[ZKSYNC] [TPP-3] ZIP Audit Reimbursement Program (ZARP)
[TPP-3] ZIP Audit Reimbursement Program (ZARP)
[TPP-3] ZIP Audit Reimbursement Program (ZARP)
| Proposal Type | TPP |
|---|---|
| One Sentence Summary | An annual program valued at $5m USD (~89m ZK) to reimburse security audit costs for successfully executed ZKsync Improvement Proposals (ZIPs) in 2025, ensuring high security standards for ZKsync protocol development. |
| Proposal Author | ZKsync Foundation |
| Proposal Sponsor | Cyfrin |
| Submitted Onchain | 2025-05-05 |
| Version | v1 |
| Summary of Action | This proposal establishes a ZIP Audit Reimbursement Program valued at $5m USD in ZK (~89m ZK) to reimburse developers for audit costs associated with successfully implemented ZIPs. The program will be funded through the ZK token minter and payments will be distributed autonomously upon the successful execution of a given ZIP. |
| Link to Forum Post | https://forum.zknation.io/t/tpp-3-zip-audit-reimbursement-program-zarp/636 |
| Link to Contracts | ZarpMain: 0xc117c6A6ad15799ce8e6912132E76baA921277e5, ZarpRetro: 0xEdE7012A5Fd6CB04318b6F8ca9A6dd508a86AF52 |
Abstract
The ZIP Audit Reimbursement Program (ZARP) allocates $5m USD in ZK over the 2025 calendar year to increase security standards across the ZKsync protocol by reimbursing the costs associated with third-party audits of successful ZIPs. This program will ensure that ZIP developers strive for exceptional security audit standards, resulting in secure and robust contributions to the ZKsync protocol.
Motivation
This proposal aligns with GAP 001: ZKsync Token Program Priorities 2025, which emphasizes the importance of accelerating ZKsync protocol development. As security is a foundational pillar of protocol integrity, this program directly supports the "Secure the Protocol" priority within GAP 001.
Impact
This program directly contributes to securing the ZKsync protocol, aligning with the ZKsync Governance North Star metric of protecting assets, builders, and the community from adversarial actors. By ensuring that all ZIPs undergo thorough security audits, the program mitigates vulnerabilities and strengthens the resilience of the protocol, removing the financial burden of security audits.
Primary Goals & Metrics
| Goal | Metric | Target |
|---|---|---|
| Secure the Protocol | % of successfully implemented ZIPs that receive audits | 100% of eligible ZIPs audited |
| Secure the Protocol | Number of security incidents related to newly implemented ZIPs that require an emergency upgrade to resolve | 0 incidents |
| Public Accountability | Number of reimbursements publicly documented | 100% of reimbursements tracked |
Token Mechanic
This Token Program Proposal (TPP) approves the creation of two capped minters to fund audit reimbursements for ZIPs executed in 2025. The total value of the two capped minters is 88,759,019 ZK, which is the ZK token value of $5m USD based on the 30-day average from 27 April 2025. An overview of the two capped minters is set out below:
ZarpMain– A general-purpose capped minter for ZIPs executed between May 1 and December 31, 2025. A total of 49,516,882 ZK may be minted fromZarpMain. Each ZIP will request its own allocation from this minter.ZarpRetro– A capped minter to reimburse audit costs for ZIPs approved by the Token Assembly between January 1 and April 30, 2025. A total of 39,242,138 ZK may be minted fromZarpRetro.
1. ZarpMain: Future Audit Reimbursements (Q2 - Q4, 2025)
ZarpMain is a capped minter that will fund audit reimbursements for any developer who submits a successfully executed ZIP on ZKsync between May 1, 2025 and December 31, 2025. Any ZIP author is eligible to claim audit reimbursements by following the outlined process, supporting the decentralization of protocol development. Developers will deploy a nested “child” capped minter to be able to draw from this main capped minter with successful protocol upgrade execution.
ZarpMain Capped Minter Parameters
Name: ZarpMain
Contract Address: 0xc117c6A6ad15799ce8e6912132E76baA921277e5
Admin: Protocol Governor Timelock
Target: ZK Token
Cap: 49,516,882 ZK
Start Time: 19 May 2025
End Time: 31 January 2026
Minter Role: N/A (child minters who assume the MINTER role are deployed per ZIP)
Eligibility Criteria
To be eligible for reimbursement:
- The ZIP must be successfully executed on ZKsync between April 1 and December 31, 2025.
- The ZIP must include a third-party audit from a recognized security firm.
- Audit invoice(s) must be submitted for verification to the ZKsync Security Council via direct message on the governance forum, before the ZIP is submitted onchain.
Reimbursements cover audit fees, formal verification costs, and code competitions. They do not cover ZIP development labor, travel, or other indirect expenses. A given audit may only be reimbursed once.
Claim Process
To claim reimbursement through ZarpMain, ZIP authors must complete the following steps before onchain submission of the relevant ZIP:
- Deploy a child capped minter with the following parameters (see Capped Minter V2 for deployment instructions):
Admin: [Protocol Governor Timelock](https://explorer.zksync.io/addre
... please visit link below to view full proposal
Off-Chain Vote
Timeline
May 05, 2025Proposal created
May 12, 2025Proposal vote started
May 18, 2025Proposal vote ended
Mar 26, 2026Proposal updated