The Uno Re team has decided to shift UNOWatchDog client ZkTsunami from Cohort I to a later one when insurance capacity is available; this postponement comes due to a number of factors and events that transpired during the Scoping stage of the service. These are listed below:
- Access to the ZkTsunami codebase was granted 5 weeks late; unfortunately, this delayed the initiation of the Audit Scope Determination and Discovery process.
- Initial risk assessment and DD was completed 5 business days after access was granted to the UnoWatchDog Team.
- An unfortunately low response rate and lack of test scripts and code documentation prevented initiation of code contracts audit by the bipartisan agree-upon date.
- On the pre-determined date of the marketing announcement, the codebase was not provided, even though code repo was public; a failure to notify with the repository link itself proved to be a roadblock for the audit to be initiated in a timely fashion.
A look into the (on-going) audit of ZkTsunami contracts.
The situation at present is that though access to existing code has been granted to the UnoWatchDog team, due to the delay in this event, the next domino in the chain - i.e. the audit itself, DD and underwriting processes for the insurance coverage, and the following DAO proposal to initiate Cover must also be re-reviewed/postponed.
Next Steps:
- As of the time of this post, the audit is underway with some of our team assisting ZkTsunami with documentation as well as bootstrapped test scripts of the codebase. (However, to provide a comprehensive audit coverage up to of the standards of Uno Re, we are still awaiting complete test scripts and documentation from the ZkT team. We’ve been informed by the team that the dev team is going through an overhaul, and are awaiting this patiently).
- UNOWatchDog Auditors are also reviewing other zksnark implementations to ensure that industry best practices are followed at every step of the way.
- We are also working on analysing the scope for real-time tracking and active monitoring that needs to be set up on the contracts; however, these will only go into effect once on-chain deployed contract addresses are provided by the team at the advent of the next capacity-available Cohort.
- In parallel to the above, the policy underwriting is also underway and is expected to finish in time such that coverage policy terms can be shared publicly on this forum to be put to vote once the next capacity-available Cohort of UNOWatchDog is live. However, due to these exigent circumstances and lack of transparency on behalf of the ZkT team, the DAO-approved insurance policy will only be activated after additional DD from the UNO team, and may also include KYC requirements.
We request both communities to not take the above as financial advice in any shape or form; coming from a core DeFi protocol, this post is in the spirit of 100% transparency, and UNO welcomes security-related questions and comments from both communities.
We look forward to completing our comprehensive audit of ZkTsunami contracts, and (provided that the audit results are positive, any recommended fixes have been employed by the ZkT dev team, DD and underwriting processes are satisfied as per UNO’s high standards, and approval of the UNO DAO) welcoming them into UNOWatchDog’s next capacity-available cohort.
