Date: June 30, 2025

Proposer: Polkadot Assurance Legion (PAL) Curators

Requested Amount: 500,000 DOT

Beneficiary: Polkadot Assurance Legion (PAL) Bounty #22

Short Description: This proposal is the first bounty top-up for the Polkadot Assurance Legion (bounty #22), requesting 500,000 DOT. These funds will enable PAL to continue its crucial work in enhancing the security of the Polkadot ecosystem. The current mandate of PAL includes the partial audit funding for Runtimes and smart contracts (both Rust and Solidity), the development of security tooling, common-good security initiatives, and partial reimbursements for bug bounty payouts.

1. Introduction & Background

The Polkadot Assurance Legion (PAL) is a community-driven initiative dedicated to making Polkadot a safer and more attractive platform for builders and users. By allocating funds from the Polkadot Treasury, PAL supports a range of security-focused activities critical for Polkadot's health and growth. With PAL, Polkadot is the only ecosystem that allocates a portion of its on-chain treasury to enhance the security of the ecosystem, thereby investing in its long-term security, stability, and success.

Since the start of 2024, PAL has co-funded 25 audits, which have helped identify and resolve 133 on-chain vulnerabilities, of which 27 were classified as critical or high-risk. Furthermore, PAL has funded the development of a static-analysis tool and is just about to fund the development of a comprehensive ecosystem monitoring tool.

You can find the funding details in our community reports: Q1 2025, H2 2024, and H1 2024.

Previous PAL OpenGov referenda: #47, #1074.

More info on https://dotpal.io 

2. Current funding status

At the time of writing, the balance of the PAL Bounty #22 stands at approximately 177,800 DOT. Here is a breakdown of the spending so far (not including 2025 Q1 as the numbers are not final):

• 2025 Q2 (final report pending): Total 50,990 DOT (Audits: 32,793 DOT; Tooling: 4,424 DOT; Curator Salaries: 13,773 DOT);
• 2025 Q1: Total 49,454 DOT (Audits: 19,663 DOT; Tooling: 16,517 DOT; Bug Bounties: 3,304 DOT; Curator Salaries: 9,970 DOT);
• 2024 H2: Total 112,491 DOT (Audits: 84,262 DOT; Tooling: 10,695 DOT; Curator Salaries: 17,534 DOT);
• 2024 H1: Total 158,393 DOT (Audits: 154,413 DOT; Curator Fees and Travel: 3980 DOT).

Here is a breakdown of the share of each spending category:

• Audits: 78%
• Curator Salaries: 12,2%
• Tooling: 8.5%
• Bug Bounties: 0,9%

3. Top-Up Justification

Considering the past spending behaviour outlined above, and the anticipated future demand for security services, we would like to request a top-up of the PAL bounty with 500,000 DOT.

The funds currently remaining in the bounty provide sufficient albeit limited leeway for the upcoming months. In the next weeks, we will initiate payouts for the development of the ecosystem monitoring tool, which will have a total cost in the range of $200,000 to $250,000 (delivered via milestones of up to $50,000). Besides several ecosystem projects expressing interest in audit co-funding, we expect an uplift in demand due to the launch of EVM smart contracts on Polkadot Hub, which (hopefully) will be audited by their deployers. Furthermore, we would like to continue funding open-source security tools that benefit the Polkadot ecosystem.

According to our knowledge, the requested top-up should allow PAL to continue its operations uninterrupted for at least another 12-18 months (depending on factors such as DOT valuation).

4. Why Fund Security

A well-funded PAL directly contributes to:

• Enhanced Security: Funding Audits reduce the risk of exploits and potential loss of funds across the ecosystem.
• Increased Developer Confidence: Providing resources for tooling that helps developers build more secure applications.
• Greater User Trust: Demonstrating that Polkadot is committed to security, making it a more attractive platform for users.
• Ecosystem Growth: A secure environment fosters innovation and encourages broader adoption.
• Proactive Risk Mitigation: Supporting the development of tools and initiatives that can prevent future vulnerabilities.

PAL has a proven track record of effective fund management and impactful security contributions. The requested top-up will ensure that this vital work can continue and adapt to the Polkadot network's evolving needs.

We welcome any questions and are committed to continuing to report on the use of these funds in a transparent manner.