Anchor’s TVL has grown at an exponential rate since the last Anchor combined audit poll. Since then there have also been major protocol changes such as using the Wormhole bridge for cross-chain builds as well as many new proposed protocol changes such as Anchor Dynamic Rate, and ve-ANC vote locking tokens. At this point, a continuous audit contract (retainer) with an auditing firm is needed to support this rapid pace of growth while maintaining the protocol security.
This proposal calls for 350,000 ANC (slighter higher than the contract amount to buffer for price movement) to be allocated to paying for a 1-year continuous security auditing retainer with BT Block (soon to be FYEO). This retainer locks in 40 auditing days every quarter. These days will be allocated to new contract audits, with any remaining days being allocated to bridge security and re-auditing the core anchor contracts, starting with the x-anchor contracts. Following the audits, the reports will be made public.
BT block was chosen because it has an impressive history, most notably the zero-day security bug they uncovered on Serum. Moreover, the team has some of the best DeFi logic experts to test and analyze systems for potential vulnerabilities including comprehensive logic review, code review, and functionality review when advanced cryptographic or ledger solutions are used.
BT block has offered Anchor a deal of $400,000 UST plus $120,000 in ANC. This ANC helps keep skin in the game and ensures auditors have more of an incentive to find bugs.
The final component of this proposal is to nominate Nathaniel Hughes (bitn8), a community member and TFL employee to act on behalf of the protocol to sign this audit contract.