[TPP-3] ZIP Audit Reimbursement Program (ZARP)

Token Mechanics Active TPPs
1

[TPP-3] ZIP Audit Reimbursement Program (ZARP)

Proposal Type TPP
One Sentence Summary An annual program valued at $5m USD (89,285,714 ZK) to reimburse security audit costs for successfully executed ZKsync Improvement Proposals (ZIPs) in 2025, ensuring high security standards for ZKsync protocol development.
Proposal Author ZKsync Foundation
Proposal Sponsor Cyfrin
Submitted Onchain 2025-05-06
Version v1
Summary of Action This proposal establishes a ZIP Audit Reimbursement Program valued at $5m USD in ZK (89,285,714 ZK) to reimburse developers for audit costs associated with successfully implemented ZIPs. The program will be funded through the ZK token minter and payments will be distributed autonomously upon the successful execution of a given ZIP.
Total ZK Requested 89,285,714 ZK
Link to Forum Post [TPP-3] ZIP Audit Reimbursement Program (ZARP)
Link to Contracts ZarpMain: 0x51E818785dEa065D392ac21F04E9cac5B601Cfd8, ZarpRetro: 0x70F6998FC0c492d9DD08b1105259252329be9Db6

Abstract

The ZIP Audit Reimbursement Program (ZARP) allocates $5m USD in ZK over the 2025 calendar year to increase security standards across the ZKsync protocol by reimbursing the costs associated with third-party audits of successful ZIPs. This program will ensure that ZIP developers strive for exceptional security audit standards, resulting in secure and robust contributions to the ZKsync protocol.

Motivation

This proposal aligns with GAP 001: ZKsync Token Program Priorities 2025, which emphasizes the importance of accelerating ZKsync protocol development. As security is a foundational pillar of protocol integrity, this program directly supports the “Secure the Protocol” priority within GAP 001.

Impact

This program directly contributes to securing the ZKsync protocol, aligning with the ZKsync Governance North Star metric of protecting assets, builders, and the community from adversarial actors. By ensuring that all ZIPs undergo thorough security audits, the program mitigates vulnerabilities and strengthens the resilience of the protocol, removing the financial burden of security audits.

Primary Goals & Metrics

Goal Metric Target
Secure the Protocol % of successfully implemented ZIPs that receive audits 100% of eligible ZIPs audited
Secure the Protocol Number of security incidents related to newly implemented ZIPs that require an emergency upgrade to resolve 0 incidents
Public Accountability Number of reimbursements publicly documented 100% of reimbursements tracked

Token Mechanic

This Token Program Proposal (TPP) approves the creation of two capped minters to fund audit reimbursements for ZIPs executed in 2025. The total value of the two capped minters is 89,285,714 ZK, which is the ZK token value of $5m USD based on the 30-day average from 27 April 2025. An overview of the two capped minters is set out below:

  1. ZarpMain – A general-purpose capped minter for ZIPs executed between May 1 and December 31, 2025. A total of 49,810,714 ZK may be minted from ZarpMain. Each ZIP will request its own allocation from this minter.
  2. ZarpRetro – A capped minter to reimburse audit costs for ZIPs approved by the Token Assembly between January 1 and April 30, 2025. A total of 39,475,000 ZK may be minted from ZarpRetro.

updated-overview
updated-overview2670Ă—716 140 KB

1. ZarpMain: Future Audit Reimbursements (Q2 - Q4, 2025)

ZarpMain is a capped minter that will fund audit reimbursements for any developer who submits a successfully executed ZIP on ZKsync between May 1, 2025 and December 31, 2025. Any ZIP author is eligible to claim audit reimbursements by following the outlined process, supporting the decentralization of protocol development. Developers will deploy a nested “child” capped minter to be able to draw from this main capped minter with successful protocol upgrade execution.

ZarpMain Capped Minter Parameters

Parameter Value
Name ZarpMain
Contract Address 0x51E818785dEa065D392ac21F04E9cac5B601Cfd8
Admin Protocol Governor Timelock
Target ZK Token
Cap 49,810,714 ZK
Start Time 19 May 2025
End Time 31 January 2026
Minter Role N/A (child minters who assume the MINTER role are deployed per ZIP)

Eligibility Criteria

To be eligible for reimbursement:

  • The ZIP must be successfully executed on ZKsync between May 1 and December 31, 2025.
  • The ZIP must include a third-party audit from a recognized security firm.
  • Audit invoice(s) must be submitted for verification to the ZKsync Security Council via direct message on the governance forum, before the ZIP is submitted onchain.

Reimbursements cover audit fees, formal verification costs, and code competitions. They do not cover ZIP development labor, travel, or other indirect expenses. A given audit may only be reimbursed once.

Claim Process

To claim reimbursement through ZarpMain, ZIP authors must complete the following steps before onchain submission of the relevant ZIP:

  1. Deploy a child capped minter with the following parameters (see Capped Minter V2 for deployment instructions):
Parameter Value
Admin Protocol Governor Timelock
Target ZarpMain
Cap Amount of ZK matching the reimbursement request calculated using the 30-day average of the price from the date the child capped minter is deployed.
Start Time 30 days after the expected protocol upgrade approval date
End Time 31 January 2026

Please reach out to Gov Team for support creating child capped minters.

  1. In the ZIP draft posted on the governance forum, include:
  • Link to the audit report
  • Link to the deployed child capped minter contract
  1. In the onchain ZIP submission, include calldata to:
  • Grant MINTER role:
    1. on the parent capped minter (ZarpMain) to the child capped minter; and
    2. on the child capped minter to the ZIP developer
  • Grant PAUSER role on the child capped minter to the ZKsync Security Council on ZKsync Era (0xfFB6126FF8401665081b771bB11cCD0e09f95D5A)

2012Ă—812 116 KB

If the ZIP passes the Token Assembly vote, the child minter’s MINTER role will become active after a 30-day buffer. During this time, the Security Council will verify the audit details if it has not already done so. If necessary, the Security Council may pause the minter using their PAUSER role, preventing misuse of funds.

2. ZarpRetro: Past Audit Reimbursement (Q1, 2025)

ZarpRetro is a capped minter used to reimburse audit costs for ZIPs approved by the Token Assembly prior to April 30, 2025. Any ZIP author is eligible for retroactive reimbursement. Matter Labs has been the only developer to submit protocol upgrades to date. As a result, Matter Labs is the sole claimant under the ZarpRetro capped minter.

ZarpRetro Capped Minter Parameters

Parameter Value
Name ZarpRetro
Contract Address 0x70F6998FC0c492d9DD08b1105259252329be9Db6
Admin Matter Labs Multisig (0xb84cFd9EBA97d991afa2E7B76b900804eE911Ab7)
Target ZK Token
Cap 39,475,000 ZK
Start Time 19 May 2025
End Time 31 January 2026
Minter Role [Admin to confirm post-execution]

The ZKsync Security Council has reviewed (or will review) the audit invoices and reports for ZIPs approved prior to 30 April 2025 to confirm eligibility.

The total value of the ZarpRetro Capped Minter is $2,210,600 USD. Using the 30-day average price of ZK from 27 April 2025, this amounts to 39,475,000 ZK tokens, which is the cap of the ZarpRetro Capped Minter.

Summary of Retro Audit Reimbursements

ZIP Amount Claimed (USD)
ZIP-3 Protocol Defense $91,440
ZIP-6 Gateway Prep $1,490,540
ZIP-9 EVM Emulator $628,620
Total USD $2,210,600
Total ZK at 0.056 (30-day average) 39,475,000

Eligibility

All ZIPs approved by the Token Assembly prior to 30 April 2025 were developed by Matter Labs. As such, Matter Labs will define the MINTER address for the ZARPRetro capped minter.

Details of audit reimbursements being claimed by Matter Labs are set out in the tables below.

ZIP Auditor $USD Claimed Audit Report(s)
ZIP-3 OpenZeppelin $91,440 Protocol Defense Report
ZIP-6 OpenZeppelin $510,540 ZKsync Custom Asset Bridge Audit + ZKChain Upgrades and Libraries Diff Audit + ZKChain & Gateway Upgrade Audit + ZKChain Release Candidate Audit
ZIP-6 Audittens $380,000 Gateway Security Competition
ZIP-6 Audittens $100,000 Hyperchains Security Competition
ZIP-6 Cyfrin $500,000 CodeHawks Security Competition
ZIP-9 OpenZeppelin $628,620 EVM Equivalence Audit + FFLONK Verifier Audit + FFLONK & EVM Emulator Diff Audit

All reimbursements claimed from the ZarpRetro capped have been reviewed and approved by the Security Council.

Claim Process

As the admin of the ZarpRetro capped minter, Matter Labs will be able to assign the minter role at their discretion that will be able to mint tokens in the ZarpRetro capped minter. The tokens are available to mint at any time until 31 January 2026.

Plan

Measurement & Reporting

  • On-chain tracking: The ZarpMain Capped Minter will record all disbursements, ensuring transparency.
  • Quarterly governance updates: The Security Council will publish status reports tracking disbursements and participation.
  • End-of-year report: A detailed impact analysis will be presented to the community.

Accountability Framework

  • The Security Council will review all reimbursement requests.
  • Conflicts of interest will be managed via a recusal policy.
  • All reimbursements are publicly documented for transparency.
  • Program impact is evaluated annually with Token Assembly input.

Participants

  • Security Council (responsible for oversight and pausing ineligible distributions).
  • ZIP developers and/or contributors (subject to KYC/KYB as per ZKsync Association policy).
2 Likes
2

TPP-3 was discussed on the bi-weekly Proposal Review call that took place on Wednesday this week.

:link: Find call notes, links and the recording here!

3

We’re happy to see this proposal here since audits are logically an integral part of having a secure ecosystem and providing clarity on how they will be financed should encourage more quality contributions to the ecosystem. Also, this proposal is a good example of the utility of capped minters when distributing ZK tokens.

Our only question is related to market volatility: whilst the proposal works well if ZK’s price goes up, as fewer tokens would be needed for audit reimbursements, how will the programme handle a significant decrease in ZK price? We understand and agree with the idea of having a fixed ZK amount for the ZARPMain capped minter, however if the price goes down, the amount of audits to be covered can be limited.

1 Like
4

Hey @SEEDGov great question!

If the current token cap is not sufficient to achieve the programs objectives, the Token Assembly can approve expand the token allocation via a new capped minter.

On the other hand, if the token supply for the program exceeds the program requirements significantly, in most cases it’s OK to wait until the program ends and simply leave the excess tokens unminted. However, the Token Assembly could choose to cancel the current capped minter, and deploy a new one with fewer tokens based on the program needs.

3 Likes
5

While I appreciate the intention behind this proposal and fully support improving security standards for the ZKsync protocol, I must voice concern over the current structure of the proposed minting mechanism.

Minting a large amount of ZK tokens—100 million ZK—within a relatively short time frame poses a significant risk of introducing sell pressure on the token, which could negatively impact the market price and broader community sentiment. Even if reimbursement claims are staggered, the full cap being minted or allocated upfront can create uncertainty in the market and raises concerns about inflationary impact.

I recommend adjusting the proposal to incorporate a monthly minting schedule, wherein a capped amount of ZK is minted each month based on the actual reimbursement claims submitted and approved during that period. This would achieve the following:

  • Align disbursements more closely with real-time audit demand and ZIP implementation.
  • Increase transparency and predictability for the community and token holders.
  • Reduce unnecessary minting and thereby limit potential downward price pressure on ZK.

Alternatively, if upfront minting is necessary from a technical perspective, I propose establishing stricter monthly disbursement limits and a dynamic burn mechanism for any unused tokens at year-end.

In conclusion, while the goals of ZARP are commendable, I urge the authors and governance participants to consider a more conservative and price-conscious approach to implementation.

6

Hey @cobinus - providing some context for your comments below.

Minting for this program is expected to be distributed over a 9-month period. (May 2025 - Jan 2026). For context, the Ignite Program that was approved by the Token Assembly allocated 325M ZK to be minted and distributed over 9 months.

Aside from the ZarpRetro capped minter, which would be available for minting upon the proposal passing, other audit reimbursements will only be granted/become mintable as the corresponding ZIPs are passed over time. These are expected to be spread out over the coming months as it takes time to prepare the upgrades and submit the proposals.

Additionally, audit reimbursements received through this program do not need to be minted all at once. The developer of each ZIP, who will hold the minter role on the associated capped minter contract, has the discretion to mint at a time that makes sense for the recipient.

There is currently no onchain-enforceable mechanism to enforce a suggested monthly minting schedule. The Governance Team is currently working on developing additional “minter mods” that would enable things like a mint rate limiter, but the timeline for completion is currently unknown.

7

EDIT: See below.

We have put this proposal up for voting!

Note: As always, we will conduct a review of the proposal calldata as part of our role on the security council once it reaches that stage.

2 Likes
8

We had the 30-day average as 0.058 instead of 0.056 in a table in TPP-3, so we resubmitted.

Thank you!

9

Program carries unclarity and brings risk on selling pressure. Hardly voting aganist on this one.