The following reflects the views of L2BEAT’s governance team, composed of @krst and @Manugotsuka, and it’s based on their combined research, fact-checking, and ideation.
We voted FOR.
We support continuing to fund the ZKsync bug bounty program through a capped and DAO-approved structure. The Immunefi program already defines severity tiers, minimum rewards, and a maximum payout for critical smart contract issues, providing clarity for researchers. We also received confirmation that circuit-level vulnerabilities, proof generation issues, and other ZK-specific risks are within scope, which is appropriate given the protocol’s design.
While we are comfortable with the structure overall, periodic public updates on payouts and remaining allocation would further strengthen transparency and give the DAO clearer visibility into how the program evolves over time.