicable. (400 words max)

Blockworks Research

Blockworks Research is a team of analysts that delivers institutional-grade, data-driven research and analysis for L1s, L2s, DeFi, and gaming/consumer applications. Our team is well-known in the industry for producing high-quality, actionable research reports and data dashboards covering various topics, including extensive coverage of Arbitrum and Ethereum. The team is divided into protocol-specific coverage so that our analysts are experts in their respective niches.

We have authored reports such as Arbitrum vs Optimism, Arbitrum Stylus: The Dual VM, An Arbitrum Odyssey, Part 1: Bridge Week, Arbitrum Staking and the Search for Token Utility, Sequencers: The Key to The Rollup Investment Thesis, as well as reports covering many of the apps in the ecosystem such as GMX, Vertex, Radiant, and more. Additionally, we host a data dashboard covering all aspects of Arbitrum’s onchain data.

We actively contribute to the Arbitrum DAO, participating in community calls, discussions, and proposal evaluations. Our notable contributions include highlighting key points in AIP-1, developing resources like the original STIP spreadsheet, and authoring the original Arbitrum Coalition proposal. Our engagement and contributions to the Arbitrum DAO reflect our commitment to advancing the ecosystem through informed analysis and active participation.

Delphi Research

Delphi Digital is a research-driven firm comprising a global hivemind dedicated to making crypto happen sooner and better than without us. Through our six years of building, Delphi has become one of the most trusted brands in crypto. Our team consists of crypto’s finest researchers, economists, and developers. This pool of intellectual capital empowers us to help the industry’s most prominent builders, investors, and institutions make informed, strategic decisions.

Delphi Research is known for the depth of our research across all crypto sectors. We specialize in deep-dive, actionable analysis for our clients. We pride ourselves on separating signal from noise and ensuring members remain at the cutting edge of crypto markets, narratives, and technology.

Since inception, our team has delved deep into Ethereum and its burgeoning ecosystem. Our second report ever, Entering The Ethereum, walked through concerns we had with ETH 2.0’s security budget and ended up getting us connected to Vitalik and ETH 2.0’s core team to share our models before they pushed through a proposal a month later. In 2019, we were one of the first teams to begin covering Layer 2 scaling solutions. Throughout the years, other ecosystem report highlights include: The Hitchhiker’s Guide to Ethereum (which drew praise from Vitalik), The Complete Guide to Rollups, Arbitrum Nitro, and Reflecting on EthCC. Finally, we’ve written about Arbitrum ecosystem projects like GMX and Gains Network in GMX’s Success Spawns Competition, Examining the Design and Traction of GMX’s Hybrid DEX, and Gains Network Gains Ground.

Specify the subject-matter area(s) you are interested in contributing to within ARDC (e.g., Research, Framework Development, Risk Assessment, etc.). Explain why you believe your skills align with the chosen area(s). (500 words max)

We are interested in contributing to the ARDC through:

  • Governance proposal templates, reviews, and discussions
    • Will provide impartial data-driven research surrounding ongoing proposals to help delegates understand the context and competitive environments such that they can make more informed decisions. These reports may also be used as a tool for those writing proposals to improve their work.
  • Research
    • Objectively analyze and contribute to the design of new and existing mechanisms such as sequencers, fraud proofs, data availability solutions, and more.
    • Sustainable governance frameworks that allow the DAO to be agile while ensuring proper checks and balances across all key stakeholders
    • Retroactive analysis of passed initiatives to identify best practices as it relates to grant programs, treasury management, and initiatives like the Arbitrum Expansion and Developer Guild programs
  • Framework development
    • Create frameworks that measure requirements, expectations, and desirable outcomes for partnerships, grant programs, and other initiatives.
  • Project management
    • Proactively identify, execute, and monitor opportunities within the DAO.
    • Establish powers to hold Arbitrum incentive recipients accountable for their commitments.
    • Oversee and coordinate across work streams within the DAO, fostering a spirit of collaboration, decentralization, and efficiency.
  • Growth initiatives
    • Will produce content surrounding coalition activities. Blockworks Research’s podcast, 0xResearch, will feature a segment on a weekly basis throughout the coalition’s term that will discuss the latest updates in Arbitrum the protocol or governance. Additionally, Twitter threads and newsletter mentions will be regularly provided to attract more developers and users into the Arbitrum ecosystem.

Objectives & Motivation [Applicable to all]

What motivates you to join ARDC, and what do you hope to achieve as a member? (300 words max)

Blockworks Research

Our motivation to join the ARDC stems from a core belief: our success is intrinsically linked to the success of crypto. We are committed to contributing to Arbitrum’s success, recognizing it as a key player in the ecosystem. Our aim as an ARDC member is to empower the DAO with in-depth research, contributions, and analytical tools, enhancing its capacity for informed decision-making. As active participants in the DAO and initiators of the original proposal for the ARDC service, we seek to address a critical need in Arbitrum governance. Our goal is to facilitate better decision-making processes and stimulate professionalized proposals that drive the protocol’s advancement, ultimately contributing to Arbitrum’s and the wider Ethereum sector’s long-term growth and success.

Delphi Research

Delphi’s mission is to make crypto happen sooner and better than without us. Joining ARDC is a natural extension of our commitment to accelerating crypto. We recognize Arbitrum as a pivotal player in this landscape and are enthusiastic about aligning our goals with its success. Our admiration for the vibrant engagement and dynamic governance processes within the Arbitrum community has fueled our eagerness to contribute significantly. As ARDC members, we pledge to bring our extensive research, valuable insights, and proven experience to empower the DAO. In doing so, our objective is not only to actively participate in the DAO but to serve as strategic architects, guiding stakeholders through pivotal decisions. Our goal is to act as a true partner and expect the DAO to hold us to the same high standard we hold ourselves to.

Explain how you envision contributing to the primary mandate of ARDC, which is to provide objective assessment of ArbitrumDAO Forum proposals & discussions and expedite governance decision-making within the Arbitrum ecosystem. (300 words max)

Blockworks Research

Blockworks Research will allocate full-time commitment from its Research Analyst team and dedicate specific analysts whose expertise is tailored to the respective task/work order. By ensuring alignment with the specialized analyst and the task, we will provide the required technical coverage, including but not limited to in-depth research, analytical tools, and data insights to community members for the purpose of equipping delegates with the required knowledge to evaluate proposals holistically.

By offering tools and clear objective information Blockworks Research will streamline the decision-making process to enable delegates to reduce the repetitive or non-valuable time spent on due diligence across multiple information sources. Additionally, we are committed to elevating the professional standards of DAO operations: our contributions will not only be to enhance the quality of governance in the Arbitrum ecosystem but also help steward DAO operations and new ventures, merging best practices from both traditional and decentralized sectors.

Delphi Digital

Delphi will dedicate full-time researchers with relevant experience to this effort. These team members will have deep familiarity with Arbitrum, governance frameworks, and come prepared with ideas on how to propel the ecosystem forward. We are confident in delivering actionable insights to the ArbitrumDAO to promote robust debate and drive tangible results.

Delphi researchers have significant experience working closely with other ecosystems and projects and will lean on this to provide the DAO with valuable research, advice and support. We are committed to playing a role in governing the Arbitrum ecosystem and promoting its mission of scaling Ethereum and delivering credibly neutral technologies to the world.

Skills and Experience [Applicable to all]

Provide details about your relevant skills and experience, including any previous work or contributions related to the subject-matter area(s) you are interested in within ARDC. (300 words max)

Blockworks Research

Blockworks Research has a diverse and well-rounded team of analysts who previously worked across several verticals, including crypto investment funds, consulting and advisory firms, investment banking firms, SaaS companies, traditional hedge funds, and crypto infrastructure companies. Additionally, every analyst is aligned with the core belief that cryptocurrencies will transform multiple aspects of society, including finance, economics, technology and geopolitics. More specifically, the team has skills in onchain analysis, deep technical research, project management and an unparalleled understanding of blockchain data structures that enables Blockworks Research to craft data-driven stories with industry-leading dashboards.

Blockworks Research has a proven track record in Arbitrum governance, where we have been leading voices in community calls, discussions, and proposal evaluations. We led the dissenting opinion in AIP-1, created an extensive STIP tracker for all open Arbitrum Incentive Proposals, and authored the original Arbitrum Coalition proposal. Additionally, we have experience working with other active communities as a Research partner that performs analysis on monetary and fiscal policy and value capture mechanism design. The Blockworks Research team is equipped to streamline and strengthen Arbitrum governance, whether that be through communicating complex topics to decision-makers, project management, or weighing in on important decisions that dictate the future of the network, as demonstrated by our commitment and past body of work to Arbitrum.

Delphi Research

Since inception, Delphi has been on the forefront of virtually every vertical in crypto. We have diligently monitored Ethereum’s scaling solutions since the start and have a proven track record of delivering impactful and insightful research to the community. Our team is composed of subject matter experts who live and breathe their respective verticals. We bring vast depth of experience and passion for what we do. Having worked with other high-caliber DAOs (Aave, Lido, Synthetix, Gitcoin, and more), we are not afraid to voice our opinion and stand up for what we believe in. Our value-add comes from our deep expertise and willingness to dig in and solve problems alongside teams.

Our team looks forward to contributing thoughtful ideas on how best to scale Arbitrum’s community, address the challenges of the day, and maintain robust governance procedures. We believe our experience in communicating complex ideas, narratives, and technologies to our readers makes us well-suited to help the ARDC navigate its role as steward over the Arbitrum ecosystem.

Proposal Review & Assistance [Applicable to all]

Share what approach you would implement to conducting objective research and providing assistance to proposers to enhance their proposals. (300 words max)

Blockworks Research

Traditional DAO governance has fallen victim to inherent bias introduced via backdoor deals and private Telegram chats. To fix this, we will facilitate discussion with proposers in the Arbitrum forum and on community calls, empowering the community to gain an honest view of the motives of parties.

To streamline the operational efficiency of governance, all proposers will have the opportunity to workshop their proposals with the ARDC to concisely communicate goals, actions, and desired outcomes at the discretion of the DAO through the Advocate.

We will conduct due diligence on those submitting proposals, assessing:

  • Prior proposals and outcomes
  • Track record within other communities/ecosystems
  • Sentiment around the proposer among crypto-native communities
  • Technical prowess and alignment with the Arbitrum ecosystem
  • Disclosures of any conflicting interests or inherent bias, if present.

We will provide objective research around technical concepts when warranted:

  • A snapshot of the competitive landscape for proposed architecture and infrastructure integrations.
  • A data-driven analysis of different solutions within a vertical.
  • Deep conversations with teams behind technical proposals, assessing security, risks, and how objectives align with the broader DAO vision.
  • Disclosures of any conflicting interests or inherent bias, if present.

Delphi Research

Delphi’s approach to objective research is rooted in our commitment to delivering thorough, data-driven analysis and offering insights from first principles. Our analysts excel in providing in-depth and opinionated analysis while maintaining objectivity. This commitment extends to all our work for Arbitrum DAO.

Our dedication to enhancing proposals for Arbitrum DAO centers on understanding the DAO’s goals and aligning them with proposers’ submissions. Collaborating with Blockworks Research, we’ll develop a benchmark framework for evaluating all proposals. Leveraging our extensive experience and understanding of objectives, we ensure our assessments directly contribute to the DAO’s overarching goals. By providing strategic and objective insights, our aim is to play a pivotal role in enhancing the quality and success of proposals, aligning them seamlessly with the DAO’s vision.

Review on Chain Proposal Code Updates [Only applicable to Security]

Describe your experience in conducting code reviews and assessing security risks. How can you contribute to enhancing the security and integrity of the Arbitrum ecosystem? (500 words max)

N/A

Quantitative Assistance [Only applicable to Risk]

Explain how you can bring quantitative analysis skills to proposal evaluations and contribute to identifying and mitigating economic risks associated with proposed initiatives. (500 words max)

N/A

Research Initiatives [Only applicable to Research]

Describe your experience conducting research-oriented initiatives within the digital asset industry, more specifically, research re. the Arbitrum-specific tech-stack. Explain how your previous experience can translate to an added value contribution to the ARDC & the ArbitrumDAO. (500 words max)

Blockworks Research

Blockworks Research authored four technical research reports about Arbitrum over the past year, including an analysis of the Arbitrum staking proposal, a comprehensive comparison of Arbitrum vs Optimism, a deep dive on Arbitrum Stylus, and an analysis of how sequencers function and fit within the rollup ecosystem. These reports demonstrate our team’s deep understanding of Arbitrum and the broader L2 ecosystem, including analyses of technical concepts, such as BOLD, Orbit, time boost, sequencers, proposers, upgradeability, licensing, forced inclusion, and more. This experience positions Blockworks Research as a leading voice to further Arbitrum research, where complex upgrades and decisions on the tech stack are not easy. Blockworks Research has the ability to dissect complex topics and explain them in simple terms, which will be incredibly valuable in governance decisions around concepts like fraud proofs, sequencer design, etc. We acknowledge that sometimes a report does not fully encapsulate the knowledge needed to make a decision, so we are excited to host whiteboard sessions and broader research calls where the community can discuss and truly understand complex topics as needed.

Further, research around different programs, such as the STIP/LTIP and Arbitrum Expansion and Developer Guild will be a major priority, as the DAO needs further insight into the effectiveness of such programs. Through these, the ARDC will encourage accountability in spending and foster a democratic approach to Arbitrum’s growth strategy.

Delphi Research

Delphi Research’s engagement with the Ethereum ecosystem dates back to the early days of our company. Over the years, we have diligently observed and analyzed the developments within the Ethereum ecosystem, producing definitive reports on various subjects, ranging from Ethereum’s rollup-centric roadmap to the ongoing L2 wars.

Our team possesses an in-depth understanding of the current landscape of the EVM and has authored numerous reports that shed light on the evolving dynamics of the ecosystem. Our extensive experience uniquely positions Delphi to guide discussions and influence decision-making processes related to intricate upgrades and strategic decisions.

Our expertise becomes especially valuable when considering the Arbitrum-specific tech-stack, specifically focusing on critical areas such as sequencer selection/rotation and bridge upgradability. Critically important is conveying these complex ideas & solutions in simple language. We firmly believe that our well-established track record of delivering clear and actionable insights will significantly contribute to shaping the direction of the Arbitrum DAO.

Project Management [Applicable to all]

Describe your project management experience. (250 words max)

Blockworks Research

Our team has extensive project management experience in both the crypto and traditional world. Effortcapital, one of our Research Analysts, has over seven years of project and program management experience working across cross-functional teams in the energy industry where he spearheaded multiple $100M+ construction programs. EffortCapital also led the project management function for the Cosmos Hub’s tokenomics grant where three teams, including Blockworks Research, performed mechanism design and governance research for the community over the span of a quarter. Additionally, 0xPibblez is on the Uniswap Accountability Committee where he manages Uniswap deployments on various chains and ecosystem alignment.

Delphi Research

Delphi brings substantial project management expertise to the table, cultivated over several years of steering multiple client engagements concurrently. Our experience ranges from navigating the intricacies of DAOs to providing strategic token advisory and diverse consulting services for protocols. Notable DAO collaborations include Aave, Lido, Axie Infinity, Synthetix, and Gitcoin. Rooted in years of traditional finance and consulting experience at institutions like Bloomberg, Deutsche Bank, and Deloitte, Delphi emphasizes precision in task execution and transparent communication. We firmly believe that effective communication and early trust-building are instrumental in project success. Through our engagements, our analysts aim to become extensions of the teams they are working with and are able to adapt to the client organization’s preferred working style. In partnering with ARDC, our aim is to leverage this experience to establish a solid foundation for success.

Purpose/Mandate of the ARDC [Applicable to all]

How do you intend to objectively contribute to achieving the purposes/mandate of the ARDC? (500 words max)

Blockworks Research

Please see our responses in sections “Objectives & Motivation” and “Proposal Review & Assistance.”

Delphi Digital

Please see our responses in sections “Objectives & Motivation” and “Proposal Review & Assistance.”

Additional Contributions [Applicable to all]

How can you contribute to the creation and enhancement of tools for security assessment, the development of educational materials, research into new mechanisms, delegate engagement, and growth initiatives, as outlined in ARDC’s objectives? (500 words max)

Blockworks Research

Blockworks Research will review best practices across other decentralized communities across the crypto space, and tap into our strong network, to gauge how to enhance delegate engagement, including looking into delegate incentive programs. Blockworks will also leverage our Research, Twitter, and Podcast platforms to produce content surrounding coalition activities to inform our wide audience base of Arbitrum’s growth story to hopefully onboard new developers and users. Additionally, as outlined above, we will continue to review the competitive landscape of sequencer mechanism and governance design to ensure a sustainable and fair Arbitrum ecosystem. A good example is looking into Optimism’s “Law of Chains”, Retroactive Public Goods Funding campaigns, and its bicameral governance structure to take best practices and lessons learned and create a better system for Arbitrum.

Delphi Research

Delphi Research is committed to playing a pivotal role in establishing best practices and success metrics in decentralized ecosystems. To achieve this, we will conduct an exhaustive review of other community governance procedures, drawing upon our industry experience to discern best practices and areas that need improvement. Our aim is to facilitate the coordination of decentralized ecosystems effectively.

In addition, we recognize the importance of community engagement and growth within the Arbitrum ecosystem. Leveraging our extensive network, we will explore avenues for fostering growth, connecting with key stakeholders, and enhancing community engagement. By tapping into our network, we aim to gain valuable insights into how the Arbitrum ecosystem can expand and effectively involve a broader community.

Education is a key pillar of our strategy, and we will utilize our research, as well as our platforms on Twitter and the Delphi Podcast, to disseminate valuable information. Delphi has a track record of hosting prominent figures in the blockchain space on the podcast, including the Arbitrum team on several occasions. In November, we hosted Steven Goldfeder and Ed Felten in A 2014 Classroom Idea to The $10B Scaling Technology Arbitrum, ZK Technology Flaws and Interactive Fraud Proofs where we dove deep into Arbitrum’s technology.

Scope of Services & Applicable Fees [Detailed breakdown of fees including pricing model for the 6-month term] [Applicable to all except DAOAdvocate] [Must not exceed applicable cap]. Please provide a detailed breakdown of the scope of services through which you will be contributing. Include the pricing model implemented & a description of expected hours + hourly rate (if applicable) & manpower dedicated to the ARDC.

Blockworks Research and Delphi Digital will collaborate to commit full-time coverage throughout the 6-month term. We envision this being the beginning of a long-term commitment where both firms are instrumental in helping to create a DAO playbook that serves as a guide for the successful operations of other DAOs and ensures the sustainable growth of the Arbitrum ecosystem. Our proposed fee for these services is $960k, structured as follows:

  • 25% upfront ($240k) upon the passing of the AIP.
  • The remaining amount will be divided into five equal payments of $144k each, dispersed on the first of each month, starting in the second month.

As of February 11th, the total fee is approximately 74% of the total Research-member allocation of 665,000 ARB (~$1.3M). In the event the DAO determines the completed services by Blockworks Research and Delphi Digital have exceeded expectations, and there are still excess funds remaining from the Research-member allocation, we propose an additional 20% performance bonus that would be subject to a vote at the discretion of the DAO.

Summary [Applicable to all]

In summary, please highlight your key qualifications and what you believe you can bring to ARDC. (400 words max)

Blockworks Research

Established in 2022, Blockworks Research’s mission is to increase the credibility and quality of research and access to data in the digital asset industry. We currently work towards the broader adoption of crypto assets and positive change in the digital asset industry through multiple product lines. Blockworks’ strength in reach and distribution will be largely additive to the growth and awareness of Arbitrum.

Over the past two years, Blockworks Research has built a reputation for being a leading source of truth for deep technical, protocol-specific research. Our crypto-native analysts are regularly engaging with crypto communities, which has also enabled us to establish ironclad relationships and trust with the strongest teams in crypto that are working on cutting-edge technology, enabling us to tap into a broader network of advisors and consultants in support of Arbitrum’s growth.

Most importantly, Blockworks Research’s deep commitment to informed decision-making, unbiased governance, and the growth of the Arbitrum ecosystem (as demonstrated by the four Arbitrium technical research reports we published about Arbitrum in 2023, the comprehensive Arbitrum Incentive Proposal Summary and Tracker document linked below, and broader advocacy for the DAO governance) demonstrates our appropriate fit and qualifications to successfully execute the required framework development, project management, growth initiatives, and construction/execution of governance proposal templates, reviews, and discussions.

Our team’s experience is comprehensive and diverse, spanning project management, technology investing, fundamental and macro/thematic research, valuation, data analysis, management consulting, and computer science. We may additionally appropriately staff our team to ensure sufficient coverage to enable delivery excellence full-time, including the hiring of three additional Research Analysts as needed to ensure the success of the ARDC.

Delphi Digital

Delphi Research is a member of the Delphi Digital family, a group of separate companies sharing the same brand and vision. The Delphi Digital family has grown and matured multifold since its inception. Delphi Research was born in 2018 as a firm focused on producing institutional-grade research. Delphi Ventures launched in 2020 and operates as an independent venture capital firm that invests in world-changing founders. Delphi Labs was established in 2021 as an incubator and launchpad for projects building in the blockchain and digital asset space. We are a research-driven firm comprising a global hivemind dedicated to making crypto happen sooner and better than without us.

Delphi Research is known for the depth of our research across all crypto sectors, and delivers our analysis to the industry’s most prominent builders, investors and institutions, helping them make informed, strategic decisions. We achieve success by combining the perspectives of researchers, builders, and investors. From inception our primary moat has been attracting the best talent in crypto to our teams and understanding the crucial role of possessing a deep understanding of all verticals and niches within crypto. The industry’s highly flexible and composable mechanisms makes this breadth & depth of knowledge non-negotiable. Our years of living and breathing the space 24/7 enables us to help save countless hours for the teams we work with.

Since the early days of our company, our team has closely followed the evolution of Ethereum, growing alongside the broader ecosystem. Our journey has been marked by a commitment to in-depth analysis of Ethereum and its scaling solutions, evident by our early coverage beginning in 2019. Subsequent updates and other ecosystem reports have consistently offered valuable insights to readers, underscoring our dedication to understanding the design, traction, and success within Ethereum. Delphi’s mission has always been to make crypto happen better and faster than it would without us, and we believe supporting Arbitrum is one of the highest-leverage opportunities to drive crypto forward. Leveraging our deep expertise in Arbitrum’s current construction and its technical tradeoffs positions us to ensure the success of our coalition.

We commit to serving as objective and candid partners in this relationship, bringing the same unwavering determination, passion, and expertise to ARDC that defines our approach to research and client engagements. As dedicated collaborators, our commitment to ARDC extends beyond expertise; it’s a personal investment in the success, ensuring a collaborative partnership that exceeds expectations.

Feel free to attach any relevant documents, portfolios, or links to previous work or contributions.

Blockworks Research

Proposal: Arbitrum Coalition (October 2023)

Proposal Summary and Tracker

ARB Airdrop Tracker

L2 Sector Dashboard

STIP Tracker Twitter Shoutout

Delphi Digital

The Hitchhiker’s Guide to Ethereum

The Complete Guide to Rollups

The Year Ahead for Infrastructure 2023

DeFi Year Ahead 2024

Examining the Design and Traction of GMX’s Hybrid DEX

Gains Network Gains Ground

Reflecting on EthCC

5 Likes

Applicant information

  • Name of Applicant & Applicant’s Representative [If Applicable]: L2BEAT Governance Team
  • Email Address: krst@l2beat.com
  • Telegram Handle (if applicable): @kaereste
  • LinkedIn Profile (if applicable): L2BEAT | LinkedIn
  • Role being applied for [1 Max] DAO Advocate

Background Information

Please provide a brief overview of your experience in the digital asset industry and, more specifically, Ethereum & Arbitrum Ecosystems. Include any relevant projects, contributions, or roles within the ArbitrumDAO, if applicable. (400 words max)

First, let me give you a short intro to L2BEAT itself:

L2BEAT is a public goods company dedicated to providing on-chain transparency.

What sets L2BEAT apart is our unwavering commitment to delivering accurate and reliable information. We strive to be an impartial and independent watchdog that acts in the best interest of users and the broader ecosystem while always remaining credibly neutral and faithful to reality and facts. We deliver data and tools that allow our community to educate themselves, transact securely, and make well-informed decisions.

L2BEAT Governance Team is a team withing L2BEAT responsible for L2BEAT governance issues at the moment of writing composed of @krst and @sinkas. Our mission in DAO Governance is to act as an Ethereum ecosystem steward, making sure that DAOs contribute to the L2-centric Ethereum development roadmap.

We’ve been quite active in the DAO since the very beginning. We’re currently facilitating the monthly governance calls, as well as L2BEAT Arbitrum Office Hours that already gained repeated interest within the DAO contributors.

Specify the subject-matter area(s) you are interested in contributing to within ARDC (e.g., Research, Framework Development, Risk Assessment, etc.). Explain why you believe your skills align with the chosen area(s). (500 words max)

We’re applying for the role of the DAO Advocate. We sought the creation of this role during the early discussions of the original Coalition proposal, as we believe this role is essential to the effective use of the services provided under this proposal by DAO delegates and proposers. I’ll use this space to elaborate a bit more on why I think so and how I see the role of DAO Advocate.

DAO is a complex beast. There are many different groups of interest within or around the DAO - OG Builders with established position and high context, new Builders without it but with a lot of hunger and ambition, regular Users, long-term Token Holders, Investors, Delegates, regular Contributor, Foundation and I probably missed some.

It’s not easy to work with the DAO. There is no single point of contact, there is no board with decision-making power, different groups have interests that are not necessarily aligned and sometimes straight opposite.

On the other hand it’s not easy for DAO contributors to deal with DAO service providers/grantees - it’s usually not obvious what the scope of a given service provider’s work is, if an individual contributor (or even a delegate) is in a position to have requirements or expectations regarding the service provider’s work.

It’s in all parties’ best interest to establish an entity to handle communication and manage collaboration so that work doesn’t get bogged down with each party waiting for the some other to make a decision.
That’s how we see the role of the DAO Advocate - a facilitator with limited decision-making power to streamline the workflow.

We believe that both L2BEAT’s experience and reputation as an impartial and independent watchdog in the L2 ecosystem, and the work so far of the L2BEAT Governance Team within the DAO, provide reasonable grounds to claim that we will be able to fulfill these responsibilities.

Objectives & Motivation

What motivates you to join ARDC, and what do you hope to achieve as a member? (300 words max)

The main reason why I’ve been advocating for the Coalition and now ARDC is that I saw a need for it as a delegate.

There are many discussions on the forum in which delegates could use some additional knowledge and/or context, but right now they are expected to get it themselves. Doing a thorough research on some topics is simply out of reach of some delegates (including ourselves).

At the same time the decisions we are making have a tremendous impact on the whole ecosystem and it is irresponsible to vote on such decisions without the knowledge & information required to make an informed decision. Some delegates can dedicated significant time to do the research but others cannot and have to rely on the information available to them on the forum and in the internal DAO chats.

On the other hand, we feel that it would be in the best interest of the DAO if proposers could use an internal DAO resource to help them craft proposals. RIght now the proposer needs to invest their time and resources in order to bring a proposal to the DAO with not a very big chance for such a proposal to pass.

There is an expectation from many delegates that the proposers should use dedicated programs or frameworks to lower the amount of work on the delegates’ side. Such frameworks don’t have to be special committees with centralized decision making powers, those could be as well frameworks within which proposals are being structured for specific domains so that delegates have an easier job of assessing certain proposals and comparing them with each other.

I strongly believe that ARDC can help facilitate this way of approaching DAO proposals.

Skills and Experience

Provide details about your relevant skills and experience, including any previous work or contributions related to the subject-matter area(s) you are interested in within ARDC. (300 words max)

We have been active delegates in the DAO from the very beginning so our skills and experience should be already known to the delegates. I believe that we’ve been actively involved in almost all (if not all) important discussions within the DAO and we’ve been facilitating work around several initiatives.

I think it’s worth noting that we also have experience from other DAOs (for example, we’ve been active in the Optimism Grants program since its inception, both on the RPGF and the Grants Council), so we have some perspective on what has worked and what hasn’t in those DAOs in the past.

Proposal Review & Assistance

Share what approach you would implement to conducting objective research and providing assistance to proposers to enhance their proposals. (300 words max)

As I already mentioned, we see our role in the ARDC as facilitators, helping to coordinate and communicate ARDC members, delegates and proposers so that at the end the DAO works more efficiently and the approved proposals bring better results.

We would like to make sure that with each proposal discussed at the DAO we gather and reuse all the improvements developed while working on any individual proposal, such as:

  • Various multisig architectures and procedures around them
  • Securing funding for additional work required for the assessment of the results (like data analytics for STIP)
  • Legal and informal structures created to manage the work foreseen in the proposal
  • Proper definition and description of all the proposal’s deliverables, milestones and deadlines to ease the oversight
  • etc.

In an ideal world, the proposer comes to the DAO with an idea for an initiative that would add significant value to the DAO, and the DAO provides all the help necessary to craft a solid proposal that can be easily evaluated and approved by the delegates.

With ARDC, we may not achieve such an ideal result on the first try, but we can certainly move forward toward that goal.

Project Management

@krst has been working for more than 15 years in the IT industry managing teams big and small, delivering projects, mostly as the Product Onwer or Product Owner Proxy that facilitates the communication and coordinates work between the software house and the clients’ team. At L2BEAT we are constantly running several distinct projects at any given time, coordinating work between various teams in the L2 ecosystem.

We know what it takes to move work forward even in case of lack of decisiveness, lack of necessary information or external factors delaying the delivery. We also know how to keep project participants accountable and accountable to their commitments.

Purpose/Mandate of the ARDC

How do you intend to objectively contribute to achieving the purposes/mandate of the ARDC? (500 words max)

I believe that I already covered this topic in previous points, so will just summarize here: we intend to contribute to achieving the purpose of the ARDC by making sure that all DAO participants have an easy access to the services of the service providers if they need them in order to produce or assess a proposal for the DAO. All the results of such work should be made public and available to all DAO contributors.

Additional Contributions

How can you contribute to the creation and enhancement of tools for security assessment, the development of educational materials, research into new mechanisms, delegate engagement, and growth initiatives, as outlined in ARDC’s objectives? (500 words max)

We believe that additional contributions mentioned in the ARDC proposals should be limited to only those that have support from delegates (we will be asking for approvals from at least few delegates before moving forward with any such initiative) and help in some way in streamlining the work of either delegates or proposers.

We definitely don’t want these additional contributions to be treated as an open-ended budget to fill in hours when the DAO doesn’t have enough interest in a particular vendor’s services.

Summary

We believe that the ARDC can become an important resource center for ArbitrumDAO, empowering delegates and other contributors to make better, more meaningful proposals and to make informed decisions about which proposals to approve.

We have been actively pushing for such an initiative within the DAO. We are applying for the DAO Advocate position because we feel a responsibility to help make it a success. We already declare any help we can provide to all ARDC members. And we pledge to support the ARDC whether we are elected or not.

6 Likes

Applicant Information

  • Name of Applicant & Applicant’s Representative: Trail of Bits
  • Email Address: sales@trailofbits.com
  • Telegram Handle (if applicable): @montyly or @TrailofBits_Ken
  • LinkedIn Profile (if applicable): Trail of Bits | LinkedIn
  • Role being applied for Security-Oriented Member

Background Information

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and devices. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

We have worked extensively with Offchain Labs and performed over 180 engineer weeks of security review of Arbitrum through four focused engagements, including ArbOS, Nitro, and Stylus. This led us to develop an in-depth understanding of Arbitrum internals and risks.

Many firms in DeFi, including Optimism, Balancer, Uniswap, and Compound trust our expertise to help secure their code, and you can find many more in our Publications repository, which includes security assessments of some of the most bleeding edge technical products and protocols ranging from but not limited to bridges, DEX’s, AMM’s, oracles, smart contracts, Layer 1’s, and Layer 2’s.

At Trail of Bits, we do more than just understand blockchain security; we build industry-leading tools to identify and rectify vulnerabilities. We have authored numerous industry leading tools, which include:

  • Slither, a static analyzer that detects common mistakes such as bugs in reentrancy, incorrect access controls, and more.
  • Echidna and Medusa, which are next-generation smart fuzzers that target EVM bytecode.
  • Tealer, a static analyzer that targets Teal code (Algorand).
  • Caracal, a static analyzer that targets Starknet/Cairo contracts.
  • solc-select, a tool to quickly switch between Solidity compiler versions.

We also publish reference guides, along with pushing academic and general research. We are also one of the funding member of the Security Alliance (SEAL), which aims to improve the security of the ecosystem.

As a Security-Oriented Member of the ARDC, we can provide services to help secure projects in the ecosystem at different stages in their development lifecycle by performing design reviews, threat models, white box security reviews, invariant development, and automated tooling.

Objectives & Motivation

As the main security partner of Offchain Labs, we are committed to ensuring the greater security of the Arbitrum ecosystem. Since day 1, our goal is to improve the security practice and awareness of the blockchain ecosystem as a whole. This is why we have dedicated significant ressources to our open-source tools and public research, to elevate the security standards and allow developers to build more secure code in the long term.

As a proof of this dedication, we were the author of the first proposal for which the ARDC is built upon.

Skills and Experience

Trail of Bits has performed over 300 blockchain security reviews, worth 30 engineer years of effort. Among that, 180+ engineer weeks were solely dedicated to reviewing Arbitrum components. This puts us in a unique position to fulfill the review of on chain proposal code updates with an extensive pre-existing familiarity with the protocol itself.

Trail of Bits has strong expertise in the realm of program analysis and tooling, as demonstrated by our numerous open-source projects (Slither, Echidna, Medusa, etc). We combine a pragmatic approach and fundamental knowledge to create tools that provide values to their users. Trail of Bits engineers (~10% of whom hold PhDs) frequently present our tools at both industrial and academic conferences. This makes us a perfect fit for the Tooling Creation and Enhancement category.

In addition, Trail of Bits has strong expertise in traditional application security cloud native application, and cryptography, allowing to leverage dedicated expertise when needed.

Proposal Review & Assistance

Trail of Bits excels in providing white box security review of source code through a combination of manual and automated review, which may include a review of the proposal for design flaws and identifying security and correctness properties. We can also develop and enhance tooling to enhance the security of the Arbitrum ecosystem and its proposals. This may include specific static analysis bug detectors targeting code update, developing fuzzing capabilities to test the validity of the new upgrade states and verify that the state changing will not break any invariant, visualizing the state of the governance contracts (in particular, the state of previous proposals, current emitted and delegates votes, how the tokens are delegated), and visualizing and verifying correct encoding of values used in the governance contracts and the action contracts.

Review on Chain Proposal Code Updates

Trail of Bits has years of expertise reviewing on chain upgrade proposals to ensure that they align with the design and specification of the proposal through whitebox source code reviews. This is particularly important given the prevalence of governance attacks, as seen with Tornado Cash. Trail of Bits can also focus on building content to help review further proposals, including tools (dedicated Slither detectors, fuzzing harness, proposal state diff visualizer, etc. ) and educational material (tutorial, checklist, code walkthrough, etc.) to promote overall security and integrity of the Arbitrum ecosystem.

In addition, by working with Offchain Labs and reviewing Arbitrum components since 2021, Trail of Bits is uniquely positioned to understand and review the impact of on chain proposal code updates.

Project Management

Each security assessment performed by Trail of Bits is assigned a dedicated project manager with a “client-first” mind-set. In 2023 alone, Trail of Bits Project Managers managed over 200 client-facing projects throughout our four practice areas: cryptography, blockchain, ML/AI, and application security. Our engagements ranged from 1 calendar week to long-term projects lasting 30+ engineer-weeks. Our team begins every engagement with a welcome call to discuss timelines and security roadmap details, and closes out each engagement with a final readout call. Our Project Managers use a PM Workflow tool to manage the entire project lifecycle - based on each milestone and the associated activities to be accomplished.

Live updates are made, and weekly status calls with our engineers are provided to our clients.

To document successful outcomes and achievements, our project managers hold internal and external retrospective calls to document lessons learned, obtain feedback on the client journey, and to identify any improvement areas for growth. Project Managers also have live closure calls with their client points of contacts.

Trail of Bits uses a Project Management Software tool and CRM for client success. These tools allow us to track progress of a project, stay within scope, and monitor budget considerations. Our Team Scheduling & Resource Planning Tool helps successfully address schedule management, and financial management considerations.

Purpose/Mandate of the ARDC

As a member of the ARDC, our aim is to become the key security partner for the Arbitrum DAO. Our objectives are to secure the ecosystem and help developers to elevate their security posture.

We’re eager to continue working with Arbitrum to enhance ecosystem security through our threat modeling, design review, and white-box security reviews, with a level of rigor that’s unmatched. Our experience and track record for building tools and enhancing our client’s SDLC will bolster the integrity of the ecosystem. Our high-level of communication and dedicated project management team ensures efficient coordination between all parties involved.

Additional Contributions

We are a full-service security firm, with specialized expertise in blockchain, cryptographic, and application security reviews. Resources from across our internal security engineering, software engineering, and cryptography teams are available as needed during our assessments. Trail of Bits doesn’t just deliver a list of bugs, but guidance, continuous support, and custom tooling when necessary to enhance the security posture of each project’s intended use case. Our overall goal is to help secure the Arbitrum ecosystem by providing security assessments, educational materials, and tooling.

Scope of Services & Applicable Fees

Trail of Bits will allocate 24 engineer-week for the 6 months period, with a cost of 25k/eng/week, for a total of $600,000. At today’s price (1 $ARB = 1.93$), this is roughly equivalent to 50% of the total Security member allocation of 665,000 ARB.

Our services will include:

  • Review on chain proposal code updates
    • White box security review of source code through a combination of manual and automated review, which may include a review the proposal for design flaws and identifying security and correctness properties
    • Reviews do not include proposals that are initiated by Offchain Labs and the Arbitrum foundation. These proposals are already going through security reviews (including by Trail of Bits)
    • If 12 engineer weeks are not enough to review all the on-going proposals in a quarter (or 24 in the 6 months period), Trail of Bits will either perform a review of some of the proposals, or a best effort of as many as possible. Trail of Bits will agree with the Arbitrum coalition and its Advocate to determine the priorities.
  • Invariants development
    • Creation of invariants targeting components for future upgrades. The invariants will help developers of upgrade to ensure the correctness of their addition
    • Activities may include but are not limited to:
      • Identify security and correctness at the function or system level
      • Write invariants to test them with state-of-the-art fuzzers (Echidna, Medusa, foundry fuzzer)
      • Documentation and guidance to help the community contribute to the invariants
  • Tooling Creation and Enhancement
    • Develop and enhance tooling to enhance the security of the Arbitrum ecosystem and its proposals, including:
      • Specific static analysis bug detectors targeting code update.
      • Visualize the state of the governance contracts, in particular: the state of previous proposals, current emitted and delegates votes, how the tokens are delegated,
      • Visualize and verify correct encoding of values used in the governance contracts and the action contracts.
  • Public content creation
    • Blogpost, presentation, etc. This will allow Trail of Bits to share their unique expertise with the community and help growth the overall technical understanding of Arbitrum
  • Additional services, based on the ARDC needs, which can include:
    • Design review
    • Threat modeling
    • Appsec or cryptography review
    • Guidance on incident reponse plan or monitoring

Trail of Bits will aim to use 4 engineer weeks on a monthly basis, but might use more or less a given month, depending on the ARDC’s needs. The total number of engineer weeks for the 6 months period will be 24 engineer weeks; however Trail of Bits has the capability to increase this number if the ARDC has additional needs.

Summary

Our experience and expertise in static analysis tooling, fuzzing capabilities, performing whitebox security review, design reviews, and threat models to ensure security and correctness properties in on-chain upgrade proposals is evident by our successful track record of working with Arbitrum and similar projects, which can be found on our publications page GitHub - trailofbits/publications: Publications from Trail of Bits. By working continuously on Arbitrum components since 2021, we have an unique understanding of the L2’s technical stack, risks and assumptions.

We believe the combined skills and reputations of the members of Trail of Bits’ project team will provide the best assessment and research capabilities in our industry, and have a massive impact in improving the security assurance of Arbitrum projects. Our team’s strong industry reputation will lend credibility to the result of the project in the form of referenceable public documents on the security of Arbitrum projects.

Feel free to attach any relevant documents, portfolios, or links to previous work or contributions.

4 Likes

Applicant Information

Name of Applicant: Ant Federation (AF) - (Arb AF? Still working on the name)

Representative: @dk3

Email Address: vxdk@premia.blue

Telegram Handle: TG: @dk_premia

Role: DAO Advocate

Background Information

The Arb AF group of builders are passionate about contributing to the growth of the Arbitrum ecosystem. Our members have experience across DeFi protocols, engineering and security, legal and web3 operations, blockchain infrastructure, and DAO participation. The members are subject to change, however currently the group consists of DK from Premia, Cattin from SEED Latam, Blue from TraderJoe, Iron Boots and Myriddin from Camelot, and Ultra from JonesDAO. DK from Premia will act as the point of contact for the time being.

Please reach out as we are happy to collaborate with other thought leaders/delegates/builders/etc in the ecosystem.

As advocates for the ArbitrumDAO, we aim to facilitate effective communication between the DAO and the ARDC. Our diverse backgrounds position us well to understand the needs and priorities of both groups. We plan to dedicate resources to coordinating initiatives, surfacing community feedback, and ensuring the ARDC’s efforts align with the DAO’s goals.

Objectives & Motivation

Our goal as DAO Advocate is to enable impactful, community-driven development of the Arbitrum ecosystem. We want to help rally contributor efforts around shared objectives to push the ecosystem forward.

As advocates, we’ll work to align the ARDC with DAO priorities through transparent communication and accountability measures. We’ll solicit community input to guide the ARDC’s focus. And we’ll manage processes around contributor incentives and reporting to actualize the DAO’s vision. Obviously as builders in the space we are opinionated in the direction the ARDC should focus to benefit the ecosystem, and thus in times when there are no community pushed priorities, we feel prepared to lead the ARDC’s efforts.

Skills and Experience

Our members have experience with low level blockchain protocols, infrastructure development, dApp and DeFi expertise, DAO organization and transparency, as well as grassroots community building.

We have contributed to the growth of prominent DeFi ecosystems and understand what it takes to coordinate stakeholders, implement incentives, and drive results.

Proposal Review & Assistance

We will assist proposers in strengthening their proposals through reviews and community discussion. We plan to gather feedback from diverse ecosystem participants to surface potential issues early.

For promising proposals, we’ll work closely with proposers to address areas needing improvement before submission. We’ll connect proposers with relevant ARDC members or other experts to collaborate on refinements.

Most of all we are well connected in the ecosystem and can leverage this rapport to get things done, we believe this to be one of the most beneficial components of having a group of representatives lead the ARDC’s efforts.

Purpose/Mandate of the ARDC

As DAO Advocate, we will continually realign the ARDC’s priorities based on the needs expressed by the community. We plan to leverage forums, Telegram, Snapshot, and new platforms as they emerge to transparently communicate ARDC activities and solicit input.

One of our first initiatives will be reviewing accountability and transparency protocols to ensure ARDC operations and incentives are fair and open to public scrutiny.

Specifically, we will aim to facilitate coordination around:

  • Objective assessments of proposals - Providing impartial analysis to strengthen submissions and inform delegate decisions, guided by our shared experts across the group
  • Security reviews of code changes - Enhancing integrity through rigorous evaluation standards
  • Quantifying risks of proposals - Adding rigor to judging impacts and tradeoffs
  • Connecting proposers and expert resources - Streamlining access to support for refining ideas with merit and community support
  • Managing communications across stakeholders - Smoothing collaboration and transparency, either through current platforms, or exploring better fit platforms.

Additionally, as liaisons to the ARDC we will focus on expanding value-add through:

  • Tooling and standards for security - Bolstering ecosystem protections
  • Research into new mechanisms - Unlocking innovations for future development (ideas below)
  • Incentives driving delegate participation - Fostering wider community involvement
  • Content and growth initiatives - Attracting developers/users to expand reach

When issues emerge, we will coordinate closely with the DAO through governance processes to realign operations based on the interests of the community. Our commitment is to enable collective realization of the DAO’s vision.

Additional Contributions

As DAO Advocate, our foremost priorities will be facilitating accountability, transparency, merit, and oversight for DAO proposals and initiatives. However, some early ideas to utilize excess ARDC time includes coordination around key community discussions such as:

  • Increasing contract size limits beyond 24kb
  • Decentralizing the sequencer (impact of gossip protocols/libp2p, sequencer scoring, etc)
    • Exploring shared mempool solutions to mitigate potential future MEV introductions if FIFO is ever amended
  • Cross-Project Integrations and Ecosystem Insurance
  • Optimizing block times for scalability and security
  • Impact analysis of Ecosystem Bug Bounty Programs
  • Researching interoperable bridge solutions to coordinate across arbitrum projects
  • Formal Verification Tooling for Traditional Arbitrum & Stylus developers
  • For each of these complex topics, we will synthesize research, surface expert perspectives, and frame tradeoffs for the community. We aim to gather comprehensive input to guide data-driven decisions by the DAO.

As liaisons to the ARDC, we’ll continually realign research priorities with the interests expressed by the community. We are committed to transparency through regular communication on forums, telegram, and potentially a new, better fit, solution. Overall our focus is on enabling collective oversight of developments to meet the objectives ratified through governance.

Scope of Services & Fees

We aim to dedicate 1-2 full-time contributors to the DAO Advocate role. Their time will be focused on communication, process coordination, reporting, and related responsibilities on behalf of the group. They will ultimately be a facilitator/coordinator on behalf of the group, and will report and execute on behalf of the group members.

For this work, we will compensate the individual with the standard 50,000 ARB stipend designated for this role by the DAO over the 6 month term. As a group we will own all responsibilities until our facilitator/coordinator role has been filled with an approved party.

This goes without saying, however in addition to the lead facilitator/coordinator the group representatives and the parties they represent will provide their shared expertise as an act of citizenship to the Arbitrum Ecosystem.

Summary

Arb AF offers the diverse expertise and ecosystem connectivity needed to align ARDC efforts with DAO priorities. As advocates, we will rally our community around transparent and accountable growth of Arbitrum. Leveraging our experience across core protocol development, web3, mechanism design, infrastructure, and community organization, we aim to facilitate impactful initiatives guided by delegate interests. Through dedicated coordination resources and an alignment with collective oversight, Arb AF will enable the DAO to fully realize its vision. We are committed to expanding awareness, fostering participation, and pushing the boundaries of innovation across this high-potential ecosystem we call home. By coordinating initiatives and providing trusted guidance, Arb AF seeks to unlock the full possibilities of community-driven collaboration within the Arbitrum Ecosystem.

1 Like

Applicant Information

  • Name of Applicant & Applicant’s Representative [If Applicable]: Spearbit
  • Email Address: omar@spearbit.com
    *** Telegram Handle (if applicable):** oab_12
    *** LinkedIn Profile (if applicable):** Omar Bheda - Spearbit Labs | LinkedIn
    *** Role being applied for [1 Max]:** Security-Oriented Member

Background Information [Applicable to all]

Spearbit is a distributed network of industry-leading security researchers that have secured over 100B+ in TVL from tackling the most complex and mission-critical protocols across web3. With access to an expansive array of security talent exclusive to, top protocols choose Spearbit consistently for their end-to-end security services. Premier protocols and projects we work with include but are not limited to:

  • Optimism
  • OpenSea
  • Polygon
  • Coinbase
  • zkSync
  • Alchemy
  • Blast

Spearbit is deeply-focused on broad ecosystem impact via providing the highest tier of security service quality and does so in the form of public goods such as the pro-bono security review of one of Arbitrum’s most utilized libraries, Solady, which aims to provide gas-optimized Solidity utilities.

Spearbit has incubated Cantina - an open and free marketplace leveraging a custom-built innovative code review platform, Cantina Code, to provide dynamic security services such as competitions, bug bounties, and quality-gated solo as well as team reviews from our extensive network of security researchers. We’ve recently just kicked off the largest Web3 security competition in history with Blast. Cantina also enables a diverse array of security providers in adjacent yet equally as important lanes such as traditional Web2 pen-testing and OpSec to provide protocols with a truly comprehensive approach to their security posture.

Through Spearbit and Cantina, we can provide truly comprehensive end-to-end security coverage for protocols via:

  • vCISO Advisory: Your very own security leader advising on high-level technical guidance, smart contract best practices, architectural review, and development framework during your development lifecycle.
  • Protocol and Smart Contract Security: A comprehensive review of your protocol’s security posture, including the smart contracts, the architecture, and the development framework.
  • Crowdsourced Security Competitions: Competitions are crowdsourced security reviews designed to be efficient, high-signal, and comprehensive to provide maximum code coverage.
  • Web2 Security: Endpoint security, application security, penetration testing, OpSec, as well as comprehensive threat modeling to evaluate your protocol’s Web2 security posture and safeguard against significant financial or reputation harm.
  • Incident Response and Monitoring: Incident response services offer real-time monitoring and threat mitigation in web3 ecosystems using advanced analytics and blockchain expertise.
  • Bug Bounty: Bug Bounties enable protocols in the Arbitrum ecosystem to tap into a rich network of the best security researchers Web3 has to offer in order to uncover and report bugs over a prolonged period of time.

Please provide a brief overview of your experience in the digital asset industry and, more specifically, Ethereum & Arbitrum Ecosystems. Include any relevant projects, contributions, or roles within the ArbitrumDAO, if applicable. (400 words max)

Spearbit / Cantina have worked extensively within the Ethereum and Arbitrum ecosystems to provide comprehensive smart contract security services by curated teams of industry-leading security researchers. Since inception, we have protected over $100B in TVL across the Ethereum ecosystem. Spearbit / Cantina was founded by the Ethereum Foundation development leads, Alex Beregszaszi and Hari Mulackal, who led the development of the Solidity language and its compiler. We are incredibly interwoven into the Ethereum ecosystem by the nature of the expertise possessed by our founders and the principles that trickle top-down from them. As a result, Spearbit / Cantina holds a very high standard for all security researchers who perform smart contract security audits and we are very intentional regarding quality control, talent selection, and scoping to maximize reviewing every nook and cranny of a protocol’s attack surface.

Below are some of the notable projects that have worked with us that also participate in the Arbitrum ecosystem as well as projects that participate in the Ethereum ecosystem but not necessarily Arbitrum’s:

Arbitrum

  • OpenSea
  • HMX
  • Frame
  • Flood
  • Uniswap
  • Alchemy
  • Badger Dao
  • Connext
  • Centrifuge
  • Morpho Labs
  • Solady

Ethereum-specific

  • BASE
  • Optimism
  • Polygon
  • zkSync
  • Blast

Specify the subject-matter area(s) you are interested in contributing to within ARDC (e.g., Research, Framework Development, Risk Assessment, etc.). Explain why you believe your skills align with the chosen area(s). (500 words max)

We are interested in contributing primarily as a security-focused member to provide comprehensive security services for key Arbitrum builders. We believe that our skills align with this position for the following key reasons:

  1. Industry Leading Talent
  2. Curated Team Selection
  3. Track Record of Excellence
  4. True End-to-End Security

Industry Leading Talent
Nearly every security researcher who has ranked across the Top 50 in placements of any competitive audit platform works with us. We harness the power of provisioning the best security talent in the industry with the best flexibility, compensation, and opportunities to create a talent moat where the best talent wants to work with us over and over. One example of this is Christoph Michel, The #1 ranked smart contract auditor across any competition platform, who works exclusively for Spearbit, rather than any other firm. Our brand loyalty and strict quality control ensure you truly get the absolute best of the best when working with us.

Curated Team Selection
When evaluating which security researcher to place on an engagement we evaluate a multitude of different factors to assign the best candidate for your protocol. Furthermore, we ensure that every audit is comprised of a team of top security researchers who work together to tackle a codebase and cover every identifiable attack surface.

Track Record of Excellence
To date, we have secured over $100B in TVL working with the best protocols and projects across the ecosystem. There have been no reported exploits after any audit done by Spearbit since its inception in 2021. We owe this to our culture of absolute thoroughness and lofty expectations for our security researchers. We intend to provide the same level of scrutiny and thoroughness to protocols building on Arbitrum as a security member of the board.

True End-to-End Security
We believe that security is a continuous and expansive process beyond smart contract audits for Web3 protocols. To truly evaluate one’s security posture, we’ve developed an approach that we believe comprehensively provides a protocol with the ability to confidently say, “We’ve done everything we can”. We’ve outlined once again below for convenience how we provide comprehensive security coverage and will cover these in detail in the next section.

  1. vCISO: Your very own security leader advising on high-level technical guidance, smart contract best practices, and architecture during your development lifecycle
  2. Smart Contract Audit: A comprehensive review of your protocol’s security posture, including the smart contracts, the architecture, and the development framework.
  3. Competition: Competitions are crowdsourced security reviews designed to be efficient, high-signal, and comprehensive to provide maximum code coverage for web3 protocols.
  4. Web2 Security: A comprehensive strategy for your Web2 architecture’s attack surface including endpoint security, application security, and traditional penetration testing, to safeguard against significant financial or reputation harm for Web3 protocols.
  5. Bug Bounty: Consistent exposure of your codebase by a network of industry-leading security researchers.
  6. Incident Response and Monitoring: Real-time monitoring and threat mitigation in web3 ecosystems using advanced analytics and blockchain expertise.

Objectives & Motivation [Applicable to all]

What motivates you to join ARDC, and what do you hope to achieve as a member? (300 words max)

The core motivation and purpose for driving comprehensive bug coverage and security services beyond basic smart contract security audits is to position protocols building on Arbitrum for operational excellence and rapid scale.

We’ve highlighted these areas below which we believe will enable the Arbitrum ecosystem to scale far more quickly and efficiently with even further trust and transparency.

vCISO Secure Development Advisory Services: We will provide protocols and projects building on Arbitrum with ​​subject matter experts in secure web3 development lifecycles in the form of a virtual CISO or external consultant that can focus on system architecture and guide development teams towards security best practices.

Smart Contract Security Audits: Spearbit and Cantina are home to many of the top Web3 security professionals in the ecosystem and are ready at a moment’s notice to employ the absolute best talent available to secure mission-critical protocols building on Arbitrum.

Web2 Security Reviews / Penetration Testing: With the advent of numerous protocols and projects being exploited by traditional attack vectors, it has become evident and increasingly clear that there is a pressing need to address the security concerns inherent in the traditional web2 frameworks that protocols are utilizing within the web3 ecosystem.

Incident Response and Monitoring: We will provide real-time surveillance and threat mitigation as needed for protocols building on Arbitrum to proactively prevent severe financial or reputation damage in the event of an anomaly or breach via swift incident response measures.

Crowdsourced Security Competitions: Through Cantina, a web3 security platform incubated by Spearbit, we will conduct crowdsourced security competitions to maximize code review coverage while maintaining high-signal submissions and less spam via our custom code review platform, Cantina Code.

Bug Bounty Programs: We will provide bug bounty programs to ensure continuous exposure of key protocols building on Arbitrum to world-renowned white hats.

Skills and Experience [Applicable to all]

Provide details about your relevant skills and experience, including any previous work or contributions related to the subject-matter area(s) you are interested in within ARDC. (300 words max)

We have extensive experience in providing security services to large L2 ecosystems and have served as the core security providers for protocols such as Frame, Optimism, zkSync, Polygon, and Blast. Combined with our deep expertise within the broader ecosystem, we believe Spearbit / Cantina can significantly benefit the Arbitrum ecosystem in ameliorating its security posture.

Please see below for additional details on our experience with approaching security for large L2 protocols:

Optimism

zkSync

Polygon

Blast

Frame

  • Palette Protocol Audit (Not Public)
  • General Security Advisory Services

Proposal Review & Assistance [Applicable to all]

Share what approach you would implement to conducting objective research and providing assistance to proposers to enhance their proposals. (300 words max)

To conduct objective research and provide assistance to proposers to enhance their proposals, we leverage our extensive expertise in reviewing the quality of projects applying for ecosystem grants across various Layer 2 (L2) solutions. Our approach is rooted in our deep bench of talent with industry-leading subject matter expertise in every streamline of blockchain development and security.

This diverse expertise enables us to offer comprehensive architecture guidance through services such as our vCISO engagements, which aim to bolster the security posture of projects from the ground up. We would pair proposers or provide them with subject matter experts in order to ensure that the proposal from the ground-up has adequate security considerations in mind as well as structurally sound from a development or architecture perspective. We intend to provide proposers with continuous support beyond just a cursory or initial glance of the proposal and provide iterative feedback based on curated subject matter experts applicable to the proposal itself.

Review on Chain Proposal Code Updates [Only applicable to Security]

Describe your experience in conducting code reviews and assessing security risks. How can you contribute to enhancing the security and integrity of the Arbitrum ecosystem? (500 words max)

We have significant experience in reviewing on-chain proposal code updates specifically for large premier L2s. We provisioned Optimism with our pre-deployment advisory services which paired them with a subject matter expert for evaluating the Bedrock upgrade, an upgrade geared towards introducing a series of performance improvements from its existing rollup architecture design.

We deployed a team of two vCISOs who worked alongside Optimism’s developer team to critically think through best practices and understand the design architecture to ensure a successful implementation of the proposed upgrade including but not limited to:

  • Provisioning technical guidance on smart contract upgrades, emphasizing the importance of only making necessary updates to minimize security risks.
  • Advised on compiler version selection, emphasizing the need to carefully review release notes and bug fixes to determine the safest option.
  • Risk evaluation of user funds loss during smart contract upgrades.
  • Threat modeling and risk vector mapping to minimize user confusion and promote overall security awareness.

We also work very closely with the BASE team to provision continuous support in reviewing on-chain proposal code updates specifically centered around upgrades. We do so to evaluate that no security concerns arise and that the proposer and relevant stakeholders have complete backing and support from subject matter experts to ensure proper implementation without unforeseen risks.

Project Management [Applicable to all]

Describe your project management experience. (250 words max)

We are well-versed in project management as we maintain strict quality control in terms of technical execution, client experience, and report quality for 8-10 security reviews on a weekly basis across our talent pool of over 100+ vetted security researchers. We document and coordinate the expertise of each individual at a very granular level in order to maximize output per protocol as well as aligning with the security researcher’s interests. Managing these security reviews operationally is only one side of the coin, however, as we also manage each review to ensure proper scoping, technical depth, and communication per client meets our standard. Compounded with the complexity and various different scopes or types of protocols in the pipeline at one time, we believe we are more than capable of handling many projects at one time.

Purpose/Mandate of the ARDC [Applicable to all]

How do you intend to objectively contribute to achieving the purposes/mandate of the ARDC? (500 words max)

Our core focus is to operate within the ARDC as the core security contributor to ensure that the andy proposals are comprehensively reviewed both from a structural and security standpoint as well as provide the absolute best security talent available in the industry to provide security services to Arbitrum as well as any protocols building upon it.

We will break our plan of action for the following to do so below:

  1. Continuous Proposal Support
  2. Comprehensive Review Roadmap

Continuous Proposal Support
We will allocate a team of lead security researchers that are subject matter experts in a variety of fields pertaining to blockchain security, development, governance, and design/architecture. These lead security researchers will form a general advisory team in order to provide any proposer with a 1:1 pipeline to an expert regarding any questions or concerns they may encounter to enhance their proposal. These lead security researchers will also provide regular and iterative reviews of proposals in order to ensure that they meet pre-ordained quality standards in terms of writing, impact, technical depth, and that any implementation or security concerns are addressed beforehand.

Comprehensive Review Roadmap
As a security-focused member of the ARDC we will provide our deep subject matter expertise on L2 security and architecture to provide Arbitrum and key protocols building upon it with the best security talent available in the ecosystem as well as the most comprehensive security approach currently available across Web3. We’ve provided a visual of our intended approach as a member of the ARDC:

The above illustrates a 6-pronged approach that diligently assesses every attack surface for Web3 protocols. We intend to be very dynamic and curated in our approach to how comprehensive certain protocols would like to take their approach. Nonetheless, we think it is vital for a security provider to be able to to provision each of these services at the highest level possible. We will allocate our deep bench of security talent after scoping each protocol or project in order to provision and recommend to them their own curated approach to maximizing their security posture.

Scope of Services & Applicable Fees

[Detailed breakdown of fees including pricing model for the 6-month term] [Applicable to all except DAOAdvocate] [Must not exceed applicable cap]. Please provide a detailed breakdown of the scope of services through which you will be contributing. Include the pricing model implemented & a description of expected hours + hourly rate (if applicable) & manpower dedicated to the ARDC.

Cantina:

  • Competitions: 200K ARB to provision crowdsource security reviews in the form of competitions for Arbitrum protocols. Cantina will conduct 4-6 security competitions to maximize bug coverage from our talent pool where protocols will have access to over a thousand quality security researchers reviewing the same codebase competing to identify vulnerabilities. The full 100K ARB will go towards the competitions, Cantina will not take any fee on top of this and the full amount will be allocated to the Arbitrum ecosystem.

  • Bug Bounty: 100K ARB to provision robust bug-bounty services. This number is adjustable dependant on the needs of the Arbitrum ecosystem. The full 150K ARB will go towards the bug bounty, Cantina will not take any fee on top of this and the full amount will be allocated to the Arbitrum ecosystem.

  • Web2 Security Penetration Testing and Reviews: 50K ARB will be allocated to provide comprehensive Web2 security reviews such as OpSec assessments, Web App / Network / Cloud penetration testing, and any other components involved within Arbitrum’s or the projects building upon it’s Web2 infrastructure.

  • vCISO, Incident Response, and Monitoring: 65K ARB will be allocated to these services, which will be charged on a subsidized level where protocols will be paired with a Lead Security Researcher at an hourly subsidized rate of $325 an hour or roughly 162.5 ARB hourly. This results in 400 hours available for any pre-deployment advisory, proposal reviews, technical security guidance, architecture reviews, or proactive threat mitigation and analysis.

Spearbit:

  • 200K ARB for providing a blended estimated rate based upon the Spearbit tiered security researcher rates:
    • Lead Security Researchers - $20,000 USD
    • Security Researchers - $12,500 USD
    • Associate Security Researchers - $6,250 USD
    • Junior Security Researchers - $3,000 USD
  • Spearbit will allocate a minimum of 1 LSR to each smart contract security review along with other security researchers. Assuming Spearbit employs a team of 3-5 security researchers on security reviews, the weekly average security review cost from Spearbit in turn will fluctuate between 32.5K - 48K dependant on the team size and researcher team required:
    • LSR (Lead Security Researcher) - $20,000 USD Weekly
    • SR (Security Researcher)- $12,500 USD Weekly
    • ASR (Associate Security Researcher) - $6,250 USD Weekly
    • JSR (Junior Security Researcher) - $3,000 USD Weekly

We will therefore assume an average weekly cost of $40.25K USD for weekly review costs. We will subsidize the costs further by 10% to further push our commitment to securing the Arbitrum ecosystem. This will come to an average cost per week of smart contract security review at ~$36.2K per week or roughly ~18000 ARB (assuming a price of around $2 - calculated on 2/11/2024).

If we take the remaining 300K ARB after allocating to the services outlined above in the Cantina section, we can assume roughly 12 full weeks dedicated to comprehensive smart contract and protocol security reviews.

Summary [Applicable to all]

In summary, please highlight your key qualifications and what you believe you can bring to ARDC. (400 words max)

In summary, we believe we can bring not only the best security talent to the Arbitrum ecosystem but also the most comprehensive approach to Web3 security in the ecosystem. The breadth of our services and the stringent quality control measures we place on each solution from smart contract audits to full Web2 infrastructure penetration testing, gives us the extensibility as well as the security caliber that the Arbitrum ecosystem deserves.

Our extensive experience with large Layer 2 ecosystems, demonstrated through our work with Optimism, zkSync, Polygon, and Blast, positions us as a security leader and a valuable asset to the ARDC. Moreover, we believe our track record of safeguarding over $100B in total value locked (TVL) across some of the most significant protocols and platforms within the Web3 ecosystem without a single compromise - is a testament to the dedication of our security researchers to leave no stone unturned.

Ultimately, we want more than anything to further scale the Arbitrum ecosystem and seek to be an industry-leading security partner that is amenable, just, well-rounded, and extensible enough to encompass everything the Arbitrum ecosystem needs to optimize its security posture for onboarding the masses.

Feel free to attach any relevant documents, portfolios, or links to previous work or contributions.

Additional Resources

Arbitrum Research & Development Collective - Election Application - Dedaub

Applicant Information

Background Information

Dedaub is a Web3 security vendor servicing a number of mainstream project teams, including the Ethereum Foundation, Coinbase, Chainlink, Oasis, GMX, Eigenlayer, & Lido. Over the past few years, the Dedaub team has been instrumental in the successful evolution of both the Ethereum and Arbitrum Ecosystems via tooling, security R&D studies, and security audits of some of the best-known protocols running on these chains. In addition to auditing engagements, Dedaub has developed high-fidelity static analysis and formal verification tools that have contributed towards the security of smart contract ecosystems, both independently and through their use by our white-hat hacking teams. For instance, our static analysis toolchain has found 10 high-impact vulnerabilities in large protocols (including in Uniswap, Primitive Finance, Harvest Finance, Multichain & Fantom). One such issue involving the Multichain bridge, if exploited, would have led to over a billion in crypto theft, which in turn would have resulted in several Billions in the Fantom ecosystem to be wiped out as a result. This would have been the largest crytocurrency-related vulnerability ever and netted the Dedaub team a bounty of $2m. The Dedaub team employs some of the most talented engineers and hackers in the world, and is especially renowned in the area of program analysis and cryptography. The rest of our contributions can be summarized in the following sections:

Direct Contributions to Ethereum. The Dedaub team has conducted a number of R&D security studies commissioned by the Ethereum Foundation, of EIPs that affect not only Ethereum but also its L2s. For instance, these include audits & studies for the new data structure that will soon underpin Ethereum state (Verkle trees), EIP-1884, EIP-3074, etc. In addition, our team has developed and maintained the most popular decompiler for EVM smart contracts, transaction simulation and monitoring tools.

Direct Contributions to Arbitrum Ecosystem Projects. Last year, the Dedaub team successfully audited the GMX project (specifically V2), the largest project on Arbitrum by TVL. Within this context, the deployment of GMX V2 on Arbitrum was only made possible through the development of low-latency Oracles for derivatives projects by Chainlink. This is also another project that the Dedaub team has contributed in design and audited, as a security partner of Chainlink. A number of other growing projects on Arbitrum that we have audited include: Rysk, Stella, Pendle & Gravita.

Contributions towards Arbitrum DAO

As an independent security auditor, our team has not heavily been involved in governance, largely to maintain a level of independence. However, in October 2023 Dedaub withdrew their proposal to provide security services to Arbitrum ecosystem projects in favor of more decentralized & equitable proposals by DK / Immutable Lawyer and asked our delegates to kindly vote for these proposals instead.

The Dedaub team would be delighted to contribute to the ARDC its world-class resources. Our team will be happy to review on-chain proposal code updates, both through manual means as a stop-gap measure and by developing custom security tooling. Ultimately, the latter will lead to a higher ROI for the ArbitrumDAO. Via a new system built on top of our security suite (app.dedaub.com), we can automatically simulate DAO proposals the moment they are submitted for voting, together with verifying their code changes.

Objectives & Motivation

Dedaub aims to significantly contribute to the security and resilience of the Arbitrum ecosystem. Our motivation stems from a profound commitment to safeguarding decentralized technologies and fostering trust among users and developers.

The primary objective of our proposal is to significantly enhance the security posture of the Arbitrum DAO through the development of custom security tooling. Recognizing the long-term value and higher return on investment this approach offers, we are allocating the majority of our proposed budget towards this goal. By investing in sophisticated security tooling specifically tailored for the Arbitrum ecosystem, we aim to reduce the dependency on manual audits over time. This strategic focus not only promises to elevate the overall security standards but also ensures a more efficient allocation of resources, thereby fostering a more resilient and secure blockchain environment for the Arbitrum DAO.

Skills and Experience

At Dedaub, we specialize in Web3 security, leveraging over 20 years of research in static analysis and formal methods by the team and founders. Our proficiency includes formal methods & static analysis, realtime security monitoring, advanced cryptography, DeFi and security incident response management. We’ve significantly contributed to major blockchain projects, including Ethereum and Arbitrum, through audits and the development of advanced security tools. Our notable work includes identifying high-impact vulnerabilities in protocols like Uniswap and developing a popular EVM decompiler.

Proposal Review & Assistance

Dedaub approaches proposal review with a combination of objective research and technical analysis. We focus on identifying potential security risks and offering constructive feedback to enhance proposals. Our team will employ a meticulous process of peer-review, in addition to performing in-depth code security analysis. Furthermore we aim to provide proposers with comprehensive insights and actionable recommendations to improve the security and functionality of their proposals.

Purpose/Mandate of the ARDC

The purpose and mandate of the Arbitrum Research & Development Collective (ARDC) are to enhance the Arbitrum ecosystem’s security, efficiency, and innovation. Our proposal for developing custom security tooling directly aligns with this mandate by bolstering the ecosystem’s security infrastructure and optimizing governance processes. By focusing on advanced security solutions and reducing reliance on manual audits, we aim to streamline proposal vetting and ensure the integrity of governance actions. This approach not only mitigates risks but also enriches the ARDC’s strategic vision by providing robust security checks and fostering a culture of continuous improvement. Our commitment to integrating educational materials and modular tools further supports the ARDC’s goals, empowering the community and enhancing operational efficiency across the Arbitrum ecosystem.

Review on-Chain Proposal Code Updates

To enhance the security and transparency of proposal submissions, we propose integrating advanced analysis techniques such as static analysis, formal methods, and simulations on such proposals. These methods aim to improve the understanding and verification of executable code within proposals, mitigating the risk of costly errors. The techniques will be instantiated in a useful application based on app.dedaub.com, specifically tailored for the Arbitrum community.

The development will focus on creating a modular api-based tool, allowing for seamless integration into existing grant management ecosystems. Broadly-speaking the tooling and methodology will be following the steps below:

1. Initial Monitoring. As soon as a proposal is submitted on-chain, a monitoring wakeup agent is triggered, initiating the actions in the next (numbered) steps. The agent is specified declaratively in a SQL language extension (DQL). In contrast to regular SQL, DQL will work on streaming blockchain data and natively supports Ethereum contracts such as EVM stack frames, EVM events, Ethereum calls reducing the burden on the programmer. This obviates the need for phases like “calldata decoding”. Another advantage of this approach is that it is easily updatable and can be layered in complex ways.

2. Simulation. Transaction simulation is performed on the code update, using Dedaub simulation. The simulation not only decodes the calldata, but triggers all inner calls to form a hierarchical trace (trace example). Using this simulation trace, we will find new smart contracts that are created or replaced, funds transferred, and other important state changes. Dedaub already maintains the entire pipeline of a transaction simulation toolchain so we don’t have to rely on third party integrations. This process allows for a clearer understanding of the executed actions, enhancing transparency for voters who may not have deep technical expertise. For our simulation we also plan to integrate with tools like Safe Multisig. This integration will offer tangible feedback mechanisms which can facilitate the controlled release of funds based on consensus about task completion.

3. Code Verification. We will develop custom static analysis tools based on our existing tools to find whether the new smart contracts are susceptible to vulnerabilities, whether they are malicious, or whether they can be updated/subverted later. Although Dedaub has already developed static analysis tools that check whether the smart contracts are vulnerable, these do not yet check whether they can be malicious in the context of a DAO. The method by which we intend to verify the smart contracts is through a novel technique called static-symbolic value-flow (“Symvalic”) analysis. This technique models program behavior with high precision, e.g., full path sensitivity. To achieve deep modeling of program semantics, the analysis relies on a symbiotic relationship between a traditional static analysis fixpoint computation and a custom symbolic solver: the solver does not merely receive a complex “path condition” to solve, but is instead invoked repeatedly (often tens or hundreds of thousands of times), in close cooperation with the flow computation of the analysis. The result of the Symvalic analysis architecture is a static modeling of program behavior that is much more complete than symbolic execution, much more precise than conventional static analysis, and domain-agnostic: no special-purpose definition of anti-patterns is necessary in order to compute violations of safety conditions. Furthermore we combine this technique with “learned” invariants from past corpuses of smart contracts (using statistical techniques) to determine unusual lack of invariants in new smart contracts. The latter corpus will include past Arbitrum smart contracts.

Note that compared to more traditional formal verification techniques such as model checking, what we’re proposing can be more easily reified in a push-button security tool meaning that no additional cost is needed to check multiple smart contracts as it is completely automated.

4. Additional Monitoring. In some cases, not all properties can be determined statically or the smart contracts in question are upgradeable. Specific monitoring agents (specified declaratively in DQL) will trigger and monitor the smart contracts identified in step 2, for some properties that are identified in step 3.

5. Manual Auditing. Note that steps 1 - 4 can be conducted automatically by our proposed system integration. In cases where there is a budget for manual auditing and the proposal is significant (this will be decided together with the ARDC partners), our team can manually audit these changes on short notice and classify issues from Critical Severity to Low Severity. Our team will also provide remediation options to the proposers and a simple description of the overall issues for less technical delegates. In cases where a manual audit budget is not available for Dedaub, we will propose a small scope for third party teams to inspect.

An MVP implementing steps 1 - 4 will be deployed on the 91-day mark of the project, and will be refined over the subsequent 91 days.

Project Management

Our project management experience is characterized by a structured and efficient approach, delivering projects on time and on budget. We emphasize clear communication, effective resource allocation, and rigorous timeline adherence. Our team is adept at managing complex security projects, coordinating with multiple stakeholders, and delivering results within designated timeframes and budgets. Each individual project will be allocated an internal contact to ensure continuous progress.

Additional Contributions

Dedaub is committed to contributing to the ARDC’s objectives in additional ways:

  • As a founding member of the 911 SEAL team, a white-hat hacking collective, Dedaub will continue protecting the wider crypto community’s security interests.
  • Creating educational materials on smart contract security analysis.
  • Researching new mechanisms to improve the ecosystem’s security.
  • Engaging with delegates to foster a more informed and active governance community.
  • Community outreach.

Scope of Services & Applicable Fees

For the 6-month term, Dedaub proposes the following scope of services and fees.

Our standard rate for manual auditing engagements is $3.5k per engineer per day. When conducting audits a minimum of two engineers are required. If additional specialists are requested, such as cryptographers (e.g., for novel privacy-preserving protocols), quantitative analysts (for economic risk assessments), this is an extra. We don’t however anticipate the need for this.

We note that the majority of our fees will go towards developing custom security tooling for the Arbitrum DAO, since over time this will provide much higher ROI than committing additional man hours on manual audits.

Tooling: $250k per quarter, covering R&D, deployment, hosting & educational materials that explain how to make use of the tooling or how it works.

Auditing: As per standard rate. We recommend allocating 10 engineer days ($35k) per simple on-chain proposal that performs code updates.

We conservatively estimate the need for 4 manual audits over 4 months: $140k

Total: $640k

This budget is roughly equivalent to 50% of the total Security member allocation of 665,000 ARB. Depending on the ARDC’s needs and funding situation, Dedaub can expand the complement of audit services since we have the capacity to do so.

Summary

Dedaub brings extensive experience in smart contract security, with a strong background in static analysis, formal methods, and security monitoring. We propose to enhance the security of the Arbitrum ecosystem by developing tools, conducting thorough code reviews, and providing educational materials. Our team is committed to supporting the ARDC’s mandate to foster a safer and more robust decentralized environment.

For more information about ourselves and our work, head to:

1 Like

Applicant Information

Background Information

OpenZeppelin has been growing and securing the open economy from the very first-days of the Ethereum network. Since then, it has developed OpenZeppelin Contracts, the most used Solidity Contracts library, a security services arm that has set industry standards and built Defender, a developer security platform to code, audit, deploy, monitor, and operate blockchain applications with confidence.

OpenZeppelin has had a chance to offer its security services to some of the most important players in the Ethereum ecosystem such as Compound, Aave, Ethereum Foundation, Optimism, Matter Labs among others. Over the course of more than 400 audits, OpenZeppelin has developed a suite of internal tools to help teams develop and secure smart contracts.

Open-source is central to the work that OpenZeppelin does, that is why the OpenZeppelin Contracts are the beating heart of the company. They are used by all the top 20 DeFi protocols on Ethereum. The library also offers industry standard implementations such as the Governor contract that the Arbitrum DAO itself uses via Tally.

Despite not having held formal roles within the ArbitrumDAO, we are very eager to contribute to its growth and security through the Security-member role in the ARDC. Our track record with DAOs, notably with the Compound DAO, showcases our ability to bring comprehensive security and governance expertise to the table. As a candidate for the Security member of the ARDC, OpenZeppelin aims to offer its vast experience and holistic approach to security, further enhancing the ArbitrumDAO’s governance framework and ecosystem resilience.

Objectives & Motivation

Joining the Arbitrum Research & Development Collective (ARDC) aligns deeply with OpenZeppelin’s core mission to enhance security and governance within the Ethereum ecosystem. Our motivation stems from a commitment to contribute our expertise to Arbitrum, Ethereum’s largest scalability layer, mirroring the impact we’ve had with foundational projects like the Compound DAO. By integrating our security and development experience, we aim to operationalize and fortify ArbitrumDAO’s security posture, leveraging our successful experiences with the Compound DAO as a blueprint for success.

Our envisioned contribution to the ARDC is multifaceted. We plan to apply our rigorous security and governance frameworks to objectively assess onchain proposals, improve security processes, leverage our existing and adapting our security tooling and develop essential education material to secure the DAOs governance and development process. This approach will expedite governance decision-making, ensuring that the DAO’s operations are both secure and efficient. Our expertise in developing and auditing smart contracts, combined with our proactive security platform Defender, positions us uniquely to enhance the ARDC’s mandate of governance optimization and future-proofing the ArbitrumDAO. Through this, we aim to elevate the Arbitrum ecosystem’s security standards, thereby contributing to its long-term success and resilience.

Skills and Experience

At OpenZeppelin, our unique skill set is a composite of extensive experience in on-chain proposal code reviews, static analysis, and fuzzing capabilities, honed over more than 400 security audits. Our work with the Compound DAO has solidified our proficiency in working on DAO security, by developing frameworks, internal processes and tools that significantly enhance our audit and security review processes.

We pioneered the Governor contract, setting a benchmark in DAO governance, used by the ArbitrumDAO through Tally, underscoring our understanding in governance contracts and creating educational materials.

Our whitebox source code reviews, exemplified by our work with CompoundDAO, affirm our skill in verifying on-chain upgrade proposals’ correctness. In the recent OpenZeppelin Contracts 5.0, our team conducted 38 audit weeks over five phases, incorporating fuzzing tests, formal verification, threat modeling, and invariants testing.

Our commitment to security flaw identification and mitigation shines through our proactive work in ecosystems we are engaged with, such as the critical Solidity compiler bug discovery in 2018 or reporting key issues for Compound DAO over the course of 2023, including 3 Critical and 2 High issues.

Over the years, OpenZeppelin has developed numerous tools to support our audit practice, including Defender, our comprehensive blockchain security platform. We’ve tailored internal tools to ecosystem-specific needs, such as foundry tests for Governor contract proposal cycles which we can contribute to providing quicker, efficient proposal reviews and make that tooling available to others in the Arbitrum community.

OpenZeppelin’s understanding of DAO security encapsulates a holistic perspective, integrating core functionalities with satellite skills that, while peripheral, are indispensable for a comprehensive security understanding. This includes an expertise in incident response, facilitated by its dedicated practice, or for example our expertise in DAO access control mechanisms through the Access Manager framework released in Contracts 5.0. These elements, though seemingly satellite, are vital in crafting a holistic security framework, enhancing governance, and ensuring robust infrastructure against unauthorized actions.

Proposal Review & Assistance

Utilizing our existing knowledge and security experience from supporting Compound DAO and other DAO-based clients, we would take the following approach to assist and support proposal security:

  • Establish a pipeline so that any smart contract upgrades or new protocol code to be contained in a proposal will have its source code audited prior to being submitted. After an audit is completed and fixes are reviewed, a public report will be shared with the community and may be included in the proposal details.
  • Ensure every proposal that is submitted on-chain will be reviewed to ensure its correctness and that it matches the intent of the proposal text. This process will be managed by a combination of automated tooling and manual review by our team. If the proposal includes source code that has been audited, we will verify that the deployed code matches the code in-scope for the audit. Any issues found will be raised to the community in the forum under the relevant topic.
  • Weekly office hours will be provided to proposal authors that wish us to review their approach or receive guidance prior to submitting their proposal on-chain.
  • We will develop educational guidelines and tooling to assist the community in proposal security and quality assurance. This will include guidance on common mistakes to avoid, tooling to detect known issues and a detailed quality assurance process for common proposal types that require a common set of safety checks to be applied.

Review on Chain Proposal Code Updates

OpenZeppelin has years of experience advising top DeFi protocols on their upgrades and governance practices. As the maintainer of the OpenZeppelin Governor contracts, our team has collaborated with a host of projects including Tally to enhance and address security challenges for DAOs.

OpenZeppelin Governor contains a host of security improvements and enhancements that build on the prior Compound Governor Bravo framework and is now in use by over a thousand on-chain communities. We have a long history with this framework as one of the original auditors of Compound Governor Alpha. We have since worked closely with the Compound Labs team to make it more accessible, extensible and safe for third-parties by releasing an improved version in 2021 as part of the OpenZeppelin Contracts library.

As the security partner for Compound DAO since December of 2021, OpenZeppelin has been active in supporting all aspects of DAO security for the Compound community including:

  • Audits of protocol upgrades prior to being included in governance proposals with 24 audits performed over the last two years.
  • Actively reviewing all proposals to confirm parameter changes and creating tooling to help automate the process with 140 proposals passed over the last two years.
  • Reviewing specific asset listings and defining scalable processes for quality control including community contribution policies and processes for deploying Compound to new EVM chains.
  • Providing a custom, real-time monitoring solution for DAO proposals and suspicious on-chain activity.
  • Supporting emergency community multi-sigs during live incidents and helping to coordinate community response.
  • Managing security tooling grants for the Compound Grant Program for additional third party security teams to contribute to Compound’s security.

More on the work we have completed and delivered for Compound can be found in our past forum posts in 2022 and 2023. We are proud to say that the Compound protocol has not suffered any exploits or loss of funds since our partnership began despite the protocol having grown to operate eight segregated lending markets across four different blockchain networks.

Project Management

OpenZeppelin has been refining its technical project management practice since 2016. Each security services project is accompanied by a technical project manager (PM) that supports the security team in question.

Our project management workflows are tailored to the needs of the client and project. These project management workflows range from managing the development of open-source libraries such as the OpenZeppelin Contracts, providing long-term security services to the Compound DAO, or short-term audits that last 1-week. We believe our strongest asset is our ability to adapt to the needs of our clients and offer a high degree of adaptability to their workflows.

Here are listed some of our achievements, reflecting our commitment to exceptional technical project management:

  • Supported Matter Labs with development of audit plan and strategy for L1 and L2 contracts as part of preparation for zkSync Era go-live.
  • Successful coordination of audit, advisory, monitoring, development and governance work on Compound.
  • Development of a joint audit plan for Contracts 5.0 release that covered close to 100 contracts and was divided over 5 separate phases.

Technical Project Managers are part of the project from start to finish. They act as the point of contact for all security services related topics and provide regular updates on the project’s progress. Additionally, our PMs have the ability to leverage and learn from a wide range of different teams in our company such as our open source development teams working on OpenZeppelin Contract. Finally, the dedicated project management office (PMO) handles all the scheduling and provides all the necessary information, tools and resources to our teams to successfully complete all of our engagements.

Purpose/Mandate of the ARDC

OpenZeppelin’s application to become a security member of the Arbitrum Research & Development Collective (ARDC) is underpinned by our profound commitment to enhancing the security and resilience of the Arbitrum ecosystem. Recognizing the ARDC’s mandate to optimize governance and future-proof the ArbitrumDAO through research, risk assessment, secure code reviews, threat modeling, and testing enhancements, we present our application centered on our expertise in blockchain security and more specifically past experience in servicing large DAOs.

Our contribution towards achieving the ARDC’s mandate will be multifaceted, focusing primarily on elevating the security posture of the Arbitrum ecosystem. This will be achieved by bringing our extensive experience in security audits, our domain expertise in serving the Compound DAO and our holistic approach to blockchain security.

Additional Contributions

We are an active contributor to many Ethereum community public goods and security initiatives including the following:

As an active, leading member of the Ethereum security community that regularly contributes to public goods, we are well positioned to contribute to the Arbitrum community by supporting the education of safe smart contract development practices and developing security standards specific to ARDC’s needs.

Scope of Services & Applicable Fees

OpenZeppelin proposes offering 30 security engineering weeks for the 6 months period with a cost of 25k per engineer per week, for a total of $750,000. OpenZeppelin will aim to use 6 security engineering weeks per month, although this might fluctuate depending on the ARDC’s needs.

The services that are in scope for this proposal are:

  • Reviewing ALL governance proposals made to Arbitrum Core and Arbitrum Treasury.
    • These reviews will include confirming the proposal code matches the intent of the proposal text and contains no backdoors or misconfigurations.
    • If the proposal includes new code or a smart contract upgrade, we will also determine if it matches the source code in-scope as part of the audit report. If not already audited by a trusted vendor of ARDC, a full audit of the source code must be scheduled with our team separately ahead of time.
    • Any security issues detected will be announced to the community within 3 business days of the proposal submission date.
    • There will be no limit on the number of proposals that OpenZeppelin will review in this manner over the course of the 6 month period, even if the allocated time of 30 engineering weeks is exceeded.
  • Auditing the source code for smart contract upgrades and new deployments that are planned to go through governance.
    • These audits must be requested and scheduled with our team ahead of being proposed on-chain. We will provide a public form and pipeline for teams to request an audit.
    • If there are not enough security engineering weeks available to audit all requested proposal changes, OpenZeppelin will work with the Arbitrum coalition to determine the most appropriate priorities.
  • Advising on community usage of security tooling for static analysis, fuzzing, invariant testing and other methodologies. Our team may also develop custom testing suites for community-specific needs or as components of specific audits we perform.
    • We will also publicize and make available any tooling we develop internally for use in our proposal reviews so that proposal authors may use them to simulate their proposals ahead of time to confirm correctness.
  • Providing Educational Materials, Guidelines and a Quality Assurance Process for Arbitrum proposals and upgrades. We will also offer weekly office hours to have discussions with proposal authors and provide resources for them to prepare safe proposals.

Summary

OpenZeppelin, leveraging its role in Ethereum’s security landscape, aims to extend its comprehensive expertise to the Arbitrum Research & Development Collective (ARDC) by becoming its Security member. Highlighted by our impactful collaboration with the Compound DAO, we’re poised to contribute significantly to the ArbitrumDAO, focusing on enhancing governance and ecosystem security. Our proposed involvement includes conducting rigorous on-chain proposal code reviews, leveraging advanced security tools, and creating educational materials to support the ARDC’s objectives. This commitment underscores our dedication to strengthening the ArbitrumDAO’s governance framework and ensuring its resilience against security threats.

Feel free to attach any relevant documents, portfolios, or links to previous work or contributions.

1 Like

Applicant Information

Name of Applicant: Halborn
Applicant’s Representative: Rob Behnke
Email Address: dao@halborn.com
Telegram Handle (if applicable): @robbehnke
LinkedIn Profile (if applicable): Halborn | LinkedIn
Role being applied for: Security-Oriented Member

Background Information

Halborn is an award-winning, elite cybersecurity company for blockchain organizations founded in 2019 by renowned ethical hacker Steven Walbroehl and growth hacker Rob Behnke. We’ve been trusted by organizations such as Uniswap, zkSync, Circle, Solana, Dapper Labs, Polygon, Animoca Brands, and many more:

Halborn personnel have audited hundreds of projects across multiple ecosystems and across numerous chains. With an extremely deep pool of talent, we go well beyond just smart contract audits, offering a full suite of security advisory and assurance services encompassing architecture & design, security roadmapping, advanced penetration testing, cloud & infrastructure assessments, awareness training, code audits, standards and policies recommendations, and much more.

Last year (March 2023), Halborn discovered a 9.8 criticality 0day vulnerability affecting Dogecoin, Litecoin, Zcash, and an additional 280 networks at an estimated exposure cost of $25 billion USD. Additionally, Halborn personnel received the largest bug bounty in Metamask’s history for a key vulnerability finding in June 2022.

We’ve done extensive work with some of the leading on-chain protocols and have had numerous high impact findings. In addition, we’re deeply familiar with the Arbitrum ecosystem due to our work with several key Arbitrum protocols/projects, summarized below.

Key Arbitrum Protocol Engagements

  • QodaFi
    • Discovered two Critical level risks related to smart contract functions around quote creation and interaction with quote manager. Identified an additional 12 Medium/Low risk findings related to smart contract functionality.
  • Gains
    • Discovered a Critical level risk related to front running of a bridge within smart contracts. Identified an additional three Medium/Low risk findings related to oracle fee payments.
  • Lodestar
    • Discovered six Critical level risks and eight High level risks across both smart contract code base and web2 infrastructure and API. In addition, Halborn identified an additional 15 Medium level risks across client infrastructure.
  • PlutusDAO, Foxify
    • Extensive engagements with other relevant protocols but due to confidentiality will not be publishing findings.
  • Chromatic, Isekai, Seneca, Goldlink
    • Recently kicked off engagements

A more comprehensive list of public reports can be found at our GitHub: HalbornSecurity (Halborn) · GitHub

As the dedicated security specialist of the ARDC, we will offer a comprehensive set of best in class security solutions for Arbitrum throughout all stages of the governance lifecycle, designed to safeguard, enhance, and future-proof the DAO. Our team’s extensive experience enables us to offer comprehensive service and advisory across all key security needs for the ARDC: secure code reviews, proposal evaluations, threat modeling, and ongoing security research and education. Beyond individual expertise, we leverage the collective knowledge of our diverse team of security professionals, providing well-rounded recommendations, informed insights, and collaborative dialogue.

Our smart contract auditing methodology combines a range of techniques including, but not limited to:

  • Manual review
  • Fuzzing
  • Symbolic execution
  • Logical and business rule analysis

Our off-chain assessment methodology includes:

  • Mapping content and functionality
  • Configuration and deployment
  • Identity management and authentication/authorization flaws
  • Session handling
  • Business logic flaws
  • Fuzzing of all input parameters
  • Rate limitation tests
  • Brute force attempts
  • Multiple types of injection (SQL/JSON/HTML/Command)
  • Client-side testing

Halborn has conducted around 1,730 security assessments with a success rate of 99.9%. We have extensive experience in not only smart contract audit/assessment, but also in off-chain analysis covering cloud infrastructure, web applications, servers, and mobile applications.

To facilitate governance decision making, Halborn will analyze new proposals, leveraging our deep skillset and tooling to help identify potential risks and provide recommendations for risk reduction measures. Halborn will assign a dedicated Arbitrum point of contact whose responsibility will be coordinating the analysis and communication on all Arbitrum proposals.

In terms of research, Halborn also aims to improve the education level of the ecosystem and expand community knowledge by providing research on relevant topics. Some of our more recent research include the Top 50 DeFi Hacks report in which we analyze the top 50 hacks (by loss value) through 2023 in order to provide a comprehensive summary of different key findings, like potential attack vectors, as well as recommendations to improve a project’s security; or the ChatGPT report in which we analyze the potential use of the AI in relation with blockchain and security, like its ability to detect common vulnerabilities or solve CTFs. Finally, we would also like to mention our regular blog posts in which we share analysis and explanations of some of the most recent relevant DeFi hacks as well as tips to improve security.

Objectives & Motivation

Arbitrum’s extraordinary journey to becoming a cornerstone of decentralization is a testament to its unwavering commitment to innovation. As pioneers in this dynamic landscape, we acknowledge the impressive strides Arbitrum has taken. However, with growth comes increased responsibility, especially in the realm of security.

According to our research, the top 50 hacks from 2016 to 2022 caused over $5.5B in losses, with the number and magnitude of attacks consistently trending higher. More concerning, attacks were not limited to just one type - contract exploits, private key leakage, governance attacks, price manipulation, and rug pulls were all major contributors.

This stark reality underscores the need for comprehensive and ongoing security measures encompassing all these attack vectors. Only by addressing vulnerabilities across the board can we build truly robust and resilient systems.

We believe our expertise and long operating history in the space uniquely position us to be one of the only organizations that can effectively cover all of these areas to help reinforce Arbitrum’s security. Our continuous security advisory and assurance service is a holistic solution that can help Arbitrum and its stakeholders stay aware of, and proactive against, this wide range of threats, as well as providing education and advice to the entire ecosystem.

As part of our ongoing security advisory and assurance service, Halborn will conduct security-focused reviews of forum proposals and discussions. We will leverage our expertise and experience to help identify risks and provide recommendations for risk mitigation. We can develop technical assessments designed to reveal potential vulnerabilities within new proposals (utilizing tools such as Foundry, Hardhat, or Brownie for fork simulation), and offer specific recommendations for improvement.

Halborn will assign a dedicated point of contact to facilitate risk assessments and communicate results and recommendations back to the DAO, as well as to gather questions and inquiries from stakeholders.

Our approach of analyzing proposals and then recommending remedies can help achieve a few things:

  1. Identify and highlight potential security risks within proposals.
  2. Help influence and implement change to proposals to strengthen them from a security and governance perspective.
  3. Elevate broader awareness and education among Arbitrum stakeholders.

By achieving these goals, we can help optimize Arbitrum’s governance process, protect the broader ecosystem, and contribute to the DAO’s long-term success.

Skills and Experience

Halborn has audited hundreds of projects across multiple ecosystems and chains. We have extensive experience in not only smart contract audit/assessment, but also in off-chain analysis covering cloud infrastructure, web applications, servers, and mobile applications.

We form strong, long-term partnerships in order to provide comprehensive and ongoing security services. With our continuous security advisory and assurance offering we act as a key partner to continuously assess our partners’ most vital assets. This includes security architecture assessment, code audits, custom red team engagements, web/cloud/API pen-testing, continuous smart contract auditing, and protocol security assessments.

Halborn has also served as a key ongoing security partner for another popular ecosystem, Solana. We mention this to highlight not only the breadth of our expertise, but also to call out our commitment to establishing strong and successful relationships with leading blockchains operating in the space today. Following are a few of our achievements as part of our ongoing security partnership with Solana:

  • Address Lookup Table and Versioned Transactions

    • Address Lookup Tables allow developers to create a collection of related addresses to efficiently load more addresses in a single transaction. In order to use it, the Versioned Transaction format was introduced. These components form part of the Solana core.
  • Durable Nonce Patch

    • Solana Foundation engaged Halborn to conduct a security audit on their pull requests, patching the Durable Nonce runtime bug. This component is part of the Solana Layer 1.
  • ELF parser

    • Solana Foundation implemented a new dependency-less ELF parser, which is replacing the goblin crate previously used and asked Halborn to perform an audit of this component.
  • Solana runtime

    • Halborn audited several components of the Solana runtime along various iterations and corrections. These include Sealevel, Gulf stream or the Gossip Service. Through this process we discovered one medium risk which allowed some built-in programs to not consume compute units, a low one in which transaction prioritization is not enforced, alongside several informational ones.

Proposal Review & Assistance

Halborn personnel will provide proposal reviews and assistance with a focus on identification of any potential risk conditions that may exist. Halborn’s dedicated Arbitrum Project Manager will triage proposals, enlist the appropriate Halborn personnel, provide status updates and communication, and field requests and questions from the DAO and community. Halborn personnel will communicate with proposal submitters or other stakeholders in their preferred communication manager (Telegram, Slack, Email, etc.). Halborn will provide suggestions and recommendations for enhancements, along with detailed reports pertaining to the security review of submitted proposals. The Arbitrum Project Manager will ensure communication with the broader community on the Arbitrum Forums as needed.

Review on Chain Proposal Code Updates

At Halborn, we have a rigorous process for evaluating security risks in on-chain proposals. We monitor for new on chain proposals. Once we identify one, we create a replica of the network (a “fork”) and execute the proposal within it, closely monitoring its behavior and observing results. Next, we scrutinize all addresses involved in the execution, verifying they’re not potentially harmful elements like upgradeable proxies, precomputed addresses, or metamorphic contracts.

In a nutshell:

  • Malicious Proposal Review Cont. → Check Snapshot Page continuously
  • Proposal Simulation Through Fork
  • Proposal Security Review (Solidity - Golang)

Results and recommendations are communicated to the relevant stakeholders, and Halborn can also provide education and dialogue with the broader community to promote ongoing security awareness and improvement.

Project Management

Halborn employs a team of dedicated project and program management specialists who are highly experienced through all phases of the project lifecycle. Since 2020, Halborn has grown and developed the capabilities of its Project Management Office to improve efficient operations of client projects, internal projects, and both internal and external programs. The deep expertise of the team is documented in an internal wiki to improve collaborative synergy across the organization.

Each Halborn client is assigned a dedicated Project Manager to serve as their primary point of contact for any needs during the length of the engagement. A breakdown of our well-established project management workflow can be found below:

We have a 3-pass quality assurance process on all reports and findings, with an initial QA, second QA by our Engineering Director, and a third QA by our VP of Engineering.

For examples of successful long-term project management, we’d point again to the Solana partnership referenced above. As Solana’s key security partner we provide continuous and ongoing security advisory and assurance services, balancing a variety of distinct projects covering multiple facets of their security.

Purpose/Mandate of the ARDC

We believe our ongoing contributions will directly support the ARDC’s mandate. By continually analyzing, evaluating, and suggesting risk mitigation strategies, we offer the DAO a constant security lens for both proposals and ongoing discussions. Our expertise in both smart contract auditing and broader security assessments helps safeguard the DAO against both known and emerging threats, contributing significantly to its long-term resilience.

By actively participating in both forum discussions and proposal reviews, we can significantly elevate security awareness within the community. This deeper understanding will lead to more rigorous debates and ultimately, more robust proposals that better serve the DAO’s interests.

Our ability to perform smart contract audits, infrastructure security assessments, and a host of other security advisory and assurance services as-needed will also directly contribute to stronger security at the protocol and ecosystem level.

Additional Contributions

Halborn has a strong track record of innovation, with a goal of improving the security of the web3 ecosystem. To achieve that end, we have developed tools like Ziion the first open-source, end-to-end, pre-compiled, multi-architecture, multi-protocol blockchain security testing and development solution; and products like Seraph the first blockchain notary that intends to increment security by stopping malicious transactions.

At Halborn we also aim to improve the current state of the art of the ecosystem and spread knowledge by researching different topics of interest. Some of our more recent research include the Top 50 DeFi Hacks report in which we analyze the top 50 hacks (by loss value) through 2023 in order to provide a comprehensive summary of different key findings, like potential attack vectors, as well as recommendations to improve a project’s security; or the ChatGPT report (ChatGPT Vulnerability Detection Report) in which we analyze the potential use of the AI in relation with blockchain and security, like its ability to detect common vulnerabilities or solve CTFs. Finally, we would also like to mention our regular blog posts (Blockchain Security Insights and Hacks Explained | Halborn Blog) in which we share analysis and explanations of some of the most recent relevant DeFi hacks as well as tips to improve security.

Scope of Services

Halborn will provide an end-to-end security solution, acting as Arbitrum’s full stack security partner. We offer a comprehensive solution, providing a deep roster of security and cryptography experts supported by a robust group of project managers and technical teams to provide ongoing advisory and assurance across the full range of security needs. Our scope of work includes two components:

  • 1. Continuous Security Assurance - Halborn will provide advisory, insights, recommendations, and dialogue on an ongoing basis. We will assist Arbitrum and ecosystem participants by reviewing all governance proposals, developing and implementing a security strategy, identifying risks, and providing recommendations for risk reduction measures. Halborn will answer questions from the community, proposal authors, or other stakeholders as needed. We’ll also provide research and general education to the Arbitrum ecosystem.

  • 2. Discrete Workstream Services - Halborn will provide up to 2 project-based workstream services per month. These can include:

    • Smart Contract Security Audit
    • Layer 1 / Layer 2 blockchain Audit
    • Web Application Security Test
    • Mobile Application Security Test
    • Advanced Penetration Testing
    • Vulnerability Assessment
    • Security Architecture & Risk Assessment

Our proposed fee for these services is $500,000 USD per six-months Term, payable in ARB. Halborn commits to providing a maximum of 4 engineering work weeks per month dedicated exclusively to each of the two workstreams. This brings the cost to $20,833 per engineer week. We also commit to 1 part-time Technical Project Manager to handle all communications, assignments and escalations. This budget is roughly equivalent to a maximum of 36% of the total Security member allocation of 665,000, based on today’s ARB price.

  • Halborn will invoice the DAO for work performed in connection with the Deliverables for the preceding month for up to $83,333 USD worth of ARB (based on prior 30-day TWAP from coingecko.com). If, in any individual month, the DAO does not utilize the full security engineer time allocation, that month’s invoice will be pro-rated to reflect the lower amount of resources utilized.

  • In order to further align incentives, all ARB Tokens received in connection with this Agreement will be locked and staked for one (1) year from the date of service delivery. Halborn agrees not to trade, sell, or otherwise move, transfer or dispose of any ARB Tokens received in connection with this Agreement for at least one (1) year after receipt of the ARB Tokens.

The DAO shall deliver payment associated with each invoice within a reasonable time after receipt of such invoice, provided that the Deliverables associated with such invoice have been delivered in a satisfactory manner, as determined by the DAO.

Summary

Halborn is an award-winning, elite cybersecurity company for blockchain organizations founded in 2019 by renowned ethical hacker Steven Walbroehl and growth hacker Rob Behnke. We’ve been trusted by organizations such as Uniswap, Matter Labs, Circle, Solana, Dapper Labs, Polygon, Animoca Brands, and many more.

Halborn’s differentiated approach to security goes beyond discrete one-off engagements – we leverage our deep bench of security talent to act as a continuous and ongoing security partner for the entire Arbitrum ecosystem. This includes ongoing advisory and assurance services, as well as a menu of distinct project-based workstreams that can be utilized as needed. This combined approach of ongoing advisory + security workstream engagements provides comprehensive coverage and allows us to act as a true partner to Arbitrum, enabling us to significantly enhance, safeguard, and future-proof the DAO.

Key Differentiators

  • Holistic Security: We go beyond code audits with a holistic approach, offering continuous security advisory and assurance services.
  • Strong Incentive Alignment: Halborn commits to aligning our incentives with Arbitrum by locking and staking all ARB tokens received for at least one (1) year.
  • Real-World Impact: Discovered critical vulnerabilities in Dogecoin and received the largest bug bounty in MetaMask’s history, demonstrating our vigilance and industry leadership.
  • Proven Methodology: Combines manual code review, fuzzing, symbolic execution, and threat modeling for maximum effect.
  • Extensive Arbitrum Experience: Directly engaged with leading Arbitrum protocols, delivering insights and tangible security improvements.
  • Track Record as Key Ecosystem Partner: We have a strong track record in similar engagements, evidenced by our long-standing position as Solana’s key continuous security partner.

Summary for ARDC

  • Dedicated Arbitrum Security Expert: Deliver tailored, expert guidance to safeguard the DAO.
  • Proposal Risk Assessment: Rigorous security analysis of all proposals to optimize decision-making.
  • Security Research & Education: Proactive research on threats, and educational materials to bolster community understanding.
  • Flexible Services: Up to 2 project-based services per month (audits, testing, assessments) in addition to continuous advisory and assurance services to respond to the DAO’s evolving needs.
Relevant Links:
1 Like

Applicant Information

Background Information

Cyfrin

Home to some of the best smart contract security researchers in the market and one of the strongest Developer Relations teams in the industry - professionals in Cyfrin come from backgrounds like Chainlink, Compound, Alchemy, Aragon, WorldCoin, Microsoft, Google, and other popular FinTech companies.

Patrick Collins

Cyfrin’s CEO and former Lead of Chainlink DevRel, Patrick, revolutionized the industry by onboarding hundreds of thousands of developers into web3, with over 3 million views on his courses and ~160,000 subscribers across platforms.

He has the most highly viewed educational content for Solidity developers worldwide, reaching millions of students across both Web2 and Web3. His previous educational content contributed to the Chainlink oracle network growth, significantly bolstering its prominence within Web3 and ultimately establishing it as the industry standard.

Through Cyfrin Updraft, Cyfrin’s educational platform, he directs his courses toward the Arbitrum ecosystem by building all of the courses on Arbitrum and encouraging hundreds of thousands of developers to do the same. There are currently over 100,000 students enrolled in this program, and we have helped a host of those students get top jobs in Web3.

Hans Friese

Cyfrin’s Head Auditor and Co-founder, Hans, is one of the world’s top auditors, consistently ranking at the top within competitive auditor leaderboards. He has found medium and high risks on some of the most prominent protocols in Web3, including Ondo Finance, Olympus DAO, Frax, Blur, and many more. He is also the founder and Lead Engineer of Solodit, the most used vulnerability aggregator tool for auditors. It serves as a repository for audit reports, aiming to enhance transparency and trust in the web3 ecosystem by providing an easier way for users to find and review security assessments of blockchain projects.

This consolidation allows developers, investors, and users to easily review the security assessments of different protocols, allowing a more informed and secure space. Solodit is vital in promoting best practices and trust in the rapidly evolving blockchain space by simplifying access to these reports. This initiative reflects Hans’ commitment to improving security by making vital information available to the community.

Alex Roan

Cyfrin’s CTO, Alex, is a veteran Web3 developer whose work has contributed to securing billions of dollars in value with DeFi.

He was in the early cohort of hires at Chainlink Labs and was instrumental in early Price Feed integrations with Web3 powerhouses such as Compound Finance. From there, he became the engineering lead on the Cross Chain Interprobility Protocol (CCIP) project. This solution is utilized today by 94 Arbitrum protocols and 120 on Ethereum, including GMX, AAVE, Sushi, Beefy, Rocketpool, and WooFi.

Alex has also been a key contributor to some of the top protocols in the Arbitrum Ecosystem including GMX, where he developed the integration of High Frequency Price Automation for Chainlink Keeper Data Streams. Alex also worked on Chainlink Staking contracts, indirectly supporting the Chainlink BUILD program. It is an initiative to help early-stage and established Web3 projects grow by providing them with enhanced access to Chainlink services and technical support. There are several Arbitrum and Ethereum protocols involved with this program.

As the CTO of Cyfrin, he has led their World class auditing team. He is developing several security-focused services and open-source tools, such as the Codehawks competitive audit platform and Aderyn, a Rust-based Solidity AST Analyzer designed to identify potential vulnerabilities.

Mark Scrine

Cyfrin’s CSO, Mark, was the Strategic Lead for Proof of Reserve at Chainlink Labs and led several of their biggest integrations, securing over $3.2B of TVL in minting for the solution. These included protocols such as TUSD, Matrix Port, AAVE, BackedFi, Poundtoken, Stablr, and Swell Network. Before moving into his role on Proof of Reserve, his primary focus was to support the integration of price feeds, automation, and VRF across DeFi, contributing to enhancing the security of hundreds of protocols on the Ethereum and Arbitrum ecosystems.

More recently, at Cyfrin, he has become the CSO and developed partnerships with some of the biggest protocols in the space across several different verticals within the Ethereum and Arbitrum ecosystems. He has also supported Immutable Lawyer & DK with the Arbitrum DAO in establishing the ArbitrumDAO Procurement for Service Providers.


Cyfrin will hire a dedicated Project Manager if selected. They will be supported by the individuals mentioned above alongside the entire Cyfrin team and resources. We want to have a dedicated focus on the ARDC and not have any other external or internal distractions - so hiring one dedicated to this would be the most beneficial to the ARDC. This security expert will hold a developer-first role at Cyfrin and will be supported by our team of Security Researchers, Engineers, and DevRels.


Security, Education & Framework

Cyfrin is interested in contributing to the Arbitrum Research & Development Collective (ARDC) for Security Enhancement, Educational Initiatives, and Framework Development. Our expertise in blockchain security and smart contract audits uniquely positions us to do this successfully.

Security Enhancement: At the core of Cyfrin’s mission is enhancing smart contract security. We previously proposed establishing the Arbitrum Security Enhancement Fund to sponsor audits for projects within the Arbitrum ecosystem.

Through our private and competitive audits, Cyfrin has secured over $25B in TVL. Our in-house team of world-class security researchers produces tooling and content on their work to improve security for the industry in general. Cyfrin also championed the ‘ArbitrumDAO Procurement Committee’ and helped shape some processes with potential Procurement Committee Members.

Our team brings a deep technical skill set to every project we take on, including static and manual analysis, vulnerability detection, advanced fuzz testing, formal verification, monitoring, and emergency crisis management.

For DAOs particularly, visualizing the state of contracts, ensuring the correct encoding of values, and assessing risky transactions is critical to securing the entire Arbitrum ecosystem against potential attacks and malicious actors.

Additionally, our proficiency extends to conducting white box source code reviews, a meticulous process to identify design flaws and verify the security and correctness properties of on-chain upgrade proposals. This capability is essential in preempting and preventing governance attacks, enhancing the ecosystem’s resilience.

Educational Initiatives: Cyfrin is already deploying our industry-leading DevRel team towards educational programs tailored for Arbitrum developers through Cyfrin Updraft with the support of The Arbitrum Foundation. This includes courses on Solidity 101, Foundry 101, Advanced Foundry, and Security and Auditing courses. We aim to empower developers with the knowledge and necessary tools to prioritize security at every development lifecycle stage, mitigating risks and enhancing the overall security culture within the Arbitrum ecosystem. These courses are now available in 8 different languages to increase the adoption of blockchain technology worldwide. The main reason for providing security consultations on DAO proposals is to educate the broader community to help them make informed decisions. Given our expertise and proven track record in delivering world-class educational content, we are uniquely positioned to support the ARDC with this.

Framework Development: We will use our auditing experience to develop a comprehensive security framework tailored for the Arbitrum ecosystem. This framework will guide developers and protocols, outlining best practices, common vulnerabilities, and strategies to pre-empt potential security issues. We aim to ensure that the Arbitrum ecosystem remains at the forefront of blockchain security by continuously updating this framework in response to emerging threats and trends.

Motivations

Cyfrin’s motivation to join the Arbitrum Research & Development Collective (ARDC) stems from our mission statement to advance security within the blockchain ecosystem.

Our objectives are twofold.

Firstly, we want to enhance the security of Arbitrum protocols and its infrastructure to support its growing user base. This effort is crucial for building trust among developers and increasing the active user base.

Secondly, we have vested efforts in contributing to the ARDC’s educational initiatives - empowering developers with the security knowledge required and best practices essential to promoting a security-first culture. Building a safer blockchain industry is Cyfrin’s primary mission.

Ultimately, our participation in the ARDC is about mitigating risks and actively contributing to creating a more secure, innovative, and resilient industry for all.

Primary Mandate

Cyfrin’s commitment to the Arbitrum Research & Development Collective (ARDC) is to leverage our blockchain security expertise to analyze ArbitrumDAO proposals and forum discussions to grow a safer Arbitrum ecosystem.

By leveraging the tools and skill sets we use daily to audit protocols and build code, Cyfrin will direct our unique capabilities to evaluate every code update, governance contract, and proposal transaction. Cyfrin’s presence in the Arbitrum ecosystem will increase the number of secure proposals while maintaining the ecosystem’s trustworthiness.

We aim to expedite the governance decision-making process by offering actionable insights and recommendations, enabling the community to make informed, swift decisions that enhance the ecosystem’s security and functionality.

Cyfrin is dedicated to creating educational materials that break down security practices for the Arbitrum community. This initiative raises awareness and increases security measures for the Arbitrum DAO, further strengthening the ecosystem’s resilience and long-term sustainability.

Relevant Security Experience

Cyfrin has conducted smart contract security audits, both competitive and private, for a wide range of projects across chains. This deep expertise in smart contracts has given us the skills to succeed at ARDC.

In the first 30 days of 2024, Cyfrin has been tasked with auditing over $27 billion worth of DeFi TVL by some of the most prominent protocols in the Ethereum ecosystem. This work ranges across several verticals, including stablecoins, liquid staking, bridges, etc. This diverse and complex range of protocols, coupled with extremely high TVL at stake, has earned us the experience needed for a successful Arbitrum Research & Development Collective.

Our audits have helped identify critical vulnerabilities, safeguarding the integrity of protocols and protecting them and their users from potential exploits. Furthermore, our long-held commitment to enhancing the security of the Arbitrum and Ethereum ecosystems is showcased in our innovative educational initiatives for engineers and auditors - which are, in large part, taught for developers building in the Arbitrum chain.

By providing clear guidelines and best practices, we have fostered a safer development environment that encourages innovation while minimizing risk.

In summary, Cyfrin’s mix of security auditing expertise and educational outreach positions us as a highly valuable contributor to the ARDC.

Proposal Review and Experience

Each proposal is unique, and assistance may come in various forms, including but not limited to:

  • Security assessments on the proposed code
  • Proof of concepts for vulnerabilities
  • Feedback on testing, code maturity, or overall architecture of proposals
  • Working through previous cases where similar proposals have been tested
  • Running simulations to evaluate whether a proposal should be accepted
  • Providing feedback on the architecture or makeup of the proposal

We aim to ensure that everyone involved in the proposal process understands the security implications of any successful proposal. Our team will do everything possible to provide assistance and ensure a secure environment.

Review on Chain Proposal Code Updates

With extensive experience conducting security reviews and smart contract engineering for critical protocols such as Chainlink, Compound, and GMX, Cyfrin’s background places us in a unique position to enhance the security and integrity of the Arbitrum ecosystem. Our expertise encompasses the hands-on development and auditing of smart contracts and the creation of cutting-edge tooling designed to identify and mitigate security risks internally within organizations and externally in the broader Web3 space. Moreover, Cyfrin Updraft’s world-class Web3 education initiatives have equipped our team with the skills to understand complex security concepts easily.

Security Reviews: Leveraging our security review experience, we will thoroughly examine Arbitrum’s smart contracts and associated codebases. By applying specific review methodologies, we will uncover vulnerabilities, suggest mitigations, and provide detailed reports to eradicate security issues within the ecosystem.

Threat Modeling: Effective security requires anticipation. Drawing on our background in threat modeling, we will help the Arbitrum ecosystem identify potential security threats before they happen. Cyfrin will guide proposals in understanding common and sophisticated attack vectors by understanding and modeling the adversary’s perspective.

Competitive Audits: With Cyfrin’s expertise in competitive audits, we are capable of managing and supervising audit competitions for the Arbitrum ecosystem. Such competitions are designed to engage external security experts to scrutinize and evaluate Arbitrum’s code, giving rise to diverse expert perspectives and unearthing any latent vulnerabilities. This process ultimately helps to bolster the ecosystem’s resilience.

Security Consultation: Offering security consultation services, we can provide ongoing support to Arbitrum developers and projects. This includes advising on best security practices, reviewing code changes for potential security implications, and helping to integrate security into the development lifecycle from the outset.

Engineering and Architecture Consultation: Beyond security, our experience in smart contract engineering allows us to consult on the overall engineering and architectural decisions within the Arbitrum ecosystem. This ensures that security considerations are baked into the design and architecture of projects, minimizing risks and vulnerabilities.

Educational Initiatives: Finally, leveraging our involvement in Web3 education, we can contribute to developing and delivering training programs and resources focused on security best practices for the Arbitrum community. Educating developers, auditors, and project teams can elevate the security knowledge base within the ecosystem, leading to more secure deployments and innovations.

Summary

Cyfrin’s comprehensive experience in security reviews, smart contract engineering, tool development, and education positions us to make a significant contribution. By applying an approach that includes rigorous audits, threat modeling, competitive analysis, and educational outreach, we aim to level up the Arbitrum ecosystem.

Project Management

Cyfrin has launched three brand-new products: Codehawks, Cyfrin Updraft, and Solodit. We’re a developer-first security firm and offer Private Audits tailored to yet-to-be-deployed and already-live protocols.

Each security assessment that we conduct is assigned a dedicated project manager. They prioritize the client’s needs and start with a welcome call to discuss the project’s timelines. We send them onboarding documentation to start their security engagement. Once the project is completed, we deliver the formal report and discuss the findings with the protocol.

We provide live updates and regular status calls to keep our clients informed about the project’s progress. Our project managers hold internal retrospective calls to document successful outcomes and achievements. This helps us obtain feedback on the client journey and identify improvement areas. Project Managers also have live closure calls with their client points of contact.

To ensure client success, we use a CRM tool to track project progress, stay within scope, and monitor budget considerations. Our Team Scheduling & Resource Planning Tool helps address schedule management and financial management considerations.

Through constant communication, the protocol’s engineering team can revise vulnerabilities as soon as they’re found. This ensures the team can start working on fixes immediately. We also provide architecture analysis, fuzz testing, improvement pull reviews, and specific knowledge like formal verification, code smells, testing feedback, etc.

Contribution to the purpose of ARDC mandate

Our goal will be to review Arbitrum DAO Forum proposals by applying our security-first mindset to evaluate their feasibility, security implications, and overall impact and risk on the Arbitrum ecosystem, its treasury, and its user base. This involves a detailed analysis of every technical portion of each proposal, identifying potential vulnerabilities and risks, and suggesting improvements that strengthen the ecosystem as a whole.

We will leverage our experience in smart contract security to provide comprehensive, objective assessments of proposals and their attached on-chain actions and take a detailed approach to analyze forum discussions within the Arbitrum DAO.

Furthermore, our contribution extends to active participation in DAO discussions, where our insights and recommendations will be rooted in a technical approach - always with the best interests of Arbitrum security in mind. As mentioned, Cyfrin has significantly contributed to growing the Arbitrum developer ecosystem through our technical education courses watched by hundreds of thousands of students worldwide and will continue providing an educational approach to our reporting mechanisms.

Engaging in active community discussions fosters a culture of security awareness among other thought leaders and the broader community, continuously emphasizing the importance of security considerations in the governance process.

We will expedite governance decision-making by providing clear, concise, and actionable proposal feedback. This feedback will be based on rigorous analysis and our vast experience in the security space, offering ArbitrumDAO the ability to make informed decisions.

In summary, Cyfrin’s contribution to the ARDC’s mandate will be shown in our commitment to enhancing the security and integrity of the Arbitrum ecosystem. Through objective assessments, proactive community engagement, and a focus on security education, we aim to support the ARDC in making the ArbitrumDAO’s governance process more efficient, informed, and secure.

Security Tools

We have designed, developed, and launched several security tools in the last year:

  • Solodit is the world’s most extensive library of smart contract vulnerabilities, free for all smart contract researchers to leverage daily.
  • Aderyn is a Rust-based Solidity AST analyzer. It is designed to enable and empower automation experts to build the most advanced open-source vulnerability detectors in Web3.
  • CodeHawks is a competitive auditing platform that incentivizes security researchers to find vulnerabilities in open contests based on impact and uniqueness.
  • Keepmesafe is an npm package ensuring developers never push their private key to a public repository - this was the number one cause for hacks in 2023.

Building security tools that auditors and engineers can leverage at every development lifecycle is critical to the Cyfrin mission. All of the tools that we have created are compatible with Arbtirum.

Cost to the DAO

  • Total: 350,000 ARB (~52% of the 665,000 ARB dedicated to this initiative)
    • Full-Time Project Manager: 100,000 ARB - for the 6-month term, full-time dedication (1 $ARB = 1.93$).
    • Supporting Team Members: 250,000 ARB - Alongside the dedicated Security Expert, Cyfrin will allocate members of its team costing 20k per week for $480,000 at the current price of Arb (1 $ARB = 1.93$). The total ask is $673,000 for the six months at the current price of Arb (1 $ARB = 1.93$).

Summary

At Cyfrin, our core qualifications are in smart contract security research, technical education, and developing and deploying advanced security tooling. Our team brings experience conducting thorough security audits, with a portfolio of audit reports and published mitigation reports demonstrating our expertise in identifying, analyzing, and mitigating vulnerabilities in smart contracts. This background makes us uniquely equipped to contribute significantly to the Arbitrum Research & Development Collective (ARDC).

Our background in education allows us to break down complex security concepts into accessible knowledge, supporting developers within the Arbitrum ecosystem to adopt best practices in smart contract security. We have a track record of developing educational materials that raise awareness and understanding of security issues, fostering a culture of security-first development.

Cyfrin’s experience in smart contract security tooling is another area of expertise. We have developed and refined a suite of tools that automate the detection of vulnerabilities and assist in the secure development of smart contracts. This includes Aderyn, Keepmesafe, and Solodit. Soon, we are releasing a reusable CCIP testing framework, which can support protocols in the Abritrum and Ethereum ecosystems.

This experience directly applies to enhancing the Arbitrum DAO’s security posture, ensuring that proposals and implementations adhere to the highest security standards.

Our competitive audit platform, CodeHawks, can leverage community-driven security assessments to identify vulnerabilities within Arbitrum DAO proposals. This platform could serve as a mechanism to engage with the broader security research community, bringing in renowned experts to participate in contests designed to assess and improve the security of proposals. Such an approach elevates the security analysis of Arbitrum DAO projects and fosters a collaborative and competitive environment that drives innovation and excellence in smart contract security.

In summary, Cyfrin’s blend of deep technical expertise, a commitment to education, and innovative security tooling positions us as an ideal partner for the ARDC. Our contribution can significantly enhance the security, integrity, and resilience of the Arbitrum ecosystem, driving forward the collective goal of establishing Arbitrum as a secure and trusted platform for decentralized applications. Our vision is to work collaboratively with the ARDC to set new standards in blockchain security, leveraging our strengths to benefit the Arbitrum community and beyond.

Relevant Resources

Disclaimer: We are open to collaborating with other Security Firms and are not closed off to a joint proposal with reputable partners.

4 Likes

Applicant Information

  • Name of Applicant & Applicant’s Representative [If Applicable]: Collaboration of Nethermind Security and Nethermind Research. Represented by James Baggett
  • Email Address: hello@nethermind.io
  • Telegram Handle (if applicable): @jamesbaggett
  • LinkedIn Profile (if applicable):
  • Role being applied for: Security Oriented Member

Background Information

Nethermind is a blockchain research and software engineering company empowering developers, enterprises, and institutions worldwide to work with and build on decentralized systems. Our work touches every part of the web3 ecosystem - layer 1 and layer 2 engineering, cryptography research, security to application-layer protocol development, and more. As one of the core contributors to the development of Ethereum, our execution client represents a significant portion of synced nodes. Within Arbitrum DAO, Nethermind has recently been elected to serve on the Stable Treasury Endowment Program (STEP), formed to evaluate tokenized treasury providers for the DAO.

Nethermind’s expertise spans several domains, including:

  • Nethermind Security
  • Nethermind Research
  • Blockchain Core Development
  • L2 Tooling
  • Protocol Development and Analytics
  • DevOps and Infrastructure Management

In line with the scope of this proposal, we expect most work to fall under the domains of Nethermind Security and Nethermind Research; ****however, other expert resources within Nethermind can be made available for proposals that encroach upon the expected scope of the security member.

NETHERMIND SECURITY encompasses all of Nethermind’s blockchain expertise, concentrated on security solutions for Ethereum and Starknet builders. We offer comprehensive security services, including smart contract audits, formal verification, and real-time monitoring, working collaboratively to deliver the most robust solutions to our clients. The team applies state-of-the-art techniques and is experienced in analyzing cutting-edge Solidity and Cairo smart contracts, in collaboration with Worldcoin, Polygon ID, Braavos Wallet, ArgentX, ZKX, StarkGate, and many others.

Our auditing team takes an agile approach, where clients actively participate throughout the audit. We maintain regular communication via scheduled sync calls, providing progress updates and descriptions of discovered bugs along the way. Our well-established process reduces idle time on the client side by sending partial reports while we complete the rest of the audit, allowing clients to address any issues or concerns in real-time.

Nethermind’s formal verification team has expertise in developing Interactive Theorem Proving (ITP) infrastructures and Automated Theorem Proving (ATP) tools, enabling us to reason about smart contracts precisely.

NETHERMIND RESEARCH is the research arm of Nethermind, creating synergies between the fields of cryptography, protocol research, and decentralized finance. Our research solutions serve as the nexus where our theoretical knowledge meets real-world applications. Catering to a wide range of clients, from institutions to Web3 organizations and DAOs, we specialize in solving industry problems via innovative applications of our research.

Within cryptographic research, our work includes zero-knowledge proofs, distributed validator technology, decentralized identity, verifiable computation, privacy-preserving payment systems, and private voting. We work with notable DAOs and projects like EigenLayer, Obol, Lido, AlephZero. Cf. the list of relevant papers here and here.

Protocol research in Nethermind focuses on various designs of L2s, their decentralization, and MEV research, such as PBS. We investigate how rollups are built, where their security comes from, and analyze potential security risks.

Within DeFi, our role involves conducting technical due diligence, engaging in on-chain analytics, designing tokenomics, and developing quantitative financial models. Our primary focus is researching the latest DeFi trends and guiding financial institutions on particular investments or blockchain initiatives.

Objectives & Motivation

As advocates of open-source development and decentralization, Nethermind exists to make Ethereum stronger. Arbitrum DAO, as a leader in decentralized governance, is pushing toward this new frontier and aligns with the mission of Nethermind.

As a prospective member of the ARDC in service to Arbitrum DAO, Nethermind aims to work with other elected members to increase efficiency and accuracy in analyzing projects and proposals under the lens of security and, in doing so, achieve a more secure, effective output of the DAO; ensuring its long-term success.

Nethermind will advance the ARDC’s mandate to provide objective assessments to the Arbitrum DAO community and its delegates through our comprehensive suite of security and research services, as detailed in other sections of this proposal, and by communicating potential risks within various proposals to DAO delegates and the Arbitrum community at large.

We view this ARDC engagement, along with our contributions to STEP, as a pivotal opportunity to further solidify our relationship. Our goal is to forge a robust, enduring collaboration that leverages our comprehensive expertise and experience to benefit both parties over the coming years.

Skills and Experience

Nethermind’s blend of expertise in core development, infrastructure, cryptography research, development, and security is a rare combination within a single organization.

Over 50% of our security team holds a Ph.D. in Computer Science. Collectively, we have published over 150 scientific articles in prominent academic conferences and have amassed more than 1500 citations in Google Scholar. We have provided smart contract auditing services for 100+ projects across Solidity and Cairo. The list of public audit reports is available here. Nethermind is uniquely positioned with a wide range of in-house expert resources. Nethermind as a whole is comprised of 220+ professionals, of which 80% are engineers and researchers.

Short bio of the Head of Security

  • Cristiano Silva: Ph.D. in Computer Science (2014), MBA (2010), Graduate in Finances (2011), MSc in Computer Science (2005), and BSc in Computer Science (2000). Since 2022, he has served as a Research Security Engineer at Nethermind, having audited 200+ Web3 projects to date. Before joining Nethermind, he served as a Research Engineer at Quantstamp. From 2010 to 2020, he served as Associate Professor, Head of the Department of Technology, and Director of the Graduate Program in Technological Innovations at UFSJ, Brazil. From 2003 to 2009, he served as Business Unit Manager for Capgemini, leading 100+ Telecom, Government, and Banking engineers. Before that, he served as System Engineer for Lucent Technologies. During his career, he has published 120+ scientific articles, accumulated 1,200+ citations in Google Scholar, H-Index=21, and 28,000+ reads in Research Gate.

Short bio of the Head of Research

  • Michał Zając: Ph.D. in Computer Science. Over 14 years in cryptography research — both in academia and industry. Doing blockchain-related research since 2018 with a focus on user privacy and computation verifiability. The main area of specialization: zero-knowledge proofs, their applications, and security. Co-author of Vampire — an updatable and universal zkSNARK with the shortest proof. Over 350+ citations and publications at the most important cryptographic venues, CV: about_me/cv_2023.pdf at main · mpzajac/about_me · GitHub.

We have established Nethermind Security as a leading auditor in the Starknet ecosystem. Furthermore, we have been working with a number of leading actors in the Ethereum ecosystem, such as zkSync, Gnosis Chain, Polygon ID, Worldcoin, Risc Zero, Gyroscope, and others.

Key statistics:

  • Completed over 100 smart contract audits
  • Reviewed over 130.000 LoC
  • Discovered over 1000 issues
    • With over 10% of High or Critical severity
  • Built 200+ detection bots
    • For 20 protocols
    • Across 6 blockchains
    • The total value monitored by these bots is over 11 billion USD

Specific examples of Nethermind-provided services:

Proposal Review & Assistance

Ensuring the integrity and security of smart contracts within the Arbitrum ecosystem is paramount. Our approach mirrors the rigorous standards set by industry leaders, encompassing a meticulous examination of proposal designs and governance contracts. We possess the expertise to develop and refine tools tailored to enhance the security posture of proposals. This includes the creation of dedicated detectors for static analysis, the implementation of robust fuzzing capabilities to validate upgrade states, and the visualization of governance contract states for improved transparency. Our commitment to promoting the security and integrity of the ecosystem is reflected in our comprehensive suite of services, designed to empower DAO applicants with the confidence to navigate the evolving landscape of decentralized governance.

Customer-Oriented Approach
The Nethermind Security team will work closely with project teams via regular sync calls to ensure the work is completed efficiently. The DAO or projects involved will have full visibility of the process, and findings will be discussed on the go, fostering close collaboration and further increasing the value provided.

Review on Chain Proposal Code Updates

Drawing on our years of experience, Nethermind is adept at conducting white box source code reviews to ensure proposals align seamlessly with their intended design and specifications. Similar to leading practices in the industry, we focus on building resources to aid in the review process, encompassing a range of tools and educational materials. Moreover, we are committed to fostering a culture of knowledge sharing, providing educational content and code walkthroughs to empower stakeholders with the necessary insights to navigate the complexities of proposal review. By prioritizing the security and integrity of the Arbitrum ecosystem, we endeavor to equip stakeholders with the tools and knowledge needed to navigate the evolving landscape of decentralized governance effectively.

Our smart contract audit services include:

  • A comprehensive review of the smart contract code
  • Identification of vulnerabilities and weaknesses in the code
  • Recommendations for improving the security and functionality of the smart contracts
  • A final detailed report outlining our findings and recommendations

We also provide the following:

  • Performance reviews and recommendations for gas efficiency improvement
  • In-depth analysis of the test suite

We have a strong background in:

  • Implementing fuzzing tests, white-box tests, and black-box tests
  • Formal verification of EVM-based and Starknet smart contracts and zero-knowledge circuit verification.
  • Developing solutions for monitoring smart contracts in real-time using the Forta network

Transparency with DAO members:

The methodology Nethermind uses for making audits implies two sync calls per week with clients. We propose these calls be recorded and made available to all DAO members so they can have full context. Nethermind does not operate as a black box. We want the community to be involved in this work.

Project Management

In our project management approach, every initiative is led by a dedicated project lead with a single streamlined channel of communication, ensuring accountability and timely delivery. We utilize agile methodology to emphasize efficient workflows and robust quality assurance. We sharpened our skills and battle-tested our processes with many of the most recognized teams in the Ethereum ecosystem.

We have audited 130k+ lines of code and found 1000+ vulnerabilities in smart contracts. Moreover, 92% of suggested remedies were immediately implemented. More than 60% of our audit work is with returning clients who are pleased to have their names listed on our website. The same goes for our Research team, which works on complex cryptographic and protocol design problems. We are able to push the boundaries of knowledge (we get over 500+ citations and published at the most important research venues) and also help complex blockchain protocols in areas like Sybil resistance, DVT design, decentralized identity, and auction design.

Our project management and execution methodology is underpinned by the strategic use of the most effective tools and Agile processes, ensuring efficiency and transparency to the stakeholders. We use GitHub, HackMD, Notion, amongst other tools, for streamlined project and knowledge management, ensuring team alignment on documentation and updates.

Our Agile methodology enhances the smart contract audit and research processes through incremental improvement. We segment our projects into manageable phases while maintaining regular customer communication. Regular retrospectives refine our approach, ensuring peak responsiveness and innovation.

Purpose/Mandate of the ARDC

With this proposal, we aim to become a key collaborator in enhancing the security framework of the Arbitrum ecosystem. We focus on three key areas—code security, mechanism security, and cryptographic security—each chosen for its potential to significantly enhance the platform’s security posture and directly align with the ARDC’s objectives.

Code Security: We propose comprehensive low-level code audits, extensive fuzzing, and formal verification of core components. This approach aims to identify and mitigate vulnerabilities, ensuring the integrity and reliability of the codebase. By enhancing code security, we directly support the ARDC’s goal of providing a secure and stable environment for developers and users, reinforcing the foundational security that underpins user trust and system reliability.

Mechanism Security: Our expertise in analyzing and correcting misalignments within incentivization schemes addresses potential threats to the ecosystem’s fairness and sustainability. By optimizing mechanism security, we contribute to creating a balanced and efficient environment that promotes user engagement and trust, aligning with the ARDC’s mission to foster a robust and equitable platform.

Cryptographic Security: We will conduct thorough audits of cryptography-related code and the usage of cryptographic primitives. This focus on cryptographic security is crucial for maintaining the bedrock of trust and privacy in the Arbitrum ecosystem, safeguarding against vulnerabilities that could compromise the system’s resilience.

Additional Contributions

To promote a deeper understanding of security practices within the Arbitrum community, we can leverage our knowledge to develop comprehensive educational materials. This includes creating guides, tutorials, videos, and documentation that highlight best practices in security, governance, and risk management. These materials will empower stakeholders to make informed decisions and adopt secure practices in their operations.

Every document produced by our team always takes into account the accessibility for non-technical readers. For example, we use audit reports as educational tools, starting with a system overview, followed by implementation details, and finally discussing the identified issues. Every audit report and any other document produced by our team will provide all context and clarifications, allowing non-technical readers to understand the context of what is being discussed. We want to build together.

Nethermind is dedicated to fostering strong relationships with delegates, offering support through regular communication, training sessions, and collaborative problem-solving. By providing delegates with the tools and knowledge they need, we aim to enhance their effectiveness and contribution to the Arbitrum DAO.

Scope of Services & Applicable Fees

Nethermind commits to provide 2 security engineers for a total of 26 engineering weeks during the 6-month period. The investment per engineering week is $18,000, with the total requested budget of $468,000 payable in ARB tokens valued at the price of 1 ARB = $1.93. Hence, the total payment should be 242,487 ARB paid in 6 equal monthly installments.

Security Services:

  • A comprehensive review of smart contract code
  • Identification of code vulnerabilities and weaknesses
  • Recommendations to improve the security and functionality of the smart contracts
  • A detailed report outlining our findings and recommendations
  • Performance reviews and recommendations for gas efficiency
  • In-depth analysis of the test suite

Research Expertise:

  • Cryptographic protocols
  • Mechanism design, MEV, PBS, auctions
  • Zero-knowledge proofs: design, security analyses, and implementation
  • Distributed Validator Technology (DVT)
  • Decentralized identity, verifiable credentials, and Sybil resistance
  • Private asset transfer
  • Consensus design

Other potentially relevant experience:

  • Fuzz testing, white-box testing, and black-box testing
  • Formal verification, zero-knowledge circuit verification, and EVM-based smart contract verification
  • Developing solutions for monitoring smart contracts in real-time using the Forta network

Summary

Nethermind aims to bring a wealth of expertise and experience to the ARDC as a Security Oriented Member for Arbitrum DAO, as a leading blockchain research and software engineering company, specializing in security solutions, cryptography research, protocol development, and decentralized finance. We have a track record of excellence in smart contract audits, formal verification, and cutting-edge research, and uniquely positioned to contribute to the security and integrity of the Arbitrum DAO and the greater ecosystem.

Nethermind’s comprehensive suite of services encompasses code security, mechanism security, and cryptographic security. The team proposes thorough audits, extensive fuzzing, formal verification, and performance reviews to identify and mitigate vulnerabilities effectively. By leveraging this expertise, Nethermind aims to enhance the security posture of the Arbitrum ecosystem, ensuring a stable and reliable environment for developers and delegates alike.

Furthermore, Nethermind is committed to transparency and collaboration, offering regular sync calls and providing detailed reports to stakeholders. The team emphasizes knowledge sharing and community engagement.

With a dedicated team of security engineers and researchers, Nethermind is ready to support the ARDC’s objectives and contribute to the long-term success of Arbitrum DAO. The proposed scope of services - including smart contract audits, cryptographic research, and mechanism design- reflects Nethermind’s commitment to excellence and dedication to the advancement of decentralized governance through Arbitrum DAO.

2 Likes

The Block Research ARDC Proposal

Applicant Information

  • Name of Applicant & Applicant’s Representative [If Applicable]: Block Bond Holdings, Inc.

  • Representatives: Carlos Guzman, Abraham Eid

  • Email Address: cguzman@theblock.co, aeid@theblock.co

  • Telegram Handle (if applicable): Carlos’ Telegram: @carloseguzman3 Abraham’s Telegram: @Abraham_Eid

  • LinkedIn Profile (if applicable): Abraham’s Linkedin, Carlos’ LinkedIn

  • Role being applied for: Research Member

Background Information

Please provide a brief overview of your experience in the digital asset industry and, more specifically, Ethereum & Arbitrum Ecosystems. Include any relevant projects, contributions, or roles within the ArbitrumDAO, if applicable. (400 words max)

The Block Research possesses over 5 years of experience analyzing blockchain protocols, with specialized expertise in covering Ethereum and its layer 2 ecosystem. Our team of over 25 research specialists empowers our ability to serve as trusted advisors guiding infrastructure providers, investors, and developers navigating the crypto ecosystem.

We have established ourselves as leading voices within Ethereum layer 2 communities, demonstrated by our extensive coverage of prominent optimistic rollups. Our past reports have provided in-depth analysis contrasting Arbitrum and other optimistic rollups, evaluating architectural components of Arbitrum such as AnyTrust chains and Arbitrum Orbit, assessing the state of decentralization across rollups, examining innovations like shared sequencing, and more. This body of work underscores our intimate understanding of the Arbitrum tech stack and ecosystem dynamics.

Beyond publishing reports, we have run a consulting organization that has worked with a number of high-profile clients within the digital asset industry, including leading blockchains, DeFi protocols, and traditional finance companies looking to integrate and educate themselves on blockchain technology. Our consulting services have ranged from strategic advisory to technical implementation guidance for protocol teams and other organizations in the ecosystem.

Overall, our specialized expertise has unlocked our ability to guide our clients and audience in making informed decisions across the digital assets landscape. We intend to leverage this experience to meet the mandate of the ARDC.

Specify the subject-matter area(s) you are interested in contributing to within ARDC (e.g., Research, Framework Development, Risk Assessment, etc.). Explain why you believe your skills align with the chosen area(s). (500 words max)

We are primarily interested in contributing as a Research Member, using our specialized research expertise across the following subjects within ARDC:

Objective Governance Proposal Analysis: We will conduct impartial analysis leveraging datasets tracking adoption metrics, architecture changes, competitive dynamics, risk factors, and ecosystem growth indicators. Our approach centers on distilling data into actionable insights, benchmarking against other protocols, and anticipating future trends and obstacles. We strive to arm delegators with holistic perspectives into proposal contexts to better evaluate submissions.

Architecture & Technical Mechanism Research: We will aim to contribute to governance discussions leveraging our team’s deep technical expertise, coupled with our extensive experience communicating complex crypto-related topics to a wide audience. We see ourselves playing a key role in clarifying complex topics and making governance discussions engaging and accessible to all DAO members and delegates. Our team possesses over 5 years of experience researching innovations in cutting-edge areas including assessing the latest in fault-proof and zero-knowledge protocols, researching mechanisms for sequencer and prover decentralization, and analyzing complex economic mechanisms, among many other technical topics. We’ve led discussions with our readers and membership clients regarding intricate protocol upgrades and developments around domains including fault proofs, sequencer mechanics, and data availability solutions, among many others. We are confident we can leverage this expertise to provide recommendations and guide proposal discussion.

Retroactive Analysis of Initiatives & Best Practice Research: We envision ourselves playing a key role in analyzing past initiatives in an objective, data-driven manner to derive learnings that can be used to improve ongoing proposals and initiatives. We will propose frameworks for retrospective analysis and evaluation of system-wide programs, incentives structures, and realized implementations to crystallize best practices and derive success metrics to inform future efforts. Our extensive understanding of protocol-token-user incentive alignment in areas like staking, emissions distribution, and DAO grants programs uniquely equips us to enhance program efficacy. On top of our deep familiarity with protocol metrics and data, we have previously worked on private client engagements to develop go-to-market strategies and track program effectiveness, so we’re confident we can leverage that experience to assess the Arbitrum Dao’s initiatives.

Exposure and Growth Support: An integral part of our services includes monitoring adoption patterns and ecosystem dynamics to advise clients on partnership opportunities, integration pathways, and avenues to attract developers/users. We maintain connections with leading VCs, funds, and protocols and are poised to recommend collaborative growth opportunities for mutual value creation.

theblock.co is furthermore one of the leading platforms in the industry for information dissemination with over 2 million monthly visitors. Part of our proposal to become an ARDC member includes leveraging this platform to communicate key Arbitrum ecosystem updates, technical innovations, protocol upgrades and more.

Our capabilities across these interrelated topics are demonstrated through past coverage of innovations in rollup technology comparing Arbitrum and Optimism architectures, analysis of adoption patterns throughout Arbitrum’s history, and expertise guiding discussions around protocol improvements and key events with our membership base and consulting clients.

Objectives & Motivation

What motivates you to join ARDC, and what do you hope to achieve as a member? (300 words max)

Our core motivation for joining ARDC stems from the recognition that impartial, specialized research and insights remain imperative for guiding prudent governance decisions, advocating for proposal enhancements, and directing sustainable improvements for the Arbitrum protocol and DAO.

As research-focused contributors participating across communities like Arbitrum since inception, we discern the integral value quality data-driven analysis provides for navigating complex dynamics like architectural pivots, competitive landscapes, adoption patterns, and risk management.

We hope to solidify a long-term partnership with ARDC and the ArbitrumDAO leveraging our specialized expertise to unlock an ongoing, fruitful collaboration. Specifically, we aim to:

  • Empower delegators to make discerning choices by arming them with holistic understandings of proposal contexts and initiative evaluations grounded in on-chain data analysis
  • Aid proposal authors in recognizing shortcomings and optimizing submissions to best satisfy ecosystem needs
  • Enhance technological mechanisms and protocol developments through guiding working group discussions with technical acumen and impartial recommendations, bringing together insights from the community as well as those of industry experts, including our own
  • Develop feedback loops evaluating program efficacy to promote fully-informed course corrections and crystallize best practices

The overarching goal of our participation is to walk step-in-step with the DAO over a long time horizon to actualize Arbitrum’s immense potential. We believe specialized research is pivotal in materializing the vision of decentralized networks and their governance communities.

Explain how you envision contributing to the primary mandate of ARDC, which is to provide objective assessment of ArbitrumDAO Forum proposals & discussions and expedite governance decision-making within the Arbitrum ecosystem. (300 words max)

We will contribute to ARDC’s core objective of empowering governance decision-making through impartial proposal assessments grounded in real-time and historical on-chain data analysis, along with our extensive protocol and ecosystem expertise.

Our approach centers on distilling datasets and complex technical information into intuitive visualizations and insights that empower delegators to critically evaluate trade-offs. We go beyond superficial analysis to identify key trends, metrics, and benchmarks to contextualize submissions against past ecosystem developments and industry analogues.

For example, our analysis would incorporate retrospective assessments of realized implementations to highlight accomplishment, shortcomings, and key learnings to inform new proposals. We also leverage expertise in areas like incentive design and adoption trend analysis to model proposal viability under various scenarios.

Additionally, we will offer working sessions with proposal authors and community members to workshop submissions constructively. We will provide recommendations addressing potential weaknesses, risks, and incentive misalignments. Our aim is friendly yet candid dialogue facilitating strong proposals realizing their full potential.

Overall, the fusion of our specialized data analysis expertise, intimate understanding of technical nuances, and collaborative approach unlocks our ability to elevate governance practices. We empower community participants to make discerning choices steering ecosystem growth trajectories through holistic proposal evaluations and continuous optimizations.

Skills and Experience

Provide details about your relevant skills and experience, including any previous work or contributions related to the subject-matter area(s) you are interested in within ARDC. (300 words max)

Our specialized research team possesses over 5 years of experience analyzing blockchain protocols with backgrounds spanning crypto funds, traditional finance firms, tech companies, and blockchain infrastructure providers.

We leverage multifaceted expertise in areas including:

  • Token economics analysis
  • Adoption metrics evaluation
  • Architecture assessment
  • Competitive benchmarking
  • Ecosystem trend monitoring
  • Complex concept communication
  • Program analysis
  • Partnership advising

Our capabilities are demonstrated through Arbitrum coverage assessing adoption of AnyTrust chains and Arbitrum Orbit, comparing architectural designs of Arbitrum Nova and other optimistic rollups, analyzing state of decentralization across sequencers and proposers, examining innovations like shared sequencing, and more.

Additionally, we offer data science competencies in domains like statistical modeling, scenario analysis, trend forecasting, and the creation of intuitive protocol dashboards.

This multifaceted skill set combines research proficiency with specialized technical and quantitative abilities to conduct holistic analysis guiding ecosystem enhancements.

Overall, we believe our firm grasp of the intricate dynamics of the Arbitrum ecosystem paired with our demonstrated expertise unlocks immense value creation potential as ARDC members.

Proposal Review & Assistance

Share what approach you would implement to conducting objective research and providing assistance to proposers to enhance their proposals. (300 words max)

Our team has an extensive track-record of providing independent and objective analysis. We pride ourselves in delivering unbiased analysis to our audience and clients, free from conflicts of interest.

Our approach for conducting objective proposal analysis leverages real-time and historical on-chain data sets tracking adoption patterns, TVL flows between ecosystems, architectural changes, competitive benchmarking, and other growth indicators.

We distill data analytics into accessible visualizations and actionable insights to enrich community discussions. Our research contextualizes submissions against past milestones and analogous external developments to better understand precedent.

Additionally, we will offer collaborative sessions for proposers seeking to enhance submissions. Our assistance methodology centers on constructive dialogue to align incentive structures, address potential weaknesses, and realize mutual value.

Specifically, we will provide feedback on:

  • Incentive misalignments or flaws in value distribution proposals
  • Risks related to unintended consequences from proposed changes
  • Assessment of team capabilities required for successful implementation
  • Modeling potential adoption patterns or user reactions
  • Underscoring trade-offs not fully articulated to facilitate informed decisions

Our aim is friendly yet candid discussions enabling strong proposals satisfying ecosystem needs in a sustainable manner aligned with the best interests of the DAO. We leverage expertise guiding collaborations across other blockchain communities to make this assistance methodology a value-add for ARDC proposers.

Research Initiatives

Describe your experience conducting research-oriented initiatives within the digital asset industry, more specifically, research re. the Arbitrum-specific tech-stack. Explain how your previous experience can translate to an added value contribution to the ARDC & the ArbitrumDAO. (500 words max)

Our extensive experience researching innovations across Ethereum layer 2 scaling solutions over the past 5 years provides immense value to guiding discussions around optimizing Arbitrum’s tech stack.

Previously, we authored reports evaluating major architectural upgrades introduced through Arbitrum innovations like AnyTrust and Arbitrum Orbit. Our analysis examined nuances around inheriting optimistic rollup security properties with reduced data availability reliance. We also covered Arbitrum Nova, assessing adoption patterns and usage growth while weighing customizability versus interoperability tradeoffs.

Additionally, we possess expertise communicating intricate concepts like validity versus fraud proofs, recursive SNARKs, statefulness, and alternative data availability mechanisms. We’ve furthered authored reports concerning sequencer and prover decentralization, forced transaction inclusion, and escape-hatch constructions across different blockchain scaling architectures. Our research utilizes intuitive frameworks, evidence-based recommendations, and clear terminology to enrich discussion for a wide audience.

We’re confident our specialized expertise covering bleeding-edge developments will unlock immense value in guiding enhancements across Arbitrum’s architecture and social layer.

Project Management

Describe your project management experience. (250 words max)

At the heart of The Block Research’s consulting practice success over the past three years is our focus on effective project management, a cornerstone that has led to the successful completion of over 50 diverse client engagements. This has allowed us to collaborate effectively with various ecosystem partners, navigating a wide array of project demands and verticals. Our approach is deeply rooted in a comprehensive understanding of the unique needs of each project, allowing us to allocate resources in a manner that delivers solutions our clients are happy with.

Examples of projects we’ve led:

  • Guiding a $2Bn+ public gaming firm on strategic pivots towards web3 interactive mediums, seeking to understand fluctuating user preferences
  • Collaborating with billion-dollar market cap blockchain platforms on roadmap crafting, necessitating alignment across technology buildouts and business milestones
  • Informing token distribution strategies for prominent L2 protocols
  • Co-developing institutional-grade crypto index products for top tier funds, requiring resilience through market volatility

Throughout each project lifecycle, we prioritize open and detailed communication with our project sponsors. By providing regular progress updates and sharing insights into any challenges encountered, we ensure a transparent and collaborative relationship. This commitment to clear and continuous dialogue has been instrumental in building trust and fostering lasting relationships with stakeholders across the digital asset industry.

With this foundation, we are well-equipped to contribute significantly to the ARDC workstreams, driving forward innovation and sustainable growth within the Arbitrum ecosystem. Our expertise not only facilitates seamless project execution but also ensures that we are adding tangible value, helping to shape a more resilient Arbitrum ecosystem.

Purpose/Mandate of the ARDC

How do you intend to objectively contribute to achieving the purposes/mandate of the ARDC? (500 words max)

We intend to fulfill ARDC’s mandate of empowering governance participants to make informed decisions regarding Arbitrum’s ongoing development through the following core contributions:

Objective Governance Proposal Analysis: We will conduct impartial assessments grounded in real-time and historical on-chain data analytics tracking adoption patterns, architecture pivots, competitive dynamics, and other ecosystem growth indicators. Our approach distills data into accessible visualizations and actionable insights to enrich community discussions and empower delegators to critically evaluate trade-offs.

Architecture & Technical Research: Leveraging our 5+ years providing expert research on scaling solutions, we’re poised to contribute our perspective and recommendations on developments related to fraud proofs, sequencer designs, and approaches to data availability, among other technical topics that may come up. We frame complex dynamics through intuitive frameworks, evidence-based recommendations, and clear terminology facilitating wide participation and engagement across DAO members.

Retroactive Analysis of Initiatives & Best Practice Research: By conducting careful retrospective analysis assessing realized implementations, we will evaluate program efficacies and crystallize best practices and success metrics to inform future efforts.

Exposure and Growth Support: Leveraging our platform reaching over 2 million monthly visitors, our research team will highlight ecosystem updates, technical breakthroughs, and protocol upgrades to onboard new users and demonstrate development velocity.

Furthermore, by tracking adoption patterns and maintaining connections with leading investors/protocols, we’re well-equipped to advise strategic partnerships and marketing initiatives that attract developers. Our past coverage has analyzed rollup architectures and guided protocol improvements through informed discussions.

Overall, through showcasing advancements to millions of readers and recommending collaborative growth opportunities, The Block Research can fulfill ARDC’s mandate of promoting awareness, adoption, and prudent progress for the Arbitrum network. Our industry-leading platform and real-time pulse on ecosystem updates prime us to reach this objective.

Additional Contributions

How can you contribute to the creation and enhancement of tools for security assessment, the development of educational materials, research into new mechanisms, delegate engagement, and growth initiatives, as outlined in ARDC’s objectives? (500 words max)

Beyond core research tasks, we’re poised to contribute across domains like education, tooling, and growth. Specifically:

Education: We will author technical explainers to demystify complex concepts like fraud proofs, shared sequencers and data availability for wider accessibility.

Tooling: We can build interactive dashboards showcasing adoption trends and tracking the effectiveness of DAO initiatives.

Growth: We will highlight ARDC updates and milestones through our platform reaching over two million visitors monthly and social media channels surpassing 400K followers to significantly boost awareness. We’re also well-networked with leading VCs and protocols to advise on integrations and marketing opportunities attracting developers/users.

Scope of Services & Applicable Fees Please provide a detailed breakdown of the scope of services through which you will be contributing. Include the pricing model implemented & a description of expected hours + hourly rate (if applicable) & manpower dedicated to the ARDC.*

Scope of Services and Pricing:

Services:

  • Dedicated Research Team: 3 research analysts & 2 data analysts staffed on ARDC initiative support for 6 months. Analysts will participate in governance discussions, create explanatory content, create data dashboards and analysis, lead governance discussion calls, and author research articles.
  • Expert Stipends: Provisions for compensating domain experts for advisory sessions, survey panels, or supplemental research

Total Budget (USD): $500,000 (~241,648 ARB, ~36% of allocated research cap)

By combining top-tier full-time talent with provisions to leverage niche experts on an as needed basis, this model empowers extensive coverage across ARDC’s sprawling mandates through a budget conscious program.

Summary

In summary, please highlight your key qualifications and what you believe you can bring to ARDC. (400 words max)

In summary, The Block Research’s extensive expertise in web3 protocols combines comprehensive research capabilities with data science proficiencies to unlock immense value as an ARDC Research member.

Our core advantages include:

Specialized Research Team: With 5+ years examining blockchain projects, our accomplished analysts offer an intuition for nuanced dynamics and proven track records furthering ecosystem advancements.

Demonstrated Arbitrum Knowledge:
As active researchers discussing Arbitrum since inception, we offer intimate understandings of real-world limitations, risks, and considerations complementing high-level assessments through hands-on participation.

Multidisciplinary Skillsets: Our fusion of research prowess, quantitative abilities, and client-focused experience creates a well-rounded skillset to holistically enhance ARDC’s charter.

Committed Partners: As proponents for responsible decentralized network developments, we’re fully aligned with ARDC’s ethos and focused on forming long-term collaborations far exceeding transactional engagements.

Overall, our firm grasp of ecosystem nuances supplemented by accomplishments conveying complex dynamics through clear insights prime us to guide ARDC through crucial inflection points, responsibly optimizing Arbitrum’s potential as the preeminent neutral execution layer for web3.

Feel free to attach any relevant documents, portfolios, or links to previous work or contributions.

1 Like

Applicant Information

Name of Applicant & Applicant’s Representative [If Applicable]:

  • Stephen Tong (CEO and Co-Founder, Zellic);
  • Kaushik Swaminathan (Head of Growth, Zellic, Representative)

Email Address: stephen@zellic.io; kaushik@zellic.io

Telegram Handle (if applicable): k_zellic

LinkedIn Profile (if applicable): Zellic | LinkedIn

Role being applied for [1 Max]: Security-Oriented Member

Background Information

We are Zellic, a leading blockchain security firm. Security providers have historically sought large amounts of funding from DAOs and other public goods organizations for work of dubious value to token holders. Meanwhile, projects often spend a third of their budget on security. We believe this prescriptive, extractive approach is fundamentally misaligned with the long-term interests of the crypto community and Web3 industry.

Counter to this trend, we propose a radically-aligned “pay for what you get” model. In this model, we will only be compensated for the deliverables that token holders actually want and find useful. Meanwhile, we propose deliverables that directly minimize the amount of security spend needed by developers in the Arbitrum ecosystem to ship and deploy code.

Beyond fees and payment structure, we directly prove and enforce our alignment to Arbitrum token holders financially:

  • Voluntary token bond. If Zellic is selected for the ARDC, we will at our own expense post a $75,000 USD bond to be locked up in staked ARB tokens during the performance of this proposal.
  • Vesting. We also voluntarily request that all payments for services under this proposal vest over a predetermined period. These terms ensure that Zellic will remain fully committed and faithful to ARB token holders first and foremost.

About us

Zellic is a vulnerability research firm with deep expertise in blockchain security. We specialize in EVM, Move (Aptos and Sui), and Solana, as well as ZK and Cosmos. We identify complex vulnerabilities and prevent catastrophic security events.

Among others, LayerZero, StarkWare, SushiSwap, and the Solana Foundation trust Zellic to secure their future. We review L1s and L2s, cross-chain protocols, wallets and applied cryptography, web applications, and more. We also have a dedicated zero-knowledge cryptography team, and work closely with projects like Scroll, Axiom, and Succinct Labs.

Zellic is led by Stephen Tong and Jasraj Bedi, who previously founded the #1 CTF team worldwide in 2020 and 2021. Our engineers bring a rich set of skills and backgrounds, including cryptography, web security, mobile security, low-level exploitation, and finance. We’re also a founding member of the Security Alliance (SEAL) led by samczsun, an industry effort to raise the bar for blockchain security.

We believe that a competent security member of ARDC should support all subject-matter areas relevant to the DAO: Governance Proposals; Research; Framework Development; Risk Assessment; Secure Code Reviews; Threat Modeling; Testing Enhancements; and Retroactive Analysis Of Passed Initiatives.

Objectives and Motivations

We want to empower DAO members to make good decisions, especially when they involve security and/or technical evaluation. Our objective is to increase Arbitrum’s TVL and developer adoption. We will do this by providing useful deliverables that (1) make users more eager to use applications built on Arbitrum and (2) make it easier and cheaper for developers to build and ship those applications in the first place.

Arbitrum has almost $3B in TVL, but insufficient tools, processes, or advisory to ensure DAO governance and ecosystem development are secure. We want to bring in battle-tested best practices, tooling, and services to bolster the security posture of the Arbitrum ecosystem at-large. And most importantly, we want to do so in a way that is actually useful for token holders.

Skills and Experience

Below are Zellic’s areas of expertise that are most relevant to Arbitrum DAO:

Arbitrum Ecosystem: We have audited and/or have on retainer several leading protocols on Arbitrum, including Hyperliquid, Timeless, Perennial Finance, Y2K, and Premia.

L1s, L2s, and Roll-ups: We work with some of the largest L1s—Solana Foundation, Aptos Labs, and Mysten Labs—and L2s—StarkNet, Scroll, and Mantle—to identify bugs in networks, application layers, custom precompiles, and more. Earlier this year, we discovered a critical vulnerability in Move’s bytecode verifier that put billions of dollars at risk across multiple chains.

Cross-chain apps: We are experts in cross-chain infrastructure, working closely with bridges like LayerZero, Wormhole, Succinct Labs, and more. Our commitment to bridge security extends to governance support; we are a member of Uniswap’s Bridge Assessment Committee. In addition, we’ve reviewed cross-chain applications including Stargate, Tristero, Catalyst, Shrapnel, Cedro, and the OFT/ONFT standards.

Web application security: Zellic has deep expertise spanning the full stack of web applications spanning all the major tech stacks—ranging from dynamic backends built in Javascript, Python, and Ruby, to high-performance APIs in Golang and Rust, to client-side applications in React and Electron. Our team comes with extensive CTF and bug bounty experience, and has claimed bounties from the largest technology companies and public institutions including the US Department of Defense, Github, Yahoo, Shopify, PayPal, Adobe, CrowdStrike, Amazon, and Bitfinex. In 2018, our CTO Jasraj Bedi found a novel DNS rebinding bug in Geth—drawing on our capabilities in web and native security.

Applied cryptography: Zellic has a dedicated team of strong theoretical and applied cryptographers. Implementing cryptographic applications securely, like Web3 wallets, is incredibly difficult. We help clients navigate a minefield of potential pitfalls and mistakes. Wallets we’ve reviewed include Pontem, Avara (Aave Lens), Lootrush, and Ledger. We’ve also reviewed adaptors such as Aptos IdentityConnect. We helped Privy secure their Shamir’s Secret Sharing (SSS) implementation used by friendtech. We look at non-custodial wallets, ERC4337 (AA), MPC, SSS, EOAs, native multisig support, enclave solutions, and social login and key recovery.

Secure Enclaves, TEEs, and Trusted Computing: Zellic’s background in native application security is unparalleled: We love C, C++, x86_64, Aarch64, and SystemVerilog. We work with embedded firmware, secure elements, and hardware wallets. We worked with the Solana Mobile team to conduct a full-stack review of their secure enclave architecture from the Android app down to the TEE. We also worked with the Interchain Foundation to review their Cosmos Ledger integration, where we uncovered and fixed critical memory corruption vulnerabilities. We’re also experts with cloud enclave stacks like KMS and AWS Nitro Enclaves. Trusted applications demand high assurance and deep systems knowledge, which our clients trust us to deliver.

Formal verification, Static Analysis, and Fuzzing: Zellic are experts at program analysis, leveraging tools such as fuzzers, SMT solvers like CVC5 and Z3, LLVM, symbolic executors, and proof assistants like Lean and Coq. Our team includes researchers who have published peer-reviewed fuzzing papers and static analysis specialists. Using Z3, we formally proved the security of WETH, the world’s most relied-upon smart contract. With Pontem, Laminar Markets, and PancakeSwap, we leveraged the Move prover to guarantee critical protocol invariants. With Mysten Labs, we thoroughly fuzzed the Move VM for deep property-based testing. These techniques create additional assurance beyond a thorough manual review.

Zero-knowledge circuits: Zellic’s dedicated zero-knowledge team combines a distinguished skill set in advanced cryptography, vulnerability research, and competitive hacking. We review circuits in Circom and Halo2 for zkEVMs, zkVMs, privacy and identity protocols, and interoperability infrastructure. Our clients include rollups (Scroll), coprocessors (Axiom), privacy primitives (Nocturne), and zk-bridges (Polyhedra).

Proposal Review & Assistance

Our proposal below outlines a number of initiatives of varying complexity and application that we are confident to execute at the highest level. That being said, we do not want to be presumptuous or heavy-handed in what the community needs.

We will defer to governance participants to determine which of the initiatives is most appropriate for the community for the duration of our six-month tenure.

1. Template primitives for Arbitrum Stylus

We want to minimize audit spend for Arbitrum developers. By providing pre-audited primitives, Arbitrum developers will be able to fork and ship code quickly and safely.

Stylus has the potential to be a step-change in developer experience across all EVM chains. It allows developers to write smart contracts in programming languages that compile down to WASM, such as Rust, C, C++, and many others. Given its novelty, however, there are few resources or projects that demonstrate its robustness.

Zellic can build secure templatized primitives for Stylus–e.g., an ERC20 implementation–that can be leveraged to develop higher-order dApps like AMMs, perps DEXs, lending protocols, and more. These templates would be pre-audited by our security researchers. Our goal is to increase the baseline level of ecosystem security, even for permissionless deployments of long-tail assets and protocols.

2. Guidelines and frameworks for AIPs

AIPs are often well-intentioned but poorly drafted because there are no standard guidelines. Alongside other ARDC members, we will develop a set of standards and best practices for AIPs so that proposers and evaluators have the necessary information to make an informed decision. Specifically, a lot of proposals fail to account for overall ecosystem impact that even minor changes can have. This protects Arbitrum token value by eliminating security issues before they are even developed.

For every governance proposal that relates to our security expertise and/or proposes to spend DAO budgets on audits, we will contribute a forum post outlining security considerations for that project for the community’s benefit in decision-making. For instance, we will contribute input on ways proposed audit costs could be minimized.

We will also conduct full security reviews of any on-chain governance upgrades as needed, at the discounted rates outlined later in this proposal.

3. Arbitrum CTF competitions

Capture The Flag competitions are the epicenter of security research. They consist of a set of computer security puzzles involving reverse-engineering, memory corruption, cryptography, web technologies, and more. CTFs and similar code competitions are a verified go-to-market strategy to attract high-quality developers to a new ecosystem. Curta competitions, for instance, have discovered some of the best protocol engineers via their programming competition platform on EVM. We have designed several Curta challenges. Some other recent Web3 efforts of ours include MoveCTF, Ingonyama ZK CTF, and Paradigm CTF.

We’ve led the #1 ranked CTF team worldwide in 2020, 2021, and 2023, and have won some of the most prestigious competitions including GoogleCTF, Real World CTF, PlaidCTF, and DEF CON Quals. With the rapid growth of rollups and sovereign blockchains, Arbitrum-specific CTFs—which are operationally complex with high technical barriers to organize—will be a strategic way to identify and attract top developer talent to the ecosystem.

4. Security primers on Arbitrum

Zellic will write security primers, case studies, PSAs, and other analysis for the community’s benefit. We will write these in the style of our previous educational blog posts. Similar security primers that we’ve written for other ecosystems include: Aptos; Sui; Cairo; ZK. We expect that ongoing commitment to education and documentation will distinguish Arbitrum as a mature, robust platform.

In addition to our work for clients, Zellic closely follows all ongoing critical exploits and hacks in the crypto ecosystem. On multiple occasions, our security researchers have successfully reverse-engineered several major attacks as they were ongoing. For example, collaborating with samczsun, Zellic was the first team to triage and reverse engineer the $325,000,000 attack on the Wormhole bridge in February 2022.

During these times of crisis, our auditors regularly publish long-form Twitter threads to help raise the crypto ecosystem’s awareness and education regarding security. Public education and community engagement are important pillars of Zellic’s ethos. Below are select Twitter threads that received the highest user engagement and impressions this year, and we envision publishing similar threads and additional PSAs for Arbitrum DAO: Ledger wallet drain; Nomad $190M bridge hack; Slope wallets hack; meta-analysis of cross-chain bridge exploits.

5. Governance incident response

In addition to reviewing on-chain governance proposals, we will run governance attack simulations to ensure that key stakeholders within the DAO are well-prepared for emergency situations–low probability but critical impact incidents. Bad actors can pass malicious proposals, even in forums with a wide range of active participants. Processes around incident response will establish Arbitrum as a leader in ecosystem security.

In such scenarios, key governance delegates must move swiftly and with a clear operating procedure to reverse the malicious proposal and/or its impact. We will design an Arbitrum DAO-specific playbook for this. Our experience as a founding member of SEAL is testament to our commitment to incident preparedness and response.

6. Arbitrum Drift Tracker

Zellic has built a tool called the Audit Drift Tracker, which tracks what code is audited and unaudited for the biggest DeFi protocols. ‘Drift’ specifically refers to the difference between code that is audited and code that is deployed. To the best of our knowledge, no one is tracking the on-chain audit drift of popular DeFi and Web3 protocols. Audit drift was at the heart of the $190M Nomad bridge exploit.

Given the pace of development in the ecosystem, we want to devote resources for an exclusive platform to track audit drift in leading Arbitrum projects. TVL security is among the highest priorities for any chain, and Drift Tracker offers both developers and users an accessible tool to make security-informed decisions and hold protocols accountable. We expect this should have a meaningful impact on growing TVL within the ecosystem as users feel more equipped to better diligence their counterparties on-chain.

7. Forky (Forks Identifier)

Forky is a tool that presents the smart contract differences between a fork of a protocol and a base (parent) protocol. For example: PancakeSwap is a fork of Uniswap v3. This tool would allow you to easily view the differences between both codebases and their corresponding risk considerations. This will allow both retail traders and institutional funds to deploy with confidence on counterparty security.

DeFi protocols are particularly susceptible to fork-related exploits. Users often assume that forks carry the same security assumptions of its parent protocol, without checking and/or understanding the changes that can be made. Forky highlights in plain English the scope of changes as well as its intended effect, like changes in permissions, admin functions, use of standards, etc.

We will build an Arbitrum-focused Forky that allows users to input the source code of any new protocol on Arbitrum and compare it to the most-forked protocols on Ethereum–like Uniswap, Aave, Compound, etc.

8. Static Analyzer for Arbitrum Stylus

We can build a static analyzer for Arbitrum Stylus, similar to what Slither is for Solidity. However, we believe that the development cost here would be prohibitive, and this tool would ultimately not be directly value-accretive to ARB developers. While it is within our capabilities, as we have significant experience with compiler engineering and static analysis, we do not provide a cost estimate for this component. Should the DAO believe that this component would be useful for the Arbitrum community, we would be happy to amend our proposal to include this component.

Review on Chain Proposal Code Updates

We’re respected as security researchers because we find bugs that others miss. Listed below are some of our recent security findings in leading blockchain projects. We hope it demonstrates our expertise across the wide range of security considerations that should be top-of-mind for Arbitrum DAO.

Our commitment to security research includes governance support. We are a member of Uniswap’s Bridge Assessment Committee. In February 2023, the Uniswap Foundation convened this committee to evaluate cross-chain bridges in DAO governance. We evaluated six bridges and approved two for the DAO’s cross-chain governance use case, and determined that a multi-bridge architecture was likely the best option for Uniswap.

In our review of Cosmos SDK’s new string-based sign mode for signing with hardware devices, we identified a buffer overflow in the function responsible for converting ASCII control characters to their escape sequence equivalents. An attacker could have abused this bug to overwrite the stack of the ledger and partially control the instruction pointer and registers.

As part of our review of LayerZero’s Stargate, we identified a business logic bug that could potentially lead to desynchronisation of token balances in swaps between two coins. This error would have broken the Instant Finality Guarantee and led to user funds being permanently locked.

Outside of a formal security review, one of our security researchers also discovered a critical vulnerability ‘in the wild’ in Premia, one of Arbitrum’s leading options protocols. An allowance check issue would equip any user to grant allowance to themself to arbitrarily cause cross-chain transfers of other users’ tokens to an arbitrary address i.e. any user can steal any other user’s funds using cross-chain transfers.

For Arbitrum DAO in particular, security considerations for governance proposals are two-fold:

  1. Are the proposed changes secure? Zellic’s deep expertise across the full stack of blockchain systems will allow us to perform a thorough manual review of every change.
  2. Do the changes introduce new vulnerabilities and/or attack vectors? I.e., are there dormant backdoors in the proposal? Zellic will develop threat models for all relevant governance proposals to ensure that proposed changes are secure and do not implement soft-backdoors that can be activated at a later date. An important example here was the self-granting of 1.2M votes on Tornado Cash by a malicious actor.

Project Management

In the last two years, Zellic has worked with 200+ clients on security reviews that last as little as one day to longer than twelve months. We follow strict standard operating procedures to ensure the highest quality security services and communication with our clients. We assign at least two auditors and one engagement manager for every project. Our engagement managers act as a further layer of quality assurance for our clients, ensuring our work always meets our standards.

Of particular relevance to Arbitrum DAO, we have worked closely with several L1 and L2 teams and foundations including Solana, Sui, Aptos, TON, Osmosis, Mantle, Scroll, and StarkWare.

Purpose/Mandate of the ARDC

The purpose of the ARDC is to provide objective reporting on governance proposals and to support making the DAO’s ecosystem visions a reality. We have outlined our proposed contributions to ARDC’s mandate in the section titled Proposal ‘Review & Assistance’.

Additional Contributions

Scope of Services and Applicable Fees

We take accountability seriously, and only expect the DAO to compensate for work that has been satisfactorily completed. We will define clear milestones for each initiative, and only request payment upon completion of a milestone. We are committed to the Arbitrum ecosystem for the long-term, and request that our ARB payment be locked up according to a predetermined schedule. We leave the decision of the vesting period up to you, the delegates, but suggest a minimum period of 6 months. Overall, we expect our contributions to positively impact the ecosystem and are confident that it will be reflected in the long-term value of $ARB.

The scope of services listed below is an outline of possible deliverables to expect from Zellic. We do not presume that all will be within scope or a priority to the DAO.

Rather than a prescriptive approach, we want you, the delegates, to pick and choose what you find useful.

Description Required time (engineer-weeks) Cost (USD) Cost (ARB) Notes
Template Primitives for Arbitrum Stylus 6 $135,000 65,534 An ERC20 implementation for Stylus will take ~3 eng weeks as a benchmark. We can build 2 templates based on the DAO’s priorities.
Guidelines and frameworks for AIPs 8 $180,000 87,378 Two security researchers will work in tandem for four weeks.
Arbitrum CTF Competitions 10 $225,000 109,223 Time includes writing challenges, managing infrastructure, and organizing the competition.
Security primers on Arbitrum 3 $67,500 32,766 We plan to write one primer every two months, based on the needs of the DAO. Each primer will take one engineer week.
Governance attack simulations 6 $135,000 65,534 Two security researchers will work in tandem for three weeks.
Arbitrum Drift Tracker 6 $135,000 65,534 Developed by Zellic’s engineering team.
Forky 4 $90,000 43,689 Developed by Zellic’s engineering team.

Again, we urge delegates to pick and choose only the components in this proposal that would be valuable to the goals of the ARDC.

Some qualifications on the pricing above:

  1. ARB price was calculated at $2.06 as of February 12, 2024.
  2. Our market rate for security reviews and advisory is $25,000 per engineer-week. Given our commitment to DAO security and Arbitrum-at-large, we are extending a flat 10% discount for services outlined above, at a rate of $22,500 per engineer week.

Voluntary Token Bond

If selected for the ARDC, Zellic will at our own expense post a $75,000 USD bond. This bond will be used to buy ARB tokens which will be staked for the full duration of the performance of this proposal, up to a maximum of 12 months. The ARB tokens will be returned to us after this lock-up period.

Summary

In preparing and drafting this proposal, Zellic has been grateful for the openness and transparency of various Arbitrum DAO stakeholders on the subject of core protocol developments, security considerations, and ARDC priorities. As such, we have made considerable effort to be precise with our scope of work to address the specific needs of the Arbitrum ecosystem.

Zellic’s commitment to blockchain security is deeply aligned with Arbitrum’s work as a forerunner in securely scaling Ethereum. Zellic appreciates the opportunity to submit a proposal for the Security Member in ARDC, and looks forward to a continuous partnership with the DAO and its delegates. We thank Arbitrum DAO for its consideration.

Feel free to attach any relevant documents, portfolios, or links to previous work or contributions.

You can find our publicly available audit reports here: GitHub - Zellic/publications: Zellic's audits, publications, and reports.

1 Like

Chaos Labs Risk Contributor Proposal

Applicant Information

  • Name of Applicant & Applicant’s Representative: Chaos Labs (Ori Nevo)
  • Email Address: arbitrum@chaoslabs.xyz
  • Telegram Handle (if applicable): @orinevo
  • LinkedIn Profile (if applicable): Chaos Labs | LinkedIn
  • Role being applied for: Risk Management-Oriented Member

Background Information [Applicable to all]

Please provide a brief overview of your experience in the digital asset industry and, more specifically, Ethereum & Arbitrum Ecosystems. Include any relevant projects, contributions, or roles within the ArbitrumDAO, if applicable. (400 words max)

Chaos Labs excels in risk management, economic security, mechanism design, and optimization for DeFi protocols, utilizing advanced simulations to assess protocol resilience under severe market conditions. Our team comprises esteemed researchers, engineers, and security experts with a proven track record in developing cutting-edge risk management solutions. We’ve managed trading venues with volumes in the hundreds of billions and portfolios worth tens of billions, significantly influencing DeFi advancements. Our expertise is from diverse fields, including traditional finance and cryptocurrency, bolstered by experiences at top tech firms like Google, Meta, and Microsoft and elite cyber-intelligence units. This unique mix positions Chaos Labs at the forefront of driving DeFi innovation with unique insights and expertise.

Our Approach to the ARDC Chaos Proposal

As firm believers in the long-term viability of DeFi ecosystems, we recognize that our business success depends on these ecosystems’ ability to nurture and grow successful applications that drive organic demand and growth. As a result, one of this council’s key duties is providing adequate resources and support for DAO ideas and initiatives. Keeping this in mind, we aim to offer a cost-effective and impactful bundle for the wider Arbitrum ecosystem, as is reflected in the bundle pricing and offering.

Chaos Labs Offerings and Previous Contributions

Our contributions to the security and optimization of premier protocols across the DeFi ecosystems are significant and varied. Highlights of our work include:

Risk Management for Top Arbitrum Protocols

Leading risk management and optimization for Aave and GMX, the top 2 protocols by Total TVL on Arbitrum. Our engagements with Aave, GMX, and Radiant center around ongoing risk parameter optimization, in-depth analyses, and the development of tailored frameworks to enhance the protocols’ resilience and efficiency, solidifying their positions as leaders in their respective spaces. Together, these protocols amass over $1 billion in TVL on Arbitrum, representing nearly 33% of the network’s total TVL.

Comprehensive Research and Mechanism Design at Chaos Labs

At Chaos Labs, we integrate advanced risk management with rigorous research, considering them fundamental to our approach. Recognizing the constant innovation within top DeFi protocols, we prioritize thorough research as the foundation of our client partnerships. A profound grasp of mechanism design is essential and integral to our methodology. As the proposed Risk partner for the ARFC, our dedication to research excellence is part of what we propose to contribute to the DAO. Below are highlights of our recent contributions:

Explore more about our work on our blog and research pages for a deeper insight into our expertise and contributions to the DeFi space.

Optimizing Growth Incentives for DeFi Protocols

Chaos Labs perceives growth and risk as two aspects of the same concept. As such, it emphasizes the sustainable growth of protocols and ecosystems. The objective of any incentive program is not merely to provide a temporary uplift for protocols but to foster their long-term expansion. Chaos Labs offers comprehensive incentive programs to stimulate this growth, using measurable progress and Key Performance Indicators (KPIs) as benchmarks. It has spearheaded initiatives for leading decentralized finance (DeFi) protocols and ecosystems.

Leading Risk and Design with Top DeFi Protocols and Ecosystems

Chaos Labs’ extensive client portfolio includes protocols like dYdX, Uniswap, Optimism, crvUSD, Compound, Ethena, Bluefin, Ostium, and more. Our strategies and frameworks have set new benchmarks in protocol safety and capital efficiency. Below is some of our recent research:

Please refer to our blog for more information.

Active Member of the Arbitrum Security Council

Our CEO, Omer Goldberg, actively participates in the Arbitrum Security Council. This highlights our dedication to strengthening the security of the Arbitrum ecosystem.

Proven Track Record of Excellence

Chaos Labs, through rigorous testing, extensive research, and in-depth risk assessments, has significantly contributed to strengthening the resilience and enhancing the performance of top DeFi protocols. Our expertise makes us a major contributor to digital asset platforms’ safety, stability, and success.

ARDC Risk Lead

Specify the subject-matter area(s) you are interested in contributing to within ARDC (e.g., Research, Framework Development, Risk Assessment, etc.). Explain why you believe your skills align with the chosen area(s). (500 words max)

Chaos Labs is deeply committed to contributing to Risk Assessment within the ARDC because we recognize the critical importance of identifying, evaluating, and mitigating risks in the rapidly evolving DeFi space. Robust risk assessment mechanisms are essential for blockchain ecosystems’ stability, security, and sustainability, particularly in environments as dynamic and innovative as Arbitrum.

Our expertise in risk assessment is built on a foundation of advanced analytical methodologies, comprehensive market understanding, and a proactive approach to security and risk management. Chaos Labs employs state-of-the-art simulation technology to model various market conditions, stress scenarios, and attack vectors, allowing us to anticipate potential vulnerabilities before they can be exploited. This preemptive strategy is critical in the DeFi space, where new risks emerge with every technological advancement and market shift.

Our team’s background is uniquely suited to the demands of risk assessment within the ARDC. With experience spanning leading tech firms, elite cyber-intelligence units, and frontline DeFi protocol development, we bring a multidisciplinary perspective to risk analysis. This blend of technical prowess, strategic insight, and practical experience in high-stakes environments enables us to devise innovative risk management strategies grounded in real-world applicability.

Moreover, our previous contributions to the Arbitrum and Ethereum ecosystems, through developing risk frameworks and optimization strategies for top-tier protocols, demonstrate our capability and commitment to enhancing protocol resilience and user safety. Our work has helped protocols navigate the complexities of the DeFi landscape and fostered greater trust and adoption among users.

Chaos Labs is motivated by the challenge of advancing the Arbitrum ecosystem’s risk assessment capabilities. Our research and analytical rigor, combined with our practical experience in managing and mitigating risks, aligns perfectly with the objectives of the ARDC. By contributing our skills to the collective, we aim to empower the Arbitrum community with the insights and tools needed to navigate the DeFi space confidently, ensuring the long-term health and success of the ecosystem.

Objectives & Motivation [Applicable to all]

What motivates you to join ARDC, and what do you hope to achieve as a member? (300 words max)

Our motivation to join the ARDC is rooted in our desire to contribute to the security, stability, and forward momentum of the DeFi space, specifically the Arbitrum ecosystem. At Chaos Labs, we are driven by the challenge of enhancing DeFi platforms, making them more secure and accessible. As members of the ARDC, we aim to leverage our extensive expertise in risk management and protocol optimization to foster a safer and more robust environment for all users within the Arbitrum ecosystem.

We aim to achieve a multifaceted impact through our membership in the ARDC. Firstly, we seek to elevate security and risk awareness among protocol developers, users, and community members, thereby reducing the incidence of vulnerabilities and financial losses. Secondly, by collaborating with other collective members, we aim to spearhead the development of innovative solutions and best practices that can be adopted across the ecosystem to address emerging challenges and opportunities. Lastly, we aspire to contribute to creating a more transparent and informed community where decision-making is driven by data, analysis, and a deep understanding of the complexities of the DeFi space.

By joining the ARDC, we envision contributing our skills and knowledge and learning from the community’s collective wisdom. Our ultimate goal is to play a pivotal role in shaping the future of the Arbitrum ecosystem, making it a safer and more innovative platform that leads by example in the broader blockchain and DeFi landscape.

Explain how you envision contributing to the primary mandate of ARDC, which is to provide objective assessment of ArbitrumDAO Forum proposals & discussions and expedite governance decision-making within the Arbitrum ecosystem. (300 words max)

Our strategy for contributing to the ARDC is aligned with its foundational goal: providing objective evaluations of ArbitrumDAO Forum proposals and facilitating faster governance decisions across the ecosystem. To this end, Chaos Labs will leverage our esteemed team of researchers and data scientists in a threefold approach:

  1. Rigorous Analysis: We will utilize our analytical expertise and technical knowledge to perform comprehensive reviews of proposals, specifically examining their implications for security, risk, and the overall health and advancement of the Arbitrum ecosystem. Our goal is to deliver balanced assessments that spotlight both merits and areas needing refinement, equipping proposers with constructive insights to fine-tune and advance their initiatives.
  2. Simplifying Complexity: Our team will distill complex technical data into digestible and actionable insights for the broader Arbitrum community. By clarifying intricate details and revealing the practical impacts of proposals, we aim to streamline the decision-making process, ensuring the prompt progression of impactful projects.
  3. Transparency, Engagement, and Dialogue: We are committed to an active presence in forum discussions, sharing our insights on developing trends, potential risks, and emerging opportunities within the decentralized finance (DeFi) sphere. Our participation is intended to nurture a culture of transparent communication and collective problem-solving, cultivating a community that is both more informed and actively involved.

Through this multifaceted contribution, Chaos Labs is dedicated to bolstering the ARDC’s mission to refine governance practices and elevate decision-making quality within the Arbitrum ecosystem, fostering an environment of security, efficiency, and innovation.

Skills and Experience [Applicable to all]

Provide details about your relevant skills and experience, including any previous work or contributions related to the subject-matter area(s) you are interested in within ARDC. (300 words max)

Chaos Labs offers a comprehensive suite of skills and experience to the ARDC, with a particular emphasis on security and risk management. Our capabilities are demonstrated through a solid history of crafting advanced risk assessment frameworks and managing risk for leading protocols in the DeFi space.

Our team comprises cybersecurity, data science, and blockchain technology experts, allowing us to address multifaceted challenges with holistic solutions. Our work includes detailed security audits and stress testing in diverse market scenarios to uncover vulnerabilities and devise strategic countermeasures.

We have established a record of meaningful collaborations with premier DeFi protocols, significantly bolstering their security frameworks and risk management approaches. Our contributions to the field are documented in several key pieces of research:

These contributions underscore our dedication to advancing the DeFi space by improving security measures, risk management practices, and the overall robustness of protocols. Chaos Labs is poised to bring this wealth of experience to the ARDC, aiming to enhance the security, efficiency, and innovative capacity of the Arbitrum ecosystem.

Proposal Review & Assistance [Applicable to all]

Share what approach you would implement to conducting objective research and providing assistance to proposers to enhance their proposals. (300 words max)

Chaos Labs would implement a comprehensive and collaborative approach to conducting objective research and assisting proposers in enhancing their proposals for the Arbitrum ecosystem. This approach hinges on three core pillars: thorough analysis, actionable feedback, and community engagement.

Thorough Analysis

Initially, our team would deeply dive into each proposal, leveraging our security, risk management, and DeFi protocol optimization expertise. We employ data-driven analysis tools and methodologies to assess each proposal’s viability, economic-security implications, and potential risks. This involves evaluating the technical details, economic models, and potential impact on the Arbitrum ecosystem’s stability and growth.

Actionable Feedback

Based on our analysis, we would provide proposers with clear, constructive feedback to refine and strengthen their proposals. This feedback would highlight areas of concern and offer specific recommendations for improvement, focusing on enhancing security, reducing risk, and optimizing efficiency. We aim to ensure that proposals are practical, secure, and beneficial to the Arbitrum community.

Community Engagement

Recognizing the importance of community input, Chaos Labs would facilitate dialogue between proposers and the wider Arbitrum community. Our primary goal is to foster a collaborative environment where feedback from diverse stakeholders is integrated into proposal revisions. This engagement process helps proposers to understand different perspectives, refine their proposals based on collective insights, and build broader support within the community. Additionally, we focus on elucidating the risk aspects of proposals to the community, ensuring a deeper, more informed engagement with each proposal’s potential impact.

By applying this approach, Chaos Labs aims to contribute to developing high-quality, well-researched proposals that drive the Arbitrum ecosystem forward, ensuring that it remains at the forefront of innovation in the DeFi space.

Quantitative Assistance [Only applicable to Risk]

Explain how you can bring quantitative analysis skills to proposal evaluations and contribute to identifying and mitigating economic risks associated with proposed initiatives. (500 words max)

Chaos Labs possesses advanced quantitative analysis skills, pivotal for evaluating proposals and identifying and mitigating the economic risks inherent in proposed initiatives within the blockchain and DeFi ecosystems. Leveraging a combination of statistical modeling, data analytics, and financial theory, we provide a rigorous quantitative foundation to assess proposals’ viability, impact, and risk factors, ensuring that decisions are data-driven and aligned with the ecosystem’s long-term health and sustainability.

Our approach to quantitative analysis begins with a deep dive into the economic models underlying each proposal. By applying econometric models, simulation techniques, and sensitivity analysis, we can forecast the potential market responses, user behaviors, and network effects of implementing proposed changes or launching new initiatives. This predictive insight allows stakeholders to make informed decisions, weighing the benefits against potential risks.

Furthermore, we utilize scenario analysis to evaluate how proposals might perform under various market conditions, from stable to highly volatile environments. This method helps identify robust and resilient proposals capable of contributing positively to the ecosystem’s growth even in adverse conditions. By mapping out potential outcomes, we can pinpoint vulnerabilities and suggest preemptive measures to mitigate these risks.

Our team also employs stress testing to examine the resilience of proposals under extreme but plausible adverse scenarios. This involves altering key variables to extreme values and observing the effects on the proposal’s economic model. Stress testing is crucial for understanding the limits of a proposal’s stability and can lead to developing contingency plans to safeguard the ecosystem’s integrity.

In addition, Chaos Labs emphasizes the importance of liquidity analysis to ensure that proposals do not negatively affect asset liquidity within the ecosystem. Understanding the liquidity implications is essential for maintaining a healthy, functioning market, especially in DeFi, where liquidity constraints can lead to suboptimal outcomes.

Through these quantitative techniques, Chaos Labs aims to contribute significantly to the proposal evaluation process, providing the ARDC and the wider community with detailed analyses highlighting economic opportunities and risks and facilitating more robust and informed governance decisions.

Project Management [Applicable to all]

Describe your project management experience. (250 words max)

Chaos Labs boasts extensive project management experience characterized by our adept handling of complex, multidisciplinary projects. Our project management framework is rooted in agile methodologies, allowing us to adapt swiftly to the dynamic needs of blockchain technology and decentralized finance. This is complemented by our rigorous attention to detail and commitment to meeting project milestones, regardless of the project’s scale or complexity.

Our experienced team has successfully led numerous projects from inception to completion, coordinating closely with all stakeholders to ensure that all objectives are met within the stipulated timelines and budgets. Effective communication is a cornerstone of our project management, maintaining alignment on goals and progress among team and community members. We utilize various tools for smooth collaboration and progress tracking.

A prime illustration of our capabilities is our leadership in the dYdX Chain Launch Incentive program, a comprehensive $20 million liquidity incentives initiative over six months designed to grow and transition the dYdX user base to its latest protocol version. Chaos Labs has spearheaded this project from start to finish, beginning with the initial proposal to approve the program’s objectives and budget, followed by regular updates to the community, comprehensive reports, and proposals for on-chain rewards distribution.

Through our experiences, we have cultivated a profound understanding of the importance of stakeholder engagement, risk mitigation, and delivering solutions that meet and exceed expectations.

Purpose/Mandate of the ARDC [Applicable to all]

How do you intend to objectively contribute to achieving the purposes/mandate of the ARDC? (500 words max)

Chaos Labs is committed to objectively contributing to the ARDC, focusing on enhancing the security, efficiency, and innovation of the Arbitrum ecosystem. Our strategy is to leverage our expertise in quantitative analysis, risk assessment, and DeFi protocol optimization to support the ARDC’s goals and mandates in several key areas.

  • Rigorous Quantitative Analysis: We plan to apply our advanced quantitative analysis skills to assess the economic and technical viability of proposals submitted to the ARDC. Using statistical modeling, data analytics, and financial theory, we aim to provide a solid foundation for evaluating proposals’ impacts and risks. This approach ensures decisions are informed, data-driven, and aligned with the long-term health and sustainability of the Arbitrum ecosystem.
  • Comprehensive Risk Assessment: Chaos Labs intends to use our deep understanding of the DeFi landscape to conduct thorough risk assessments of proposed initiatives. Our team will identify potential vulnerabilities and economic risks, offering insights into how proposals could affect the ecosystem’s security and stability. We aim to help the ARDC and proposal authors understand and mitigate these risks before implementation.
  • Supporting Transparent and Informed Decision-Making: Chaos Labs is dedicated to making the proposal evaluation process as transparent and informative as possible. We will provide detailed analyses and reports on proposals, making complex technical and economic information accessible to all stakeholders. This commitment to transparency will empower the ARDC and the wider community to make more informed governance decisions.

Additional Contributions [Applicable to all]

How can you contribute to the creation and enhancement of tools for security assessment, the development of educational materials, research into new mechanisms, delegate engagement, and growth initiatives, as outlined in ARDC’s objectives? (500 words max)

In our role within the ARDC, Chaos Labs plans to utilize our extensive suite of risk tools and expertise, drawing from our vast experience engaging with DAOs and protocol teams, to fulfill and exceed the objectives laid out by the ARDC. Our work, deeply embedded in the DeFi ecosystem, naturally includes several key areas outlined by the ARDC, especially in education, innovation, and governance.

Educational Content: We believe sharing knowledge is key to building safer and more engaged communities. As part of our engagements with our clients, we emphasize creating easy-to-understand research and educational pieces designed to suit various levels of technical understanding. Through this, we aim to simplify the intricacies of risk management, ensuring that these critical concepts are easily graspable by all stakeholders.

Research into New Mechanism: Our foundational work involves the investigation and development of novel mechanisms together with many of our clients. We have published various research papers evaluating stress testing and advising on unique mechanisms. This experience will be a key asset in our involvement with the ARDC.

Engaging with Governance: We recognize that robust governance plays a viable role in the growth and longevity of blockchain ecosystems. Our extensive experience collaborating with various DAOs gives us a profound understanding of effective governance practices. We have cultivated significant expertise in engaging with delegates and governance bodies, an experience we are eager to apply to enhance the ARDC’s governance framework.

Scope of Services & Applicable Fees [Detailed breakdown of fees including pricing model for the 6-month term] [Applicable to all except DAOAdvocate] [Must not exceed applicable cap]. Please provide a detailed breakdown of the scope of services through which you will be contributing. Include the pricing model implemented & a description of expected hours + hourly rate (if applicable) & manpower dedicated to the ARDC.

Chaos Labs is taking a community-first approach to pricing our services to affirm our commitment to the success of the ARDC and the Arbitrum DAO. We aim to ensure that the Arbitrum community benefits from top-tier services at the fairest possible price, reinforcing our dedication to transparency and genuine value.

  • Specialized Task Force: In our effort to meet the specific needs and goals of the ARDC, we are assembling a dedicated task force, including a data scientist, data engineer, and data analyst, all of whom are fully committed to supporting the ARDC projects.
  • Access to Chaos Labs Suite of Risk Products - For the ARDC’s purposes, the dedicated team will leverage the Chaos Labs simulation platform and extensive risk tooling to support the analysis and evaluation of proposals and identify and mitigate the economic risks inherent in proposed community initiatives.
  • Expected Budget: We’re committed to providing services for $320,000 over the 6-month term.

This strategy highlights our belief in the importance of our services and our eagerness to build trust and foster collaboration within the Arbitrum community, especially during the foundational phase of the ARDC. We aim to ensure that the DAO receives unparalleled support and service, with costs that accurately reflect our genuine contributions towards its achievements.

Summary [Applicable to all]

In summary, please highlight your key qualifications and what you believe you can bring to ARDC. (400 words max)

Chaos Labs offers a unique blend of expertise in quantitative analysis, risk management, and DeFi protocol optimization, positioning us as a key contributor to the ARDC. Our qualifications stem from a strong foundation in risk management, economic security, mechanism design, and statistical modeling, which enables precise evaluation of proposals and a comprehensive understanding of risk, ensuring the Arbitrum ecosystem’s stability and secure growth. Our experience in developing security measures and optimizing protocols contributes to our ability to improve system efficiency and user engagement.

Chaos Labs is committed to fostering community engagement, believing in the power of collaboration and open dialogue to enhance governance and decision-making. We prioritize transparent communication and education to demystify complex technical and economic concepts for the broader community. This approach empowers stakeholders and supports informed participation in the ecosystem’s growth.

Our team’s dedication to continuous learning and adaptation ensures that our contributions remain relevant and impactful, addressing the evolving challenges and opportunities within the DeFi space. By leveraging our comprehensive skillset and proactive approach, Chaos Labs aims to support the ARDC’s objectives significantly, driving the development of a secure, efficient, and innovative Arbitrum ecosystem.

3 Likes

ANNOUNCEMENT

Next Monday [19/02/2024] at 5:00PM UTC, applicants will have the chance to pitch their applications to the ArbitrumDAO. Each applicant will have 5 minutes of speaking time to provide a summary of their application.

Applicants are to fill in the slot they want to take from the following google sheet:

3 Likes

@krst @dk3 I am not giving up this easily. My presentation slides → Pavel 's Application ARDC - Google Slides

3 Likes

Arbitrum Research & Development Collective [PITCH SESSION RECORDING]

2 Likes