[GIP-12] Audit proposal - Consensys

This is the discussion topic for the GIP-12 audit proposal.

Details

This proposal aims to request spending from the DAO financial multisig in size of 240,000 USD, in order to pay for a code audit from Consensys. Based on Consensys’ terms, 50% (120,000 USD) is paid upfront and 50% later. The audit has already been scheduled, and will begin in a few days.

Preface

The largest article of spending of the Gearbox Protocol & the DAO has always been, and will continue to be, security. We ran our first preliminary audit back during version v0.1, then another one with the full release of V1 and DAO launch in December 2021, and several more in 2022. See here.

Motivation

For V2, the liquidity provision side (liquidity pools) remains unchanged, but the credit management system was completely rebuilt, and will be deployed alongside V1, using the same pools. As such, more audits are required before the full V2 launch.

The dev team has been working with ChainSecurity and SigmaPrime (both are still in progress) for V2 audits. Recently, Consensys has become available as well, and the dev team aims to use this opportunity to review final changes, which may fall out of scope of the two ongoing audits.

Terms & Proposal

The terms presented by Consensys are standard and non-negotiable: $240,000, with the payment split into two instances. This proposal, if approved, will give the financial multisig authority to:

  • release $120,000 immediately to a specific address designated as a payment address within the contract between Gearbox Protocol Ltd. and Consensys, as prepayment;
  • release another $120,000 to the same address on audit completion, with no additional proposal or vote required.

To facilitate this process, one of the development companies building on top of / with Gearbox Protocol - will be used. They will help with the counterparty details and submission of the payment. Designated wallet address: 0xD2C15E47465519789C2e6CDcCB3527d989d04955.

1 Like

Just referencing a Discord convo here for more factual relevance.

Looks like it passed, @ilgiz can initiate further steps. Snapshot