Continuous Assurance of Blockchain Protocol Integrity through Open Source Primitives and Bug Bounties @immunefi, @commonwarexyz, @arbitrum The integrity of a blockchain protocol is not a property that is completed through a single verification or a specific point in time assessment, but rather a characteristic that must be continuously maintained and inspected over time. Modern blockchain systems have a structure where numerous components are interlocked, and especially in scaling solutions like rollups, the execution environment, bridge, sequencer, and verification mechanisms are closely interconnected. In such an environment, even if the code is written with great precision, new vulnerabilities can emerge due to upgrades, configuration changes, and shifts in economic incentives. Therefore, while one-time audits have significance in checking the state of code at a specific point in time, they have clear limitations in ensuring the long-term integrity of the entire protocol. Arbitrum's real-world operational case well illustrates this characteristic. Arbitrum's production stack consists of the Nitro execution environment, the OneStep Prover contract, the bridge infrastructure responsible for asset transfers between layers, the sequencer logic that determines transaction order, and the fraud proof mechanism. These elements do not exist in isolation but form a single system through their interactions. The ArbOS 31 Bianca upgrade conducted in March 2024 simultaneously affected both Arbitrum One and Nova, demonstrating that a single upgrade can cause cascading changes across multiple network components. In addition, Arbitrum has carried out six major ArbOS upgrades between 2024 and 2026, maintaining a fast development cycle by reflecting testnet deployments into the mainnet within a relatively short period. This speed creates an environment difficult for traditional audit procedures to keep up with, implying that code not yet audited may be used in actual operational environments. Moreover, it has already been confirmed through various cases that code-level reviews alone are insufficient to adequately predict attacks occurring in the actual network. The Wormhole bridge hack in February 2022 and the Polygon Plasma bridge vulnerability in December 2021 both occurred in audited code, and attackers found dynamic attack paths by exploiting economic incentives rather than code flaws themselves. This clearly shows that protocol integrity is not limited to the syntactic correctness of code but is a multidimensional concept that includes economic structures, operational methods, and governance procedures. Against this background, the reuse of open-source blockchain primitives has become one axis of a security strategy. The so-called anti-framework approach proposed by Commonware provides basic functions such as network, consensus, cryptography, storage, and testing as modular primitives instead of building a single large stack. These primitives are implemented as Rust-based libraries and include certified P2P communication, Byzantine fault-tolerant consensus algorithms, threshold signing and random number generation, abstracted storage interfaces, and runtime components for deterministic simulation. Each primitive is categorized into alpha, beta, gamma, delta, and epsilon levels based on stability, with these grades assigned according to the scope of testing and real-world usage experience. The greatest advantage of reusing primitives is the reduction of implementation risk. For example, by using a consensus primitive whose mathematical properties have already been verified, rather than implementing Byzantine fault-tolerant consensus directly, it is possible to reduce recurring implementation errors. Additionally, primitives with high stability levels have clearly defined audit and bug bounty targets, allowing security resources to be concentrated on core logic. The deterministic simulation environment provided by the Commonware runtime allows for the recreation of network conditions and the performance of regression testing between versions, playing an important role in maintaining integrity during the upgrade process. However, this approach also carries another form of risk. If multiple protocols share the same primitive, a structural centralization risk arises where a single vulnerability can affect the entire ecosystem. To mitigate this, Commonware has introduced a stability grading system, clearly separates interfaces, and encourages competitive implementations for the same interface.It cannot be denied that the risk at the design level can be concentrated, which has brought continuous vulnerability detection to the forefront as an essential element. In a rollup environment, the surface requiring protocol integrity is very broad. In the case of Arbitrum, the Nitro prover contract can contain mathematical errors or issues with gas calculations, and the bridge contract connecting L1 and L2 carries critical risks such as fund theft or withdrawal blocking. The sequencer logic implies the possibility of pursuing unfair profits through censorship or transaction reordering, and the governance mechanism is also exposed to attacks such as proposal manipulation or timelock bypass. In addition, from an operational perspective, factors such as sequencer outages, key management failures, and lack of monitoring directly affect integrity. As a means to continuously detect these various risks, bug bounty programs play an important role. The bug bounty operated by Immunefi classifies severity based on impact, and for critical vulnerabilities such as fund theft or network outages, a certain percentage of the at-risk assets is provided as a reward. This approach is designed so that as the network scale increases, the rewards also increase, aligning the incentives between researchers and the protocol in the long term. In addition, through a responsible disclosure process that coordinates the disclosure timing, vulnerabilities are announced after the fix is completed, minimizing user damage. Nevertheless, bug bounties do not cover all risks. Economic attacks such as MEV extraction or incentive design errors, scenarios exploiting governance procedures, and operational mistakes are often out of scope. In fact, the Wormhole incident shows that even though a large reward was paid, the incident itself could not be completely prevented. This suggests that while bug bounties are an important security primitive, they are not a standalone complete solution. Combining open-source primitives and bug bounties forms a lifecycle system for ensuring integrity. Primitives become targets for external verification and reward-based review as implementation errors are reduced and stability increases. The scope of the Arbitrum bug bounty is currently limited to the deployed version in operation, encouraging researchers to focus on code where actual risks exist. When a vulnerability is discovered, the case is reflected in simulation tests to manage and prevent the same issue from recurring in subsequent versions. In this process, the boundaries of responsibility also need to be clearly recognized. The primitive maintainer must ensure accuracy and compatibility within the interface scope, and the integrator is responsible for safely combining and operating it in the actual environment. While open-source licenses limit legal liability, real integrity assurance is determined by this role distribution and collaboration. Cooperation between multiple projects is also required in the process of coordinating the disclosure timing and patch distribution. Governance and the upgrade process are also key elements in maintaining integrity. Arbitrum manages upgrade risks through a timelock for constitutional proposals, L1 message challenge periods, emergency powers of the security council, and a staged deployment procedure via testnets. These procedures can be seen as an attempt to maintain a balance between rapid response and decentralization. Ultimately, open-source blockchain primitives and continuous bug bounties enable an approach that treats protocol integrity not as a one-time certification but as an ongoing process. Primitives reduce repeated implementation errors, and bug bounties encourage continuous external verification through economic incentives. The operational example of Arbitrum shows how this combination works in a real large-scale network, clearly demonstrating that integrity is not a fixed state but an attribute that must be continuously checked and maintained. $ARB $ETH $XRP $POL