[Proposal] Anchor Continuous Audits

Anchor’s TVL has grown at an exponential rate since the last Anchor combined audit poll. Since then there have also been major protocol changes such as using the Wormhole bridge for cross-chain builds as well as many new proposed protocol changes such as Anchor Dynamic Rate, and ve-ANC vote locking tokens. At this point, a continuous audit contract (retainer) with an auditing firm is needed to support this rapid pace of growth while maintaining the protocol security.

This proposal calls for 350,000 ANC (slighter higher than the contract amount to buffer for price movement) to be allocated to paying for a 1-year continuous security auditing retainer with BT Block (soon to be FYEO). This retainer locks in 40 auditing days every quarter. These days will be allocated to new contract audits, with any remaining days being allocated to bridge security and re-auditing the core anchor contracts, starting with the x-anchor contracts. Following the audits, the reports will be made public.

BT block was chosen because it has an impressive history, most notably the zero-day security bug they uncovered on Serum. Moreover, the team has some of the best DeFi logic experts to test and analyze systems for potential vulnerabilities including comprehensive logic review, code review, and functionality review when advanced cryptographic or ledger solutions are used.

BT block has offered Anchor a deal of $400,000 UST plus $120,000 in ANC. This ANC helps keep skin in the game and ensures auditors have more of an incentive to find bugs.

The final component of this proposal is to nominate Nathaniel Hughes (bitn8), a community member and TFL employee to act on behalf of the protocol to sign this audit contract.


$1.2M for ongoing audits seems appropriate. I’ve seen the cost on Cream, Thorchain, and others for zero day exploits and support the decision however we need to get it done.

Will the funds be placed in custody? of who exactly?

1 Like

Mulitsig contract controlled by the Anchor devs, myself being one of the signers.


Hey bit

I know its a bit of a monumental task, but since the Terra blockchain attack has occurred Anchor will need a representative for assigning custody of the v2 Luna to be distributed to Anchor users to a legal attorney. Would you be able to set up for this. We cant just have it dropped to the users as-is as there are major and long lasting legal ramifications for not handling the fork’s assets properly.

If the dev team needs expert legal I can refer to a states side attorney that specializes in crypto and crypto suits.

Lets hault on the audits until this is sorted out.

1 Like

Audits have been halted.