A proposal to secure funding for the necessary audits of new core contracts and new Aragon.app frontend. Funds to be held in ESD Multisig until released to the respective auditor/s after Tech Sub-DAO signs off on deliverables.
Previous work on the proposal area:
- List of approved auditors determined by the Tech sub-DAO Furthermore, the discussion there outlined the role of ESD as a temporary holder of funds
- Indicative high-level budget and scope
This proposal requests USDC 200,000 (or equivalent in DAI or USDT) for a tech audit budget.
The audits will occur once the new product/s codebases developed by Aragon Association Tech/Product team/s are sufficiently complete. A partial release of funds may be required to secure a calendar slot with an audit firm (which should belong to the list of approved auditors linked above).
To avoid confusion, the ESD Multisg is only a temporary holder of the funds to ensure the ability to make transfers to the auditor promptly. All responsibility to interface with the auditing firm/s and confirm the delivery if the desired service sits outside the remit of the ESD.
Approval by the Tech-sub-DAO will be a pre-condition for any transfer towards an auditor.
An independent audit of smart contracts, code, and infrastructure is a good practice for all financial and other high-risk products. It’s required to increase their security which leads to more trust and adoption of Aragon products.
Limitations of any benefits mentioned above:
A successful security audit doesn’t eliminate the possibility of security vulnerabilities. It decreases the risks and helps to find security problems missed by the team. It doesn’t eliminate the need for code reviews, automatic tests, and other practices that improve code security and quality.
Expected duration or delivery date (if applicable):
The timeline of the need for an audit and its respective completion depends on when Aragon Association teams deem the product to be sufficiently complete. Currently, it is expected that this will occur in Q4 2022.
Names and/or usernames preferred contact method, and/or relevant social links for team members (Twitter, Github, Aragon Forum, etc.):
Signers of ESD Multisig - responsible for the release of funds [will include tags during publishing]:
Technical sub-DAO - responsible for appointing selected auditor/s, interfacing with the selected entity/ies, and validating the delivered audit [will include tags during publishing]:
Amount of USDC requested: Equivalent of $200,000 (two hundred thousand American dollars)
Address where funds shall be transferred:
ESD Multisig: 0x394Feb37899BB9aF6963B823a2d84668929d59f7
Multisig requires 3 out of 5 signatures - please see above full list of signators
More detailed description of how funds will be handled and used:
- Funds will be used exclusively to pay for the technical audits described in this proposal
- Partial release of funds might be required prior to the start of audit work to secure an audit slot in the auditor calendar
- ESD does NOT have the discretion to repurpose the funds for any other funding objective
In case the ESD mandate expires before the need for funds release arises, funds will be transferred to an address controlled by delegated ANT as per THIS proposal, or in case such infrastructure does not exist at the time, back to the Main AN DAO
- Y/N on the $200k budget allocation
- No, ESD should fund from it’s existing $380k budget
- No, ESD should not be the entity funding the audit
- No, other reasons or undisclosed reason
- Voted Yes on Q1