Draft Proposal: XIP#8 Security Review of v2 through Code Arena

0xchop · April 13, 2021, 3:49pm

Authors

ChopChop

Glossary

C4
DAO
DeFi

Summary

This proposal is intended to cover costs associated with the scheduled security review using Code Arena (C4) for v2 of NFTX Protocol, listed under the specifications of this proposal.

Rationale

With the protocol squad working heads down on v2 of the NFTX protocol, which will introduce many additional improvements & features such as fee capture, comes the need for a thorough security review. With the protocol holding millions worth of NFT collateral in its vaults, security reviews are of the utmost importance to do right.

We believe that Code Arena is a good supplier to perform this security review on a short-term basis. Scott has been in contact with the C4 organization and as it stands we have a slot reserved for May 2021. This timing is in line with the needs from our side to roll out v2 without introducing unnecessary delays.

Effect

Opportunity

By locking down our slot of running a security review with Code Arena we will not introduce delays on launching v2 of the protocol, strengthening our lead as an NFT/DeFi protocol.
As Code Arena is an open security review program, we will strengthen our position as an open organization and encourage additional developers to learn about the potential NFTX brings to the ecosystem.

Risk

None identified

Specifications

Performing a code review through Code Arena brings us:

Multiple solidity experts will review the protocol to find vulnerabilities before deployment
Engineers that participate in the contest will become familiar with our protocol, and that may make them comfortable integrated NFTX in other projects they contribute to
Some marketing from Code Arena as they publicize the contest.

Funding request - Yes - Implementation Requires Funding

In order to fund the security review contest, we will be required to pay Code Arena 80,000 USD (eighty thousand) worth of ETH in advance of the competition. This amount is to cover base costs, gas optimization, judging and organization fees.

These funds are to be paid upfront after the vote passes.

Communication

Discord: https://discord.gg/xcJkxMXSR8
Code Arena Website: https://code423n4.com/

Proposed points of discussion.

Open questions by community

Quorum (For forum)

Minimum Quorum: At least 5 votes
Passing Threshold: More than 50% must vote in agreement for the XIP to Pass. For changes to the NFTX contract, more than 70% must vote in agreement for the XIP to pass.

Proceed with Proposal

Yes
No

0 voters

finesseboi · April 13, 2021, 4:24pm

I see no red flags with this proposal and support it. As mentioned, Code Arena being a contest, participants should end up leaving more familiar with our protocol which is always a positive in this open ecosystem of different building blocks

This is the C4 twitter for reference of their past contests and social presence
https://twitter.com/code423n4

Topic		Replies	Views
Draft Proposal: XIP#13 Clear a budget for two additional protocol audits Proposals	2	2233	December 27, 2021
Draft Proposal: XIP#43 Clear budget for two protocol audits for NFTX V3 Proposals	1	1761	September 15, 2023
Draft Proposal: XIP#3 Hire Consumer Product Squad Proposals	1	730	March 8, 2021
Draft Proposal: XIP#14: Extend Kiwi as lead Protocol Engineering by 6 months Proposals	1	618	December 27, 2021
Draft Proposal: XIP#6 Grant Request: Senior Solidity Developer for Protocol Squad Proposals	3	706	March 29, 2021