Development Fund Proposal Submission
Proposal file: Link to the proposal added in this PR proposals/Continuous-Security-Partnership-for-Canton-Core-Infrastructure-and-Ecosystem.md ---
Summary
The proposal is for a continuous security partnership for Canton's core infrastructure and ecosystem by VulSight, structured in two stages.
Stage 1 is a pay-per-vulnerability core protocol audit of Canton's Scala codebase at zero upfront cost to the Foundation - VulSight is paid only for confirmed, exploitable vulnerabilities.
If VulSight finds nothing, Canton does not pay anything but gets a complete audit report. The Foundation's downside is zero.
Stage 2, dependent on Stage 1 demonstrating value, delivers permanent ecosystem security capabilities: Public Daml security research knowledge base, quarterly protocol re-audits, ecosystem application audit capacity, and incident response retainer.
Value to the Canton ecosystem: Stage 1 carries no risk for the Foundation.
Stage 2 only moves forward if Stage 1 clearly proves its value. This directly supports the Development Fund's mandate (CIP-0082) to invest in security as a core public good
The maximum commitment for Stage 2 is $65,000, and in return the Foundation gets long term security support for the Canton ecosystem. This includes permanent open source security research, three quarterly re-audits, nine security office hours sessions, and incident response support.
Canton is evolving continuously. New updates like CIP-0089, CIP-0092, and CIP-0094 each introduce new paths, features, and risks, which means the attack surface keeps changing too.
That is why VulSight’s Stage 2 matters. Instead of starting from scratch every time, it keeps security review ongoing and carries forward everything learned in Stage 1. This means each quarterly reaudit builds on real context and deeper understanding, rather than repeating the same work from zero.
Overall, this is a very cost effective way to build strong, ongoing security coverage across the Canton ecosystem.
---
Checklist
- [x] Proposal file added under
/proposals/ - [x] Milestones and funding amounts defined
- [x] Acceptance criteria included
- [x] Alignment with Canton priorities described
---
Notes for Reviewers:
Canton Network is important infrastructure for institutional finance. The Canton Foundation created this Development Fund under CIP-0082 because it sees security as a core public good. The fact that multiple teams are now proposing security work for Canton shows how important and urgent this need is. But the Foundation should look closely at what each proposal really offers and what level of financial risk it creates.
VulSight’s pay per vulnerability model is different because it puts no financial risk on the Foundation for the core protocol audit. We are not asking Canton to pay for time spent or for a process on paper. We are asking to be paid only if we deliver real security value through confirmed, exploitable vulnerabilities.
We can make that offer because we have the track record to stand behind it:
- CVE-2026-26314:
We responsibly disclosed a high severity vulnerability in Ethereum’s Geth client, the most widely used L1 execution client in production. This was deep protocol level security research, which is the same kind of work needed for Canton’s Scala codebase.
- Top 15 all-time on Cantina:
Cantina is one of the leading competitive audit platforms, where researchers are tested directly against other top security experts. Our results there are strong, consistent, and publicly verifiable.
- 100+ completed security audits:
across EVM, Move such as Aptos and Sui, and Rust ecosystems such as Solana. Canton’s architecture is broad and complex, so it benefits from a team with experience across multiple systems and security models.
- $500K+ in bug bounties:
rewards earned through responsible disclosure across live protocols and multiple chains.
This model reflects how we work. We take on the effort and the risk first, and we ask to be paid for proven results.
