Huge thanks to @Samater and the Immunefi team for driving this proposal right from the RFI process back in April up to this point.
As we’ve indicated from day one, we’re very excited about and supportive of a security subsidy program for Scroll builders. We believe this program has the potential to become one of the key pillars of Scroll’s builder support and ecosystem growth strategy. By effectively reducing cost barriers, the program accelerates project development for existing Scroll builders while acting as a magnet to attract new builders to the Scroll ecosystem.
We’re particularly pleased that the program’s scope extends beyond traditional security audits for builders. In our recent report, we highlighted how traditional code audits alone cannot provide foolproof security for projects. Beyond traditional audits, projects need to prioritize “full-stack” security—end-to-end security services that address the security needs of projects at every stage of the builder lifecycle, from development to post-deployment.
By allocating subsidies to both traditional audits and end-to-end security services (incl. fuzzing, formal verification, realtime monitoring, etc), the Scroll Security Subsidy Program demonstrates a robust program design that ensures full-stack security for projects.
Furthermore, the program’s exclusivity provisions ensure that only long-term Scroll-aligned projects receive subsidies. We view this as an innovative way to lock in projects within the ecosystem while discouraging subsidy shopping. We’re eager to see how this approach plays out.
Overall, we strongly support this proposal as a massive step forward in enhancing Scroll’s builder ecosystem. However, due to our involvement with Areta Market, we will vote abstain. We encourage other DAO members to vote in favour. Thanks!