Non-Constitutional
Abstract
Following the approval of the Arbitrum Audit Program, and the technical expert application and shortlisting process, the Arbitrum Foundation has shortlisted two candidates for the Technical Expert seat of the Audit Committee. The elections will follow the shielded voting standards described here.
Motivation
As part of the approved process, an election should be conducted for the DAO to fill the Technical Expert role, who will play a significant role in operationalizing the Audit Program. The role is a paid position ($5k per month) and the expected workload is estimated at ~1-2 days per week.
The Technical Expert will be responsible for:
- Reviewing audit reports submitted by external auditors, assessing the validity and accuracy of their findings.
- Providing technical guidance and support to the Audit Committee in reviewing the applicants and the audit firms.
- Assessing the complexity of the audits and helping in the matching between applicants and audit firms.
The following criteria were used to evaluate and shortlist the candidates:
- Strong Solidity knowledge with a nice-to-have on Viper, Stylus, and/or Rust knowledge.
- Deep understanding of blockchain security principles and common vulnerability patterns.
- Excellent communication skills, with the ability to clearly articulate technical findings to both technical and non-technical audiences.
- Familiarity with the Arbitrum ecosystem, including its architecture and tooling.
Specifications
The Arbitrum Foundation, acting in its capacity as chair of the Audit Committee, has shortlisted the following two candidates out of 68 candidates for the technical expert position, Gustavo Grieco and Andrei Andonov, alongside candidate-provided bios.
Gustavo Grieco
Introduction
Hi, I’m Gustavo Grieco (GitHub), a freelance blockchain security engineer. I spent about eight years at Trail of Bits (TOB) working on a wide range of blockchain security projects, dedicating a significant portion of that time to reviewing the Arbitrum stack.Background
This included deep technical audits across several versions of the protocol, from the original Arbitrum Classic to Nitro and, more recently, Stylus. Alongside Arbitrum, I also audited various DeFi applications such as stablecoins, lending platforms, decentralized exchanges, wallets, and other core blockchain infrastructure.Experience
I tend to keep a low profile and focus on the technical side, but I place a strong emphasis on clear communication, especially in audit reports. As a Principal Security Engineer at TOB, I was involved not only in hands-on code reviews but also in audit planning. This included defining scopes, estimating effort, selecting tools, and ensuring findings were presented with the right balance of technical depth and clarity for non-technical readers. I also participated in early-stage client discussions, which gave me a solid understanding of how audit needs evolve throughout a project’s lifecycle.Role at Arbitrum Audit Program
For this role, I will bring:
- Thorough evaluation of audit reports submitted by external auditors to verify the accuracy and relevance of their findings
- Practical and transparent guidelines for evaluating and ranking companies, individuals, or projects applying to the Arbitrum Audit Program
- A strong commitment to operational security to protect the integrity and confidentiality of the process
- To maintain independence and continuously improve my skills, I am currently unaffiliated with any company or organization and am focusing on advancing smart contract security tools, particularly in fuzzing and symbolic execution.
Andrei Andonov
Introduction
Hey everyone, I’m Andrei (@iamandreiski), and I have been part of the crypto space since 2017, and professionally since 2020. After various non-tech crypto roles, I pivoted to smart contract security in late 2023, working on keeping the Ethereum ecosystem safe — as my fundamental belief is that security is crucial for crypto’s future and the onboarding of new users and capital.Background
I bring a strong public track record as a Security Researcher, with 10+ Top-5 finishes in public audit contests, and 50+ audits. Prior to the current role, I led teams, processes and operations as a Head of Knowledge Management at Crypto .com, as well as other project management engagements.Experience
In the spirit of transparency and showcasing my technical and research skills, as well as contributing towards ecosystem security, I’ve competed in numerous public audit contests. My public portfolio encompasses:
- 100+ Critical/High/Medium vulnerabilities
- 2 x first places, with 10+ top-5 placements
- Numerous types of projects including, but not limited to: Stablecoins, Cross-Chain integrations, Liquid staking protocols, AMMs, Bridges, L2s, etc.
- More information regarding contest highlights can be found on my Github, as well as links to my profiles on platforms such as Sherlock, Cantina, CodeHawks, etc.
Role at Arbitrum Audit Program
I’ve spent time on both sides of the fence - scaling dev/operations teams and diving deep into security research - so I bring a unique perspective to the table.My security research experience, coupled with overseeing many projects enables me to evaluate a codebase’s maturity, potential risks, audit findings, and the overall state of the project/product. And second, through my participation in audit contests and bug bounties, I’ve gained insights into various audit companies, practices, as well as how this market operates. With all of the above, I can ensure protocols are well-prepared for audits, optimizing resource use. I’m excited about the opportunity to contribute to the Arbitrum Audit Program and strengthen its ecosystem.
Timeline
- June 19th: Proposal is posted to the forum.
- June 24th (14:00-14:30 UTC): Both Technical Expert candidates present themselves to the DAO on a community call.
- June 26th: Proposal is posted for a Snapshot vote.
- Early July: The elected Technical Expert is onboarded into the role by the Arbitrum Foundation.