Governance Council Proposal: Contributor Grant + Bug Bounty

Below, we outline a proposal put forth by the Orca governance council (the “Council”). For more information on the Council and its structure, check out the original post here.

As a refresher, Council proposals have the following process:

  1. Forum post (minimum four days on the forum to socialize with the community).
  2. On-chain proposal with council voting (five days).
  3. Cool-down period (two days) that allows the community to veto proposals it’s not happy with.

If the proposal passes the Council vote and is not vetoed by the ORCA tokenholder community (the “Community”), the contents of the Council proposal will be implemented. If the proposal doesn’t pass the Council vote and/or the Community vetoes the Council approved proposal, the contents of the proposal won’t be implemented.


This is a two-part Council proposal to (i) vote on a 5M ORCA allocation from the treasury to the initial Orca development team (“Juku Labs”), and (ii) approve a 100,000 USDC bounty to a whitehat hacker.

As a reminder, since the Orca treasury has not yet been moved to technical DAO control, if passed, the proposal will signal to Juku Labs that funds can be transferred as instructed.


ORCA Allocation to Juku Labs

When the project was started, the initial development team was allocated 20% of the total ORCA supply, or 20M ORCA. While this is a great sum of tokens and was in-line with market allocations for teams at the time, at current prices, the Council does not believe it’s sufficient to (i) appropriately incentivize Juku Labs to deliver its growing product roadmap (Orca’s current contributors are some of the most talented builders in the Solana ecosystem), and (ii) allow Juku Labs to recruit more best-in-class contributors over the coming years.

If this proposal is approved, 5M ORCA will be moved from the Orca treasury to Juku Labs as part of a “Contributor Growth Allocation.” We think it’s extremely important to align incentives — to that end, all additional ORCA token payments made to existing and/or new Juku Labs contributors will be subject to a one year continual service requirement and then be payable over the succeeding two year period (for a total service period of three years). Moreover, Orca’s founders, Yutaro Mori and Ori Kwan, have committed to not receiving any more ORCA tokens. In other words, the entire 5M ORCA allocation will be earmarked for non-founder contributors.

It is our view that there is nothing more important to Orca’s success than continuing to attract and retain the most talented contributors. As a team, the Council reviewed Juku Labs’s operating budget and product roadmap and believes that as a community, we should approve this 5M ORCA allocation from the Orca treasury to Juku Labs.

The Council would like to say one more thing on this point. Orca finds itself in a position of strength in a time of great opportunity. Juku Labs is building a suite of products that can bring Orca to a wider market, including both sophisticated traders/market makers and individual users. In particular, the Council sees tremendous potential in Orca cementing its lead as the canonical trading protocol on Solana. And the only way to secure this title is by retaining and attracting the best contributors.

White Hat Bounty

On November 15, 2022, a whitehat hacker reported a critical vulnerability in the spl-token-swap program, a core Solana program used by the Orca protocol in its (now deprecated) legacy pools. Using the whitehat’s help, the program was patched on that day, resolving the outstanding vulnerability before any damage could be done.

Since the existing bug bounty program on Immunefi only covers vulnerabilities tied to the Orca Whirlpools program, this disclosure did not immediately qualify for a bounty reward. However, given the severity of the bug, the Council believes the Community should reward the whitehat with a significant bounty to the tune of 100,000 USDC.


Both proposals outlined include the movement of funds from Community owned Orca treasury accounts. However, these accounts have not yet been transferred to technical DAO control. As such, the proposals will serve as the Community approving and directing for the following actions to be implemented:

Contributor Growth Allocation

Transfer 5,000,000 ORCA from the undistributed Community & Governance Initiatives allocation wallet to a wallet controlled by Juku Labs for future contributor incentives.

Whitehat Bounty Payment

Transfer 100,000 USDC from the Fee Treasury wallet to the whitehat wallet here:


Juku Labs will be responsible for communicating the completion of both transactions.

Governance Process

Forum Discussion

This proposal will meet a minimum four day discussion period before being put forth to a vote. This period allows Community members to review all proposed instructions and share feedback.


After four days, a Council member may submit the proposal using their Council Token to the Signaling Governance account (6d76J…4HUf9). The account is used for signaling proposals only, and contains the following voting parameters:

Voting Period: 5 days

Council Threshold: 4 Yes votes

Veto Threshold: 1,000,000 ORCA

Cool-down Period

This account also has a two-day cool-down period, which is reached after the initial five day voting period. In other words, if the vote is passed after five days, the Community will have an additional two-day period to veto the proposal.


If the veto threshold is not meant during the cool-down period, the proposal will pass and the instructions will be executed.