Will you be in Denver next week? If so, we should chat.

Comment for the sake of transperancy re. the @DoDAO ARDC Application hereunder following discussions w/applicant and request by applicant to replicate on the forum:

For reference, the ARDC Timeline hereunder

‘Application Submission’ Period:

• Start Date: 26/01/2024 [12:01 AM UTC]
• End Date: 12/02/2024 [11:59 PM UTC]

‘KYC/KYB + Proposal Review Period’:

• Start Date: 13/02/2024 [12:01 AM UTC]
• End Date: 22/02/2024 [11:59 PM UTC]

‘Amendment Period’:

• Start Date: 23/02/2024 [12:01 AM UTC]
• End Date: 29/02/2024 [11:59 PM UTC]

Snapshot Elections [Weighted Voting]:

• Date: 04/03/2024

The team over at Axis Advisory has noticed that the initial application that was submitted by @DoDAO in the ‘Application Submission’ Period above related to the Security seat of the Arbitrum Research & Development Collective.

During the ‘Proposal Review Period’ we have noted that @DoDAO has overhauled its application and has now applied for the Research seat. In our opinion, this amounts to a new application altogether, as opposed to the amendment of an existing one. Given that this amounts to a new application altogether, and that the Application Submission Period ended on the 12th of February, this goes against the rule-set as ratified by the ArbiturmDAO.

In this regard, with the intent to avoid setting a bad precedent, we have kindly requested @DoDAO , to revert its application to its initial submission re. Security. Nothing shall prohibit @DoDAO from amending its Security application in relation to the Security Seat in the Amendment Period.

Thanks @Immutablelawyer for the transparency.

We kindly request that our application be considered for the Research Member category, as our pitch was specifically tailored to this area. In our initial application, we mentioned that our expertise aligns with several domains. We updated our application prior to the pitch and were not aware of any deadline, as there was no mention of such rules; otherwise, we could have updated it much earlier. Additionally, the amendment window is still open. We believe that rules are in place to support the team. If there are others who believe we should not have switched to Research Member and they have valid concerns, we are certainly willing to revert to Security Member and record a new pitch.

For further clarity in this regard, as administrators of the process we are bound to act in an equal manner with all applicants.

To answer your queries, the deadline is actually on this same Forum Post above and has been there since the beginning of the application process. In addition, in a Telegram message sent over to @DoDAO privately on the 31st of January, we made specific mention to the following (and I quote):

" STRICT Timelines and applicable dates in line with the Election Process as ratified by the ArbitrumDAO; "

In addition, in the same message, we also linked the application template, guidance note, and the link to this Forum Post containing the timeline specified above. Hence, the applicant was made aware of all applicable deadlines.

The rules are in place to create an equitable and fair process for all applicants involved and to also set a high standard of quality of how tender-like elections are to proceed in the future.

As stated above, the change from a Security Application to a Research application represents a new application submission altogether. Given that this was done following the end of the Application Submission Period, this unfortunately goes counter to the election process as ratified by the ArbitrumDAO and, if allowed, will create an undesired precedent for future elections (for example, applicants submitting haphazard applications at the submission phase and then amending in any way they like at the prejudice of applicants that submitted holistically on time in line with the process so ratified). In addition, delegates that dedicated time in the ‘Proposal Review’ period to review the application by @DoDAO voiced frustration that they have to review the application yet again now in light of the Research Seat.

This is nothing personal against @DoDAO as we like their application. However, we must act equitably towards all applicants, set standards and do our job as administrators of the election process.

We kindly request @DoDAO to revert their application to the Security Seat (as per the application submitted within the Application Submission Period). Within the Amendment Period, the applicant can feel free to amend the Security Seat application in line with community feedback in line with that application.

Hello, friend,

Unfortunately, I could not get visa to US last year. So I need to spend a lot of my time to properly apply for US visa again. I am more than open to meet up sometime in the near future.

Applicant Information

Name of Applicant: Stephen Tong (CEO and Co-Founder, Zellic); Neville Grech (Director and Co-Founder, Dedaub)

Email Address: stephen@zellic.io; neville@dedaub.com

Role being applied for: Security-Oriented Member

Background Information

Zellic and Dedaub, leaders in smart contract security, are joining forces for this proposal in an effort to leverage each company’s unique strengths and apply them towards the security of the Arbitrum ecosystem.

Example strengths include: ensuring secure asset handling for delegates, stakers, and community members; development of pre-audited contract templates for Arbitrum Stylus; security-oriented competitions for developers (competitive hacking and security research–an area of excellence for Zellic); technology for reverse-engineering and building analysis tools (an area of excellence for Dedaub); security auditing for protocols and governance proposals (a strength of both organizations).

Security providers have historically sought large amounts of funding from DAOs and other public goods organizations for work of dubious value to token holders. Meanwhile, projects often spend a third of their budget on security. We believe this prescriptive, extractive approach is fundamentally misaligned with the long-term interests of the crypto community and Web3 industry.

Counter to this trend, Zellic and Dedaub propose a radially-aligned “pay for what you get” model. In this model, we will only be compensated for the deliverables that token holders actually want and find useful. Meanwhile, we propose deliverables that directly minimize the amount of security spend needed by developers in the Arbitrum ecosystem to ship and deploy code.

Beyond fees and payment structure, we directly prove and enforce our alignment to Arbitrum token holders financially:

• Voluntary token bond. If Zellic and Dedaub are selected for the ARDC, we will at our own expense post a $100,000 USD bond (each firm posting $50,000) to be locked up in staked ARB tokens during the performance of this proposal.
• Vesting. We also voluntarily request that all payments for services under this proposal vest over a predetermined period. These terms ensure that Zellic and Dedaub will remain fully committed and faithful to ARB token holders first and foremost.

About Us

Zellic

Zellic is a vulnerability research firm with deep expertise in blockchain security. We specialize in EVM, ZK, Cosmos, as well as Move (Aptos and Sui) and Solana. We identify complex vulnerabilities and prevent catastrophic security events.

Among others, LayerZero, StarkWare, SushiSwap, and the Solana Foundation trust Zellic to secure their future. We review L1s and L2s, cross-chain protocols, wallets and applied cryptography, web applications, and more. We also have a dedicated zero-knowledge cryptography team, and work closely with projects like Scroll, Axiom, and Succinct Labs.

We have audited and/or have on retainer several leading protocols on Arbitrum, including Hyperliquid, Timeless, Perennial Finance, Y2K, and Premia.

Outside of a formal security review, one of Zellic’s security researchers also discovered a critical vulnerability ‘in the wild’ in Premia, one of Arbitrum’s leading options protocols. An allowance check issue would equip any user to grant allowance to themself to arbitrarily cause cross-chain transfers of other users’ tokens to an arbitrary address i.e. any user can steal any other user’s funds using cross-chain transfers.

Zellic is led by Stephen Tong and Jasraj Bedi, who previously founded the #1 CTF team worldwide in 2020 and 2021. Our engineers bring a rich set of skills and backgrounds, including cryptography, web security, mobile security, low-level exploitation, and finance. We’re also a founding member of the Security Alliance (SEAL) led by samczsun, an industry effort to raise the bar for blockchain security.

Dedaub

Dedaub is a Web3 security vendor servicing a number of mainstream project teams, including the Ethereum Foundation, Coinbase, Chainlink, Oasis, GMX, Eigenlayer, & Lido. Over the past few years, the Dedaub team has been instrumental in the successful evolution of both the Ethereum and Arbitrum Ecosystems via tooling, security R&D studies, and security audits of some of the best-known protocols running on these chains.

In addition to auditing engagements, Dedaub has developed high-fidelity static analysis and formal verification tools that have contributed towards the security of smart contract ecosystems, both independently and through their use by our white-hat hacking teams. For instance, our static analysis toolchain has found 10 high-impact vulnerabilities in large protocols (including in Uniswap, Primitive Finance, Harvest Finance, Multichain & Fantom).

Direct Contributions to Arbitrum: Dedaub successfully audited GMX (specifically V2), the largest project on Arbitrum by TVL. Within this context, the deployment of GMX V2 on Arbitrum was only made possible through the development of low-latency oracles for derivatives projects by Chainlink. This is also another project that the Dedaub team has contributed in design and audited as a security partner of Chainlink. A number of other growing projects on Arbitrum that Dedaub has audited include: Rysk, Stella, Pendle & Gravita.

Direct Contributions to Ethereum: The Dedaub team has conducted a number of R&D security studies commissioned by the Ethereum Foundation, of EIPs that affect not only Ethereum but also its L2s. For instance, these include audits & studies for the new data structure that will soon underpin Ethereum state (Verkle trees), EIP-1884, EIP-3074, etc. In addition, our team has developed and maintained the most popular decompiler for EVM smart contracts, transaction simulation and monitoring tools.

Objectives and Motivations

Zellic and Dedaub want to empower DAO members to make good decisions, especially when they involve security and/or technical evaluation. Our objective is to increase Arbitrum’s TVL and developer adoption while protecting stakers and delegates’ assets. We will do this by providing useful deliverables that (1) make users more eager to use applications built on Arbitrum; (2) make it easier and cheaper for developers to build and ship those applications in the first place; and (3) provide the frameworks, guidance, and tools needed for delegates and community members to secure on-chain assets.

Arbitrum has almost $3B in TVL, but insufficient tools, processes, or advisory to ensure DAO governance and ecosystem development are secure. We want to bring in battle-tested best practices, tooling, and services to bolster the security posture of the Arbitrum ecosystem at-large. And most importantly, we want to do so in a way that is actually useful for token holders.

Skills and Experience

Please refer to our original proposals here (Zellic) and here (Dedaub) for details of our skills and experience.

Proposal Review & Assistance

Our joint proposal outlines a number of initiatives of varying complexity and application that we are confident to execute at the highest level. That being said, we do not want to be presumptuous or heavy-handed in what the community needs.

We will defer to governance participants to determine which of the initiatives is most appropriate for the community for the duration of our six-month tenure.

1. Arbitrum staking security design (Dedaub)

The goal of this project will be to protect staked ARB for validators, stakers, and delegates. Members of Arbitrum DAO have proposed enabling a staking mechanism for ARB token holders. Irrespective of the incentive parameters suggested by the community and the risk member, as a security member we propose researching the security design space of such a mechanism to ascertain that the mechanism is secure by design and that it will not pose security concerns to stakers. Notably, Dedaub has audited many prominent staking protocols, including Chainlink Staking, Lido on Avalanche, Nexus Mutual staking v2.

2. Template primitives for Arbitrum Stylus (Zellic)

The goal of this project will be to eliminate security spend by providing pre-audited contract templates for Arbitrum Stylus. Stylus has the potential to be a step-change in developer experience across all EVM chains. It allows developers to write smart contracts in programming languages that compile down to WASM, such as Rust, C, C++, and many others. Given its novelty, however, there are few resources or projects that demonstrate its robustness.

Zellic can build secure templatized primitives for Stylus–e.g., an ERC20 implementation–that can be leveraged to develop higher-order dApps like AMMs, perps DEXs, lending protocols, and more. These templates would be pre-audited by our security researchers. Our goal is to increase the baseline level of ecosystem security, even for permissionless deployments of long-tail assets and protocols.

3. Security tooling adapters for Arbitrum Stylus contracts (Dedaub)

In addition to pre-audited Arbitrum Stylus contracts, our teams propose building a simple framework to transpile Arbitrum Stylus contracts to a representation that can be analyzed by existing, mature, code security tools. This is a low-level engineering task but a significant enabler, with broad benefits to the entire Arbitrum Stylus development community. The work will permit a host of existing smart contract analysis technologies (such as tools like Slither and Gigahorse, and even mature Web2 code security tools) to apply to Arbitrum Stylus. Effectively, the technical work will build a translation bridge from WASM (the underlying intermediate language for Arbitrum Stylus) to intermediate languages that underlie EVM security tools (Yul and the TAC language of Dedaub tooling). This means that EVM security tools will not need to be engineered from scratch but merely adapted at the integration level, because the internal representation will be fully compatible.

The development of security tooling adapters for Arbitrum Stylus contracts significantly enhances platform security and lowers the barrier to entry for developers, making it a more accessible and attractive option. By ensuring compatibility with mature development tools, this initiative can attract existing projects using other technologies to migrate to Arbitrum, leveraging their established codebases and communities.

4. Arbitrum CTF competitions (Zellic)

Capture The Flag competitions are the epicenter of security research. They consist of a set of computer security puzzles involving reverse-engineering, memory corruption, cryptography, web technologies, and more. CTFs and similar code competitions are a verified go-to-market strategy to attract high-quality developers to a new ecosystem. Curta competitions, for instance, have discovered some of the best protocol engineers via their programming competition platform on EVM. We have designed several Curta challenges. Some other recent Web3 efforts of ours include MoveCTF, Ingonyama ZK CTF, and Paradigm CTF.

We’ve led the #1 ranked CTF team worldwide in 2020, 2021, and 2023, and have won some of the most prestigious competitions including GoogleCTF, Real World CTF, PlaidCTF, and DEF CON Quals. With the rapid growth of rollups and sovereign blockchains, Arbitrum-specific CTFs—which are operationally complex with high technical barriers to organize—will be a strategic way to identify and attract top developer talent to the ecosystem.

5. Guidelines and frameworks for AIPs (Zellic & Dedaub)

AIPs are often well-intentioned but poorly drafted because there are no standard guidelines. Alongside other ARDC members, we will develop a set of standards and best practices for AIPs so that proposers and evaluators have the necessary information to make an informed decision. Specifically, a lot of proposals fail to account for overall ecosystem impact that even minor changes can have.

For every governance proposal that relates to our security expertise and/or proposes to spend DAO budgets on audits, we will contribute a forum post outlining security considerations for that project for the community’s benefit in decision-making. For instance, we will contribute input on ways proposed audit costs could be minimized.

6. Security primers on Arbitrum (Zellic)

Zellic will write security primers, case studies, PSAs, and other analysis for the community’s benefit. We will write these in the style of our previous educational blog posts. Similar security primers that we’ve written for other ecosystems include: Aptos; Sui; Cairo; ZK.

In addition to our work for clients, Zellic closely follows all ongoing critical exploits and hacks in the crypto ecosystem. On multiple occasions, our security researchers have successfully reverse-engineered several major attacks as they were ongoing. For example, collaborating with samczsun, Zellic was the first team to triage and reverse engineer the $325,000,000 attack on the Wormhole bridge in February 2022.

During these times of crisis, our auditors regularly publish long-form Twitter threads to help raise the crypto ecosystem’s awareness and education regarding security. Public education and community engagement are important pillars of Zellic’s ethos. Below are select Twitter threads that received the highest user engagement and impressions this year, and we envision publishing similar threads and additional PSAs for Arbitrum DAO: Ledger wallet drain; Nomad $190M bridge hack; Slope wallets hack; meta-analysis of cross-chain bridge exploits.

7. Governance incident response (Zellic & Dedaub)

In addition to reviewing on-chain governance proposals, we will run governance attack simulations to ensure that key stakeholders within the DAO are well-prepared for emergency situations–low probability but critical impact incidents. Bad actors can pass malicious proposals (e.g. Tornado Cash governance), even in forums with a wide range of active participants.

In such scenarios, key governance delegates must move swiftly and with a clear operating procedure to reverse the malicious proposal and/or its impact. We will design an Arbitrum DAO-specific playbook for this. Our experience as a founding member of SEAL is testament to our commitment to incident preparedness and response.

8. Arbitrum Drift Tracker (Zellic)

Zellic has built a tool called the Audit Drift Tracker, which tracks what code is audited and unaudited for the biggest DeFi protocols. ‘Drift’ specifically refers to the difference between code that is audited and code that is deployed. To the best of our knowledge, no one is tracking the on-chain audit drift of popular DeFi and Web3 protocols. Audit drift was at the heart of the $190M Nomad bridge exploit.

Given the pace of development in the ecosystem, we want to devote resources for an exclusive platform to track audit drift in leading Arbitrum projects. TVL security is among the highest priorities for any chain, and Drift Tracker offers both developers and users an accessible tool to make security-informed decisions and hold protocols accountable. We expect this should have a meaningful impact on growing TVL within the ecosystem as users feel more equipped to better diligence their counterparties on-chain.

9. Protocol Forks Identifier (Zellic & Dedaub)

Forky is a tool that presents the smart contract differences between a fork of a protocol and a base (parent) protocol. For example: PancakeSwap is a fork of Uniswap v3. This tool would allow you to easily view the differences between both codebases and their corresponding risk considerations.

DeFi protocols are particularly susceptible to fork-related exploits. Users often assume that forks carry the same security assumptions of its parent protocol, without checking and/or understanding the changes that can be made. Forky highlights in plain English the scope of changes as well as its intended effect, like changes in permissions, admin functions, use of standards, etc.

We will build an Arbitrum-focused Forky that allows users to input the source code of any new protocol on Arbitrum and compare it to the most-forked protocols on Ethereum–like Uniswap, Aave, Compound, etc.

10. DAO Contracts Verification Tools (Dedaub)

Although many of the recent DAO proposals have been simple in nature, this overlooks the fact that security issues can arise from time-to-time due to ecosystem level threats and novel security vectors. In view of this, the Arbitrum DAO would benefit from rapid-reaction automated push button analysis operated by the ARDC. For this we propose building and deploying static analysis tooling to the DAO contracts. Although the DAO contracts have been previously audited, whenever a novel vulnerability vector is discovered we can update our verification tools accordingly and rescan the DAO smart contracts to determine the blast radius. The tools will benefit from a number of competitive advantages compared to existing tools:

• The method by which we intend to verify the smart contracts is through a novel technique called static-symbolic value-flow (“Symvalic”) analysis. This models program behavior with high precision, e.g., full path sensitivity.
• Furthermore, we combine this technique with “learned” invariants from past corpuses of smart contracts (using statistical techniques) to determine unusual lack of invariants in new smart contracts. The latter corpus will include past Arbitrum smart contracts.

11. End-user security tooling (Zellic & Dedaub)

There have been several known cases where Arbitrum end-users lost funds due to simple mistakes. Some of these can be fairly simple, such as sending Airdropped ARB tokens to the token contract itself. This one specific mistake has already led to almost $10m being lost and delegates are looking to refund these users out of the treasury’s pocket. In addition to direct financial losses, these mistakes can cause many users to feel helpless and ultimately abandon the ecosystem. Although security extensions for wallets already exist, these have so far mainly focussed on preventing scams and hacks. They have not however targeted end-user mistakes, some of which can be domain-specific (Arbitrum-specific).

We propose building or extending existing open-source Metamask Snaps that can prevent these kinds of low-hanging fruit issues that partly arise due to difficult UX. The Dedaub team has already developed a popular Snap that targets security, while the Zellic team can audit Metamask Snaps.

Review On Chain Proposal Code Updates

Our commitment to security research extends to governance support. Zellic is a member of Uniswap’s Bridge Assessment Committee. In February 2023, the Uniswap Foundation convened this committee to evaluate cross-chain bridges in DAO governance. We evaluated six bridges and approved two for the DAO’s cross-chain governance use case, and determined that a multi-bridge architecture was likely the best option for Uniswap. Beyond this experience, we highlight our Arbitrum-specific experience above, under the “About Us” heading.

For Arbitrum DAO in particular, security considerations for governance proposals are two-fold:

1. Are the proposed changes secure? Zellic’s and Dedaub’s deep expertise across the full stack of blockchain systems will allow us to perform a thorough manual review of every change.
2. Do the changes introduce new vulnerabilities and/or attack vectors? I.e., are there dormant backdoors in the proposal? Zellic will develop threat models for all relevant governance proposals to ensure that proposed changes are secure and do not implement soft-backdoors that can be activated at a later date. An important example here was the self-granting of 1.2M votes on Tornado Cash by a malicious actor.

Additional Contributions

Scope of Services and Applicable Fees

We take accountability seriously, and only expect the DAO to compensate for work that has been satisfactorily completed. We will define clear milestones for each initiative, and only request payment upon completion of a milestone. We are committed to the Arbitrum ecosystem for the long-term, and request that our ARB payment be locked up according to a predetermined schedule. We leave the decision of the vesting period up to you, the delegates, but suggest a minimum period of 6 months. Overall, we expect our contributions to positively impact the ecosystem and are confident that it will be reflected in the long-term value of $ARB.

The scope of services listed below is an outline of possible deliverables to expect from Zellic and Dedaub. We do not presume that all will be within scope or a priority to the DAO.

Rather than a prescriptive approach, we want you, the delegates, to pick and choose what you find useful.

Again, we urge delegates to pick and choose only the components in this proposal that would be valuable to the goals of the ARDC.

Some qualifications on the pricing above:

1. ARB price was calculated at $2.03 as of March 2, 2024.
2. Our market rate for security reviews and advisory is $25,000 per engineer-week. Given our commitment to DAO security and Arbitrum-at-large, we are extending a flat 20% discount for services outlined above, at a rate of $20,000 per engineer week.

Voluntary Token Bond

If selected for the ARDC, Zellic and Dedaub will at our own expense post a $100,000 USD bond. This bond will be used to buy ARB tokens and will be staked for the full duration of the performance of this proposal, up to a maximum of 12 months. The ARB tokens will be returned to us after this period. Both firms will each post $50,000 USD.

Summary

In preparing and drafting this proposal, Zellic and Dedaub have been grateful for the openness and transparency of various Arbitrum DAO stakeholders on the subject of core protocol developments, security considerations, and ARDC priorities. As such, we have made considerable effort to be precise with our scope of work to address the specific needs of the Arbitrum ecosystem. Our conversations during ETH Denver and Arbitrum GovHack were instrumental in refining our proposal and presenting this joint offering.

Zellic’s and Dedaub’s commitment to blockchain security is deeply aligned with Arbitrum’s work as a forerunner in securely scaling Ethereum. Zellic appreciates the opportunity to submit a proposal for the Security Member in ARDC, and looks forward to a continuous partnership with the DAO and its delegates. We thank Arbitrum DAO for its consideration.

After careful consideration and discussion, The Ant Federation will consolidate applications into the L2 Beat application for DAO Advocate.

Busy voting, not even sure if this is the right thread cause nobody is posting here but want to share my voting reasons:

• advocates: i cannot not vote for ants + l2beat. A bunch of chad founders and builders plus krz? it’s like a marriage made in heaven. And bad jokes aside, i think this strange set complements each other very very well.
• risk manager: voting in favour of onboarding chaos labs. I liked a lot what they did for gmx, and i think they can keep doing it here for arbi (beside what they already do for others)
• security members: i want to equally split my vote between trail of bits and open zeppelin. Mix of what I know about them, what I read about them and the few experiences I had
• research members: my vote goes to blockworks + delphi. The cohort they from provides too much value to pass on it, even tho for a (way) higher cost compared to the block.

@juanbug and I have posted below our election reasoning on behalf of the Uniswap DAO’s Arbitrum governance team (UADP).

Research Members: Blockworks Research and Delphi Digital are exemplary candidates for the ARDC Research member role. Both entities demonstrate their mastery in dissecting the complex Arbitrum and Ethereum ecosystems through comprehensive reports and technical evaluations. For instance, Blockworks Research’s analytical deep dives into Arbitrum’s staking proposal and Delphi Digital’s early insights into Ethereum’s scaling solutions underscore their capability to navigate and elucidate sophisticated blockchain mechanisms. Out of the two groups, we’re more intimately familiar with the Blockworks folks due to their historical involvement with Arbitrum. We look forward to seeing research groups like Delphi follow suit.

DAO Advocates: Krzysztof and DK have been active community members, continually providing input into various discussions and acting in the best interest of the Arbitrum DAO. Therefore, we believe that L2Beat and Ant Federation are a strong group to act as the oversight committee/liaison between the ARDC and the DAO.

Security Members: Both Jun and I have been involved in the Compound DAO for the past few years, and OpenZeppelin is the DAO’s go-to security provider. Due to our familiarity with them and direct interactions with their work, we have given them 50% of our votes. The other 50% goes to Trail of Bits, another group that we’ve seen continually deliver via direct work with various protocols as well as their tools like Slither for contract vulnerability detection.

Risk Member: Chaos Labs has a strong background in assisting DAOs like Aave and GMX with risk assessment. We believe that extending this role to Arbitrum would serve to be beneficial. They’ve published various data-driven analyses in the past, and their CEO is already a part of the Security Council, making their organization an apt candidate.

On behalf of the Arbitrum delegates who entrusted their voting power to me, I am casting my vote for the following ARDC topics in support of:

Security Member Election: Trail of Bits, Spearbit, Zellic, and OpenZeppelin.

Since 2020, I have had firsthand experience working with these security firms as a co-founder of 88mph, Timeless, and Bunni. I have consistently been impressed by their expertise, in-house products, and overall quality of service. Their proven track record in securing blockchain protocols and OpenZeppelin’s significant open-source contributions to the community make them ideal candidates for the ARDC.

Risk Member Election: Chaos Labs is a top-notch choice for helping out with risk assessment on Arbitrum. They’ve got a proven track record of working with big players like Aave and GMX, so you know they’re the real deal. Plus, they’ve dropped some seriously impressive data-driven analyses before, showing they really know their stuff.

DAO Advocate Election: Krzysztof and DK have consistently shown their dedication to the Arbitrum DAO through their active participation in various discussions and their commitment to acting in the best interest of the community. Given their involvement and understanding of the ecosystem, L2Beat and Ant Federation are well-positioned to serve as the oversight committee and facilitate communication between the ARDC and the DAO. Their experience and community-driven approach make them suitable candidates for this role, ensuring that the interests of the DAO are well-represented and that there is a clear line of communication between the ARDC and the community.

Research Members: After careful consideration, I have decided to fully support Blockworks/Delphi Digital for the ARDC Research member role. I believe that they bring a fresh perspective and a proven track record of providing valuable insights into the Ethereum ecosystem and its scaling solutions. By directing 100% of my voting power towards them, I aim to promote diversity within the research committee and ensure that the Arbitrum ecosystem benefits from a wider range of expertise and analytical approaches. Blockworks/Delphi Digital’s ability to navigate complex blockchain mechanisms and their early recognition of Ethereum’s scaling potential make them an ideal candidate for this role. I am confident that their contributions will be instrumental in driving the growth and evolution of the Arbitrum ecosystem.

Post my voting rationale here, as I didn’t see another place. If there is an official place to post please point me to it.

Research - I will be voting for the Blockworks / Delphi Digital combination. I acknowledge that comes at twice the overall cost however there is tremendous value provided here through this collaboration. As well as given we are essentially funding two teams the per-entity cost seems to be in alignment. Blockworks has had a ton of experience with the Arbitrum DAO and I believe they can leverage that here. I especially look forward to their ideas on how to make the governance operate more efficiently. I am not as familiar with Delphi-Digital, however their application is compelling and Blockworks willing to partner with them gives me confidence in their abilities. I do believe the Block has presented a strong case, and would encourage them to apply for further opportunities as they arise.

Advocate - I will be voting for the L2Beat / Ant Federation combination. The L2Beat team has been an exemplary delegate since Arbitrum DAO’s inception. They have a proven history of quality contributions (backed up by being one of the few who score top marks consistently in the Delegate Incentive Program), as well as great insight when commenting on the forums. I fully trust that they understand the Arbitrum DAO as much as anyone else and think they would be an invaluable addition to the team. I have read the original Ant Federation proposal and their ideas of how to handle the role align with what I would like to see. I also will add, I think having a group here will be beneficial versus one person due to time commitment. I do believe that Pavel has presented a strong case, unfortunately L2Beat is simply just that strong of a candidate. I encourage Pavel to continue applying for further opportunities within the DAO.

Risk Member - I will be voting to elect Chaos Labs. It is unfortunate that we could not find another candidate for the role to have a true election, however I read Chaos Labs application and it is clear they have the relevant experience to excel in this role. Having worked with so many leading Arbitrum Dapps leads me to believe they have a good pulse on the Arbitrum ecosystem and hopefully can leverage that knowledge to help us grow even further. I would vote for them regardless of the current state of the election choices. Also, a +1 to them for listing a reasonable budget given the circumstance of being the only candidate, the restraint is appreciated in a scenario where they could have easily price gouged due to lack of competition.

Security Election - I will be voting for a 50/50 split between Open Zeppelin and Trail of Bits, as I felt both had fairly equal applications and would be happy with either being elected to security member. What stood out the most was their experience - both with 100s of projects under their respective belts. With both coming in with fairly similiar price tags, I feel both will be a good value add to the ARDC.

Thank you to all the candidates who applied for positions, here is our voting rationale from our team:

For the Research position, we have decided to support both The Block and the collab team of Blockworks Research & Delphi Digital. The Block brings in their strong analytical skills and technical research experiences within the industry. Their proven track record on these researchers give us confidence in their capabilities to assist technical R&D for Arbitrum’s community. Meanwhile, Blockworks Research and Delphi Digital take a team approach to growing the ecosystem and managing it. They bring together their skills and networks to widen the ARDC’s view on getting the community involved, growing the network, and improving governance accessibility. They plan to use their wide reach and key platforms to help promote Arbitrum to attract more users and developers.

For the Security position, we’ve decided to vote in support for OpenZeppelin, Zellic, Nethermind, and Trail of Bits equally for the security member position within the Arbitrum Research & Development Collective. Given their demonstrated expertise and experience in the web3.0 environment, these candidates are well-suited for the security role within ArbitrumDAO. Their diverse strengths ensure a comprehensive approach to security challenges, aligning with the goals of fostering a secure, innovative, and efficient ecosystem.

For the DAO Advocate position, we’ve decided to support L2BEAT for the DAO Advocate position. Our decision takes into account the strengths and previous contributions of both candidates to the Arbitrum community.
Pavel Fedotov has shown impressive technical skills and has been innovative in the blockchain area. His work in developing decentralized technologies and his active role in the Arbitrum ecosystem are truly commendable. Pavel’s dedication and understanding of our community’s needs make him an important asset.
However, for the DAO Advocate role specifically, we feel that L2BEAT’s qualifications are a better fit. L2BEAT has a strong background and experience in improving DAO operations. Their reputation as a neutral party and their ability to engage the community effectively are key for managing the DAO’s complex interactions and balancing different viewpoints. We believe their insight into the DAO’s workings make them the preferred choice for this role.

For the Risk position, we’ve decided to support Chaos Labs for the position due to their extensive proven track record and expertise in risk management, economic security, mechanism design, and optimization for DeFi protocols. Their commitment to fostering a safe environment aligns with the goal of ADRC.

After consideration Treasure’s Arbitrum Representative Council (ARC) would like to share the following feedback on the proposal

We wholeheartedly endorse the ARDC and believe it will significantly enhance Arbitrum’s impact and ability to consistently make good decisions. Selecting the right provider for this role is a crucial responsibility for delegates, one that we approached with a great deal of care. To ensure thorough consideration, members of the ARC personally engaged with each applicant, arranging calls in the majority of cases to delve deeper into their applications.

Following these individual assessments, the ARC collectively deliberated on their findings. Each ARC member was invited to propose their vote weighting, which was then averaged to establish a final voting weight for all ARDC applications. A summary of our discussions is provided below:

Security - Trail of Bits (50%) Zelic & Dedaub (47%), Open Zeppelin (3%)

We were thrilled to receive an abundance of outstanding applications for the security component of the ARDC, reflecting the high calibre of talent interested in supporting the Arbitrium ecosystem. However, the strength of the applicant pool did pose a significant challenge in making our final selection decision. ARC members’ vote weighting was primarily influenced by factors such as reputation, experience, and a proven track record of delivering exceptional results. Additionally, emphasis was placed on applicants who demonstrated a deep understanding of the unique challenges the role entails, exhibited strong value alignment and had a history of supporting and advocating for the Arbitrum ecosystem.

Risk - Chaos Labs (100%)

We were impressed by Chaos Labs’ stature as an industry leader in this domain, and are excited by the opportunity to leverage their extensive capabilities in support of the Arbitrum Ecosystem. The team’s exceptional competence and extensive experience render them a valuable asset to the DAO, and we are confident in their ability to contribute significantly to our collective goals.

DAO Advocate - L2Beat/Ant Federation (100%)

We were delighted by the joint application of L2Beat and Ant Federation, which united significant groups of influential stakeholders in support of the DAO. We have long admired L2Beat for their meticulous approach, thoughtful analysis, and directness in pursuing the best outcomes for the DAO. Paired with the Ant Federation’s network of builders and DKs active role as a delegate, we believe this collaboration will activate high context voices within our community, ensure the ARDC is held accountable and can stay laser focused towards priorities that will most benefit the DAO.

Research - Blockworks/Delphi (100%)

We are supportive of the joint application of Blockworks and Delphi Digital for the ARDC Research member role. This collaboration brings together a wealth of skills and networks and both organisations have demonstrated mastery in dissecting complex blockchain ecosystems through comprehensive reports and technical evaluations. Blockworks Research has a strong history supporting the Arbitrum ecosystem and we feel they will be completed by this collaboration with Delphi who have a proven track record of providing valuable insights into the Ethereum ecosystem and its scaling solutions.

We believe together they will enrich the ARDC’s quality of insights and help to support network growth and governance accessibility. We also anticipate the research role of the ARDC being a major unlock for us as delegates, helping to synthesise information and improve overall decision making within Arbitrum.

While we acknowledge that this partnership comes with a higher overall cost, we believe the value provided through this collaboration is significant and worth the additional spend. We looking forward to seeing this high quality team comprised of outstanding service providers begin to support the DAO very soon.

Thank you to all the candidates who applied for positions. Here is Savvy DAO’s voting rationale:

Research Member:

We are voting FOR Blockworks and Delphi Digital. These organizations have demonstrated extensive knowledge, continuous development, and impeccable execution within the Ethereum ecosystem. This collaboration excites us for the specific development and application within the DAO. It is crucial to have the correct insights for future decision-making to continue the DAO’s objectives.

DAO Advocate:

We are voting FOR L2 Beat. When considering the perfect role to advocate for the rights of the DAO, its members, transparency, and execution, Krzysztof and Sinkas have done an incredible job. From their rationale in each proposal to supporting us in staying synchronized and on the right path by analyzing the next steps.

Security Member:

We are voting FOR Halborn as we have previous experience working with them, and they are a terrific and technical team. Additionally, we appreciate Rob showing his support for the Arbitrum DAO at the GovHack in EthDenver.

Risk Member:

We are voting FOR Elect Chaos Labs. Despite not having more voting options or applications, we reviewed their application and believe they have the professionalism and experience necessary for the demands of this role.

The below response reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking, and ideation of the two.

After reviewing all the applications, we’ve decided to vote in the following way:

Research

For the research member, we’ll be putting our full weight behind the joint application from Blockworks Research and Delphi Digital. We’ve discussed a lot of Arbitrum governance-related issues with Blockworks in the past and we’re confident in their abilities, as well as their understanding of Arbitrum’s landscape, both inside and outside of the DAO. We’re open to considering other entities in the future, should ARDC continue, but we’d rather start with them.

Risk Member

For the risk member, we’ll be voting in favor of Chaos Labs. Although it’s disheartening to see there were no other nominations for this particular role, we’re supportive of Chaos Labs and their application. Omer, the CEO of Chaos Labs is also a member of the Security Council and we’re familiar with him from those elections.

Security

For the security member, while we fully support OpenZeppelin and Trail of Bits as industry-leaders, we’d like to three-way split our voting power to signal our support for Dedaub/Zellic, Halborn and Nethermind. They’ve already displayed initiative by reaching out to delegates to discuss what they’d like to see from the security member during its tenure at the ARDC, they seem to understand the goal of ARDC being the supporter and partner for delegates.

To our knowledge, all applicants are fully competent to serve as the security member of the ARDC and we look forward to working with all of them in the future. We believe the main avenue for all security-focused firms will be the Arbitrum DAO Procurement Committee (ADPC) and we hope to see all of them applying there as well.

Regardless of the ARDC election results, we look forward to working with all the applicants to support and secure the future of Arbitrum.

DAO Advocate

Lastly, we’ll be abstaining from the elections of the DAO Advocate role as we (alongside Ant Federation) are one of the 2 nominees.

EDIT: As there’s no separate option to abstain in this vote, we will be voting for both us and Pavel, as the outcome is technically the same.

First of all, a big thanks to all the candidates that applied! We were especially impressed by the number and quality of applicants for the Security Member role.

The Princeton Blockchain Club is voting for the following candidates:

DAO Advocate: L2Beat / Ant Federation (100%)

• It’s hard to ask for a better choice for this role. The L2Beat team have been very consistent with their contributions to the DAO, and the Ant Federation is made up of top Arbitrum DAO and DeFi contributors. We’re very confident that both groups will serve as a great bridge between the DAO and the ADRC.

Research Member: Blockworks / Delphi Digital (100%)

• Blockworks / Delphi Digital’s bid is $460k more expensive than The Block’s, but we believe that their additional expertise is worth the added cost. Blockworks is another very consistent Arbitrum contributor, and therefore their team has significantly more experience with the inner workings of the DAO.

Risk Member: Chaos Labs (100%)

• Although they’re the only candidate for the Risk position, Chaos Labs is a strong choice for the role. Their work on Aave and GMX has been valuable for both teams, and was highly praised in their recent renewal thread for Aave. Furthermore, their CEO is a member of the Arbitrum Security Council, demonstrating further dedication to the DAO.

Security Member: Zellic/Dedaub (50%), Trail of Bits (50%)

• This was the hardest one to vote on, as pretty much every security provider that applied is a powerhouse. We’d be happy with most of the applicants winning, not just the ones we voted for.

• Zellic and Dedaub presented an interesting payment model that we appreciated. Some old criticism of the Security Member role was that the DAO was overpaying for services it didn’t really need. In response, Zellic and Dedaub have given the DAO a choice in what we want to see funded.

• Trail of Bits is another candidate we felt like we had to vote for. They’re highly familiar with the ins-and-outs of Arbitrum Nitro, and frequently audit upgrades proposed by Offchain Labs. (Make sure to give their ArbOS code walkthrough a look as well, it’s a good resource!)

Thanks once again to everyone that applied!

This was really hard, there were a lot of great candidates for each position. I honestly don’t think anyone on the ballot wouldn’t be a great option for each position, but in the end, they pay us the big bucks to make these decisions right

Here is what I voted:

Research Member:

80% Blockworks and Delphi Digital, 20% The Block

Both teams are more than qualified to take on this role. Delphi Digital’s research work speaks for itself as does Blockworks’ research in governance and DAOs. These two teams together make for an incredible team and I think they will do a great job, so I’m giving them 80%. The Block’s journalism is also very impressive, and their bid is really competitive, so I had to vote for them a little too, because of the very reasonable budget (and the fact that they could also of course do the job), I gave 20% to The Block team.

DAO Advocate:

100% L2 Beat & Ant

Honestly, they have practically been doing this role for the last several months anyway… Sorry Pavel, there really was no competing with @Krst & team.

Security Member:

40% for Trail of Bits, 40% for OpenZeppelin, 20% for Zellic/Dedaub

Trail of Bits & OpenZeppelin have partnered with countless large and successful projects already and it’s hard to say which is better, so i just gave them both 40%. Zellic/Dedaub also seems like an excellent joint team that can absolutely get the job done, so i had to give them 20%.

Risk Member:

Elect Chaos Labs

The only game in town.

Blockworks research has abstained from all voting on the ARDC proposal given our application for the research component. We are thankful for all the support and beyond excited to exceed expectations and hit the ground running.

I’m posting the election reasoning on behalf of MUX Protocol.

Research Members: Blockworks Research and Delphi Digital have proved themselves for profound,comprehensive reports and tehnical analysis. Both of the teams have involved in the previous proposals and discussions. We’ve been more familiar with Delphi teams and follow their in-depth analysis. The collaborations of two teams will further strengthen the capability of both to produce non-biased reports / researches.

DAO Advocates: Representatives from L2 beats have been actively participating in the governance process. They’ve demonstrated the capability to act at the best interests of the Arbitrum DAO.

Security Members: We’ve worked with Open Zeppelin before and impressed by their professionalism. Both Open Zweppelin and Trail of Bits are top security providers in the space and contributed to many well-established infrastructures and protocols in the space. So we’ve casted 50% of votes to both of them.

Risk Member: Chaos Labs has deeply involved in the risk assessment and management process of GMX and other DAOs. We haven’t established our collaboration with them yet but had conversations with them. The team have demonstrated data-driven capabilities and expertise in the risk management.

The below response portrays the views of the @AranaDigital governance team, represented by @farfel.eth.

We want to start by thanking all applicants to the ARDC for their efforts and commitment to the Arbitrum DAO. The quality of applicants is a testament to the Arbitrum ecosystem and establishing this collective strongly positions the DAO and the community as a whole to grow and thrive over the coming months and beyond. We would also like to thank @immutablelawyer and the Axis Advisory team for their efforts in establishing this framework for the DAO to foster a more sustainable and effective governance.

ARDC Research Member Election

Vote: Blockworks/Delphi Digital
Type: Snapshot

The combination of these two entities makes for the highest quality candidate to serve on the ARDC. @BlockworksResearch and @Delphi-Digital have been at the forefront of research in the space. They possess expertise in Ethereum scaling solutions and their mechanisms, will create insightful content to advance Arbitrum, and deliver refined research to offer unbiased, data-driven guidance for informed decision-making by the DAO.

Blockworks has been intimately involved with the Arbitrum DAO since its inception and we look forward to continuing to work with them and their partner in Delphi Digital to further strengthen the Arbitrum DAO.

ARDC Advocate Member Election

Vote: L2Beat/Ant Federation
Type: Snapshot

L2Beat has been a steward for the Aritrum DAO thanks for the work of @krst and @Sinkas. They have been proactive in engaging the community through their governance calls and office hours. @dk3 and the L2Beat Governance team have continued to provide insights and serve as a proponent for what is best for the Arbitrum DAO. We believe the L2Beat/Ant Federation team will serve as a valuable member of the ARDC serving as the bridge and patron for the ArbitrumDAO.

ARDC Security Member Election

Vote: 50% OpenZeppelin / 50% Trail of Bits
Type: Snapshot

The Arana Digital team has collaborated closely with Jun within the Compound DAO for several years, entrusting OpenZeppelin as our reliable security provider. With our deep understanding of their offerings and direct involvement with their projects, we allocate 50% of our votes to them. The remaining 50% is directed towards Trail of Bits, a group that has demonstrated its dedication to the Arbitrum Ecosystem through their extensive collaboration with Offchain Labs and ecosystem protocols. Trail of Bits has been actively engaged with various leading protocols in the industry since its establishment in 2012, and their development of tools like Echidna and Slither for identifying contract vulnerabilities underscores their expertise and commitment.

ARDC Risk Member Election

Vote: Chaos Labs
Type: Snapshot

Drawing on their extensive experience providing risk assessment services to the top DAOs in the Arbitrum Ecosystem and across Ethereum such as Aave and GMX, Chaos Labs is poised to bring valuable insights to the ARDC. Chaos Labs’ track record of publishing valuable data-driven analyses and modeling further displays their suitability for this role, and, the presence of their CEO within the Security Council reinforces their organization’s qualifications and fit for this role.