[1IP-XX] 1inch Network Security Audit Funding & Aqua/SwapVM Operational License Confirmation
Simple Summary
This proposal requests $1,201,000 from the DAO Treasury for 1inch Network security audits covering Aqua/SwapVM versions 1.0, 1.5, and 2.0, plus the discounted OpenZeppelin annual retainer, while formally confirming the DAO’s irrevocable operational rights under the Aqua Source License 1.1.
Abstract
This proposal requests $1,201,000 from the DAO Treasury to fund the 1inch Network’s security audit program across two areas:
- Aqua & SwapVM Audits ($721,000): Covers completed v1.0 audits advanced by Degensoft and upcoming v1.5 and v2.0 upgrades.
- OpenZeppelin Retainer ($480,000): A discounted, network-wide 2026 security resource. This includes $180,000 already utilized for Aqua/SwapVM 1.0 and $300,000 for upcoming pipeline reviews.
In connection with this funding, Degensoft Ltd irrevocably formalizes the 1inch DAO’s existing deployment and operational rights under the Aqua Source License 1.1, introducing no new license grants or commercial triggers.
Motivation
Security audits are a prerequisite for any smart contract deployment within the 1inch Network. Under Section 4.3.2 of the 1inch DAO Guidelines, the DAO bears responsibility for Innovation and Infrastructure, while Section 5.2.5 explicitly prioritizes network security and safety.
Aqua and SwapVM represent foundational pillars of the 1inch 2026 product roadmap. Degensoft Ltd advanced the initial capital to keep these core protocols on schedule. Because the DAO is the primary beneficiary of these secure codebases and has already committed $400,000 to the Aqua Revenue Stream Incubator, it is logical that the financial responsibility for securing these protocols falls to the community that operates them.
Consolidating past reimbursements, future budgets, and license clarifications into a single proposal provides a holistic view of the 1inch security roadmap, simplifies treasury management, and minimizes governance overhead.
Specification
Financial Breakdown & Budget Matrix
Aqua & SwapVM Audits — direct third-party audit costs
| Item | Amount | Status | Details |
|---|---|---|---|
| Aqua & SwapVM 1.0 audits | $321,000 | Completed | Direct third-party audit costs advanced by Degensoft |
| Aqua & SwapVM 1.5 audits | $240,000 | Planned (2026) | Upcoming security reviews for planned v1.5 upgrades |
| Aqua & SwapVM 2.0 audits | $160,000 | Planned (2026) | Next-generation architecture reviews for v2.0 upgrades |
| Subtotal | $721,000 |
OpenZeppelin Annual Retainer
| Item | Amount | Status | Details |
|---|---|---|---|
| OpenZeppelin 2026 retainer | $480,000 | Annual | Network-wide retainer covering all OpenZeppelin protocol audits in 2026 |
Note on the OpenZeppelin Retainer: The total 2026 OpenZeppelin retainer is $480,000, negotiated at a significant discount relative to standard on-demand rates to ensure predictable availability and cost efficiency. It is a flexible, network-wide security resource and is not restricted solely to Aqua protocols. All completed and future audit reports funded under this budget will be published transparently to the 1inch Security Audits Repository on GitHub.
2. Operational License Confirmation for Aqua and SwapVM
In direct connection with the DAO’s funding of the security allocations detailed above, Degensoft Ltd, acting as the Licensor under the Degensoft Aqua Source License 1.1, formalizes and confirms the following governance items:
Permitted Operational Use: The 1inch DAO’s deployment, execution, orchestration, and maintenance of Aqua and SwapVM smart contracts across any distributed ledger or blockchain network constitutes an explicitly permitted use. It does not trigger any Commercial Trigger under Section 5.2, meaning no separate Commercial License or fee structure is required from Degensoft. This operational confirmation is irrevocable and valid for the entire lifecycle duration of the Degensoft Aqua Source License 1.1. No new license grant is being made by this proposal; this confirmation formalizes the DAO’s existing rights under the Degensoft Aqua Source License 1.1 for governance clarity, and is given by Degensoft Ltd as Licensor in connection with, and conditional upon, the funding approved herein.
Incubator & Ecosystem Protections: Teams actively participating in the Aqua Revenue Stream Incubator program, along with open-source contributors building strategies, tooling, or integrations that interface directly with the DAO’s authorized deployments, APIs, or smart contracts, will not independently trigger a Commercial License requirement. These entities function as standard ecosystem users of the network’s authorized deployments, not as sublicensees of Degensoft. A granular participation framework governing these independent contributor terms will be introduced via a separate governance track.
Interface Operations: Degensoft Ltd retains the concurrent right to build, deploy, and monetize user-facing front-ends and interfaces for Aqua and SwapVM to preserve competitive UX iteration and operational support across the wider DeFi ecosystem.
Payment
- Recipient: Degensoft Ltd (single payee; Degensoft will settle all third-party audit and OpenZeppelin retainer costs covered by this proposal)
- Amount: 1,131,144 sDAI + 69,856 DAI
- Payment method: Disbursement from DAO Treasury multisig
- Payment address:
0x6158821a80388Ca3D9146eAE896Ad9564b93c013
Rationale
This framework sets a clean, unified precedent for how IP stewardship and treasury allocations interact. By funding these audits, the DAO protects its competitive edge. Degensoft acts as the IP guardian to prevent malicious or low-effort competitive forks from splitting network liquidity, while ensuring the 1inch DAO has unimpeded operational freedom.
Financially, this capital requirement aligns with historical baselines. In 2025, the DAO approved [1IP-86], which allocated $1,359,000 for infrastructure safety. The 2026 allocation represents a minor, predictable scaling of costs reflecting an expanded multi-version protocol pipeline. Projections are provided directly by the Security Team Lead based on contracted rates and historical vendor data.
Considerations
Security
All smart contract audits referenced in this proposal were conducted by multiple audit firms and cover the Aqua and SwapVM codebases. Audit reports will be made publicly available on the 1inch GitHub. This proposal introduces no immediate mutations, migrations, or updates to active smart contract state logic. All future codebases covered under the 2026 allocation must successfully clear their respective security milestones and publish finalized reports to GitHub before production deployment.
Governance
- Treasury Outflow: A one-time treasury impact of $1,201,000.
- Revenue Generation: Securing these rights guarantees the DAO’s continuous ability to collect protocol fees generated via the Aqua Revenue Stream Incubator and native deployment mechanisms.
- Tokenomics: No structural impact on active token staking yields, distribution mechanisms, or total $1INCH supply metrics.
- Precedent Validation: Directly extends the governance logic proved by [1IP-86], augmenting the framework to cleanly document formal operational licenses in tandem with treasury spending.
Team Qualifications
Degensoft Ltd continues to serve as the core development and operational engine powering the 1inch Network protocol layout.
IP Protection & Ecosystem Licensing
Degensoft Ltd developed Aqua and SwapVM as core protocol infrastructure for the 1inch Network. The underlying intellectual property is managed under the Degensoft Aqua Source License 1.1, a source-available licensing framework modeled after industry-leading DeFi protocols to balance open-source development with competitive protection.
The Ecosystem Architecture:
- IP Stewardship (Degensoft Ltd): Degensoft retains ownership of the codebase and acts as the legal and technical steward of the IP. By holding the enforcement rights, Degensoft protects the 1inch ecosystem from unauthorized commercial copycats, vampire forks, and liquidity fragmentation.
- Operational Freedom (1inch DAO): Under this proposal’s formal confirmation, the 1inch DAO operates under a perpetual, irrevocable, and non-commercial-triggered framework. The DAO and its community maintain complete freedom to deploy, maintain, and monetize these protocols across any network without overhead or dependency.
- Third-Party Commercial Use: Any independent, external commercial deployment of the codebase outside the scope of the 1inch Network or DAO-sanctioned initiatives strictly requires an explicit commercial license from Degensoft Ltd, subject to the terms of the Aqua Source License 1.1.
This dual structure ensures that while the codebase remains visible and auditable on GitHub, the economic value generated by Aqua and SwapVM stays structurally bound to the 1inch Network. Furthermore, Degensoft’s commitment to continuously develop, optimize, and maintain native user-facing interfaces guarantees uninterrupted product quality, UX iteration, and operational continuity for all 1inch Network users.
Conflict of Interest
Degensoft Ltd is the proposer, developer, intellectual-property licensor, and payee under this proposal. This is disclosed for transparency. The audit work is independent third-party work and the reports are published publicly on GitHub; the funded amounts are evidenced by vendor invoices; and the license confirmation formalizes rights the DAO already holds rather than granting new ones. Recognized Delegates and tokenholders should assess the proposal on that basis.
Summary
This proposal requests $1,201,000 from the DAO Treasury to fund completed Aqua and SwapVM 1.0 audits, the 2026 audit budget for upcoming upgrades, and the OpenZeppelin annual retainer, all settled by Degensoft Ltd. In connection with that funding, Degensoft confirms the 1inch DAO’s irrevocable right to deploy, operate, and maintain Aqua and SwapVM on any network under the Degensoft Aqua Source License 1.1, without triggering a Commercial License requirement. The confirmation formalizes rights the DAO already holds; it makes no new license grant. Audit reports are published on GitHub, and the license terms protect the network against unauthorized commercial forks while leaving the DAO and its ecosystem free to operate.