[NON-CONSTITUTIONAL] Arbitrum Audit Program

Arbitrum Audit Program

Summary:

• The Arbitrum Foundation is proposing to run an on-going open application for 1 year to support projects that require a subsidy to audit their project.
• A list of auditors will be approved into the program, and auditing firms are also invited from the ADPC’s Security Subsidy Fund to apply for the program.
• Arbitrum Audit Committee will include membership of Arbitrum Foundation, Offchain Labs, a technical expert elected by the DAO, and a team member from the OpCo (when operational).

Abstract

It is industry standard and recommended practice that all projects with on-chain smart contracts undergo at least one third party audit. This is because smart contracts can potentially secure millions, if not billions of dollars, yet a single bug in the code can result in the loss of all funds. In many cases, when the smart contract is deployed, it can be difficult to upgrade after launch, and audits should be completed prior to the project going live.

Unfortunately, audits are prohibitively expensive. It is not uncommon for projects to pay ~$20k per auditor per week. If multiple auditors are required for the project, then the bill increases substantially into six figures. This is problematic for early stage projects who may simply lack the funds to pay for an audit or be forced to allocate a significant portion of the funds they have raised from investors to pay for the audit.

This proposal aims to implement a subsidy scheme that will allocate funds to projects that require financial assistance to pay for an audit. To be eligible for the funds, the project will need to satisfy certain requirements such as launching on Arbitrum and any code audited will need to remain exclusive to our ecosystem for a fixed period of time.

We are targeting relatively early stage projects, projects that have demonstrated product market fit on Arbitrum, and finally projects that have remained loyal to our ecosystem with an upcoming launch or upgrade that has the potential to help grow the ecosystem.

The subsidy program will run for 1 year or until all funds are spent. An appointed Arbitrum Audit committee will run the program. There will be 4 (quarterly) transparency reports alongside a final summary report to keep the DAO abreast about program updates.

Rationale and Goals

1. Support early-stage projects. Promising projects face funding constraints that may prevent their launch without access to a third party audit or for them to somewhat dangerously ‘test in production.’
2. Encourage development on Arbitrum. By supporting builders and early-stage projects, we can potentially help make Arbitrum their home over other blockchains.
3. Scaling Responsibly. Scalability is not just about transaction throughput, but the ability for the system as a whole to secure and protect an increasing number of tokens (TVL).
4. On-demand availability. An open applications process to offer subsidy grants to projects just in time before their planned launch.

Application Process

1600×203 26.7 KB

The Arbitrum Audit Subsidy Program invites projects to apply via an open applications track with a standardised form to gather the following information:

• Team Information
  • Names
  • Background
  • Notable Investors
• Project Information
  • Overview & problem it is solving
  • Why will project achieve product market fit (or evidence of PMF, like traction or other metrics)
  • Stage of development & timeline to mainnet
• Audit coverage
  • Scope of audit
  • Lines of code & languages
  • Desired completion date
  • [extra information here]
• Subsidy information
  • Preferred auditor [optional]
  • Audit budget request

The committee will screen the above information based on:

• Technical maturity: Assess whether the code base is ready for a professional audit.
• Team experience: Evaluate whether the team has the experience, expertise, and motivation to successfully launch the project on mainnet.
• Likelihood of success: Judge whether the project has the potential to attract a user base and establish itself as a popular decentralized application on Arbitrum.
• Reasonable scope: Determine if the audit’s scope can be completed within the proposed timeline and budget.
• Arbitrum first. The project will prioritise launching on Arbitrum including One, Nova, and other Arbitrum chains.

A project can be rejected at any stage of the process at the committee’s discretion.

If the committee approves the project during the screening process, then it will undertake due diligence which may include reference checks, reviewing the code related to the audit scope, and other information it may deem necessary to check. Assuming the due diligence succeeds, then the committee will aid the project in connecting with auditors to get the best quote alongside confirming the auditor has the capability to audit the project.

It is up to the project to decide on the auditor, but it must be in agreement with the Arbitrum Audit committee. We expect auditors to be selected based on the rate charged to the project (i.e., auditor per week cost), availability and timeline for completing the audit and experience with auditing similar projects. In the case of an auditing competition platform, the auditor will need to demonstrate that the auditors on their platform have the required skillset for the specific project.

Keep in mind, this is a subsidy program, which will require the project to pay a portion of the audit, which will also be negotiated as part of the application process.

Eligibility Requirements

We welcome applications from early stage and existing projects that satisfy the following requirements:

• Smart contracts. Projects must have auditable smart contract code to qualify. We only subsidize audits for smart contracts and not the wider infrastructure. For example, Solidity or Stylus.
• Early stage project. Projects yet to launch their product are eligible or there is a significant upgrade for the code. They are allowed to have received venture capital or grants. Total funds raised will be considered as part of the decision making process by the committee.
• Native deployment. Projects that are operational on Arbitrum must demonstrate either a strong product market fit or a committed alignment with the Arbitrum ecosystem with expectations that subsequent product launches will be successful.
• Migrating deployment. Project is planning to migrate from another blockchain ecosystem to Arbitrum
• New audits only. Only new code, or code that has undergone significant modifications.
• Arbitrum exclusivity. Audited code must remain exclusive to Arbitrum for a fixed period of time.
• Arbitrum ecosystem. The project must launch in the Arbitrum ecosystem which includes all Arbitrum chains (including Arbitrum One or launching their own chain).

With the above in mind, our aim is to target early stage projects with potential to grow on Arbitrum as well as projects with a strong track record or loyalty to the Arbitrum ecosystem.

All audited code MUST remain exclusive to the Arbitrum ecosystem and this will be included in the relevant legal agreements. Breaching exclusivity will obligate the project to repay the full subsidy to the DAO via the Arbitrum Foundation (AF). Non-compliance may lead to legal recourse and/or a proposal to the DAO to ban the project from all future DAO-funded initiatives.

Subsidy Payment Conditions

Subsidy payments will only be paid after the audit is completed. The Arbitrum Foundation will disburse the funds to the auditor. All payments are contingent upon the Foundation’s satisfaction that the audit meets acceptable quality and confirms to industry standards.

Additionally, we will seek when possible to offer the payment in ARB as opposed to USD, subject to the auditor’s needs.

Approving Auditors

The Arbitrum Foundation will take on the role of evaluating auditors who want to apply for this program which includes an interview, reference checks, compliance, and agreement to the terms & conditions of this program. It should be noted that we will conduct an individual negotiation with all approved auditors to take into account potential different rates and offerings from the auditors. Additionally, auditors can apply at any time to join the program.

An approved auditor will have an opportunity to post on the forum to advertise that they have been accepted to the program. This will assist projects with finding auditors that may be suitable for them even if a subsidy is not offered by this program.

Additionally, we

... please visit link below to view full proposal

https://tally.xyz/gov/arbitrum/proposal/107606727309922720763027677505427395647796047780305505879344344641224024948240