completed
Lenfi V2 Aiken Audit + Bug Bounty
Current Project Status
Complete
Amount
Received
₳233,000
Amount
Requested
₳265,000
Percentage
Received
87.92%
Solution

Lenfi will deploy a safe-to-use and battle-tested lending protocol on Cardano written in Aiken. The protocol smart contracts will be open source to promote ecosystem growth and build trust.

Problem

Cardano lacks a diverse list of open-source lending protocols compared to other ecosystems. This restricts user adoption because of the general uncertainty regarding smart contract security.

Impact / Alignment
Feasibility
Value for money

Team

1 member

Lenfi V2 Aiken Audit + Bug Bounty

Please describe your proposed solution.

As the Cardano ecosystem grows, one critical piece of the puzzle remains elusive – a diverse range of secure lending protocols that can power seamless trading and token utilization. In this context, Lenfi will present an innovative, open-source solution that will solve the dilemma of accessibility and financial inclusion.

As a more recent smart contract language for Cardano, developers are yet to witness Aiken’s efficiency and interoperability on mainnet. In this regard, undergoing a security audit will provide a safer environment for exhibiting the smart contract language’s optimal potential.

Furthermore, Lenfi will continue to empower Cardano developers with open-sourced tools that promote cooperation and ecosystem growth. While the audit will instill trust and reliability among users, the bug bounty will provide an incentive for collaboration in improving and securing the protocol smart contracts.

How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

  • Security and trust - Undergoing a security audit of our Aiken smart contracts will help find and address any existing vulnerabilities. That way, we’ll reduce the risk of hacks and exploits without compromising the safety and integrity of the protocol and the DeFi ecosystem.
  • Reliability and stability - Auditing the protocol’s smart contracts before mainnet launch will help us identify and fix potential issues without causing disruptions and financial losses. Ultimately, we will minimize unexpected failures and unintended consequences while providing consistent and reliable experiences.
  • Developer confidence and adoption - Secure and open-source smart contracts aim to instill confidence in developers who want to build on Cardano to use and improve the provided concepts, designs, and tooling without having to undergo rigorous security assessment. Meanwhile, the bug bounty will incentivize developers and security experts to participate in actively finding vulnerabilities and solving any issues, further strengthening the ecosystem’s security reputation.
  • Accelerating innovation - Auditing and open-sourcing our Aiken smart contracts will push the boundaries of innovation in Cardano DeFi. By ensuring stable and secure pooled lending smart contracts, we will foster developers to explore and build on top of them, finding new use cases for DeFi and levering the novel features and the merits of the Aiken smart contract language.
  • Community engagement and collaboration - Offering a bug bounty will encourage the wider community to participate more actively in the security and improvement of the Lenfi protocol. Moreover, it will create a collaborative environment between developers and users, fostering a sense of community ownership, all while promoting knowledge sharing.

How do you intend to measure the success of your project?

Quantitative measures:

  • TVL - The Total Value Locked measured in deposits and collateral.
  • Active pools - The number of active pools live on mainnet.
  • User activity - A breakdown of the number of daily active users making deposits and taking loans.
  • Statistical comparison - Throughput and efficiency improvements comparison chart of Aiken smart contracts with Plutus-Tx

Qualitative measures:

  • Open source usage - How do other developers find our open-sourced smart contracts useful?
  • User feedback - Collecting feedback from the community using multiple methods with the end goal of improving user experience in a more efficient and comprehensive manner.

Please describe your plans to share the outputs and results of your project?

  1. Testnet phase: Providing users with detailed documentation and a safe playground where everyone can try and learn how to use the platform. We will release a thorough Audit Report after the audit completion. After acknowledging and fixing the critical bugs, we will open-source the code and announce a bug bounty program.
  2. Mainnet launch phase: We will commemorate the event with a comprehensive report on the improvements made during the testnet period and the benefits that Aiken brings to the table.
  3. Post-mainnet phase: Continuation of the educational campaign regarding Aiken combined with an informational campaign related to quantitative and qualitative data.

What is your capability to deliver your project with high levels of trust and accountability?

The Lenfi team consists of two highly-skilled Plutus developers that are also fluent in Aiken. While one of them is a founding member of the project, working on it for over 2 years, the other is proficient in writing Aiken-based smart contracts.

You can see an example of our work on app.aada.finance / lenfi.io

Furthermore, we’ve successfully conducted several token emission events, like Private and Public Sales, and ISPO distribution.

Currently, our peer-to-peer lending app is the second largest lending protocol by TVL on Cardano: https://defillama.com/chain/Cardano

The audit will be conducted by major auditors within the blockchain scope.

What are the main goals for the project and how will you validate if your approach is feasible?

1) The feasibility of the proposal is to provide a diverse range of secure and open-source lending protocols to the Cardano ecosystem

2) Our project aims to showcase the efficiency and interoperability of Aiken on Cardano mainnet

3) Empowering Cardano developers with open-sourced tools that promote cooperation and ecosystem growth is another key goal

Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Phase 1: Audit during Ongoing Testnet

Timeline: Months 1-2

Tasks:

  1. Engage a reputable third-party security audit firm to conduct a thorough audit of our smart contracts and codebase.
  2. Provide the audit firm with all relevant documentation, code, and protocol specifications.
  3. Collaborate closely with the audit team, addressing any vulnerabilities or issues identified during the audit process.
  4. Conduct continuous testing and refinement of the smart contracts on the testnet to ensure their robustness and security.
  5. Document the results and recommendations from the security audit for future reference and transparency; release a report of the work done;

Phase 2: Fixing bugs and shifting to Mainnet

Timeline: Month 3

Tasks:

  1. Evaluate and address any vulnerabilities or issues identified during the security audit to enhance the security and reliability of the lending protocols.
  2. Ensure that all necessary modifications and improvements are implemented based on the audit findings.
  3. Conduct rigorous testing and simulations on the mainnet to validate the performance and effectiveness of the audited smart contracts.
  4. Prepare the infrastructure and systems for the transition from the testnet to the Cardano mainnet.
  5. Coordinate with relevant stakeholders and the Cardano community to communicate the successful completion of the security audit and the upcoming launch on the mainnet.

Phase 3: Open Sourcing the Code and Bug Bounty Program

Timeline: Months 4-5

Tasks:

  1. Open source the codebase of the protocol, making it accessible to the Cardano community and developers.
  2. Announce a bug bounty program, offering incentives for community members to identify and report any potential vulnerabilities or bugs in the smart contracts.
  3. Set up dedicated communication channels or platforms to receive, and coordinate reports for bugs and other feedback with the community.
  4. Regularly update and maintain the open-source codebase, incorporating bug fixes, improvements, and community-contributed enhancements.
  5. Provide extensive documentation and developer resources to facilitate understanding, collaboration, and contributions from the community.
  6. Continuously monitor the bug bounty program and address reported issues promptly to maintain protocol security and reliability.

Please describe the deliverables, outputs and intended outcomes of each milestone.

Phase 1:

Deliverables:

  1. Smart contracts and codebase documentation provided to the security audit firm.
  2. Security audit report detailing vulnerabilities, recommendations, and findings.
  3. Updated and refined smart contracts on the testnet.

Outputs:

  1. Thoroughly audited and validated smart contracts for the lending and borrowing protocols.
  2. Identified vulnerabilities and areas for improvement addressed and resolved.

Intended Outcomes:

  1. Enhanced security and reliability of the smart contracts and codebase.
  2. Reduced risk of potential exploits or vulnerabilities in the lending protocols.
  3. Increased confidence and trust from users and stakeholders in the security of the project.

Phase 2:

Deliverables:

  1. Modified and improved smart contracts based on the audit findings.
  2. Transition plan and documentation for shifting from the testnet to the Cardano mainnet.

Outputs:

  1. Successfully deployed and operational lending and borrowing protocol.
  2. Performance-tested and audited Aiken-based smart contracts ready for real-world usage.

Intended Outcomes:

  1. Seamless transition to mainnet without significant disruptions or issues.
  2. Launch a secure and functional lending and borrowing platform on the Cardano blockchain.
  3. Presenting detailed documentation for the smart contracts for users and developers.

Phase 3:

Deliverables:

  1. Open-sourced codebase and documentation.
  2. Established bug bounty program guidelines and communication channels for reporting and feedback.

Outputs:

  1. Publicly accessible codebase, promoting transparency and collaboration.
  2. Active bug bounty program encouraging community participation in identifying and reporting vulnerabilities.

Intended Outcomes:

  1. Increased community engagement and involvement in the project through open sourcing.
  2. Swift identification and resolution of potential vulnerabilities or bugs through the bug bounty program.
  3. Continuous improvement of the protocol through community contributions and feedback.
  4. Enhanced security and reliability of the lending platform embraced by community-driven bug reporting and resolution.

Please provide a detailed budget breakdown of the proposed work and resources.

Audit (€44,000) (~158 000 ADA)

An auditing firm have estimated that to complete and audit it will take 176 hours with a hourly rate of €250/hr.

Development (€12,000) (~43 000 ADA)

Backend/Blockchain developer

200 hours with the rate of €60/hr

Bug bounty (€18,000) (~64 000 ADA)

€18,000 will be set for the bug bounty that will last 6 months.

Any not-used amount will be spent on the additional Audit after 6 months period.

Who is in the project team and what are their roles?

Mantas Andriuska is the co-founder and currently one of the two Aiken smart contract developers on the team. He has appeared in several YouTube and Twitter Space interviews regarding the launch and development of the Aada Finance V1 - the first peer-to-peer lending protocol on Cardano.

Micah Kendall is a main Aiken Smart Contract Developer.

Lukas Armonas is a Digital Marketing expert and Project Manager of Lenfi/Aada Finance. He has appeared in several interviews and is responsible for the documentation, educational, and marketing part of the project.

Ovidijus Dargis is the Operations Manager responsible for creating and implementing business growth strategies to promote the project. He oversees various business activities like partnerships and public relations.

How does the cost of the project represent value for money for the Cardano ecosystem?

Long-Term Value: The cost of the project encompasses not only immediate development and security measures but also provisions for long-term sustainability. By allocating resources the project ensures its ability to adapt in the Cardano ecosystem over the long term.

Trust and Reliability: The budget allocation for a security audit and bug bounty program demonstrates a commitment to ensuring the reliability and trustworthiness of the lending protocols.

Ecosystem Expansion: The project's focus on developing a secure lending and borrowing protocol on Cardano contributes to the expansion of the ecosystem.

close

Playlist

  • EP2: epoch_length

    Authored by: Darlington Kofa

    3m 24s
    Darlington Kofa
  • EP1: 'd' parameter

    Authored by: Darlington Kofa

    4m 3s
    Darlington Kofa
  • EP3: key_deposit

    Authored by: Darlington Kofa

    3m 48s
    Darlington Kofa
  • EP4: epoch_no

    Authored by: Darlington Kofa

    2m 16s
    Darlington Kofa
  • EP5: max_block_size

    Authored by: Darlington Kofa

    3m 14s
    Darlington Kofa
  • EP6: pool_deposit

    Authored by: Darlington Kofa

    3m 19s
    Darlington Kofa
  • EP7: max_tx_size

    Authored by: Darlington Kofa

    4m 59s
    Darlington Kofa
0:00
/
~0:00