Audit Requests S5 final roundup

Before starting the roundup we want to extend our sincere appreciation to @jackanorak for his exceptional stewardship and leadership throughout this program during Season 5. Given his invaluable contributions, we highly recommend him for the retroPGF program, as the Season 5 budget did not initially encompass this critical aspect of the process.

As the Season 5 Grant Council Lead, I wouldn’t have been able to make this possible without Jack. Thank you!

We’re excited to unveil the second batch of projects selected for RFG-3: Smart Contract Auditing Services (first batch here). Following thorough evaluation and scoring, we’ve identified the next set of projects from the pool of twelve applications. Just like the initial batch, these chosen projects have showcased remarkable potential and a strong resonance with our goal to bolster the security and cost-effectiveness of smart contract implementations within our ecosystem.

  1. Beefy Security Grant Application (score 84)
  2. Decent.xyz Proposal (score 81)
  3. dHedge Security Grant Application (score 75)
  4. Omni-x (score 77)
  5. PoolTogether Security Grant Application (score 77)
  6. Quantum Fair (score 75)
  7. Velodrome (score 101)

Additionally, throughout Season 5, we’ve maintained the cutoff score of 75 points. For those interested in reviewing the scores of each application, you can find them on our dedicated page.

Audits request program roundup

The audit program continues to undergo significant experimentation. In Season 5, the Grant Council approved a new batch of Audit Providers:

Smart contract auditing services

  1. Nethermind Security - Smart Contract Audit Services
  2. Spearbit/Cantina for SC auditing and security services
  3. Trail of Bits Security Reviews
  4. Halborn - Smart Contract Auditing
  5. Sherlock - Smart Contract Audits Mission Request

Learnings:

  • The audits program needs its own subcommittee and reviewers to maintain a fast pace and provide timely responses to service providers.
  • The audits program rubric needs to be redefined to be more aligned with the service.
  • Establishing a public platform for projects to reach out to service providers is essential.
  • Weekly office hours should be held by the subcommittee to foster closer engagement with service providers.
  • The audits form needs to be reformed and include (thanks @GFXlabs for the feedback):
    1. Verification of all contracts on explorers.
    2. Inclusion of a one-page document listing all addresses.
    3. Noting any contracts with ownable/admin functions in the documentation along with their functions.
    4. Clarification of contract ownership (msig, governance, etc.) in the documentation.
    5. Inclusion of audits in the documentation, with each audit listing the files audited along with their date.

In conclusion, the audit election process has been successful overall, and it’s now up to the milestones and metrics to determine the effectiveness of the program. Moving forward, we remain optimistic that this program will become fundamental for the ecosystem’s growth and security.

7 Likes