not approved
FluidTokens Protocol Security Audit
Current Project Status
Unfunded
Amount
Received
$0
Amount
Requested
$100,000
Percentage
Received
0.00%
Solution

Our focus at the moment is to implement code review for FluidTokens smart contracts and audit them to release the latest version as open source

Problem

FluidTokens is the first open Decentralized Lending platform that allows anyone to request ADA using his/her NFTs or tokens. Aditing the v2 of the Smart Contract is important to protect the community

Impact / Alignment
Feasibility
Auditability

Team

1 member

FluidTokens Protocol Security Audit

Please describe your proposed solution.

At the current state of the art it is important to audit the smart contracts created by our internal team with an external partner:

Team experience:

Canonical Experience:

Please describe how your proposed solution will address the Challenge that you have submitted it in.

In collaboration with Canonical the smart contracts created by FluidTokens team will be assessed and reviewed to avoid any possible exploit considering how new lending and borrowing is in Cardano

What are the main risks that could prevent you from delivering the project successfully and please explain how you will mitigate each risk?

Risks are:

  • Exploits that are not found during the auditing part but are found after open sourcing the platform

Solutions:

  • We have a lag release of opensource of the code, the current version of the platform is an improved version of the opensource one, in this way any malicious attacker cannot attack the current platform

Please provide a detailed plan, including timeline and key milestones for delivering your proposal.

  • September 2022 starting the audit of current smart contract and new smart contract version
  • October 2022 final code review with our tech partners
  • November 2022 opensource of the code after finalizing the audit stage

Please provide a detailed budget breakdown.

Considering the amount of hours for the auditing:

  • QA 100 hours
  • Testing 50 hours
  • Code Review 200 hours
  • Code fixing 50 hours

The cost of engineer and plutus developers in order to provide the audit is $90000, considering $10000 in case of extra costs

Please provide details of the people who will work on the project.

If you are funded, will you return to Catalyst in a later round for further funding? Please explain why / why not.

Even if FluidTokens is already scaling and it is strongly appreciated by the Cardano community, the costs of a widely accepted auditing are high for a recently created platform. In the next months, for any complex smart contract we're going to release, we'll probably need additional funds to audit them

Please describe what you will measure to track your project's progress, and how will you measure these?

Team will release monthly updates on the current state of the development in order to be trasparent and open

What does success for this project look like?

The success is not defined by a complete absence of bugs (which can never be guaranteed) but to ensure the absence of any known attack vector and the use of the most accepted best practices when writing smart contracts. Transparency with the Cardano community is also a must.

Please provide information on whether this proposal is a continuation of a previously funded project in Catalyst or an entirely new one.

It is not

close

Playlist

  • EP2: epoch_length

    Authored by: Darlington Kofa

    3m 24s
    Darlington Kofa
  • EP1: 'd' parameter

    Authored by: Darlington Kofa

    4m 3s
    Darlington Kofa
  • EP3: key_deposit

    Authored by: Darlington Kofa

    3m 48s
    Darlington Kofa
  • EP4: epoch_no

    Authored by: Darlington Kofa

    2m 16s
    Darlington Kofa
  • EP5: max_block_size

    Authored by: Darlington Kofa

    3m 14s
    Darlington Kofa
  • EP6: pool_deposit

    Authored by: Darlington Kofa

    3m 19s
    Darlington Kofa
  • EP7: max_tx_size

    Authored by: Darlington Kofa

    4m 59s
    Darlington Kofa
0:00
/
~0:00