[RFQ] Request for Quotes from Auditors on new v2 Contracts

Summary:

We are seeking experienced audit partners and independent auditors to conduct a comprehensive reaudit of our V2 contracts. The purpose of this proposal is to invite interested parties to submit their proposals and showcase their expertise in auditing smart contracts. We believe in the power of collaboration and transparency, and we look forward to working with the community to ensure the integrity and security of our platform.

Here are the new repos of the WIP codebase:

1. Core V2 Contracts
2. DAO Periphery Contracts

Tests and full changelog docs are currently WIP but we should be able to get them ready over the weekend, if you could do some initial scoping and give us a quote for both codebases that would be helpful. Wanted to share with interested parties a bit ahead of time as we wanted to signal auditors and get some interested parties locked in before holiday szn kicks in.

Invitation to Audit Partners:

We invite audit partners to participate in the reaudit process by submitting their proposals. Interested parties can choose one of the following methods to submit their proposals:
-Reply to this Forum Post: Interested audit partners can reply to this forum post by providing a brief introduction, relevant experience, and the approach they would take in conducting the reaudit. Feel free to include any additional information that showcases your expertise. Please also attach some contact info for us to reach out incase of discussions regarding qualification, budget, etc.
-Telegram Message: Alternatively, interested audit partners can also send us a message on Telegram, providing the same information as mentioned above.

Welcome to Independent Auditors :

We also welcome independent auditors to contribute to the reaudit process. Independent auditors can submit their proposals by providing details of the work they have done in auditing smart contracts. Additionally, they can request a budget from the DAO to cover their efforts.

Bounty Pool:

To incentivize participation and encourage community involvement, we will be making the repository open source. This means that anyone can contribute to the reaudit process and potentially earn rewards from the bounty pool. The bounty pool will be allocated based on the level of contribution and the impact it has on improving the security and functionality of our V2 contracts.

[Disclaimer - this post will be subject to changes over the next 2-3 days of posting]

We appreciate the proposals received from various auditors, which we have summarized as follows:

1. Beosin: Proposed a change audit at $14k for 10 days, focusing solely on new changes.
2. Solidity Finance (now Sourcehat): Similar change audit proposal, priced around $14k for 2 weeks.
3. PeckShield: Offers a complete audit with a 5-person team for approximately $50k. The team size and timeline (2 weeks) are negotiable.
   Note: updated quote 3.5 person-week and the cost is $ 29K - start from Dec. 26.
4. Cyfrin: Their complete audit is priced at $20-$25 per line of code, resulting in an estimated $66k for a comprehensive 3-week process, including community audit, judgment, and fixing. Special thanks to Patrick for a potential discount on platform fees (details to be finalized).
5. Decurity: Suggests a 4-week complete audit for $40k. Known for their strong team of auditors.
6. Paladin: Awaiting their quote and timeline for a complete audit.

Our phased audit strategy includes:

1. Reaudits with Previous Partners: Prioritizing value for money, focusing on auditors who have demonstrated efficacy in past audits.
2. Independent Auditors (Base Pay + Bounty Pool): Selections will be made by the core team, prioritizing previous contributors to watchdog operations. Recommendations for independent auditors can be submitted via a ticket on Discord.
3. Additional Audit Firm/Community Audit Program: We will choose one option from the proposals numbered 3-6.

We will soon propose a detailed audit budget for DAO approval, considering our limited treasury resources, most of which are allocated for the upcoming V3 audit.

Disclaimer: The figures mentioned are preliminary estimates and should not be used for external commercial or analytical purposes. These do not imply endorsements from the respective audit firms.

Thanks for the update! When will this go through voting? I like the phased audit plan and option 3 from 3-6 seems the most reasonable. $29k and 2 weeks which will help with budgeting. Has the audit with previous partners started already?