Proposal: Fund Ongoing Security


Security-First Approach

Over the 2-plus years that Perpetual Protocol has been live the protocol has not suffered any hacks or exploits. We attribute this to the significant emphasis and focus placed by the team on security of all funds on the platform. As a quick recap, there are currently a number of mechanisms in place to minimize risk to our users, including:

  • External Audits: we work with dedicated partners who built out in depth knowledge of Uniswap V3 as well as Perpetual Protocol and can help identify any issues
  • Internal Audits: the team constantly runs internal audits through peer reviews
  • Bug Bounty: we work with ImmuneFi to connect with whitehat hackers on their platform to identify any potential vulnerabilities that we may have missed through our internal and external audits

This process ensures we have the most amount of eyes on the project code to discover potential vulnerabilities and patch them before they are exploited. We’re happy to say that we’ve had 25 audits from 6 different audit firms throughout the life of V1 and V2.

Additionally, through the process and focus on security we’re happy to report that we have seen 15 reports through ImmuneFi, of which 7 were potential vulnerabilities (albeit of a low likelihood and in very specific edge cases) and were patched in a quick manner.

Bug Bounty Budget

The initial unlock of tokens allocated to bug bounties has been exhausted and we need to refresh this budget.

External Audits

The team currently has regular audits scheduled frequently throughout the year that allows us to constantly ship and deploy. Regular access to auditors ensures that we also are able to discuss potential risk and attack vectors that we can mitigate.



Similar to the MME, we propose to setup a Security Entity (SE) with the mandate of securing Perpetual Protocol as follows:

  1. Spinning up a new entity with a dedicated team of security engineers used for internal auditing work
  2. Contracting and working with external auditors
  3. Liaise and payout bug bounties with external white hat hackers

Independent Entity

Similar to the MME and subDAOs, we propose that the SE be a separate entity that is independent of the foundation. We expect the initial headcount for (1) to be 1 engineer. The Foundation has identified the one engineer from the existing team with the correct credentials that will move across should the vote be successful.


A budget of 5M PERP will be allocated to be used to fund the following items:

  • External auditors
  • Bug Bounties
  • Dedicated security engineer(s)

The budget is estimated to last 30 months, subject to variations in bug bounty payout (maximum bounty is 250k USD) and PERP price.

Proposed Voting Options

Option #1 - Yes

Option #2 - Nay

Option #3 - Abstain

1 Like

Temperature check is live:

We fully support this as the security of the protocol is P1.

The temperature check passed. The official vote will start May 19 after the 7 day discussion period ends (May 12 - 19)


The official vote is live:

Quorum notes

  1. We are updating our method for calculating voting power to verify it is accurate
  2. Quorum will remain 10% of circulating voting power
  3. Snapshot no longer supports updating quorum amount after the vote is launched (and the snapshot block has been fixed)
  4. We will post confirm the circulating voting power in this forum on Monday (5/22)
1 Like

Updated quorum data
(Quorum will not display on Snapshot because the ability to set quorum after a vote is launched was removed by Snapshot)

Query timestamp:
- Fri, 19 May 2023 13:33:11 GMT
- UTC timestamp: 1684503191000
- Mainnet block number: 17293854
- Mainnet timestamp: 1684503191
- Mainnet UTC: Fri, 19 May 2023 13:33:11 GMT
- Optimism block number: 99755965
- Optimism timestamp: 1684503204
- Optimism UTC: Fri, 19 May 2023 13:33:24 GMT
- Circulating Voting Power: 146,396,150.837