Proposal - Protocol R&D Special Purpose Entity

Treasury
11

Hey there :waving_hand:

Sidestream Protocol R&D SPE here - we are happy that this proposal was accepted. Below is our first monthly update.

Protocol R&D SPE - Sidestream - Update #1

  • Status: On track

  • Summary We focused on hardening and institutionalising security processes: We’ve established and taken over responsibility for the Immunefi Triaging Pipeline to ensure response-readiness and reliability. Multiple reports were processed through this pipeline. We created a checklist-based protocol update procedure to eliminate ad-hoc risks during updates and to lay the foundation for a regular protocol maintenance cadence. The first update following this procedure was executed successfully in collaboration with the Security Committee.

    With this we are on track on all milestones as laid out in the proposal https://forum.livepeer.org/t/proposal-protocol-r-d-special-purpose-entity/3160

  • Key achievements

    • Security process creation: Operationalized an Immunefi triage pipeline; filtered, analysed and invalidated multiple external vulnerability reports.

    • Protocol update: Established and battle-tested a multi-stage protocol update checklist. This was used to ship the latest protocol update on 2026-02-19.

    • Proactive security work: Completed internal security review on 6 core protocol contracts. These internal reviews serve as a proactive defense layer before vulnerabilities get reported via public bug bounty programs.

    • Testnet conceptualisation: After gathering requirements through ecosystem stakeholder interviews and input from the Security Committee we have prepared an internal draft for a testnet concept. This is meant to ultimately achieve better protocol validation, client testing, and developer experimentation.

  • Planned by Next Update:

    • Deployment: Prepare the next protocol maintenance update.

    • Immunefi Response: Process all Immunefi submissions in time, based on their severity.

    • Self review expansion: Conduct further internal security reviews.

    • Testnet proposal: Share and iterate the testnet proposal with the Security Committee and decide on best way to involve the community (beyond stakeholder calls and DMs we are already doing).

  • ETA for Next Update: End of March 2026

Be aware: Due to the sensitive nature of our work it is not possible to share links to many of the concrete artifacts we created (e.g., the processed vulnerability reports and their results) as these can only be shared with the security committee.

For the protocol update you can checkout the following “implicit” artifacts that are all results of our work: update transaction, the discord announcement by Doug and the PR on the docs repo specifying the address of the new contract.

3 Likes