[TPP-16] ZKsync Audit Reimbursement Program 2026 (ZARP v2)

Summary

This proposal funds ZARP v2 for 2026. ZARP v2 is the successor of the ZIP Audit Reimbursement Program passed in TPP-3 in May 2025. The total token request for this TPP is 205m ZK which is calculated as $4.1m USD worth of ZK tokens valued at $0.02.

ZARP v2 is implemented through two capped minters along with an extended scope for eligibility:

1. A ZARP2026 capped minter (0xCDB07B2FAd916d8caddea74ac40901Ed43767A6C) of $3m USD in ZK tokens (150m ZK) to fund forward-looking protocol-related security audits executed in 2026; and
2. A ZARP2025Retro capped minter (0x773d5BB83b3AEa5A72D8b87e744e90f3b788C50b) of $1.1m USD in ZK tokens (55m ZK) to reimburse eligible 2025 protocol security costs that were not claimed or minted under ZARP v1.
3. This proposal expands and clarifies the definition of eligible protocol-related codebases to ensure comprehensive security coverage across ZKsync’s core infrastructure.

Abstract

ZARP v2 allocates protocol security funding through a governance-authorized reimbursement mechanism covering both forward-looking audits and limited retroactive audits. The program expands beyond ZIP-only audits to include protocol-critical security work for key ZKsync features.

Motivation

ZARP was introduced in 2025 with funding of $5m USD in ZK approved by the Token Assembly to ensure that third-party security audits are a default requirement for ZKsync protocol development, and that the cost of high-quality security work does not act as a barrier to maintaining a secure protocol. ZARP v1 established a governance-aligned, onchain reimbursement mechanism with review and oversight by the ZKsync Security Council.

For 2026, this proposal requests a reduced forward-looking allocation of $3m USD in ZK, reflecting both learnings from ZARP v1 and a more targeted view of expected protocol security needs. The intent of ZARP v2 is not to expand overall security spend, but to better align reimbursement mechanics with how protocol security work is actually executed in practice.

During 2025, a meaningful portion of protocol-critical security work was conducted as part of ongoing protocol development rather than through discrete, standalone ZIPs. Audits of core protocol infrastructure, system contracts, and operating components were frequently executed under existing governance authorizations or as part of continuous protocol upgrades. While this work directly contributed to ZKsync’s security posture, it did not consistently meet the formal eligibility assumptions of ZARP v1, which were closely coupled to ZIP-specific timelines and execution.

ZARP v2 addresses this mismatch by expanding and clarifying the definition of eligible protocol-related codebases, shifting the focus from strict coupling to individual ZIPs toward security relevance and protocol impact. This ensures that audits covering core and continuously evolving protocol components are treated as first-class security work, while maintaining the same governance controls, review processes, and transparency requirements established under ZARP v1.

In addition, ZARP v2 includes a limited, one-time retroactive reconciliation component to account for eligible 2025 security audits that could not be claimed under ZARP v1 due to timing misalignment between audit execution, invoicing, and ZIP lifecycles.

Specification

This proposal authorizes two USD-denominated capped minters, converted to ZK using a price of 0.02 USD, and expands the definition of reimbursable protocol-related security work.

The capped minters are calculated using a conservative reference price of $0.02 per ZK. If the prevailing market price of ZK is higher at the time of reimbursement, fewer tokens will be minted and any portion of the cap that is not utilized will remain unminted.

1. ZARP 2026 (2026 Forward-Looking Reimbursements)

Authorized allocation: $3m USD in ZK (150m ZK).

Zarp2026_Main is a capped minter used to reimburse protocol-related security audits related to ZIPs passed during the 2026 calendar year.

The Zarp2026_Main capped minter funds third-party security audits, formal verification, and code competitions for eligible protocol-related deployments. Reimbursements are subject to Security Council review.

Zarp2026_Main will have two child capped minters, each with the same cap as the parent.

1. Zarp2026_ZIPs enables direct reimbursement via ZIP execution; and
2. Zarp2026_Extension is where ZKSC can grant child capped minters for eligible audit reimbursements that are not covered through ZIP execution.

Please Note: As the total amount that will be executed through ZIPs and vice verse, each Zarp2026_Main child capped minter has the same cap as the parent to allow for flexibility. The total cap that can be minted from both children combined is 150M ZK in total, as that is the cap on the parent.

Zarp2026_Main Capped Minter Parameters

Zarp2026_ZIPs Capped Minter Parameters

Zarp2026_Extension Capped Minter Parameters

2. ZARP 2025 Retro (Audit Reconciliation)

Authorized allocation: $1.1m USD in ZK (55m ZK).

ZARP 2025 Retro is a one-time capped minter for Matter Labs to be used solely to reconcile eligible protocol security audits executed in 2025 that were not claimed or minted under ZARP v1 due to timing misalignment between audit execution, invoicing, and the lifecycle of the relevant ZIP.

In particular, this capped minter is intended to reimburse third-party security audits associated with ZIP-13 (Adding a ZKsync OS CTM) that were completed in 2025 but could not be claimed under ZARP v1 at the time, despite the underlying security work being directly related to a Token Assembly-approved protocol upgrade. These costs would otherwise have been reimbursable under ZARP had audit invoicing aligned with the original claiming window.

Reimbursements under ZARP 2025 Retro are strictly limited to completed, verifiable audits from the 2025 calendar year and do not establish an ongoing precedent for retroactive funding. All invoices are subject to Security Council review and verification prior to any onchain minting, with documentation published alongside the corresponding reimbursement transaction.

Zarp2025_Retro Capped Minter Parameters

3. Expanded Definition of Eligible Protocol-Related Codebases

Under ZARP v2, eligible security work is not limited to audits directly tied to Token Assembly-approved ZIPs.

Protocol-related audits include third-party security audits, formal verification, and code competitions covering smart contracts or systems that:

• Are deployed via ZIPs;
• Are executed under existing governance authorizations without requiring a new Token Assembly vote; or
• Form part of protocol-critical infrastructure, including core system contracts, libraries, operating systems, smart accounts, and defensive or preparatory upgrades, including:
  1. ZKsync OS
  2. ZKsync Prividium
  3. ZKsync Atlas
  4. ZKsync SSO

Eligibility is determined based on protocol impact rather than governance formality, with all claims subject to Security Council verification.

Accountability Framework

• The ZKsync Security Council reviews and verifies all audit reimbursement claims.
• Conflicts of interest require recusal.
• All reimbursements are publicly documented and verifiable onchain.
• Program effectiveness is reviewed annually with Token Assembly input.
• All reimbursements are executed via onchain program capped minters.
• An end-of-program report details total security spend and coverage.

Participants

• ZKsync Security Council: Oversight, verification, and pausing authority. Program administration and reporting.
• Matter Labs: Primary audit coordinator.
• Security service providers: third-party auditors and competition platforms.