I don’t think that’d be insane either, given the TVL. That being said, since this will be an on-going budget, I think it deserves a thread of its own so that we can run the numbers and see what we can sustain.
In the meantime, juicing up the Immunefi bug bounty could be a first step in that direction.
Agree. I would like to get a vote up on that after the Audit. Perhaps we see if we can increase it to 1 mil.
4 Likes
If Anchor passes these audits. Which I believe they will.
But then gets hacked due to something these audits missed, do we get back the cost of the audits back?
Are the cost of these audits just a deposit?
I just want to make sure the incentives are correct so that these auditors take a loss if they mess up.
Forgive me if this is already covered. Thread too long.
Audits are not pass/fail–they are a collection of findings of various severities, along with recommended fixes for the dev team to implement. Audits are a best effort undertaking and not a guarantee of vulnerability-free code. Even the best auditors can still miss things which is why enlisting multiple audit teams is recommended.
1 Like
The cost of these Audits is for full audits - not deposits, including 2 major audits and 2 cross-chain audits needed.
Please everyone: vote, so we can this passed.
5 Likes
Thank you so much for all your help @bitn8 in driving momentum behind this proposal and getting it up for vote. I really appreciate your work to make the protocol and community stronger!
5 Likes
More info on Oak Security
Audit reports (Astroport and other Terra protocols)
I am about to vote on this prop but before I do, is there a way to verify that the wallet listed in the proposal to receive funds is actually that of the auditors or a trusted 3rd party escrow? Like, how do we know this isn’t a scam? Sorry, I’m a bit new to this and am a highly paranoid person. Can someone ELI5 how we know this money will go to the right people? TIA!
Also, if the prop is for 2 audits that each cost ~ $200k, why is the total amount only for $190k?
It’s a multi-sig wallet controlled by TFL employees for added security. 190k was used as a buffer and any additional funds not used will either be used for the continuing cross-chain audits that will be needed shortly or returned to the community fund.
2 Likes
Hey guys!Just joined the community and saw this thread-first of all am glad seeing that in todays-hyper tweeking "459.656.000B APY% " DEFI/DAO mania,an active community exists that ACTUALLY care for the long term factors-we all like “WHEN LAMBO” XD,but without solid foundation and at least some type of actual thought behind the fancy numbers-we’ll keep driving our childhood bike-not even a used Civic 
Anyways,sorry for the rambling guys,guess i got over excited a lil bit XD-Ill keep it short from now on,and with that being said-my "“two cents” i wanted to add when i saw this thread was-
You OGs and people running the place know better,so if an additional audit will help actually improving the overall experience(it certainly looks even better to the public )-and the platfrm can afford it,it should absolutely be done!
The only thing is that being “CERTIFIED by Certik”,looks good for sure and they give great insight and in depth analysis whether + or -,but essentially thats pretty much it.
I mean,even the last “upper class” rug pull(was it Snow? Flake? Snowwolf?smthn like that- U know,the typical DAO)-they were actually audited as well,Certik sign near their CMC status n all-and thats enough unfortunately to convice most-myself included obv, i just recently came across the information that basically Certik views x key parameters,points out what should be fixed,they even say in a very diplomatic manner"RUN ya moraaann ",esp when they pointout “anonymous owner has installed x code into smart contract that allows him to basically switch rates,currency,even allocate funds without disclosing”-essentially saying you gambling,and more often than not,you gonna end up refreshing a domain that no longer works 
Am sure most of you where aware of this all along,but myself,always focusing on trading and maybe staking,whenever i saw the Certik icon,in my mind it was an automatic “APPROVED”.
I was quite suprised to realize the “at least,perceived” biggest crypto auditor is just like a paid advertisement in Forbes from a 20yo selling signals on Insta…
So,in my humble opinion,if it wouldnt burden the company,it’d be a great idea to invest in professionals that could help keeping up Anchor’s well earned reputation,as long as they provide real solutions and help even us,the newbest of newbs,feel comfortable and interact with the platform with ease!
Thats all,torture is over xd, i wont post these TLDR replies again so pardon me in advance,looking forward to interact with yall,and get familiar with the whole community!
Have a good one guys!!!
Thanks guys for working hard on the proposal. Just I have a point to add: It would be great if we can put a 6 months gap between the 2 audits in a way to have one audit every 6 months, i.e. book one to start auditing a soon as possible and book the second to start in 6 months. I’m not sure if the plan to do the two audits at the same time or with a time gap but the 6 months gap is better in term of longevity for security reasons because the technology environment evolves rapidly around here.
1 Like
Agreed. I am going to be looking closer at these things going forward. I would like the bug bounty and partnership actually the main focus though because that is really where bugs are going to be found IMO
3 Likes
Thanks @bitn8 for coordinating everything to make this happen.
Is this thread where we will hear about the timelines and the audits themselves or will there be a different thread/document?
I will keep you all updated here with links for all audits!
1 Like