Request for Comments: Security Pillar for the Arbitrum Grant
This Request for Comments (RFC) document seeks to gather feedback on the proposed prerequisites for eligibility for Shared Security Support Services by a Arbitrum Grant under the Security pillar. The prerequisites are designed to ensure that only projects that align with Arbitrum's focus and contribute to the growth and development of the Arbitrum ecosystem are eligible for support[1].
Security Pillar
The Security pillar emphasizes the importance of security. This includes establishing smart contract auditor pools, economic auditor pools, and a bug bounty program. To work closely with the Security Council[1].
Background
The Security pillar is crucial for the success of the Arbitrum Grant. It ensures that the projects supported by the grant operate with the highest level of security. The pillar focuses on establishing smart contract auditor pools, economic auditor pools, and a bug bounty program, which are key to the success of any project in the DeFi space[1].
Proposal
The proposal for the Security pillar includes the following prerequisites for eligibility:
- Smart Contract Auditor: Projects should have their smart contracts audited by reputable auditors. This is to ensure that the smart contracts are secure and function as intended[1].
- Economic Auditor Pools: Projects should have their economic models audited. This is to ensure that the economic models are sound and sustainable[1].
- Bug Bounty Program: Projects should have a bug bounty program in place. This program should be run on a reputable platform like Immunefi or Hats Finance. The bug bounty program should have the following requirements:
- Minimum Reward: The minimum reward for finding a bug should be $25,000[3][5] paid for by the project.
- The Pledge: Projects must have taken the pledge.
Accountability
Projects should be accountable for their security initiatives. They should provide regular updates on their progress and be transparent in their dealings[1].
We invite all stakeholders to provide their comments, suggestions, and feedback on these proposed prerequisites for eligibility under the Security pillar. Your input is invaluable in ensuring that the Arbitrum Grant supports the most deserving and impactful projects in the Arbitrum ecosystem.
Shared Security Support Services
Protocols that meet these requirements are eligible for:
- Matching by the Arbitrum DAO on bug bounty programs up to 100,000 USD paid in ARB Tokens.
- Secondary Audit of the targeted Smart Contracts by a pre-approved Audit Provider costs up to 250,000 USD paid in ARB Tokens.
- Auditors on Retainer to review any minor enhancements on these smart contracts post launch.
Services subject to availability and scheduling