TL;DR

The Compound Foundation recommends ChainSecurity & Certora as the new security partner for Compound, augmented by ZeroShadow as the incident response and monitoring provider.

These vendors bring a Tier-1 market reputation, prior experience supporting Compound, and a tailored security framework.

We expect to deliver the DAO savings of $2M annually, or 50%, on its security budget.

Overview

The Compound Foundation–in consultation and partnership with CGWG–is pleased to update the Compound DAO & community on exciting progress with the Compound Security Service Provider (SSP) RFP submission, which we announced on July 1st, the first day of operations of the Compound Foundation.

The proactive RFP approach reinforced the incredible strength of the Compound brand, and drew media attention. 16 proposals were publicly submitted, representing top-tier security firms, and we were deeply impressed by their quality, thoughtfulness, and technical depth.

To streamline the selection process, enhance clarity around roles, and optimize a true 24/7/365 monitoring, the Foundation has elected to separate the Monitoring & Incident Response (IR) workstream from the SSP engagement. After independent evaluation, ZeroShadow has been selected as the preferred incident response provider, allowing the SSP vote to focus solely on audit, advisory, and vCISO services.

This was a highly competitive process, and we’re deeply grateful to every team that participated. Following an evaluation period and a comprehensive interview process, we have selected five finalists to advance to the final Snapshot vote. These providers presented proposals which strongly align with Compound’s current needs and growth aspirations. Each of these teams is eligible to proceed to the Snapshot vote beginning Monday, July 28th.

Among these five, the Compound Foundation recommends Chainsecurity & Certora as the best overall choice to strategically secure Compound’s next growth. With this selection alongside ZeroShadow, Compound’s total security spend will be reduced by 50% to $2M annually, without compromising the high standards the protocol has maintained.

SSP Evaluation Process

The Foundation evaluated all proposals based on a previously outlined six point framework:

• Technical Expertise in auditing, testing, and multi-chain support
• Audit Methodology and deliverable quality
• vCISO & Advisory Capabilities, including personnel, experience, and availability
• Compound & DeFi Familiarity based on past work and onboarding readiness
• Market Reputation and engagement history
• Pricing & Value, measured by overall scope, personnel commitment, and service clarity

Michael Lewellen (@cylon), a leading expert in the field and an independent delegate of the Compound community, led the RFP and evaluation process as a special advisor to the Foundation, in coordination with the CGWG and Foundation leadership. This included vendor interviews, detailed scoring reviews, pricing/scope revisions, and select client reference calls to ensure the best possible outcome to Compound’s security needs and growth aspirations.

Shortlisted SSP Proposals

Each of the five shortlisted providers brings unique strengths to the table—ranging from formal verification expertise to hands-on governance experience. Compared with the annualized $4M security cost since 2021, we are pleased to deliver step-change improvements in cost-efficiency and flexibility compared to Compound’s prior security arrangement, while maintaining a high bar for quality and coverage which are synonymous with Compound’s yearlong reputation as a pioneer in the lending protocol field. The Foundation was also able to pre-negotiate two 1 year optional renewals at the same commercial terms as well as partnership on supporting the Compound growth.

Shortlisted proposals (alphabetically rank ordered) that decide to move forward will have until the end of day Thursday, July 24th to finalize their public proposal details, including additional details on pricing. Please note that the annual price below does not include IR/Monitoring as a workstream.

*Some vendors have elected not to move forward with the Snapshot vote without the Foundation’s recommendation. Those vendors will not have their final pricing posted and will consequently not be part of the Snapshot vote.

Foundation’s SSP Recommendation: ChainSecurity & Certora

After careful review and with CGWG’s input, the Compound Foundation recommends ChainSecurity & Certora as the best overall option for Compound’s Security Service Provider for the next 12-month term, with the aspiration of forming a long-term strategic partnership. This recommendation reflects a balance of technical rigor, Compound familiarity, formal verification depth, and sustained value. Key reasons for selecting ChainSecurity & Certora include:

• Deep Compound experience: ChainSecurity has audited prior Compound V3 deployments and governance proposals, bringing firsthand knowledge of the protocol’s architecture and risk profile.
• Formal verification leadership: Certora is a pioneer in formal verification tooling, offering advanced techniques for proving correctness of complex smart contract systems.
• vCISO support and technical strength: The engagement is led by ChainSecurity’s senior leadership, with multiple engineers available full-time to support audits, governance reviews, and real-time advisory.
• Trusted by top protocols: Both firms have secured protocols like Aave, Uniswap, Maker, and Ethereum Foundation, and are widely respected for their focus on correctness and systematic risk reduction.
• Long-term alignment: Both teams have demonstrated consistent DAO engagement and the ability to grow with protocols as complexity scales.

While the Foundation has named its recommended choice, we encourage the community to carefully review each finalist and vote for the team they believe will best support Compound’s security needs moving forward. The Foundation will also make itself available for private discussions with delegates wishing to probe on our thinking process and learn more about the evaluation process. A stated goal of the Foundation is to increase the community’s engagement, and this is an excellent opportunity to do so.

Monitoring & Incident Response Provider: ZeroShadow

ZeroShadow has been selected as the dedicated monitoring and incident response (IR) provider under a separate $250K annual engagement. This approach solidified after ZeroShadow was named as a vendor in two separate SSP proposals, and the Foundation had the opportunity to reimagine the best security framework for Compound’s current needs. Carving out the IR engagement as a standout provider allows Compound to benefit from 24/7/365 coverage with a virtual Security Operations Center (vSOC)—fully embedded within Compound’s monitoring infrastructure. Their responsibilities include:

• Setting up a monitoring solution and tuning detection logic to reduce alert noise, utilizing the latest methodologies including AI
• Triaging alerts in real time and coordinating incident response
• Responding to governance attacks, smart contract exploits, phishing attempts, and multisig compromise
• Running tabletop exercises and improving preparedness of the protocol to proactively respond and resolve security incidents in coordination with the Community Multi-sig

While the Foundation interviewed other incident response offerings that applied to the SSP RFP, ZeroShadow was selected for its battle-tested team, “follow the sun” operational framework, fund recovery experience, and strong track record supporting major incidents, including work with SEAL to combat DPRK cybercrime. ZeroShadow will work closely with the Compound Foundation, selected SSP and Community Multisig to ensure rapid, informed response.

You can read more about ZeroShadow in their proposal the Foundation has asked them to provide here.

Next Steps

• Thursday, July 24 (EOD EST): Finalists will update public forum proposals with confirmed pricing and scope. Only two proposals, Chainsecurity & Certora and Cyfrin, have chosen to move forward.
• Friday–Sunday, July 25–27: Final community review and feedback
• Monday–Monday, July 28–August 4: Snapshot vote opens to tokenholders
• Tuesday–Friday, August 5-12: On-chain proposal to ratify SSP selection and initiate payment stream
• August 18 – September 8: Onboarding and potential handoff period begins, assuming a new provider is chosen

Final Thoughts

The Foundation extends its sincere appreciation thanks to all 16 teams who submitted proposals and participated in the evaluation process. Your contributions demonstrated the strength and depth of the Web3 security community. We now look ahead to the final phase of this process and encourage all tokenholders and delegates to engage in the Snapshot vote beginning Monday, July 28th. Excited to formalize Compound’s next security partner together with the community.

We want to thank the Compound Foundation, the CGWG, and especially Michael Lewellen and Aaron Schnarch for their transparency, professionalism, and thoughtful handling of this RFP process.

Cyfrin has updated the proposal, answering any concerns related to previous security engagements, and we have updated our pricing.

We look forward to any feedback and the snapshot vote.

ChainSecurity and Certora are honored to be recommended by the Compound Foundation as the next SSP for Compound. We thank you for your trust and are committed to delivering at the highest standard.

We have updated our proposal. Here is a summary of the changes:

1. Tenderly has been unbundled from this proposal with the understanding that their platform will be considered as part of ZeroShadow’s evaluation process.
2. ChainSecurity and Certora are submitting a joint proposal with an annual fee of $1.75M. The fee is capped for two years at least.
3. The following has been added to our scope:

• We will become signers of Compound’s multisig
• We will ensure a smooth, clearly-defined, and efficient collaboration with ZeroShadow. We will make ourselves available to support their efforts and offer direct communication channels with redundancies across different timezones.
• While ZeroShadow owns the responsibility for monitoring, we will support them by offering monitoring recommendations when relevant risk areas are noticed during our reviews or advisory work.
• While ZeroShadow owns the responsibility for incident response (IR) & for designing the IR protocols, we are responsible for ensuring an IR drill happens every quarter with the relevant actors (ZeroShadow, multisig signers, key developers, etc.), and that the IR protocols are understood by all actors involved.

4. The following has been excluded from our scope:

• Monitoring & Alerting (both the platform and the associated services)
• Incident Response & Triage
• Any of Tenderly’s tooling solutions (Tenderly’s virtual testnet, Tenderly monitoring stack, etc.)
• The scope of ZeroShadow’s proposal

Following the Foundation’s announcement, OpenZeppelin withdrew from the RFP process. While honored to be a finalist, we sought unified endorsement from both the community and the Foundation. We appreciate the Foundation’s effort in considering our proposal.

We want to thank the Compound community for the opportunity to serve as your security partner. It’s been a privilege to contribute to the protocol’s security, and we’re grateful for the trust you’ve placed in us. We remain fully committed to supporting Compound through the transition period.

SSP RFP Process Update: Snapshot Vote

Thank you to the Compound Foundation for their effort in facilitating negotiations with the security vendors. The CGWG is now coordinating next steps to facilitate the election of Compound’s new SSP.

• This 7-day Snapshot vote to determine the DAO’s preferred SSP will run from Monday, July 28 at 3pm ET until Monday, August 4 at 3PM ET.
• Immediately after the conclusion of the Snapshot vote, an onchain vote will be conducted to ratify the SSP selected from the Snapshot vote.

The Snapshot vote is live here.

Voting Options

For this Snapshot, delegates will be able to vote between the following vendors:

• ChainSecurity & Certora (view their full proposal here)

• Cyfrin (view their full proposal here)

Note that the final voting pool consists solely of the above two vendors. The Foundation narrowed the initial pool of 16 RFPs down to a shortlist of 5 proposals. As per the above post, the Foundation has publicly voiced their primary vendor recommendation, advocating the DAO to adopt ChainSecurity & Certora as the new SSP team. Due to this endorsement, 3/5 shortlisted vendors—including Cantina, Immunefi Magnus, and OpenZeppelin—opted to not partake in the Snapshot election as to not disclose further details around commercials. However, Cyfrin has chosen to fully disclose their pricing, making them eligible for the Snapshot vote.

Cost to Compound

Both of the above vendors have submitted 12-month engagement proposals with similar cost structures: Cyfrin at $1.5M and ChainSecurity & Certora at $1.75M. This RFP process has allowed the DAO to solicit a multitude of robust proposals, ensuring a smooth transition from the existing relationship with OpenZeppelin, while opening Compound to a near 50% reduction in security-based expenditure without a reduction in quality.

ZeroShadow will be included by default in the overall security engagement, regardless of which SSP is selected by the DAO. Their inclusion will support continuous monitoring and incident response capabilities, complementing the chosen SSP’s services. A total of $250k will be allocated to ZeroShadow; their proposal can be reviewed here.

Therefore, the total cost of the engagement will amount to:

• $1.75M + $250k = $2M if ChainSecurity & Certora are selected

• $1.5M + $250k = $1.75M if Cyfrin is selected

All funds will be streamed linearly over the duration of the engagement.

Voting Logistics

This Snapshot vote will be considered valid as long as quorum (total number of votes submitted) reaches the onchain threshold of 400k COMP. Once quorum is reached, the winner will be determined by a simple majority.

“Weighted Voting” will be utilized, where each delegate has the ability to spread their voting power across any number of choices. This voting system allows delegates to select between multiple options—or simply allocate their entire voting power to a single vendor.

Additionally, to ensure that Snapshot votes aren’t altered last-minute, we are implementing a quorum cut-off period for the votes between 12pm - 3pm ET on August 4th. The Snapshot will technically end at 7:59pm ET on the 4th, however, to mimic the nature of onchain votes, the final vote will be counted at 3pm ET—unless a vote flips in the 12pm - 3pm period, at which point, the Snapshot vote will be extended from 3pm - 7:59pm ET.

Thank you to all vendors who participated and to the Compound community for helping guide this process forward.

Next Steps for SSP RFP: Onchain Vote & Streamer Setup

The Snapshot vote has concluded, with ChainSecurity & Certora attaining majority support from delegates:

• ChainSecurity & Certora: 425.3k votes (94.38%)
• Cyfrin: 25.3k votes (5.62%)

An onchain vote will be published shortly to ratify the election of the above vendors and initialize their payment streams.

Funding Terms:

Total Budget: $2,000,000

• $1,750,000 for ChainSecurity & Certora

• $250,000 for ZeroShadow

Both of the above will have their own dedicated stream.

Duration: 12 months starting August 18, 2025

• _streamDuration = 31,536,000 seconds (365 days)

Payment Mechanism: Funds will be streamed in COMP tokens through the Compound Streamer. The amount of COMP streamed will be USD-adjusted using Chainlink price feeds to ensure the vendors receive the agreed $2M USD equivalent over the 12-month term. Upon submission of the onchain vote, a 10% buffer will be applied to each stream, meaning a total of ~$2,200,000 of COMP will enter the Streamers upon proposal execution. This is meant to accommodate for COMP volatility.

Stream Recipient (_recipient):

• ChainSecurity & Certora: 0xa1fa21665daA59f27046110CC2f58218b6343A2B

• ZeroShadow: 0x9FAEaBCeD4C29F030d40A83F1a7822624d67f904

Slippage Amount (_slippage): 1%

• Slippage ensures that every time the vendors claim, the Streamer converts the accrued USD amount into COMP using the current Chainlink price feed, with up to a 1% buffer to handle small price fluctuations and keep payments fair.

Claim Cooldown (_claimCooldown): 604,800 seconds (7 days)

• This is the minimum time between claims. Once the vendors claim accrued COMP tokens, they can’t claim again for 7 days.

Stream Cancellation Rights:

• The DAO retains the authority to cancel the stream if SLAs are not met and/or KPIs materially deviate from the agreed terms.

• Any cancellation request must be explicated on the forums by the Compound Foundation, giving the service providers a 60-day notice for pausing the stream (_minimumNoticePeriod = 5,184,000 seconds). An onchain proposal must call the terminateStream() function in order for cancellation to occur.