The State of Grant Funding for the Security of Web3

In Part 1 of this blog, we delved into the constantly changing world of Web3, unveiling the opportunities it presents. In Part 2, we’re continuing this exploration with a focus on the types of projects receiving support, with a particular emphasis on improving security — a critical yet often overlooked aspect. 

In Part 1, we shared our list of Web3 grants for you to explore. Our commitment to maintaining and enhancing this collection is evidenced by the continuous addition of new grant programs since its initial publication. If you find this resource to be useful, please help us ensure its longevity by making a donation through PayPal.

The types of projects that can receive grant support include: 

  • Network and protocol enhancement;
    • Layer-2 solutions and cross-chain capabilities (e.g., Mantle and zkDAO).
    • Network improvements and protocol upgrades (e.g., Secret Network and Osmosis).
    • Improvement of the Consensus Layer, Execution Layer, and alternative consensus mechanisms (e.g., Web3 Foundation and Ethereum Foundation).
  • Blockchain platform and infrastructure development;
    • Building on specific blockchain platforms (e.g., NEAR, Nervos, Rootstock, Secret Network, Telos, and Tezos).
    • Enhancing blockchain network capabilities (e.g., Layer One X, Sui, Polkadot, Kusama, and xx Network.
    • Developing infrastructure and tooling (e.g., Ethereum, Lightning, Oasis Protocol, and SKALE).
  • Decentralized applications (dApps) and Web3 projects;
    • Development of dApps, Web3 applications, and services (e.g., RENEC, Manta, and Network).
    • Gaming and metaverse projects (e.g., Vara, Treasure, and Meta Pool).
    • Initiatives focused on interoperability and cross-chain functionality (e.g., Layer One X, Moonbeam, and SKALE).
  • Financial technologies and DeFi;
    • DeFi infrastructure and tools (e.g., Tempus, Perpetual Protocol, and UNI Grants Program).
    • Projects focusing on financial inclusion and new financial tools (e.g., TONcoin Fund, and Velas Grants Program).
  • Research and innovation; 
    • Cutting-edge research in blockchain and cryptography (e.g., VitaDAO, Zilliqa Research, and Tezos Foundation).  
    • Zero-Knowledge proofs and privacy solutions (e.g., ZK Ignite and Ingonyama).
  • Decentralized data storage; 
    • Building integrations and demo apps, as well as adding quality-free data sources and creating proofs-of-concept and minimum viable products (MVPs) (e.g., Swarm and Streamr).
  • Cryptocurrency development and ecosystem growth (e.g., Base, CELO and Ethereum Foundation);
    • Bringing new users on-chain; 
    • Supporting projects built by crypto-native founders that have not yet launched their protocol and are looking for a chain; 
    • Supporting projects, such as decentralized bridges, staking platforms, decentralized launchpads and many others, aiming to deploy on the network. 
  • Community building and engagement / marketing initiatives; 
    • Hosting events, hackathons, and community initiatives (e.g., TON Foundation, Space ID, and Worldcoin Foundation).
    • Enhancing user experience, community outreach, and education (e.g., Ethereum Foundation, DCF, PBS Foundation, and DYDX) . 
  • Integrations and interfaces;
    • The smart contracts and strategies needed to integrate technologies into other DeFi protocols (e.g., DYDX, Ankr, Kadena, and Notional).
  • Arts and NFTs; 
    • Tools and infrastructures that streamline the creation, management and showcasing of NFTs  (e.g., Aptos, Kadena and The EOS Network Foundation);
    • Projects by artists and creators who had an impact on the growth and development of the ecosystem ( (e.g., Swarm and Optimism). 
  • Artificial Intelligence; and
    • Using Artificial Intelligence in Web3 (e.g., Syntropy, LunarCrush Coin, and Glacier); 
  • Privacy & Security (e.g., Ethereum and Zcash)
    • Projects focused on improving the privacy and security of the ecosystems, including smart contracts auditing, bridging of security, and zero-knowledge proof applications. 

Based on our analysis, there is a noticeable shortfall in the allocation of Web3 grants towards social impact initiatives. The current landscape of Web3 grants seems to be more heavily skewed towards projects with commercial or technological focuses, leaving socially oriented innovations in need of greater support and recognition. This focus on technological advancement and innovation often overshadows the equally important need for building secure and resilient ecosystems. Initiatives that aim to bolster security and privacy find themselves competing for resources and attention in a space predominantly captivated by the allure of protocol upgrades and dApps. 

Up until this point, we have seen only 10 grant programs that specifically mention security audits and security & privacy for Stacks, Zcash, ink!ubator, Aave, Compound, PoolTogether, Fuse, 1inch, Atom, and Ethereum ecosystems.

The absence of explicit mentions of security audits and privacy enhancing technologies as distinct categories in many grant program descriptions, despite the crucial role they play in the ecosystems, should be a matter of concern. Security education via consulting and transparency via published reports, is also key to a long term sustainable ecosystem — especially when these systems are managing digital money and assets. 

The audit process plays a crucial role but can be daunting, particularly for newcomers to different ecosystems. Nonetheless, it’s important to offer builders an accessible way to connect with security experts and consulting services, as this is key to their success and security. This will ensure that even early-stage projects have the means to undergo professional security assessments (preferably, without bearing the full cost).

The requirements for participation in these grant programs can vary widely. While some projects might benefit significantly from security consulting, others might prioritize different types of support based on their stage of development or specific needs. Either way, the current technologies demand high-level technical expertise and carry risks beyond the ecosystem’s control when utilized by builders and grantees.

The rapid convergence of artificial intelligence (AI) and Web3 reminds us of a new era of technological innovation, as detailed in the recent post by Ethereum co-founder Vitalik Buterin on the complex interaction between these domains. Buterin explains that the openness required for cryptographic security in Web3 meets the need for privacy in AI, where public access to models and training data increases vulnerability to attacks. This paradox not only challenges the integration of AI with blockchain technology, but also underlines the need for robust security checks and privacy measures. Buterin’s research into potential solutions, including the use of decentralized autonomous organizations (DAOs) to securely manage data sending and artificial intelligence requests, highlights the types of innovative approaches needed to address these challenges. 

Buterin’s findings serve as an argument in favor of including security and privacy considerations in grant programs supporting AI and Web3 projects. The current lack of attention to these critical aspects in many grant programs indicates a significant oversight, as technologies that combine both AI and Web3 could be susceptible to unique vulnerabilities. By prioritizing security audits and privacy enhancing technologies, grant programs can play a key role in ensuring the safe and ethical realization of integrating artificial intelligence and Web3.

Integrating a security and privacy track into Web3 grant programs can significantly enhance the trustworthiness of the projects funded by these initiatives. This could be achieved via a number of different approaches, such as: 

  • Offering subsidy and funding support for security services; 
    • Should an ecosystem member or grantee inquire about additional security consulting services, the ecosystem may offer a subsidy or even fully cover the costs associated with these services.  
  • Partnering for security services; 
    • Partnerships can be established with security companies that specialize in Web3 technologies. Having a list of recommended auditors and consultants would allow grantees to have multiple options to choose from, a frictionless engagement process and possibly at a discounted rate negotiated by the grant program. The ecosystem could provide grantees with vouchers or credits that can be redeemed for security audits from reputable firms. 
  • Organizing mandatory security consultations for grantees; and 
    • As part of the grant award process, attending a security consultation session could be made a requirement for grantees. This consultation would cover best practices, common vulnerabilities in Web3 projects, and recommendations on how to prepare for a full audit.
  • Providing the funds for incident response support 
    • Grantees could be given access to incident response services or consultants who would be able to assist in the event of a security breach.

In order to fully understand the landscape of how security and privacy fit into many of these programs, we expanded our services to directly address these challenges. Our latest initiative, detailed on our blog, targets ecosystem participants and Web3 grantees. As stated earlier, conducting thorough audits for each grant recipient can be daunting. To address this, we have added Short Consultation Sessions to our offerings. The goal of these sessions is to provide succinct, practical guidance through a summary and additional materials customized for the particular needs of the consultation. Our services include Timebox Security Audits, Privacy Reviews, and Pentesting. Each service is crafted to address different aspects of security and privacy within the Web3 space, providing a holistic approach to safeguarding the ecosystems.

To streamline the process and guarantee that the future grantees receive the attention they deserve, we also offer the option to make an Advance Reservation with the Least Authority team. For instance, even if the recipients of the grant program have not yet been determined, procuring security consulting services in advance can significantly enhance the offerings of the grant program. 

Many ecosystems, accelerators, and grant programs are in a constant state of rapid evolution. Incorporating security services for grantees should be in the Web3 grant provider roadmap. This is ensuring that funded projects are not only innovative but also aligned with best practices in privacy and security-by-design. In the ever-evolving Web3 landscape, we believe that integrating security services into grant programs is not just a recommendation but a necessity.

As we conclude this two-part series, we want to express our appreciation for your engagement and encourage you to continue advocating for security and privacy within Web3. We will  continue the upkeep of the Web3 Grants list and if you are interested in collaborating with us on potential grant programs, please do not hesitate to reach out to us: grants@leastauthority.com.

Archives