Research compiled for solhunt grants + cold-outreach + contests strategy. All URLs verified via WebFetch/WebSearch on 2026-04-27 unless explicitly flagged.
Status: RESTRUCTURED. The classic open-apply ESP "Small Grants" was paused and replaced in November 2025 by a two-track Wishlist + RFP model.
- Apply URL: https://esp.ethereum.foundation/applicants
- Open rounds page: https://esp.ethereum.foundation/applicants/open-rounds — currently displays "There are no active grant rounds at this time. Please check back later or explore our Wishlist and RFP opportunities."
- Restructure announcement: https://blog.ethereum.org/en/2025/11/03/new-esp-grants
- Funded projects archive: https://esp.ethereum.foundation/funded-projects
Sizes: No fixed band; "determined based on scope and complexity." RFPs may include budget guidance. Historical EF Small Grants topped out around $30K, larger awards typically $50K-$300K.
Format: Wishlist (broad themes, open-ended) + targeted RFPs (defined scope, fixed windows). Office Hours available. Six-step flow: Browse → Apply → Review → Decision → Execute → Complete.
Areas of interest (stated): cryptography, privacy, application layer, security, community growth.
Recent comparable grants: Hard to verify without funded-projects fetch, but EF historically funds tools like Slither, Echidna, Mythril at $30K-$150K levels.
Realistic odds for solhunt: Moderate-low. EF security grants typically go to formal-verification or tooling that benefits the broader research community (not commercial security products). Position the ask as "open-source AI agent for invariant generation / fuzzing harness creation" rather than "exploit generator for paid audits." Need an active Wishlist item or RFP to map to — currently nothing on either is publicly listed for AI-assisted security tooling. Likely need to wait for an RFP that fits.
Recommended ask: $50K to fund 3 months of public-good work — adding a benchmark harness, publishing failure-mode analysis, releasing exploit corpus for other researchers.
Status: ACTIVE. RPGF was rebranded to "Retro Funding" mid-2024 and consolidated under the OP Grants Council. Season 9 is OPEN.
- Apply URL: https://app.opgrants.io/
- Program landing: https://www.opgrants.io/
- Season 9 details: https://www.opgrants.io/seasons/current/season-9/
- Forum announcement: https://gov.optimism.io/t/season-9-grants-council-applications-now-open/10599
- Audit Grants on Atlas: https://atlas.optimism.io/missions/audit-grants
Programs currently open:
- Audit Grants — covers smart contract audit costs for Superchain projects (Season 8 had 450K OP across grants, typically $20K-$100K per project). Better suited as a customer source for solhunt than a funding source.
- Growth Grants — DeFi growth focused (DEX TVL/fees in priority pairs). Not solhunt-relevant.
- Retro Funding: Dev Tooling — RETROACTIVE. You ship something useful for OP Stack devs, then OP voters reward you. Solhunt could plausibly qualify here once it has demonstrable adoption.
- Retro Funding: Onchain Builders — TVL/usage-based, not security-tooling.
- Foundation Missions — defined RFPs.
Sizes: Season 8 distributed 7M OP across 33 projects (~210K OP / ~$240K avg at OP ~$1.10). Season 9 budget similar.
Format: Forward-looking grants application + retroactive rewards via Retro Funding rounds.
Realistic odds: Higher than EF. Optimism funded multiple security-tool projects historically (Hats Finance, Phylax, Cyfrin Aderyn). Best path: build something Superchain-specific (e.g., solhunt for OP Stack predeploys) and apply to the Dev Tooling Retro Funding. Forward Audit Grants would actually pay solhunt as a service provider if it's whitelisted.
Recommended ask: $50K-75K Foundation Missions/Growth Grants for "AI-augmented continuous-coverage scanner for OP Stack apps." Retro Funding adds upside without an explicit ask.
Status: ACTIVE — multiple active programs. Highly relevant for solhunt.
- Apply URL hub: https://arbitrum.foundation/grants
- Foundation grant application: https://tally.so/r/3xzEzv (via the Audit Program page)
- Trailblazer (AI): https://arbitrumfoundation.medium.com/trailblazer-1m-grants-to-power-ai-innovation-on-arbitrum-c6de1200e656
Programs currently open (4 active):
- Arbitrum Audit Program (AAP) — $10M ARB over 12 months, subsidizes audits for early-stage Arbitrum projects. Like Optimism's Audit Grants, this is a customer pipeline for solhunt, not a funding source.
- ArbiFuel — gas sponsorship (not funding).
- Arbitrum Trailblazer (AI grants) — $1M total, for "specialized AI agents and other onchain AI products on Arbitrum chains." Solhunt is a near-perfect fit if framed as "AI agent that secures Arbitrum dApps." Application URL referenced via the Trailblazer announcement.
- Stylus Sprint — 5M ARB for Stylus (Rust-on-Arbitrum) developer tooling. Solhunt is Solidity-focused, only relevant if extended.
Sizes: Foundation grants generally $20K-$150K USD-equivalent in ARB. Trailblazer specifically allocates $1M across multiple AI projects.
Format: Rolling applications for Foundation grants. Trailblazer has milestone-based funding.
Recent grants: Arbitrum funds many security-adjacent projects (OpenZeppelin AAP wallet, Cyfrin Aderyn, etc.). They are explicit about wanting AI-on-Arbitrum innovation.
Realistic odds: HIGH. Trailblazer was literally created for the "AI agent on Arbitrum" pitch. If solhunt commits to first-class Arbitrum support (Nitro precompiles, Stylus contracts later) and frames the LinkedIn/Beanstalk hero metric as "found a $182M-class bug in 1m44s — imagine continuous coverage on every Arbitrum dApp" — this is the single highest-EV grant ask on the list.
Recommended ask: $50K-75K from Trailblazer for Q3 2026 deliverables: Arbitrum-native version of solhunt + free continuous scans for the top 50 Arbitrum dApps.
Status: EFFECTIVELY DORMANT.
- AGD landing: https://aavegrants.org/ (page was unreachable / 403 during this research)
- Forum dev category: https://governance.aave.com/c/developers/25
- Most recent renewal vote: ABSTAIN majority in January 2024. AGD has not had a formal renewal mandate since.
What's actually happening at Aave: A $25M Aave Labs funding deal passed April 12, 2026 (75% support — https://www.cryptotimes.io/2026/04/14/aave-dao-passes-25m-funding-deal-for-aave-labs-with-75-support/). Direct-to-AIP funding is the active vehicle, not the AGD: https://governance.aave.com/t/direct-to-aip-april-2026-funding-update/24447 . This is governance-vote-gated, not application-form-gated.
Realistic odds: Effectively zero through the AGD path. Realistic alternative: build something demonstrably Aave-relevant first (e.g., publish solhunt findings on a new Aave V4 or GHO-related fork), then propose a Direct-to-AIP request via a delegate sponsor. This is a 6-12 month relationship-building play, not a 2-week application.
Recommended: SKIP for now. Revisit after solhunt has a published track record of catching Aave-class bugs.
1. Uniswap Foundation Security Fund — $1M for v4 hooks audit subsidies.
- Forum: https://gov.uniswap.org/t/uniswap-foundation-security-fund-launch/24754
- Provider applications closed Nov 8, 2024 — solhunt would need to apply as a NEW provider in the next round, OR position as "automated pre-screening for funded projects" partnering with existing whitelisted firms.
- Foundation grants page: https://www.uniswapfoundation.org/grants
- Hook Incubator (up to $40K capstone prizes): https://docs.uniswap.org/builder-support/get-funded
- Fit: moderate. Hooks are isolated, simple-architecture contracts — a strong match for solhunt's hit zone. Worth pitching.
2. Polygon Community Grants Season 2 — 35M POL backing AI/DePIN/etc.
- Apply: https://polygon.questbook.xyz/
- Direct Track has up to 20M POL for proposals that don't fit predefined themes.
- Fit: good if you commit to Polygon zkEVM / PoS support. Less prestigious than EF/Arb but higher application-success rate.
3. a16z CSX (Crypto Startup School) — $500K for 7% equity, 12-week program.
- Apply: https://apply.a16zcrypto.com/
- Most recent cohort (CSX 04, San Francisco, Spring 2026) had Feb 7 deadline — already closed. Next cohort likely announced June-Aug 2026.
- Fit: strong if solhunt is being commercialized as a company. This is equity not grant, but $500K + the network is the highest-EV money on this list IF the team is going company-mode.
4. Compound Grants (CGP) — Tally-managed via Questbook.
- CGP 2.0 governance: https://compound.finance/governance/proposals/136
- Grant announcements: https://x.com/compoundgrants
- Fit: moderate-low. Compound grants tend to be smaller ($5K-$30K) and ecosystem-focused. Lower priority.
Skip these (deprecated or not applicable):
- Solidity Foundation: does not exist as an independent grant entity; Solidity is funded inside EF.
- Code4rena/Cantina grants: these are competitive-audit platforms, not grant programs.
| Program | Round status | Size match | Effort | Recommended ask | Apply by |
|---|---|---|---|---|---|
| Arbitrum Trailblazer (AI) | OPEN, rolling | 50-150K ARB | 4-6 hrs (Tally form) | $75K for Arb-native scanner + free scans for 50 dApps | ASAP, rolling |
| Optimism Foundation Missions / Growth | OPEN, Season 9 | 50-200K OP | 1 day prep | $50K for "Superchain continuous-coverage scanner" | rolling, Season 9 |
| Polygon Community Grants S2 — Direct Track | OPEN | up to 20M POL pool | 1 day | $40K for Polygon zkEVM coverage milestone | rolling |
| Uniswap Foundation Security Fund (next round) | round 1 closed; round 2 TBA | 100% audit cost | 4 hrs prep | apply as NEW provider when reopened | watch announcements |
| EF ESP Wishlist/RFP | NO active rounds matching | 30-300K | 2 days research | wait for matching RFP, do not cold-apply | ad-hoc |
| a16z CSX (next cohort) | Spring 2026 closed; Fall TBA | $500K @ 7% equity | 1 week | only if committing to company-mode | Aug-Sep 2026 (estimate) |
| Aave Grants DAO | DORMANT | n/a | n/a | SKIP | — |
| Compound CGP | rolling but small | $5-30K | 4 hrs | low priority unless trivial | rolling |
Hard reality: the public DefiLlama interface is rate-limited / blocked from automated fetch (403/500 across multiple attempts). The targets below are confirmed by name + DefiLlama page existence + last-known TVL band from cross-source research. Verify exact current TVL before pitching by manually loading each linked page.
Filter applied: TVL roughly $1M-$20M (some flagged where current TVL is uncertain), post-audit, EVM, identifiable contact channel, small-team-feel. The Beanstalk-class hero metric resonates most with lend/borrow, vaults, structured products — solhunt's hit zone.
| # | Protocol | Approx TVL | Audit | Last/Next release | Contact | Fit reason |
|---|---|---|---|---|---|---|
| 1 | Cega | ~$415K total / ~$95K on Arb (small but team is responsive) | OtterSec, Zellic | Shark/Bull vaults expansion | @cega_fi (X), https://defillama.com/protocol/cega | Structured-product vaults — pure access-control + accounting logic, solhunt's strong zone |
| 2 | Smilee Finance | ~$1-3M (decentralized volatility products) | Sherlock Feb 2024 | Smilee v2 / gBERA expansion | https://medium.com/smilee-finance, GitHub: github.com/smilee-finance | DVP architecture — vault + IL math — well-defined invariants |
| 3 | Wasabi Protocol | ~$5-15M (memecoin/NFT leverage) | Zellic, Sherlock, Narya, foobar | Live on Base App, growth phase | wasabi.xyz, @WasabiProtocol | Leverage + lending logic, multi-auditor history shows team takes security seriously |
| 4 | Vela Exchange | ~$13.5M perps liquidity | Multiple (incl. Hacken) | Synthetics/forex expansion | velaex (X), https://defillama.com/protocol/vela-exchange | Perp DEX with vault, smaller team, in growth mode |
| 5 | Y2K Finance | ~$1-3M (Arb structured pegged-asset hedging) | Multiple | V2 active | @y2kfinance, https://defillama.com/protocol/y2k-finance | Exotic peg derivatives — non-standard accounting = ample bug surface |
| 6 | Toros Finance | ~$10-20M aggregated across Polygon/Op/Arb/Base/ETH | dHEDGE-aligned audits | Vault expansion | https://defillama.com/protocol/toros, dHEDGE community | Vault aggregator, multichain — many config edges to test |
| 7 | Premia | ~$5-10M Arb options | Arbitrary Execution + Trilateral | v3 on Arb | @PremiaFinance, https://defillama.com/protocol/premia | American options on Arb — pricing oracle interaction is a known weak point but the AMM itself is solhunt-friendly |
| 8 | Stryke (formerly Dopex) | ~$5-15M post-rebrand | OpenZeppelin, others | SYK migration ongoing | @stryke_xyz, @dopex_io | Options vault contracts, single-token migration creates upgrade-path bugs |
| 9 | Rage Trade | ~$2-8M | Quantstamp, cmichelio | Omnichain ETH perps | https://app.rage.trade, @RageTrade | LayerZero+Arb cross-chain logic — pure access-control errors are common |
| 10 | Spectra Finance V2 | ~$40M — borderline OK if Arb-only segment is smaller | Sherlock, Curve-aligned reviewers | Active gauge requests every month | @SpectraFinance, https://gov.spectra.finance | Yield-stripping math, but perm/access surface is wide |
| 11 | IPOR Protocol / IPOR Fusion | low-mid millions on Fusion | Multiple | Fusion vault rollouts | https://ipor.io, @IPOR_official | Interest-rate swap math — narrow surface but custom |
| 12 | Sturdy V2 | ~$300K total (very small but active team) | Multiple historical | V2 ecosystem play | @SturdyFinance, https://defillama.com/protocol/sturdy | Interest-free borrowing — small team, would respond to a direct DM |
| 13 | Notional V3 | low-tens-of-millions | OpenZeppelin, ABDK | V3 fixed-rate expansion | @NotionalFinance | Leveraged yield + fCash math, solid surface |
| 14 | Inverse Finance FiRM | ~$45M (slightly over band but small team) | Multiple | DOLA/FiRM evolution | @InverseFinance, https://defillama.com/protocol/inverse-finance-firm | Lending protocol with custom oracle — has had past exploits, would be receptive |
| 15 | Plutus DAO | ~$3-10M Arb governance aggregator | Multiple | Active on Arb | @PlutusDAO, https://defillama.com/protocol/plutusdao | Governance + reward routing logic — access-control heavy |
| 16 | D2 Finance | small (Arb STEP applicant) | In progress | Step-funded growth | https://forum.arbitrum.foundation/t/d2-finance-step-application/23662 | Small Arb-native team that's pitching Arbitrum funding now — receptive to free findings |
| 17 | Gamma Strategies | low-mid millions across deployments | Trail of Bits historical | LP management ongoing | @GammaStrategies | Concentrated-liquidity vault management — config bugs common |
| 18 | Steer Protocol | ~$15-20M (multi-asset vaults on Base + others) | Multiple | Active Base expansion | @steerprotocol, https://defillama.com/protocol/steer-protocol | Vault infra layer — high config surface |
| 19 | Kresko | low millions (Arb synth assets) | Multiple | Active | https://kresko.fi, @KreskoProtocol | Synthetic asset minting with collateral checks — classic access-control surface |
| 20 | Resonate (Revest Finance) | low millions | Multiple historical | Yield-fixing primitive | @RevestFinance, @resonatefi | Cycle-based yield product, niche team would notice DMs |
Pitch template note: for each of these, the pitch is "ran solhunt against [protocol] — found N findings — free PDF attached — $1500/scan for continuous coverage." The protocols flagged for "small team would respond to DMs" (12, 16, 19, 20) are the highest-conversion targets to start with.
Skipped categories and why:
- Flash-loan-attack-prone protocols (most aggregators, many AMMs): solhunt's reported strong zone is access-control / reentrancy / logic, NOT economic-model attacks.
- Oracle-manipulation-heavy protocols (Synthetix Perps, etc.): solhunt would underperform.
- Restaking-tier giants (EigenLayer, Symbiotic, Karak): too big, won't take cold outreach.
| Platform | Contest | Pool | Ends | Fit | Apply link |
|---|---|---|---|---|---|
| Code4rena | Monetrix (Hyperliquid yield layer, Solidity) | $22,000 USDC | May 4, 2026 | Good fit — Solidity yield layer, simple architecture. But see V12 disclaimer below. | https://code4rena.com/audits/2026-04-monetrix |
| Code4rena | K2 (DeFi lending on Stellar, Rust) | $135,000 USDC | May 27, 2026 | Bad fit — Rust + Stellar, not solhunt's Solidity strong suit | https://code4rena.com/audits/2026-04-k2 |
| Immunefi | Audit Comp | Base Azul (Solidity + Rust, ~190K nSLOC) | $250,000 (scales by severity) | May 4, 2026 20:00 UTC | Mixed fit — partly Solidity, but huge codebase makes solhunt's per-contract approach diluted | https://immunefi.com/audit-competition/audit-comp-base-azul/information/ |
| Immunefi | Audit Comp | Firedancer V1 (C/C++, Solana validator) | $1,000,000 (scales by severity) | May 9, 2026 | Bad fit — C/C++, not Solidity at all | https://immunefi.com/audit-competition/firedancer-v1-audit-comp/information/ |
| Sherlock | XRP Ledger April 2026 Contest (XRPL features) | 550,000 RLUSD | ~April 27, 2026 (2-week window starting April 13) | Bad fit — XRPL native code, not EVM Solidity | https://audits.sherlock.xyz/contests/1260 |
| Cantina | (none active) | — | — | n/a | https://cantina.xyz/competitions |
| Hats Finance | (page requires JS) | — | — | unverified, check directly | https://app.hats.finance/audit-competitions |
Code4rena now runs Zellic's V12 AI tool internally on every Solidity competition (typically within the first 2 days). V12 findings are auto-shared with all wardens and judged as known issues — duplicates of V12's findings are ineligible for awards. Source: https://docs.code4rena.com/competitions/submission-guidelines
Implication for solhunt: Code4rena is the WORST platform for an AI-tool entry. Any easy bug solhunt finds is also likely to be in V12's report and therefore ineligible. The platforms where AI-tool entries can place: Immunefi (their rules require runnable PoC, which solhunt's exploit-writing is uniquely good at) and Sherlock (judges look at full PoC quality). Cantina has no active comps to test. Hats Finance is decentralized but moves slowly.
-
Monetrix on Code4rena ($22K, ends May 4) — small enough that V12 might miss something, and it's the only Solidity comp that's truly small-team. Worth running solhunt for 4 hours just to see if it surfaces something V12 missed. Expected value: low but cheap to attempt.
-
Base Azul on Immunefi ($250K, ends May 4) — partially Solidity, runnable PoC required (solhunt's actual differentiator). Even one Medium = ~$70K. Run solhunt against the Solidity portions only (skip the Rust). Expected value: highest of the three.
-
Firedancer is a SKIP — solhunt's strong zone is Solidity; it has no business in C/C++ Solana validator code.
- Code4rena: top-100 wardens compete in every Solidity comp. AI-tool-only entries with no human curation have effectively zero historical placement above Low severity. Bot Races (10% of pool) are explicitly for AI tools but require pre-qualifying.
- Immunefi: smaller participant pool than C4, but quality bar is higher because they want runnable PoCs and KYC.
- Sherlock: senior-Watson model — top auditors get the best assignments. Cold entry hard.
Apply to Arbitrum Trailblazer ($1M AI grant program). It's the single best fit on the entire research surface: an explicit "AI agents on Arbitrum" $1M pool, rolling applications, and solhunt's pitch (find Beanstalk-class bugs in 1m44s on Arbitrum dApps) maps perfectly. 4-6 hours of work for a $50-75K shot. Higher EV than any contest entry. Apply via the link on https://arbitrum.foundation/grants .
- Friday evening (2 hrs): Draft Trailblazer application. Lead with the Beanstalk metric. Commit to Arbitrum-native version + free scans for top 50 Arb dApps as a deliverable.
- Saturday (4 hrs): Run solhunt against Monetrix (C4, Solidity yield layer on Hyperliquid). Submit anything found before May 4. Cheap shot, mostly to learn the contest workflow.
- Saturday evening (3 hrs): Run solhunt against the Solidity portion of Base Azul (Immunefi). If it finds anything serious, write up the runnable PoC carefully — Immunefi's PoC requirement is exactly where solhunt's exploit-writing dominates.
- Sunday (2 hrs): Cold-DM 5 protocols from Stream 2 list, prioritizing entries 12 (Sturdy), 16 (D2 Finance), 19 (Kresko), 20 (Resonate), and 5 (Y2K). Send the actual findings PDF, not a sales pitch.
- Aave Grants DAO: dormant since Jan 2024.
- Code4rena except Monetrix: V12 pre-disqualifies easy AI bugs. Bad EV ratio.
- Firedancer ($1M Immunefi): wrong language stack. Don't be lured by the pool size.
- Sherlock XRPL: wrong code ecosystem.
- EF ESP cold-application: no matching open round; wait for an RFP.
- a16z CSX: next cohort isn't open. Note the date and pivot back to it in late summer when applications reopen.
The grants stream offers higher EV per hour than the contests stream right now. Arbitrum Trailblazer alone is worth more application-hours than every active contest combined, because it actually fits solhunt's value prop ("AI agent that writes exploits") rather than fighting solhunt's biggest weakness (competing against humans + V12 in red-team contests). The cold-outreach stream is the long-term moneymaker — every $1500/month retainer compounds — but it depends on having a runnable scan service first. The grants pay for that service to exist.
Sources verified via WebFetch and WebSearch on 2026-04-27. Where direct page-fetch failed (DefiLlama 403s, Cantina detail pages, Sherlock filtered views), data was triangulated from multiple search results.