Who Pays for Security Audits, Bounties, and Incentives

Presented at ETHDenver 2026 in Denver, Colorado. Security audits and bug bounties are essential to blockchain safety, but who actually pays for them, and do the incentives align? This talk examines the economics behind security reviews: who bears the cost, how protocol teams decide what to spend, and how misaligned incentives between projects, auditors, and whitehats can leave critical vulnerabilities unfound — and what better incentive structures could look like. See the recorded video here.