beneficiary

### **Proposal Overview**

We propose to harden Polkadot and increase its hacking resilience by:

1. Embedding TryState invariants across high-impact pallets, and
2. Launching an OSS-Fuzz-style framework, DotFuzz, for continuous runtime fuzzing, leveraging the invariants to transparently find deep logic bugs in new feature requests.

During the 6-month effort, we will collaborate closely with Polkadot’s core developers and ecosystem stakeholders, with whom this proposal is closely aligned.

The effort’s first value contribution is embedding standardized TryState invariants into Polkadot SDK pallets (starting from prioritized high-impact logic), ensuring that critical code changes are systematically verified. This strengthens the network’s safety without slowing development.

The second pillar involves leveraging industry-leading fuzzing technologies, specifically: Adapting Google’s OSS-Fuzz approach into a Polkadot-specific DotFuzz. The project will reach near-complete coverage of the codebase logic, with robust reporting and a reproducible test corpus that fosters security assurance and continuous improvement at an early development stage.

Funding is sought to support the end-to-end development and deployment of these advanced security capabilities over the course of six months.

[Full Proposal](https://docs.google.com/document/d/1tu72xTMl674gMiXR1Dw5ka2_pw5ne8D3gnK-Uvi2Ysc)

### **Deliverables**

* **Month 1:** Technical specification of the fuzzing farmwork; documents outlining the prioritization of pallets for the next steps
* **By month 3:** TryState invariants merged into polkadot-sdk
* **By month 6:** Fully open-source pipeline for continuous fuzzing of substrate-based runtimes, and a public dashboard for polkadot-sdk fuzzing

### **About Us**

Security Research Labs is a cybersecurity consultancy committed to making the world more secure. Discover more about us on [our website](https://srlabs.de/).

We have created two projects through referenda in the past ([942](https://polkadot.subscan.io/referenda_v2/942) and [1045](https://polkadot.subscan.io/referenda_v2/1045)), and have collaborated with Parity and other Polkadot ecosystem partners since 2019.

### **We Appreciate Your Feedback**

How can we improve our proposal? Your input will help us refine our approach to better serve the Polkadot community.

- A plan to make Polkadot safer from hackers  
- Adding checks (TryState) to important parts of Polkadot  
- Building a tool (DotFuzz) to find bugs automatically  
- Working with Polkadot’s team for 6 months  
- First step: Add safety checks to Polkadot’s code  
- Second step: Use fuzzing to catch hidden bugs  
- Deliverables: Reports, merged checks, and a public tool  
- Team has worked on Polkadot security before

assetKind

amount

validFrom

Deciding

Submitted

DecisionDepositPlaced

DecisionStarted

big_spender

DotFuzz - Hardening Polkadot through TryState invariants and CI-fuzzing 

root

whitelisted_caller

wish_for_change

staking_admin

treasurer

lease_admin

fellowship_admin

general_admin

auction_admin

referendum_canceller

referendum_killer

small_tipper

big_tipper

small_spender

medium_spender

Origin able to dispatch a whitelisted call.

Origin for signaling that the network wishes for some change

Origin able to cancel slashes and manage minimum commission.

Origin for spending up to 10,000,000 DOT from the treasury as well as generally administering it.

Origin for managing the composition of the fellowship.

Origin able to spend around 250 DOT from the treasury at once.

Origin able to spend around 1,000 DOT from the treasury at once.

Origin able to spend around 10,000 DOT from the treasury at once.

Origin able to spend around 100,000 DOT from the treasury at once.

Origin able to spend up to 1,000,000 DOT from the treasury at once.