Threshold
PolkaWorld votes AYE
Two-thirds in support, one-third opposed.
Supporters believe that having the Treasury allocate part of its funds to support security audits within the ecosystem is a strategically important move for improving security. With both Polkadot Hub and JAM launching, significant auditing work will be needed—this bounty could play a key role in addressing that need.
Opponents suggested that future funding be requested directly in USDC or USDT, which would improve transparency and tracking of fund usage.
You can view our full feedback here.
TruthDAO votes AYE
This is a long-running bounty with a solid reputation. The current request outlines a reasonable plan and demonstrates a strong potential to continue contributing to the ecosystem.
Bifrost has previously used this bounty through PAL for two audit requests, which shows the proposal is highly executable.
Security audits can be a significant expense for early-stage teams, so this proposal plays an important role in attracting new developers to the Polkadot ecosystem.
The budget is also clear and transparent.
You can view our full feedback here!
📖Truth DAO Governance Statement
🗳️ Delegate
Edited
Dear Proposer,
Thank you for your proposal. Our first vote on this proposal is NAY.
The Big Spender track requires 60% quorum according to our voting policy v0.2, and any referendum in which the majority of members vote abstain receives an abstain vote. This proposal has received zero aye and five nay votes from ten available members, with two members abstaining. Below is a summary of our members' comments:
Voters suggested that payments to curators should be tied to actual work hours and that quarterly top-ups for the bounty would be more practical than securing funding for 12–18 months in advance. Some called for more detailed cost breakdowns to ensure that a larger percentage of funds was dedicated to audits. While a few abstained out of support for the initiative overall, the prevailing opinion was that the budget was overly generous and inefficient.
The full discussion can be found in our internal voting.
Please feel free to contact us through the links below for further discussion.
Kind regards,
Permanence DAO
Decentralized Voices Cohort IV Delegate
📅 Book Office Hours
💬 Public Telegram
🌐️ Web
🐦 Twitter
🗳️ Delegate
Edited
Although security is a priority, the current PAL model has high administrative costs (12.2% allocated to salaries) and dedicates very little budget (0.9%) to direct incentives like bug bounties, which could be more effective in preventing vulnerabilities. Moreover, it’s not clear that the entire burden of audits should fall on the Treasury, as individual projects should also take responsibility for their own security. It’s time to reconsider whether this expenditure is the most efficient way to protect the ecosystem.
JAM DAO voted AYE on this proposal
Security is a foundational layer of any resilient blockchain ecosystem, and PAL continues to deliver critical value to Polkadot. While our initial concern was the use of DOT over stables, we recognize current protocol limitations and accept the reasoning provided by one of the curators.
Still, we hope to see progress toward allowing stablecoin-denominated bounties in the future - it would add predictability and mitigate market volatility.
✅ Why vote YES
• Essential security initiative: PAL is the only ecosystem-wide, community-led security program with a dedicated on-chain bounty for audits, tooling, and proactive risk management.
• Strong track record:
• 25 audits funded since 2024
• 133 vulnerabilities uncovered, including 27 high/critical
• Funding already resulted in security tooling, including static analysis and monitoring
• Ecosystem-wide impact: Audits and tools are used across parachains, dApps, and the Polkadot Hub, with increasing demand expected from EVM smart contracts deployment
• Transparent budgeting and reporting: Quarterly and semi-annual community reports are published (Q1 2025, H2 2024, etc.)
• Long-term sustainability: 500,000 DOT would cover 12–18 months of operations (audits, bounties, tools, curator fees), ensuring uninterrupted activity
• Improves trust and adoption: Better security = safer experience for users, more confidence for builders, and more credibility for institutional partners
• Low administrative overhead: Only ~12% of costs go to curators (rest focused on delivery)
⸻
❌ Why vote NO
• High cost: 500,000 DOT (~$1.65M at $3.30/DOT) is a large ask, even if over 12–18 months
• Bug bounty spending remains small: Less than 1% of previous budget went to actual bounty payouts—might raise concerns over practical ROI
• Potential lack of decentralization: Decision-making and spending controlled by a relatively small group of curators
• No external audit of PAL itself: While PAL funds audits, there’s no independent review of how PAL manages treasury money
• Audit dependency risk: Projects may come to rely too heavily on PAL instead of budgeting for their own audits
⸻
🎯 Conclusion:
The PAL proposal seeks to extend a critical, proven security framework for the Polkadot ecosystem. It offers ecosystem-wide protection, improved tooling, and proactive security for builders and users alike—yet its large cost and governance structure may prompt scrutiny.