Project name: Code4rena
Author name and contact info (please provide a reliable point of contact for the project):
Etherean
Twitter: https://twitter.com/_etherean
Discord: Etherean#7284
Vee
Twitter: https://twitter.com/Vee474
Discord: vee | C4#6243
I understand that I will be required to provide additional KYC information to the Optimism Foundation to receive this grant: Yes
I understand that I will be expected to following the public grant reporting requirements outlined here: Yes
L2 recipient address: 0xC2bc2F890067C511215f9463a064221577a53E10
Grant category: Governance Fund Phase 1
Which Voting Cycle are you applying for?: Cycle 10
Which sub-committee should review your proposal? Growth Experiment Grants
Project description (please explain how your project works):
Code4rena is a smart contract auditing platform that helps projects find more bugs faster than any other method. C4’s competitive audits have changed the web3 security space by providing a transparent and gamified alternative to traditional audits.
Competitive audits involve three main players: sponsors, wardens, and judges. Sponsors create a prize pool to attract wardens. Wardens are security researchers who compete to find as many bugs as possible. Independent judges are seasoned community members who assess the findings and allocate shares of the prize pool to the wardens.
To incentivize wardens, C4 uses a unique scoring system, with two primary goals: reward participants for finding unique bugs and make the contest resistant to sybil attacks. Judges are incentivized to review findings and decide their severity, validity, and quality by receiving a share of the prize pool themselves.
Project links:
- Website: code4rena.com
- Twitter: https://twitter.com/code4rena
- Discord/Discourse/Community: Code4rena
Additional team member info:
Sock - CEO
Twitter: https://twitter.com/sockdrawermoney
Discord: sockdrawermoney#7095
Email: sock@code4rena.com
Eric - COO
Twitter: https://twitter.com/_ninek
Discord: eric (ninek) | C4
Email: eric@code4rena.com
Growth
Etherean
Twitter: https://twitter.com/_etherean
Discord: Etherean#7284
Email: etherean@code4rena.com
Vee
Twitter: https://twitter.com/Vee474
Discord: vee | C4#6243
Email: vee@code4rena.com
Please link to any previous projects the team has meaningfully contributed to:
Since launching in early 2021, Code4rena has been keeping bugs out of production for hundreds of protocols including industry leaders such as OpenSea, Aave, Sushi, ENS, and more. The full list of the projects C4 has audited can be found here.
For more details about how Code4rena found 2 high severity vulnerabilities in OpenSea’s Seaport smart contracts read this story.
16 projects that are part of the Optimism ecosystem have trusted Code4rena to help secure their code.
Relevant usage metrics:
- 500+ high-severity vulnerabilities found
- 90+ wardens competing per competition on average
- 150+ audit contests on Code4rena so far
- $6.5M+ in rewards paid
We keep growing. According to our latest update on Nov 29 2022:
- 685 unique high-security vulnerabilities were found + awarded (20 more from last month, 113 more from 3 months ago)
- 321 wardens are contributing high-risk findings (40 more from last month; 104 more from 3 months ago)
Code4rena has evolved into one of the biggest and most open security communities in Web3. Our community involves founders, developers, security experts and enthusiasts:
- 6581 Community members
- 2660 Wardens
- 253 Certified wardens
Competitors, peers, or similar projects:
Code4rena has pioneered the alternative auditing landscape. While other players like Sherlock, our depth of experience iterating and improving on competitive audits allows us to offer consistently high-quality services while at the same time adapting quickly to new requirements.
Is/will this project be open-sourced?
Code4rena offers public and private audits. All the reports of our public audits can be found here.
Optimism native?: Code4rena is chain-agnostic
Date of deployment/expected deployment on Optimism: N/A
Ecosystem Value Proposition:
What is the problem statement this proposal hopes to solve for the Optimism ecosystem?
The Optimism ecosystem aims to grow quickly but many times within crypto, we’ve seen how rapid growth is not sustainable unless there’s a security-first approach. Traditional smart contract audits incur a hefty cost both financially and chronologically.
How does your proposal offer a value proposition solving the above problem?
Code4rena’s competitive audits can be started within 48 hours, have flexible costs, and provide significantly higher coverage, helping teams that want to deploy on Optimism go to market quickly and safely. The Code4rena team plans to use this grant to support the projects that are on Optimism, or plan to launch on Optimism, with their security needs.
Why will this solution be a source of growth for the Optimism ecosystem?
Security is essential for growth. Preventing costly multimillion-dollar hacks and ensuring that Optimism projects have access to fast and reliable security services promotes sustainable growth and solidifies a prestigious reputation. If projects in the Optimism ecosystem establish a reputation for being secure, this will give users more confidence and lead to greater adoption.
Has your project previously applied for an OP grant? No
Number of OP tokens requested: 750,000 OP
Did the project apply for or receive OP tokens through the Foundation Partner Fund?: No
If OP tokens were requested from the Foundation Partner Fund, what was the amount?: N/A
How much will your project match in co-incentives?: N/A
Proposal for token distribution:
- How will the OP tokens be distributed?
The purpose of this grant is to incentivize more projects to securely deploy on Optimism. A portion of tokens will be used to subsidize security audit competition pools sponsored by projects that will be deploying on Optimism for the first time.
Another portion of tokens will be used to subsidize security audit competition pools for projects that have already deployed on Optimism but want to secure new upgrades or features before launching to production.
The final portion of tokens will be used to create awareness around the grant, the incentives, and Optimism’s dedication to security. This entails marketing costs related to PR, sponsored content, and paid media.
Percentage breakdown
- 33,3% of the total amount of the grant to be transferred to Code4rena on a quarterly basis until the total amount of the grant has been received (three quarters in total).
- The 33,3% of the grant tokens received each quarter will be allocated in the following manner:
40% of tokens received will be used to subsidize security auditing costs for existing projects in the Optimism ecosystem, 40% to subsidize security auditing costs for projects planning to launch on Optimism, and 20% for marketing the initiative.
The security grant will subsidize 30% of the competitive audit cost with a cap of $25,000 so that as many projects as possible can benefit from the grant.
As a reference point, all the price pools of the competitive audits are listed here: https://code4rena.com/contests
Over what period of time will the tokens be distributed for each initiative? Shorter timelines are preferable to longer timelines. Shorter timelines (on the order of weeks) allow teams to quickly demonstrate achievement of milestones, better facilitating additional grants via subsequent proposals.
33.3% of the total grant is to be distributed on a quarterly basis to Code4rena until 100% of the grant has been received. Because security auditing competitions take more time to complete than other initiatives, we’d be better equipped to demonstrate results on a quarterly basis.
Please clearly define the milestones you expect to achieve in order to receive milestone-based installments. Please consider how each milestone relates to incentivizing sustainable usage and liquidity on Optimism. Progress towards each milestone must be trackable.
This is a service-based proposal. Milestones and their implementation are trackable and straightforward. The grant should subsidize 30% of the total audit cost for each project that applies. Following estimates are calculated based on previous code4rena data:
Q1 - 250.000 OP
- 100.000 on existing projects on Optimism
- 100.000 on projects that plan to launch on Optimism
- 50.000 to co-marketing initiatives
- Avg number of projects benefiting from the grant: 10 - 21*
Q2 - 250.000 OP
- 100.000 on existing projects on Optimism
- 100.000 on projects that plan to launch on Optimism
- 50.000 to co-marketing initiatives
- Avg number of projects benefiting from the grant: 10 - 21
Q3 - 250.000 OP
- 100.000 on existing projects on Optimism
- 100.000 on projects that plan to launch on Optimism
- 50.000 to co-marketing initiatives
- Avg number of projects benefiting from the grant: 10 - 21
*Estimates were calculated based on potential market volatility
Why will incentivized users and liquidity on Optimism remain after incentives dry up?
Getting a security audit can be a challenge for projects with small treasuries. Code4rena will help projects save money and ensure a more secure product for Optimism ecosystem users to interact with. In this case, it’s the protocols that are being incentivized to onboard Optimism, which inevitably brings their users to Optimism with them.
Please provide any additional information that will facilitate accountability: 0xC2bc2F890067C511215f9463a064221577a53E10