[NIP-15] Compensating Notional Finance Incorporated for Auditing and Bug Bounty Expenses


Notional Finance Incorporated is requesting $481,500 from the Notional protocol (half in USDC, half in DAI) for auditing and bug bounty expenses related to Notional V2 and the upcoming leveraged vaults framework.


Notional Finance Incorporated is the company that developed and deployed the Notional protocol. The company has previously raised venture capital to finance the initial work needed to build, audit, and release the Notional protocol.

But blockchain development costs are substantial, and the VC funding that Notional raised will not last forever. We propose to begin the transition to a model where development costs are paid from the revenues generated by the protocol itself instead of the initial capital raised by the company prior to the deployment of Notional V2.

Transitioning from a model where 100% of the costs are paid out of Notional’s initial funding to a model where 100% of the costs are paid out of protocol revenue will be a gradual, multi-year process. Today, development costs significantly outpace the annual revenue rate that the protocol generates. But as the protocol grows and the development team continues to execute on its roadmap, that will change and the protocol will become profitable.

The funding request

Notional Finance Incorporated is asking for funds to cover the costs of the audits for the leveraged vault framework and the bounty payout for the critical vulnerability found through Immunefi last month. Here is a breakdown of the expenses:

  • Consensys Diligence leveraged vault framework audit: $241,500
  • Sherlock leveraged vault framework audit: $75,000
  • Immunefi bug bounty payout: $165,000 (150k bounty + 10% to Immunefi)
  • Total: $481,500

These costs notably ignore the salaries paid to the Notional development team over the last ~7 months that it has taken to develop the leveraged vault framework. But given that the revenue Notional generates is currently insufficient to cover its full development costs, I thought that starting with reimbursement requests related to unambiguous, transparent, and verifiable costs like audits and bug bounties would make sense.

Link to original discussion
Link to Snapshot vote