This proposal aims to request a budget from the DAO in size of 481,500 USDC, in order to pay for the v3 audits. This amount is to be split between 2 audit firms: ABDK (327 300 USDC) and Chainsecurity (154 200 USDC). The audits have been scheduled at the end of May/early June - with the completion time estimated to be the very end of summer 2023.
Gearbox v3 - a lot of cool new features coming…
- Quotas and limits on asset exposure, enabling medium- and long-tail assets;
- Support for bots with granular permissions controls, for automation of position management;
- Minimum viable tokenomics - being able to control the revenue split ratio between LPs and Ninjas with GEAR;
- Several new protocol integrations;
- ERC4626 pools;
- Partial withdrawals;
- Numerous security improvements, tweaks and optimizations;
These changes affect the core of the protocol and should be properly audited accordingly. Gearbox has always made security a top priority, so our vision here is that any core changes should be verified by at least two good audit companies. The reason why the numbers are so high is that the Gearbox codebase is quite complex and large, as such, it’s a big piece of work. Anyone in the DAO is free to verify these quotes, as these numbers are standard across the top-5 auditing firms.
Terms & Proposal
Chainsecurity will allocate 3 business weeks from MAY 30TH, 2023 TO JUNE 16TH, 2023 to review smart contracts for the Project. After reviewing the codebase, Chainsecurity will provide a report or communicate the findings and recommendations as usual. To be found in Audits & Bug Bounty - Gearbox Protocol. Audit cost is 135 420 CHF. Payment can be done in crypto USDC/USDT with small premium to cover exchange fees (up to 1.5%), so the budget for Chainsecurity Audit is ~154 200 USDC. Exact USD amount is to be calculated and presented by Chainsecurity (in this forum topic) on the day of transfer. For exchange rate, they will quote the final price to be sent.
Address for payment (USDC/USDT ERC20): 0x8baf5eaf92e37cd9b1fccd676918a9b3d4f87dc7
ABDK will allocate x weeks from 1 June to 1 August 2023 to review smart contracts. Report will be provided and deployed in Audits & Bug Bounty - Gearbox Protocol. The cost is based on the evaluation of code lines amount (both code lines and comment lines). Audit cost estimation is $284670 (for 10147 code lines and 4400 comment lines). Exact USD amount is to be calculated closer to the audit start date after code freeze. At the moment, developers are more engaged in writing tests and polishing of contracts, so the changes from the current number of lines should be small. Therefore, it is proposed to add 15% to the budget in case of a slight increase in the number of lines. The final number of lines and exact audit cost will be published here by ABDK after code freeze.