Citing Mr. Clairvoyant’s comments posted here:
Certora provides services first, and Certora finds problems after OpenZeppelin, and it is more appropriate for the community to pay Certora fees each time. This is a better way to cooperate.
Trail of Bits and ChainSecurity may also be able to provide more multiple security services, and they may also find other security issues after the OpenZeppelin and Certora audits.
To maximize security, Compound should buy all security services and audits regardless of expense.
If certora really wants to proceed the proposal, it’s wise to consider other alternative payment programs.