Compound Foundation's Security Service Provider Recommendation

Proposals
6

Next Steps for SSP RFP: Onchain Vote & Streamer Setup

The Snapshot vote has concluded, with ChainSecurity & Certora attaining majority support from delegates:

  • ChainSecurity & Certora: 425.3k votes (94.38%)
  • Cyfrin: 25.3k votes (5.62%)

An onchain vote will be published shortly to ratify the election of the above vendors and initialize their payment streams.

Funding Terms:

Total Budget: $2,000,000

  • $1,750,000 for ChainSecurity & Certora

  • $250,000 for ZeroShadow

Both of the above will have their own dedicated stream.

Duration: 12 months starting August 18, 2025

  • _streamDuration = 31,536,000 seconds (365 days)

Payment Mechanism: Funds will be streamed in COMP tokens through the Compound Streamer. The amount of COMP streamed will be USD-adjusted using Chainlink price feeds to ensure the vendors receive the agreed $2M USD equivalent over the 12-month term. Upon submission of the onchain vote, a 10% buffer will be applied to each stream, meaning a total of ~$2,200,000 of COMP will enter the Streamers upon proposal execution. This is meant to accommodate for COMP volatility.

Stream Recipient (_recipient):

  • ChainSecurity & Certora: 0xa1fa21665daA59f27046110CC2f58218b6343A2B

  • ZeroShadow: 0x9FAEaBCeD4C29F030d40A83F1a7822624d67f904

Slippage Amount (_slippage): 1%

  • Slippage ensures that every time the vendors claim, the Streamer converts the accrued USD amount into COMP using the current Chainlink price feed, with up to a 1% buffer to handle small price fluctuations and keep payments fair.

Claim Cooldown (_claimCooldown): 604,800 seconds (7 days)

  • This is the minimum time between claims. Once the vendors claim accrued COMP tokens, they can’t claim again for 7 days.

Stream Cancellation Rights:

  • The DAO retains the authority to cancel the stream if SLAs are not met and/or KPIs materially deviate from the agreed terms.

  • Any cancellation request must be explicated on the forums by the Compound Foundation, giving the service providers a 60-day notice for pausing the stream (_minimumNoticePeriod = 5,184,000 seconds). An onchain proposal must call the terminateStream() function in order for cancellation to occur.

1 Like