[TPP-3] ZIP Audit Reimbursement Program (ZARP)

[TPP-3] ZIP Audit Reimbursement Program (ZARP)

| Proposal Type | TPP | | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | One Sentence Summary | An annual program valued at $5m USD (~89m ZK) to reimburse security audit costs for successfully executed ZKsync Improvement Proposals (ZIPs) in 2025, ensuring high security standards for ZKsync protocol development. | | Proposal Author | ZKsync Foundation | | Proposal Sponsor | Cyfrin | | Submitted Onchain | 2025-05-05 | | Version | v1 | | Summary of Action | This proposal establishes a ZIP Audit Reimbursement Program valued at $5m USD in ZK (~89m ZK) to reimburse developers for audit costs associated with successfully implemented ZIPs. The program will be funded through the ZK token minter and payments will be distributed autonomously upon the successful execution of a given ZIP. | | Link to Forum Post | https://forum.zknation.io/t/tpp-3-zip-audit-reimbursement-program-zarp/636 | | Link to Contracts | ZarpMain: 0xc117c6A6ad15799ce8e6912132E76baA921277e5, ZarpRetro: 0xEdE7012A5Fd6CB04318b6F8ca9A6dd508a86AF52 |

Abstract

The ZIP Audit Reimbursement Program (ZARP) allocates $5m USD in ZK over the 2025 calendar year to increase security standards across the ZKsync protocol by reimbursing the costs associated with third-party audits of successful ZIPs. This program will ensure that ZIP developers strive for exceptional security audit standards, resulting in secure and robust contributions to the ZKsync protocol.

Motivation

This proposal aligns with GAP 001: ZKsync Token Program Priorities 2025, which emphasizes the importance of accelerating ZKsync protocol development. As security is a foundational pillar of protocol integrity, this program directly supports the "Secure the Protocol" priority within GAP 001.

Impact

This program directly contributes to securing the ZKsync protocol, aligning with the ZKsync Governance North Star metric of protecting assets, builders, and the community from adversarial actors. By ensuring that all ZIPs undergo thorough security audits, the program mitigates vulnerabilities and strengthens the resilience of the protocol, removing the financial burden of security audits.

Primary Goals & Metrics

| Goal | Metric | Target | | --------------------- | ----------------------------------------------------------------------------------------------------------- | ------------------------------ | | Secure the Protocol | % of successfully implemented ZIPs that receive audits | 100% of eligible ZIPs audited | | Secure the Protocol | Number of security incidents related to newly implemented ZIPs that require an emergency upgrade to resolve | 0 incidents | | Public Accountability | Number of reimbursements publicly documented | 100% of reimbursements tracked |

Token Mechanic

This Token Program Proposal (TPP) approves the creation of two capped minters to fund audit reimbursements for ZIPs executed in 2025. The total value of the two capped minters is 88,759,019 ZK, which is the ZK token value of $5m USD based on the 30-day average from 27 April 2025. An overview of the two capped minters is set out below:

1. ZarpMain – A general-purpose capped minter for ZIPs executed between May 1 and December 31, 2025. A total of 49,516,882 ZK may be minted from ZarpMain. Each ZIP will request its own allocation from this minter.
2. ZarpRetro – A capped minter to reimburse audit costs for ZIPs approved by the Token Assembly between January 1 and April 30, 2025. A total of 39,242,138 ZK may be minted from ZarpRetro.

1. ZarpMain: Future Audit Reimbursements (Q2 - Q4, 2025)

ZarpMain is a capped minter that will fund audit reimbursements for any developer who submits a successfully executed ZIP on ZKsync between May 1, 2025 and December 31, 2025. Any ZIP author is eligible to claim audit reimbursements by following the outlined process, supporting the decentralization of protocol development. Developers will deploy a nested “child” capped minter to be able to draw from this main capped minter with successful protocol upgrade execution.

ZarpMain Capped Minter Parameters

Name: ZarpMain

Contract Address: 0xc117c6A6ad15799ce8e6912132E76baA921277e5

Admin: Protocol Governor Timelock

Target: ZK Token

Cap: 49,516,882 ZK

Start Time: 19 May 2025

End Time: 31 January 2026

Minter Role: N/A (child minters who assume the MINTER role are deployed per ZIP)

Eligibility Criteria

To be eligible for reimbursement:

• The ZIP must be successfully executed on ZKsync between April 1 and December 31, 2025.
• The ZIP must include a third-party audit from a recognized security firm.
• Audit invoice(s) must be submitted for verification to the ZKsync Security Council via direct message on the governance forum, before the ZIP is submitted onchain.

Reimbursements cover audit fees, formal verification costs, and code competitions. They do not cover ZIP development labor, travel, or other indirect expenses. A given audit may only be reimbursed once.

Claim Process

To claim reimbursement through ZarpMain, ZIP authors must complete the following steps before onchain submission of the relevant ZIP:

1. Deploy a child capped minter with the following parameters (see Capped Minter V2 for deployment instructions):

Admin: [Protocol Governor Timelock](https://explorer.zksync.io/addre

... please visit link below to view full proposal

https://tally.xyz/gov/zksync/proposal/37336317904360891872634439686262641429380301134230744013571346123315862024472