I am in contact with ToB and getting a quote. How do we go about doing this and how do we transfer the funds? Also we will need to make a proposal to find new audits and possibly earmark a specific amount of funds for audits.
I have a call tomorrow with Code423n4. I will get all details, costs, and timelines and we will go from there. Note this is a different style of auditing than Cyptonics, so I would suggest those actually interested make sure we all agree with this style of community-sourced auditing.
We need to have this all wrapped up Fri and lock something in.
I think this is a great idea.
We need it to see if they can fit us in, if so when? and the cost etc. Itās a different type of auditing so I think doing two audits is still on the table. Iāll report back shortly on details and we need to move quickly by Fri
I just went through Code4ren4ās audits of SUSHIās Miso codebase and honestly Iām surprised by the level of detail of the reports. I was doubtful at first but I think the methodology can actually yield promising results. We need to careful gauge the rewards to attract skillful wardens for this to work though, especially as weāre not dealing with Solidity code. Iām in favor of moving forward with them if possible, so Iāll be looking forward to @bitn8ās update.
That being said, I think itād still be smart to couple this with a more traditional audit from a reputable entity. Different methodologies might yield different returns, itād provide an additional degree of security, and itās more likely to instill a deeper sense of safety among more traditional investors IMO. @PFC, have you heard back from Cryptonics? Do we have any alternative on the table? Iāll have a look on my end, see if I can get us a few options, but no promises, this is certainly above my paygrade.
Werenāt the auditors responsible for putting malicious code into Misoās code base which resulted in the Jaypegsautomart hack?
Iām not familiar with this, do you have a source we could look at? Sounds like something weād need to know before making a decision.
Havenāt heard about that - Do you have any link / ref regarding this matter ?.
- What specific company / entity do you refer to here?
Here is the audit findings from the Gravity Bridge Audit contest.
With a budget of 100-120k we can get a team of highly Rust Wardens incentivized for the contest. If we get things going soon, the contest will probably be held before the end of the year.
If we launch it, we typically do an introduction to contest Wardens and Judges to highlight any special areas of focus and the codebase etc.
I will report back after I run this by a few more community members.
I really like this idea. Can we create a proposal to get this in motion ASAP?
Sounds interesting - Letās go!.
Just pinging this. Any updates on the progress of getting a proposal in motion?
Working on running this by all stakeholders to make sure everyone is on the same page. Will hopefully get this going by end of week.
Thanks alot. ToB are taking their time to get back to me. Suspect that they will be a week or so after they have run the quote past their engineers. We could make 2 separate proposals for two separate audits.
I agree we need two audits. 1 from community-sourced audit 2. standard audit
Looks like the Immunifi bug bounty has been released https://twitter.com/unl1k3ly/status/1465547531853590528
In essence:
-
Anchor Protocol has locked more value than its last audit.
-
Frequent audits are good as the technology environment evolves.
-
The community is happy to pay for another audit (personally I would contribute toward payment for it too via decreased APY or less ANC rewards).
-
The community has also raised the idea of frequent scheduled auditing.
This all should benefit Anchor Protocol over the long term because:
-
it builds continual trust in the technology
-
it aligns the technology with the community
Questions
Have I missed anything vital?
Next steps/timing
It seems weāre aiming for some resolution by the end of last week? Any update on this?
Taking a little longer than expected with Tefi Miami occupying peopleās time. Really pushing hard to make sure we have full community support to pass this on a proposal before putting it up. Will report back soon