Draft Proposal: XIP#13 Clear a budget for two additional protocol audits

0xchop · December 8, 2021, 10:00am

Authors

ChopChop

Glossary

C4

DAO

DeFi

Summary

This proposal is intended to clear a code audit budget associated with two scheduled security reviews by Code Arena and Trail of Bits for v2 of NFTX Protocol, listed under the specifications of this proposal.

Rationale

Since releasing version 2 of the NFTX Protocol, many additional features have been introduced to the protocol. One of these features that we are close to launching is called single-sided staking, allowing people to earn protocol yield by staking single NFTX vault assets. As we are projecting an increased demand in protocol usage, thorough new audits are advised by the Core team.

Having experience with Code Arena from the XIP#8 Security Review, we have chosen to engage their team for a week-long competition on a short-term basis (starting December 16 if this proposal passes).

We have also managed to secure a two-week full audit slot with Trail of Bits. They will audit the entire V2 Protocol in early Q2 of 2022.

Effect

Opportunity

By locking down our slots of running audits with Code Arena and Trail of Bits we will have an extra set of eyes over the current state of the protocol, which has seen multiple additional features added since its’ inception earlier this year.

Risk

None identified

Specifications

Clear a budget for two audits with Code Arena and Trail of Bits, bringing us:

Multiple solidity experts will review the protocol to find vulnerabilities before deployment
Engineers that participate in the contest will become familiar with our protocol, and that may make them comfortable integrating NFTX in other projects they contribute to
Some marketing from Code Arena as they publicize the contest.
Official audit deliverables to refer to by Trail of Bits

Funding request - Yes - Implementation Requires Funding

In order to fund the security review contest, we will be required to pay Code Arena 90,000 USD (ninety thousand) and Trail of Bits 160,000 USD (hundred sixty thousand), totaling 250,000 USD (two hundred fifty thousand). This amount is to cover all costs associated to both audits.

These funds are to be paid upfront after the vote passes.

Communication

Discord: NFTX
Code Arena Website: https://code423n4.com
Trail of Bits Website: https://www.trailofbits.com/

Proposed points of discussion.

Open questions by community

Quorum (For forum)

Minimum Quorum: At least 5 votes
Passing Threshold: More than 50% must vote in agreement for the XIP to Pass. For changes to the NFTX contract, more than 70% must vote in agreement for the XIP to pass.

Yay, please cast to Snapshot
Nay

0 voters

quag · December 8, 2021, 10:12am

Yes. The auditoooooooor.

Plsend.eth · December 27, 2021, 8:55am

Casted my vote for snapshot

Topic		Replies	Views
Draft Proposal: XIP#8 Security Review of v2 through Code Arena Proposals	1	750	April 13, 2021
Draft Proposal: XIP#43 Clear budget for two protocol audits for NFTX V3 Proposals	1	1449	September 15, 2023
Draft Proposal: XIP#14: Extend Kiwi as lead Protocol Engineering by 6 months Proposals	1	571	December 27, 2021
Draft Proposal: XIP#6 Grant Request: Senior Solidity Developer for Protocol Squad Proposals	3	661	March 29, 2021
Draft Proposal: XIP#9: Hire Kiwi to lead NFTX Protocol Engineering Proposals	4	1073	June 28, 2021