Non-Constitutional AIP: Ecosystem Security Fund

Reading time saved: 21 minutes

15 replies, 799 views, 53 likes



Sherlock has proposed a $4M Ecosystem Security Fund to provide discounted security audits for the Arbitrum blockchain, with an Audit Council overseeing the process and a focus on attracting top security talent. The community has mixed reactions, with some concerns about transparency and suggestions for Sherlock to contribute funds, but there's a strong movement towards consolidating security proposals into an RFP process, which Sherlock now supports.

What is this about?

Sherlock, a security audit company for protocols on the Arbitrum blockchain, has proposed the creation of an Ecosystem Security Fund with a budget of $4M. The fund aims to provide reduced-cost audits for Arbitrum protocols, thereby enhancing the security of the Arbitrum ecosystem and encouraging new teams to build on Arbitrum. The proposal includes the formation of an Audit Council to manage the fund and determine eligibility for discounted audits. Sherlock's audit model combines traditional audits with audit contests and involves a decentralized judging process. The company has a track record of identifying critical vulnerabilities and has conducted 47 audits in the past year.

How is the community reacting?

The community has shown a mix of support and concern for the proposal. Key points from the community include:

  • Sherlock1 provided comprehensive details about the proposal, including the structure of the Audit Council, the pricing strategy, and the expected impact of the initiative.
  • Dk32 noted Sherlock's past performance and the trust placed in them by Arbitrum protocols.
  • KeepBuildong3 and Jengajojo5 sought clarifications on various aspects of the proposal, including transparency and accountability measures.
  • ShaneMkt6 supported the proposal but suggested that Sherlock should contribute its own funds to the fund.
  • Danielhangan9 appreciated the proposal's alignment with Arbitrum's values.
  • Dk310, KeepBuildong11, and 0xJaeThorn12 discussed the idea of consolidating security proposals into an RFP process, which received significant support.
  • Sherlock13 withdrew their own proposal in favor of supporting the RFP-style process for auditing services.
  • 0xteagan14 and JOJOExchange15 expressed their support for the proposal.
  • The governance team of L2BEAT, Krst and Sinkas16, supported the consolidation of security-related proposals into an RFP process.

Why this is positive?

  • The fund could significantly increase the demand for security audits, leading to a more secure Arbitrum ecosystem.
  • The proposal is designed to attract top talent in the security field, ensuring high-quality audits.
  • Financial transparency is emphasized, with quarterly financial reports and a dedicated Telegram channel for updates.
  • The Audit Council structure is intended to mitigate potential conflicts of interest.

Why this is negative?

We have not been able to determine whether this will be negative.

Next actions

  • Sherlock has endorsed Dk3's RFC and the community is moving towards an RFP-style process for auditing services.
  • The community is in an open consultation period to discuss the consolidation of security proposals into an RFP process.

Posted a month ago

Last reply 24 days ago

Summary updated 10 days ago

Last updated 04/12 00:18