• © Goverland Inc. 2026
  • v1.0.8
  • Privacy Policy
  • Terms of Use
Event HorizonEvent Horizonby0xFAD69Bd739c64cC8e3f1C3bb3B60fe4f160174Cchvax.eth

[ZKSYNC] [TPP-17] ZKsync Immunefi Bug Bounty Program 2026

Voting ended 28 days agoSucceeded

[TPP-17] ZKsync Immunefi Bug Bounty Program 2026

[TPP-17] ZKsync Immunefi Bug Bounty Program 2026

Title ZKsync Immunefi Bug Bounty Program 2026
Proposal Type TPP
One Sentence Summary The ZKsync Token Assembly approves $1.6M USD in ZK (80M ZK @ $0.02) to fund the ZKsync bug bounty program on Immunefi for 2026 and $400k USD in ZK (20M ZK @ $0.02)) for bug bounty payouts made in 2025.
Proposal Author ZKsync Security Council
Proposal Sponsor Cyfrin
Date Created 13 February 2026
Version v1.0
Total ZK Requested 100M ZK ($2m USD)
Link to proposal discussion ZKsync Forum post
Summary of Actions Grant minter role to 2 ZK capped minters: ZKsyncBugBounty2026: 0xc98b9FD0D62514E30c54857A58cc12c94495679D ZKsyncBugBounty2025Retro: 0x724C33f00eE832c2A4216a6F6986d9C4029849d4

Summary

This proposal seeks approval to fund the ZKsync bug bounty program on Immunefi through two capped minters totalling 100M ZK:

  1. ZKsyncBugBounty2026with $1.6m USD equivalent in ZK tokens (80M ZK) for forward-looking bug bounties; and
  2. ZKsyncBugBounty2025Retrowith $400k USD equivalent in ZK tokens (20M ZK) in reimbursement to Matter Labs for bug bounty payouts made in 2025.

Abstract

ZKsync’s security is critical infrastructure for both the protocol, and the broader ecosystem of ZK Chains. Vulnerabilities in ZKsync core contracts, circuits, tooling, or infrastructure can have cascading effects across ZKsync, ZK Stack deployments, and other ZK chains that rely on ZKsync technology.

The proposal establishes two distinct USD-denominated capped minters, one for forward-looking bug bounty funding and one for a one-time retroactive reimbursement. This structure provides clear scope separation, strong controls, and transparent accounting for a critical ecosystem-wide security function.

This proposal authorizes funding for:

  • Ongoing ZKsync bug bounty rewards administered via Immunefi, and
  • Reimbursement for historical bug bounty payouts made by Matter Labs in 2025.

Motivation

A robust bug bounty program is a critical security measure for ZKsync. Vulnerabilities in ZKsync affect not just a single network, but shared protocol components and tooling used across the ZK ecosystem.

Effective bug bounty programs:

  • Incentivize responsible disclosure over adversarial exploitation
  • Attract highly skilled security researchers to contribute to the protocol
  • Reduce systemic risk before vulnerabilities reach production

The existing Immunefi Bug Bounty program is a critical part of the emergency response procedure. With the Emergency Upgrade Board continuously on standby, upgrades in response to critical submissions are able to be escalated and executed within hours.

Historically, Matter Labs funded bug bounty payouts directly to ensure uninterrupted security coverage while Token Assembly funding mechanisms were still maturing. As ZKsync governance evolves, it is appropriate to:

  • Transition ongoing bug bounty funding into a governance-authorized structure, and
  • Retroactively reimburse prior, verifiable security expenditures that benefited the ecosystem as a whole

This proposal formalizes both objectives while maintaining strict caps, clear accountability, and full transparency.

Specification

This proposal authorizes two USD-denominated capped minters, converted to ZK using a price of 0.02 USD. The capped minters are calculated using a conservative reference price of $0.02 per ZK, ensuring the ZKsync security is prioritized irrespective of market conditions.

If the prevailing market price of ZK is higher at the time of reimbursement, fewer tokens will be minted and any portion of the cap that is not utilized will remain unminted.

Bug Bounty Capped Minter Structure

1. 2026 Bug Bounty Funding

A capped minter with $1,600,000 USD equivalent (80M ZK @ $0.02) will be granted minting rights to fund future ZKsync bug bounty rewards. The ZKsync Security Council will be the admin, and will work with Immunefi and other ZKsync security maintainers to distribute bounties.

The scope of bounties for this program include the following components where vulnerabilities affect all ZK chains and applications that rely on ZKsync technology:

  • ZKsync protocol contracts
  • ZK Stack components
  • Critical tooling and infrastructure supporting ZKsync-based chains
  • Submissions under SEAL Safe Harbour Agreement passed in GAP 2

ZKsyncBugBounty2026 Capped Minter (Forward-Looking Bug Bounty)

Parameter Value
Name ZKsyncBugBounty2026

... please visit link below to view full proposal

https://tally.xyz/gov/zksync/proposal/52899273737246738438218414127099712652047337592218084212368843786372445167418

Off-Chain Vote

For
1 HVAXVC100%
Against
0 HVAXVC0%
Abstain
0 HVAXVC0%
Quorum:100%
Download mobile app to vote

Timeline

Feb 13, 2026Proposal created
Feb 16, 2026Proposal vote started
Feb 22, 2026Proposal vote ended
Mar 17, 2026Proposal updated