Please describe your proposed solution

Problem Perception

• The rapid growth of the Cardano ecosystem has created a heightened need for robust security, but there's a noticeable gap in training programs specifically designed for auditors and security researchers. This gap is compounded by a lack of structured and comprehensive documentation on security-related topics such as vulnerability and weakness reports, best practices, developer pitfalls, and auditing techniques. As a result, vulnerabilities and security risks could increase, potentially leading to security breaches that would impact both the Cardano community and its broader adoption, ultimately hindering the growth and security of the ecosystem.

Our Approach

• To address this problem, we propose the creation of a platform called Cardano Threat Intelligence (CTI), which leverages the Andamio education system to provide specialized training for auditors and security researchers. The CTI platform will offer a comprehensive curriculum that combines theoretical knowledge with practical experience through interactive workshops, hands-on exercises, and project-based learning. By focusing on the Student Learning Target (SLT), the platform ensures that participants gain valuable skills in a real-world context while reinforcing a structured framework for security education and threat intelligence. This unique approach aims to bridge the security knowledge gap in the Cardano ecosystem, equipping users with the tools needed to identify, mitigate, and address potential security vulnerabilities.

Who Will Engage with Our Project

• Our project will engage a diverse group of stakeholders, including developers, auditors, security researchers, and community members interested in contributing to Cardano's security. We aim to create an accessible platform that attracts individuals who wish to advance their skills and play an active role in enhancing the security of the Cardano ecosystem. The training programs will cater to users at different skill levels, from beginners to advanced professionals. Additionally, the platform will appeal to those who want to become CTI watchdogs—responsible for monitoring, finding, documenting, mitigating, and disclosing vulnerabilities within the ecosystem.

How We Will Demonstrate Impact

• To demonstrate the impact of our platform, we will track several key metrics to measure progress and success. These metrics include user enrollment and completion rates, which monitor how many individuals enroll in and complete our training programs, and the growth in the number of trained auditors and security researchers. We'll also track the creation and utilization of the CTI knowledge base, focusing on the successful identification and resolution of vulnerabilities. Additionally, we will monitor security incident reduction in the Cardano ecosystem to understand the platform's impact on real-world outcomes. Gathering community feedback from users and broader stakeholders will be crucial in assessing the platform's effectiveness and identifying areas for improvement.

Unique Aspects of Our Solution

• Our solution is unique because it combines a dedicated platform for Cardano-focused security education with structured learning and practical engagement. Leveraging the Andamio platform allows for a flexible and interactive learning experience, fostering collaboration among users. The Cardano Threat Intelligence (CTI) platform, inspired by a Cardano Improvement Proposal (CIP) draft introduced by M. Ali Modiri to the Intersect (formerly IOG) Certification working group, aims to standardize and categorize vulnerabilities across the ecosystem. This approach has been tested and adopted by reputable auditing firms like Vacuumlabs and Mlabs, proving its effectiveness. By addressing the need for security expertise within the Cardano ecosystem, our platform contributes to the overall safety and stability of the network, benefiting all stakeholders and promoting a safer Cardano environment.

Who Will Benefit and Why It's Important to Cardano

• The primary beneficiaries of our solution will be the Cardano community, including developers, auditors, security researchers, and other stakeholders. Our platform will contribute to a safer and more secure ecosystem, addressing the urgent need for more auditors as Cardano continues to grow. By creating a robust threat intelligence system, we aim to reduce security risks and strengthen the resilience of decentralized applications (dApps), smart contracts, and other projects. This, in turn, supports the growth and adoption of Cardano by building trust and enabling the ecosystem to scale while maintaining the highest standards of safety. Ultimately, our solution will foster innovation and growth within the Cardano ecosystem.

Please define the positive impact your project will have on the wider Cardano community

The Cardano Threat Intelligence (CTI) platform will bring significant value to the Cardano community by enhancing the security and safety of the ecosystem. By providing specialized training for auditors and security researchers, the platform helps to build a robust foundation for threat intelligence and contributes to a safer environment for developers, users, and stakeholders. One compelling advantage to training people as security auditors is to decrease the cost of auditing smart contracts. This would effectively lower the barrier for app developers who want to benefit from the new tools being developed to facilitate development on Cardano but don't have the resources and expertise to conduct smart contract audits. This, in turn, fosters trust, promotes innovation, and supports the growth and adoption of Cardano-based applications and services.

Measuring Impact

To measure the impact of our project, we will track both quantitative and qualitative indicators:

• Quantitative Measures:
• User Enrollment and Completion Rates: Monitoring the number of users enrolling in and completing our training programs.
• Growth in the Number of Auditors and Security Researchers: Keeping track of how many individuals become certified auditors or security researchers after completing our programs.
• Qualitative Measures:
• Community Feedback: Collecting feedback from participants, developers, and other stakeholders to gauge their satisfaction with the training programs and the platform's overall effectiveness.
• Knowledge Base Development: Evaluating the growth and utilization of the CTI knowledge base, focusing on the documentation of vulnerabilities and best practices.

Sharing Outputs and Opportunities

We will share the outputs and opportunities resulting from our project through various channels:

• Cardano Community Platforms: Disseminating information and updates on platforms like Cardano's official forums, social media channels, and other community hubs.
• Collaborations with Ecosystem Partners: Working with established Cardano partners, such as Vacuumlabs and Mlabs, to promote the platform and its benefits.
• Open Knowledge Base: Making the CTI knowledge base publicly accessible, allowing the broader community to benefit from the information and contribute to its growth.
• Webinars and Workshops: Hosting regular webinars and workshops to share insights, best practices, and the latest developments with the Cardano community.

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The following elements showcase why we are well-suited to execute the proposed project and ensure proper management of resources.

Experience and Expertise

• Our team brings together a diverse set of skills and experience that align perfectly with the requirements of the Cardano Threat Intelligence (CTI) project. We have been teaching the Plutus programming language for over two years to a range of students, including developers and programmers. This extensive teaching experience has allowed us to refine our instructional methods and establish effective learning pathways for complex topics like smart contracts.
• Additionally, our deep understanding of Plutus and smart contract architecture enables us to design educational content and security modules that address the core needs of Cardano's decentralized application (dApp) ecosystem. One of our team members is a key participant in the Cardano certification working group and the author of CIP 96, which is focused on on-chain dApp certification metadata.

Cybersecurity and Smart Contract Development

• One of our team members has significant experience in cybersecurity, having worked as a malware analyst and penetration tester for several years. This background provides the team with a thorough understanding of cyber threats and security best practices, ensuring that our approach to threat intelligence and training is comprehensive and effective.
• Moreover, we have organized numerous live code training sessions on Web3 development in collaboration with Gimbalabs, demonstrating our commitment to the Cardano community's growth and education. Our team member, who leads a coding session called "Smart Contract Gladiator," shares best design practices and advice on writing secure smart contracts, offering valuable insights to developers.

Contributions to the Cardano Ecosystem

• Our team has already played a significant role in various Cardano projects, guiding smart contract optimizations and best practices. Through our involvement in these projects, we have demonstrated our ability to collaborate, innovate, and solve complex challenges, turning concepts that were once considered unfeasible into successful implementations.

Processes and Accountability

• To ensure high levels of trust and accountability, we will implement rigorous project management practices. This includes regular financial audits, transparent reporting, and open communication with stakeholders. We will also maintain a clear record of project milestones, deliverables, and outcomes, allowing for consistent monitoring of progress and resource utilization.

Through these capabilities, skills, and experiences, our team is well-equipped to deliver the Cardano Threat Intelligence platform with a strong focus on security, education, and accountability. We are committed to fostering a safer Cardano ecosystem and empowering the community with the knowledge and tools needed to maintain a secure network.

What are the key milestones you need to achieve in order to complete your project successfully?

Milestone 1: Project Development Initiation

• Deliverables:
• Comprehensive documentation of 13 unique vulnerabilities and weaknesses in the Cardano ecosystem, providing detailed analysis and insights.
• A structured plan for course content, outlining key modules, learning objectives, and educational materials.
• Acceptance Criteria:
• Complete and thorough vulnerability and weakness reports, with extensive information on causes, impacts, and potential mitigations.
• A well-defined architecture for the course, including detailed infrastructure plans, educational methodologies, and a clear roadmap for content development.

Milestone 2: Implementation and Development of CTI

• Deliverables:
• Completion of the Cardano Threat Intelligence (CTI) Cardano Improvement Proposal (CIP) draft, detailing a standardized structure for identifying and categorizing vulnerabilities in the Cardano ecosystem.
• Creation of 5 video demonstrations showcasing vulnerable smart contracts, illustrating common security flaws and how they can be exploited.
• Acceptance Criteria:
• A comprehensive and well-defined CIP draft, ready for submission to the CIP Editors, provides a clear framework for Cardano threat intelligence and outlines the processes for vulnerability identification and documentation.
• A vulnerable smart contracts environment, fully set up and accessible via a public GitHub repository, allowing community members to explore, test, and understand various security issues.

Milestone 3: Implementation and development of Security PBL

• Deliverables:
• A comprehensive Project-Based Learning (PBL) curriculum focusing on security and auditing for Cardano smart contracts, designed and integrated into the Andamio platform. This curriculum will cover a range of topics, from fundamental security principles to advanced auditing techniques.
• A set of practical projects and exercises within the Andamio platform that guides students through real-world scenarios, allowing them to develop hands-on skills in identifying and mitigating vulnerabilities.
• Acceptance Criteria:
• Successful deployment of the Security PBL curriculum on the Andamio platform, including well-structured course materials, interactive learning modules, and clear learning objectives. The curriculum should be user-friendly and accessible to students with varying levels of experience.
• Positive feedback from a sample group of beta users or early participants indicates that the PBL approach is effective in building the skills necessary for Cardano auditors and security researchers. The feedback should reflect improved knowledge and confidence in security-related topics.

Milestone 4: Platform Deployment and User Onboarding

• Deliverables:
• Full deployment of the Cardano Threat Intelligence (CTI) platform, making all training modules, resources, and vulnerability reports accessible to users.
• Onboarding of the first cohort of students and auditors into the platform, ensuring they have access to learning materials and practical exercises.
• Acceptance Criteria:
• Successful launch of the CTI platform, with all modules, vulnerability reports, and educational content fully integrated and accessible to users.
• Onboarding at least 20 students and auditors, with active participation in the platform, measured by course progress, feedback, and engagement in hands-on exercises related to smart contract auditing and security research.

Final Milestone: Final Evaluation and Project Closure

• Deliverables:
• A final evaluation report assessing project outcomes, including an analysis of the CTI platform's impact on the Cardano ecosystem, success metrics, and areas for improvement.
• A closeout video designed for Catalyst townhall, encapsulating the project's journey, its impact, and the lessons learned from start to finish.
• Acceptance Criteria:
• A comprehensive project closeout report with clear and concise documentation of the project's outcomes, key metrics, and any recommendations for future projects or improvements.
• A high-quality closeout video that effectively communicates the project's achievements, impact on the Cardano ecosystem, and insights gained throughout the project's lifecycle.

Who is in the project team and what are their roles?

• M. Ali Modiri

Project Manager / Developer / Instructor

He is a versatile individual with experience in Mechatronic studies and a background in the Iranian Young Mathematics Association. With a cybersecurity background as a malware analyst and penetration tester, he excels at addressing digital threats. Ali's programming proficiency spans from low-level languages like Assembly and C to high-level languages like Golang and TypeScript. As a proud student of Gimbalabs, he specialized in Plutus smart contract development for blockchain projects. He contributes to the Cardano community as a member of the Cardano Certification Working Group and an author of CIP 96, while his ultimate passion lies in helping humanity transcend its current struggles.

(<https://www.linkedin.com/in/m-a-modiri/>)

• Adrian Hüetter

Developer / Instructor

He is a career changer in the field of civil engineering. He taught himself programming, which now helps him leverage the rapidly changing Cardano smart contract platform. He began his Cardano journey with the first cohort of the Plutus Pioneer Program and shortly after discovered Gimbalabs, where he has been a member ever since. Adrian specializes in Plutus smart contracts and is always looking for new ways to use them. He strongly believes in open source and the power of small communities with the right tools.

• James Dunseith

Educational Science Expert / Instructor

He is a Teacher, Coach, Smart Contract Developer, and Facilitator with extensive experience in creating engaging learning experiences and facilitating problem-solving. James has successfully implemented project-based learning and mastery-based grading methodologies. Additionally, he has contributed to developing gimbalabs.com, creating resilient and reusable components. James leveraged his expertise in learning design and community engagement for this project.

(<https://www.linkedin.com/in/james-dunseith-0135651/>)

Please provide a cost breakdown of the proposed work and resources

<u>Milestone 1:</u>

Expected cost: <u>37,595 ₳</u>

Resources needed:

• Hardware:
• Server and Sysadmin [4,000 ₳]
• Developers:
• Smart contract developer: 2 (122 ADA hourly) [14,620 ₳]
• Services:
• Cyber Security Consultant: 1 (526 ADA hourly ) [10,520 ₳]
• Project Management:
• Project Manager (95 ADA hourly) [8,455 ₳]

<u>Milestone 2:</u>

Expected cost: <u>33,785 ₳</u>

Resources needed:

• Hardware:
• Server and Sysadmin [4,000 ₳]
• Developers:
• Smart contract developer: 2 (122 ADA hourly) [14,620 ₳]
• Services:
• Education Training Consultant: 1 (96 ADA hourly ) [6,220 ₳]
• Technical Writer for CIP documentation: 1 (65 ADA hourly) [3,445 ₳]

Legal and Compliance:

• CIP Legal Review [5,500 ₳]

<u>Milestone 3:</u>

Expected cost: <u>65,200 ₳</u>

Resources needed:

• Hardware:
• Server and Sysadmin [4,000 ₳]
• Developers:
• Smart contract developer: 2 (122 ADA hourly) [14,620 ₳]
• Services:
• The subscription fee for creating one course on the Andamio platform: 1 (1-year support) [26,000 ₳]
• Reward:
• The reward for doing security PBL assignments: 64 (220 ADA each on average) [14,080 ₳]
• Marketing and User Acquisition:
• Promotional materials and outreach for the course [6,500 ₳]

<u>Milestone 4:</u>

Expected cost: <u>46,820 ₳</u>

Resources needed:

• Community Management:
• PR and Outreach for platform launch [10,000 ₳]
• Support Team for User Onboarding (72 ADA hourly) [7,200 ₳]
• Developers:
• Smart contract developer: 2 (122 ADA hourly) [14,620 ₳]
• Services:
• Platform maintenance and security audit [15,000 ₳]

<u>Final Milestone:</u>

Expected cost: <u>11,600 ₳</u>

Resources needed:

• Public Relation:
• Documentation and Report: [1000 ₳]
• Marketing and Events:
• Closeout video production and community presentation [5,600 ₳]
• Townhall Presentation and Engagements [5,000 ₳]

<u>Notice:</u> All ADA prices are calculated from USD with a ₳ price of 0.38$ as a worst-case scenario. The exact hours and calculations can be seen in our budget. A contingency fund of 5,000 ₳ is included to cover any unforeseen expenses or adjustments during the project lifecycle, ensuring flexibility and risk management. Any budget surplus due to speculative price actions would gladly be returned to the Catalyst fund as soon as the final milestone is delivered.

Andamio, because it provides the education system and essentials for the CTI platform

How does the cost of the project represent value for money for the Cardano ecosystem?

The cost of the project represents excellent value for the Cardano ecosystem due to its comprehensive approach to addressing security needs. Our pricing considerations are based on extensive market research, including analysis of typical freelance rates in the industry and the complexity of developing educational content and platforms. While some costs may appear high, they are justified by the specialized expertise required to deliver effective training and threat intelligence solutions. Additionally, our project's outcomes, such as the reduction of security incidents and the growth of a skilled auditor workforce, will have long-term benefits that far outweigh the initial investment. This ensures that every dollar spent contributes directly to the safety, integrity, and future growth of the Cardano ecosystem.