Proposal for the Community to Implement an Audit Competition for Cartesi Smart Contracts Based on Pay for Results Mechanism

Authors: [Fav_Truffe], [BD, Hats Finance]

Date: 20.12.2023

Summary:

This proposal recommends conducting an audit competition for the smart contracts of Cartesi using the successful model developed by Hats Finance. This initiative not only enhances the security of Cartesi but also offers a financially advantageous approach.

Purpose and goals:

  • Risk-Free Security Enhancement: The project’s security is increased through a private or public audit competition. If no issues are found, all funds can be withdrawn, (even service fee) ensuring no financial loss.
  • Judging Process: The competition’s judges or committee will be composed of the project’s core team, allowing full control over the competition while securing the project.

Background and Motivation:

In the rapidly expanding world of Web3, the TVL within projects like Cartesi is witnessing significant growth. This increase in TVL underscores the critical need for robust smart contract security. The audit competition model, innovatively designed by Hats Finance, addresses this need by providing a dynamic, cost-effective, and community-centric approach to smart contract auditing. For Cartesi, participating in such an audit competition is not just a precautionary measure, but a strategic move to enhance security in line with its growing TVL. This proactive step is vital for maintaining investor confidence and ensuring the long-term viability and safety of the project.

This proposal represents a highly advantageous scenario for the security of Cartesi. In the event that no vulnerabilities are discovered during the audit, the full amount allocated for the competition will be returned to the project’s treasury, ensuring no financial loss. Conversely, should the auditors identify any issues, it becomes a valuable opportunity for the community. Detecting and addressing these vulnerabilities proactively is far more beneficial than dealing with the potential aftermath of a security breach. This approach not only fortifies the project’s security but also reinforces community trust by demonstrating a commitment to proactive security measures.

Proposal Details:

  • Objective: To conduct a security audit competition for Cartesi’s smart contracts - pay for results only!
  • Budget Allocation: Funds are assigned based on the severity of potential vulnerabilities, emphasizing a results-based payment model.
  • Community Engagement: Over 700 skilled auditors from the Web3 community will be engaged with the communication, with around 15% active participation.
  • Efficiency and Fairness: The competition will follow a first-come, first-served model, with rewards for the first valid findings, promoting speedy and quality assessments. NO REWARD SPLITTING!
  • Payment Structure: Adopt a ‘pay for results’ mechanism. If no vulnerabilities are found, there is no payment – not even the Hats service fee of 20% from the rewards.

Expected Outcomes:

  • Robust Security: Identification and rectification of potential vulnerabilities in Cartesi’s smart contracts.
  • Community Involvement: Engagement with the broader Web3 security community, enhancing the project’s security stature.
  • Financial Prudence: Only pay for discovered vulnerabilities, ensuring efficient resource utilization.

Implementation Timeline:

  • The audit competition will span 7-14 days.
  • Vulnerabilities will be reported in real-time for immediate action.

Call to Action:

  • For: Approve the audit competition for enhanced security of Cartesi.
  • Against: Decide against this proactive security measure.

Conclusion:

This proposal outlines a win-win situation for Cartesi, combining enhanced security with a risk-free financial model. By adopting the Hats Finance audit competition framework, we not only bolster our project’s security but also engage with the ethos of Web3 — transparency, community involvement, and fiscal responsibility.

Hello, thanks @Fav_Truffe for publishing the proposal.
Your proposal falls outside the of scope of CGP. I have reached out via dms for more assistance.

1 Like

Hey @hellen! Thank you very much for the update and guidance.

1 Like