Celo SHIELD Part B - Strategic Conclusion and Bug Bounty Settlement

Governance Governance Proposals
,
1

Receiver Entity: Celo Governance

Title: Celo SHIELD Part B - Strategic Conclusion and Bug Bounty Settlement

Authors: Benjamin Speckien (@ben), Nikos Frestis (@gloec), Stefan Ioja (@si-csec)

Status: Draft Proposal

Type of Request: Funding

Funding Request: 22,000 USD (88,000 CELO)

Summary

The Celo SHIELD program successfully executed its H1 2025 operations, delivering enterprise-grade security infrastructure to 13 ecosystem partners and resolving over 50 critical vulnerabilities.

This Part B proposal requests $22,000 to strictly fund the settlement of outstanding bug bounty rewards. While the deployed security infrastructure will continue to operate for the agreed terms, this proposal concludes the program’s administrative phase. The funding ensures Celo honors its commitments to the security researchers and whitehats who have identified vulnerabilities, preserving the ecosystem’s reputation for professional integrity.

Motivation

Celebrating Exceptional Results

The first phase of Celo SHIELD demonstrated transforming value for the Celo ecosystem. Through H1 2025, the program successfully:

  • Onboarded 13 partner projects across DeFi infrastructure, and user-facing applications.

  • Identified and remediated over 50 vulnerabilities across smart contracts and web applications.

  • Shut down 132 fake websites and 15 fraudulent social media accounts, protecting users from scams.

  • Blocked 34 malicious transactions and flagged 2 malicious contracts through sequencer monitoring.

  • Remediated 120+ infrastructure vulnerabilities including critical server exposures.

These achievements translate to real protection for user funds and maintained trust in Celo projects.

Strategic Conclusion & Reputation Management

With the core infrastructure successfully deployed, the focus now shifts to a responsible program conclusion. A critical component of this success has been the engagement of security researchers who identified the vulnerabilities listed above.

To maintain Celo’s standing as a reliable partner in the Web3 security space, we must settle the outstanding rewards for these validated findings. Failing to do so would damage relationships with the whitehat community, potentially discouraging future responsible disclosure of vulnerabilities. This proposal prioritizes fiscal responsibility, requesting funds solely to cover these existing reward obligations.

Specification

Service Status

The security infrastructure deployed during Phase 1 will continue to operate for the duration of their agreed terms:

  • Attack Surface Monitoring (Censys): Continues scanning partner domains and cloud infrastructure for emerging vulnerabilities.

  • Brand Protection (Doppel): Monitoring remains active across social media and domain registration systems.

  • Sequencer Security (Forta): Network monitoring continues flagging suspicious contracts and transactions.

  • Automated Testing (Fuzzland): Provides continuous security testing as partners push updates.

Deliverable: Bug Bounty Settlement

The sole deliverable for this funding is the complete payment of outstanding bug bounty rewards. This ensures:

  1. Ethical Compliance: Honoring the “pay-for-results” promise made to security researchers.

  2. Incentive Alignment: Ensuring researchers remain motivated to report future vulnerabilities on Celo.

  3. Reputation Preservation: Demonstrating that Celo is a trusted environment for professional security research.

Budget Allocation

The budget has been consolidated into a single category to reflect the strategic focus on reward settlement.

Category

Allocation (USD)

Purpose

Bug Bounty Rewards

22,000

Payment of outstanding rewards to security researchers for validated vulnerabilities.

Total

22,000

Strategic Conclusion

Determination of CELO Amount: The CELO amount is fixed at 88,000 CELO. This was calculated using the 90-day average CELO price of $0.25 as of December 12, 2025.

Fund Management: Funds will be handled via the existing 2/3 Multisig structure for immediate disbursement.

Implementation & Governance

Fund Management

The program utilizes a 2/3 Multisig structure to ensure secure handling of funds.

  • Multisig Address: 0x35ff861a0b6215CeC71EA282B0D32AfefA661795

Signers:

  1. Benjamin Speckien (@ben): 0x48739572951F5bdb2CAC71BfF1Fc0747266C816e

  2. Nikolaos Frestis (@gloec): 0x2835cd3C9e5aD93C10eBFAcEc943fE1006B1F57a

  3. Stefan Ioja (@si-csec): 0x32Af2978880CD100d6Afa1104e8d01554bFe5bD4

Financial Controls

  • Final financial reconciliation will be provided upon completion of payments.

  • All funds are strictly allocated to bounty rewards.

Team

  • Benjamin Speckien: Security Lead with over 20 years of experience in Security/IT. Master of Science in Cybersecurity, CISSP certified. Worked across the Celo ecosystem with 40+ partners implementing security controls.

  • Nikolaos Frestis: Project Manager with extensive background in information security project management across pharmaceutical and crypto-banking sectors. Maintains close relationships with Web3 security vendors.

  • Stefan Ioja: Security Engineer implementing and maintaining industry-leading security solutions. Expert in Web3 threat landscape and incident response.

TL;DR

  • Request: 22,000 USD (88,000 CELO) to settle outstanding bug bounty rewards.

  • Value: Phase 1 successfully protected 13 partners, stopped 132 scams, and blocked 34 malicious transactions.

  • Deliverable: Responsible financial settlement and preservation of Celo’s reputation with the security research community.

  • Use of Funds: 100% of funds go to outstanding bounty rewards.

Celo Governance Call #81 | Dec 18th, 2025
Celo Governance Call #81 | Dec 18th, 2025