[READY TO VOTE] smart contract auditing services

Mission Request Template

Delegate Mission Request Summary:
This is a continuation of the RFG-3 from last season: gather smart contract auditors to provide subsidized audits for promising projects determined by the grant council.

S5 Intent Intent 3

Proposing Delegate: Jack Anorak

Proposal Tier: Fledgling Tier and up

Baseline grant amount: 250k OP

Should this Foundation Mission be fulfilled by one or multiple applicants: Multiple

Submit by: To be set by Grants Council

Selection by: To be set by Grants Council

Start date: If applicable

Completion date: Aug 1, 2024

Specification

How will this Delegate Mission Request help accomplish the above Intent?

A major thesis I’ve held is that reducing overall costs of deployment will be a powerful draw for builders. Audits are often the single costliest part of deploying contracts, both in terms of money and in terms of time. Launch fees can easily run upward of $100k, and if a project doesn’t have the startup capital to fund this work, it will often turn to other sources of financing, such as soliciting VC or launching a token where otherwise unnecessary—or, worse, cut corners and deploy with a less experienced or reputable set of auditors.

This is highly relevant to us as an ecosystem: getting these fees subsidized can often make the difference between a deployment and no deployment—or between a safe deployment and one whose exploit has widely felt consequences. If we believe in the long-term growth that can be harnessed by network effects and cultivating an open building scene, this becomes a clear investment focus to ensure the future we want to see. And this has direct results for users, who need some reasonable assurances of security when using economically live products.

Meanwhile, grants issued by the Grant Council face certain limitations: specifically, builder grants are locked up for over a year, which can be suboptimal for projects that need liquidity on high-ticket costs like this today. However, an in-kind grant can help to get auditing work done—the thing many of these projects need—as early as possible while avoiding any risks associated with distributing the OP token.

What is required to execute this Delegate Mission Request?

To execute this Mission Request, we need:

• A pool of reputable and experienced auditors.
• A system for matching auditors with projects that require their services.
• A mechanism for distributing the locked grants to the auditors and ensuring they are used as intended.

The exact structure of these kinds of grants is somewhat flexible and dependent on what sorts of proposals will come our way.

One structure that worked for RFGs: auditing firms and collectives propose to be labeled ‘Optimism preferred auditors’, preserving space for some number of grantee projects (or audit hours) at a certain payment schedule. They may also bid on providing additional capacity for projects that would themselves pay some sort of rate.

How should the Token House measure progress towards this Mission?

• Auditors enlisted in the program
• Projects matched with auditors
• Audits completed
• Projects successfully deployed following an audit

How should badgeholders measure impact upon completion of this Mission?

• % decrease in number of security incidents relative to some established baseline
• % decrease in overall deployment costs for builders
• number of onboarded builders for whom auditing would have been a make-or-break obstacle
• % audit coverage on OP Mainnet

Have you engaged a Grant-as-a-service provider for this Mission Request?
no

Has anyone other than the Proposing Delegate contributed to this Mission Request? If so, who, and what parts of this application did they contribute to?
no

hi @jackanorak, thank you for putting this together! I just wanted to note that the last 2 questions (“have you engaged a grant-as a service provider” and “has anyone other than the proposing delegate contributed”) have not been completely filled out.

Cannot stress enough how important audit subsidization is, any continuance of this initiative will promote a safer environment and future for many users and teams. As a top 100 delegate I believe this proposal is ready for vote. Delegate Commitments - #71 by MoneyManDoug

Hi everyone! I am an employee of OP Labs and speaking on my own behalf.

Very excited about this opportunity. One of the key goals at OP Labs is to grow the Superchain Developer ecosystem and I’ve heard from DeFi developers often the limitation from moving from testnet to mainnet is being able to afford an audit.

Offering this service could be an additional value prop for deploying on the Superchain versus other decentralized compute offerings.

If this ends up being worked on would love to help app developers become aware of this opportunity.

I am an Optimism delegate [Agora - OP Voter] with sufficient voting power and I believe this proposal is ready to move to a vote. beep boop

I am an Optimism delegate with sufficient voting power and I believe this proposal is ready to move to a vote.

Thanks @jackanorak for the proposal. We believe it’s important provide affordable yet quality auditing services to promising projects within the Optimism ecosystem.

We are an Optimism delegate with sufficient voting power and believe this Request is ready to move to a vote.

Great way to lower the barrier for developers and protect Optimism users from future hacks.

I am an Optimism delegate with sufficient voting power and I believe this proposal is ready to move to a vote.

The Grants Council has opened early submissions as an Indication of Interest for this mission request here

For your application to be considered, the Mission request must pass the Token House vote on February 14th. Submissions will not be considered if a Mission Request is not approved on the 14th.

Just wanted to add a quick update here: Sherlock is one of the three whitelisted auditors from the past season.

The audit apps opened last week and Sherlock has seen a flood of interest from projects big and small for using these funds. I think the OP ecosystem will be very pleased with the participation and demand generated by the auditing RFG-3 from last season. The completed apps should start coming through later this week or early next.

Audit services really do seem to be the biggest barrier for protocol teams to launch on OP (or anywhere else).

Hi @Gonna.eth, I see that the submission period has been extended and I would love to submit a proposal on behalf of ChainSecurity (https://chainsecurity.com/).

It seems like the application page is currently disabled. I also see that projects have been submitting proposals beyond the newly indicated timeline, could we exceptionally do so as well?

Thanks a lot for your consideration & wishing you a nice day! Also tagging @jackanorak for visibility.

Submission period ended on Friday 29th. Sorry you didn’t make it I hope we can see you on the next round probably in june.

Hi all, we’re currently working on whitelisting security service providers and creating a Subsidy Fund to subsidize projects building for other ecosystems - see here as an example for Arbitrum. We’ve put a lot of time into thinking through the intricacies and doing the groundwork to get a full market understanding. We’d be happy to help out in any shape or form.

For context, on working across ecosystems - our view as Areta’s Strategic Governance unit is to support improvements and growth of governance across the crypto ecosystem, solving complex problems first-hand. We believe streamlining procurement and other organizational processes across DAOs will lead to the ‘rising tide lifting all boats’ and improve governance in general to strengthen the decentralized ecosystem as a whole.