Financial Proposal: Budget for tech audit of new Aragon products

Proposal Information

Proposal Summary:

A proposal to secure funding for the necessary audits of new core contracts and new Aragon.app frontend. Funds to be held in ESD Multisig until released to the respective auditor/s after Tech Sub-DAO signs off on deliverables.

Previous work on the proposal area:

Proposal description:

This proposal requests USDC 200,000 (or equivalent in DAI or USDT) for a tech audit budget.

The audits will occur once the new product/s codebases developed by Aragon Association Tech/Product team/s are sufficiently complete. A partial release of funds may be required to secure a calendar slot with an audit firm (which should belong to the list of approved auditors linked above).

To avoid confusion, the ESD Multisg is only a temporary holder of the funds to ensure the ability to make transfers to the auditor promptly. All responsibility to interface with the auditing firm/s and confirm the delivery if the desired service sits outside the remit of the ESD.

Approval by the Tech-sub-DAO will be a pre-condition for any transfer towards an auditor.

Proposal Rationale:

An independent audit of smart contracts, code, and infrastructure is a good practice for all financial and other high-risk products. It’s required to increase their security which leads to more trust and adoption of Aragon products.

Limitations of any benefits mentioned above:

A successful security audit doesn’t eliminate the possibility of security vulnerabilities. It decreases the risks and helps to find security problems missed by the team. It doesn’t eliminate the need for code reviews, automatic tests, and other practices that improve code security and quality.

Expected duration or delivery date (if applicable):

The timeline of the need for an audit and its respective completion depends on when Aragon Association teams deem the product to be sufficiently complete. Currently, it is expected that this will occur in Q4 2022.

Team Information

Names and/or usernames preferred contact method, and/or relevant social links for team members (Twitter, Github, Aragon Forum, etc.):

Signers of ESD Multisig - responsible for the release of funds [will include tags during publishing]:

Technical sub-DAO - responsible for appointing selected auditor/s, interfacing with the selected entity/ies, and validating the delivered audit [will include tags during publishing]:

Funding Information

Amount of USDC requested: Equivalent of $200,000 (two hundred thousand American dollars)

Address where funds shall be transferred:

ESD Multisig: 0x394Feb37899BB9aF6963B823a2d84668929d59f7
Multisig requires 3 out of 5 signatures - please see above full list of signators

More detailed description of how funds will be handled and used:

  • Funds will be used exclusively to pay for the technical audits described in this proposal
  • Partial release of funds might be required prior to the start of audit work to secure an audit slot in the auditor calendar
  • ESD does NOT have the discretion to repurpose the funds for any other funding objective

In case the ESD mandate expires before the need for funds release arises, funds will be transferred to an address controlled by delegated ANT as per THIS proposal, or in case such infrastructure does not exist at the time, back to the Main AN DAO

Question 1:

  • Y/N on the $200k budget allocation

Question 2:

  • No, ESD should fund from it’s existing $380k budget
  • No, ESD should not be the entity funding the audit
  • No, other reasons or undisclosed reason
  • Voted Yes on Q1
1 Like

As the audits should be funded, in case this proposal receives a No, further clarification might be needed. For that reason we would ask a clarifying second question within the “No” space.

Question 1:

  • Y/N on the $200k budget allocation

Question 2:

  • No, ESD should fund from it’s existing $380k budget
  • No, ESD should not be the entity funding the audit
  • No, other reasons or undisclosed reason
  • Voted Yes on Q1
2 Likes

@Ricktik6 @AlexClay please validate the Multisig address

This proposal makes sense to me and should ease the communication with auditors as they’ll be sure to get paid quickly without additional voting hustle.

2 Likes

Important to also add on the second question an “other” option:
“no, other reasons or undisclosed reason”

2 Likes

Confirmed:
0x394Feb37899BB9aF6963B823a2d84668929d59f7

1 Like

@fartunov fully in support of this, when is it going up for vote?

Thanks,

Aclay

plus one on audit budget = 100% needs to be done