Please describe your proposed solution.

The first version of our platform has already been built. You can view it at https://auditocean.com/, create an account, play around with the features, and get an idea for what it is all about. We have also created this brief walk through video that demonstrates the platforms main functionality.

<https://youtu.be/oW81ig1fHH8>We hope by providing this MVP it demonstrates our concept makes sense and we are able to deliver on it. But there are several aspects of the platform that are still centralized. The main goals and purpose for this proposal is to fully decentralize the platform. We are providing a breakdown below of those centralized functional requirements that the platform needs to perform the audits and that could be replaced with decentralized alternatives using a smart contract on the Cardano network.

1 Introduction:

By using a decentralized audit system it is possible to eliminate potential corruption points that may exist in a centralized audit system such as the choice of auditors or the interest of third parties to influence the outcome of an audit report. AuditOcean is a blockchain community space designed for research and project auditing. The community decides through its voting power which projects should be audited. Users can add the projects they want through the public repository https://dyortool.io. Once the user adds a project a dedicated page is created where users can select it as a project to be audited in the active audit round. The main mission of the platform is to create fundamental analysis reports following a scheme of advanced research questions and technical vulnerability analysis reports

for Plutus smart contracts.

2 Transitional Features

The transitional features are all functional requirements necessary to perform an audit round that could be replaced with decentralized alternatives using a smart contract on the Cardano network. Governance, Audit round administration, Assignment of auditors and Report minting are the most important.

2.1 Round administration

An audit round is a synchronous four-stage process and its purpose is to conduct audits of projects chosen by the community. Each audit round has a unique name or index characterized by having the letter R + a consecutive number, e.g. R5, R7, R10.

When an audit round is created the administrator can start its stages synchronously by executing an endpoint on the backend with the desired parameters. The service-audits pod receives the http request and sends an event to the Bull-MQ queuing system which controls when a stage finishes according to the assigned time.

In this centralized configuration the administrator and the queuing system control the states of the active audit round. The states of an audit round are the Pending, Selection, Governance, and Auditing stages. A stage cannot start if the previous stage has not finished, the transitions are sequential not parallel.

In computer science the concepts of state and machine of states are common. A state machine it is a mathematical model to describe the behavior of the different states of a system and their transitions based on conditions, events or triggers. Each state in a state machine represents a specific configuration of the system. It has an initial state that can transition to other states following the rules of the system. Each state within a state machine can execute actions, change variables and produce outputs according to the conditions specifically established for it. There are two types of state machines, the deterministic ones that for a given combination of state and input there is only one possible transition to the next state. And the non-deterministic ones that there can be multiple possible transitions from a given state for a particular input.

Figure 3 shows the deterministic state machine concepts applied to the stages of an audit round. The initial stage is a passive state that does not execute any logic necessary for the audit round in order for the initial state to transition to the first state a trigger is needed. Contracts in Cardano’s EUTXO model need at least one initial transaction to trigger their design logic and configure its initial state. In this case the DAO operational wallet interacts with a smart contract endpoint called startRound designed to start an audit round that receives the necessary parameters so that a round can start.

initialStateMachine represents the initial state of the smart contract variables. These variables will remain in the default state indefinitely until the DAO wallet interacts with the startRound endpoint which initiates an audit round. This is the trigger that makes the contract transition to the first state, that is, the governance stage.

Once the DAO wallet has interacted with the startRound endpoint the contract will transition to the first state by assigning the new parameters to the contract variables. The duration parameters represent the time measured in Slots on the blockchain. The Plutus.Contract module has functions for dealing with time such as waiting for a certain amount of Slots to pass before proceeding with the execution of the contract. It is commonly used when implementing time-based behaviors or waiting for a specific deadline to be reached. It is possible to create a time-based trigger to transition to the second state and also to transition to the initial state without the need for external intervention managed by the time Slots of the blockchain.

2.2 Governance

During the Selection stage AuditOcean users select the project they want by pressing a button on the UI. The list of projects as the final result of this selection stage is submitted to a poll in an external governance platform called the summon platform.

This hybrid configuration (off-chain/on-chain) implies that the selection votes are created as documents within a centralized Mongo database. It is not possible for the community to directly audit the correct behavior of this process.

Once the selection stage is over, a poll is created on the summon platform where it is possible for the community to directly audit the transactions on the blockchain. The level of auditability of a decentralized governance system is not the same if there is a previous process that cannot be audited directly because it is carried out within private servers.

The way to get the best auditability is to remove the Selection stage and have users vote with their wallets in the AuditOcean UI. It is not necessary to use an external service for governance, users will be able 4 to log in from their wallets and vote for the project they want on the AuditOcean platform in a single stage.

2.2.1 State-Snapshot governance system.

In the blockchain industry new projects are created daily and AuditOcean’s list of projects will inevitably grow over time. It is possible for the community to add 1000 or 10000 projects if they wish. The consequence of this is the large number of indexes in the database. Managing such a number of indexes in a smart contract can be challenging because the limit of Kb per Tx is limited and it is not scalable. However, we can simplify the notion of long-length indices such as those used in databases by using consecutive natural numbers.

A 32-bit unsigned integer can be represented as 0 to 2147483647. A positive integer can be assigned as a unique index to each project added by the community in AuditOcean. In this way a smart contract could reference a large number of projects using only 32 Bits. For example, an user wants to vote for the project called SCATDAO which has the index 547 assigned, no other project has this index. The user connects their wallet containing the AUDIT utility token to the UI and performs the vote. The request goes to the backend and contract integration calling the endpoint createVote that receives a 32-bit positive integer as a parameter. The contract verifies if the parameter is valid and if the UTxO associated with that wallet address contains the AUDIT token. The contract finally checks if the index given as a parameter is less than or equal to totalNumProjects variable of the contract which refer to the total number of projects that have been added to AuditOcean. If these conditions are correct the contract validates the Tx and adds a small mark in the metadata.

Once the governance stage is finished a snapshot is taken at the exact moment or Slot in which the stage ends. By making a query to the blockchain API it is possible to get the transactions associated with the address of the contract to validate the status of the transactions, verify if the transactions have been validated by the contract and verify the metadata of the transaction that provides the context resulting from the interaction with the contract. The metadata can help in identifying the purpose and status of the transaction. The information about the snapshot and governance stage is displayed in the platform UI for all users. This configuration for the governance system guarantees speed, minimum computing time and the ability to validate millions of indexes using a simple condition:

indexParam ≤ totalNumProjects ⇒ True. Where indexParam is the parameter sent by the user and totalNumProjects is the total number of project indexes listed by the community.

The parameter totalNumProjects can be added by the DAO operational wallet when calling the startRound endpoint. This parameter within the smart contract corresponds to a positive integer number. For example, in case there are 742 projects listed by the community totalNumProjects will be 742. In the initial state of the contract this variable value is 0.

At the end of the governance stage this variable will also be 0. In the hypothetical case that the contract itself was designed to store the project indices in the form of assets or NFTs to later be consulted in the governance stage, this would add more logic to the contract and therefore computation time. For this reason it is a disadvantage to use the contract as a form of storage.

However, it is possible to assign a simple time-locked plutus script that allows to store the indices with project names in the form of small metadata using assets (1 asset per project) or simply stamping valid transactions without using assets. The DAO’s operational wallet is the only one that will be able to interact with this plutus script. The address of the script on the blockchain will need to be included in the metadata when deploying the AuditOcean contract for the first time for auditability. This solution is scalable since multiple scripts can be used for this purpose. In this way there is complete audability with respect to the indices.

Another form of index auditability is public code repositories like Github or distributed storage systems like IPFS.

2.3 Assignment of auditors

Assigning auditors to auditable projects can be a point of low auditability if it is done centrally on private servers. For that reason the best option is a decentralized assignment algorithm. There is not much complexity in the logic required for an equal assignment for all auditors. The main requirements are randomness and uniform distribution of the probability of being chosen as an auditor of a project. The fisher-yates algorithm is a great candidate because it ensures that each element has an equal probability of being placed in any position of the resulting permutation. This is useful since it can shuffle a finite list of indices. For example, A = [0, 50] where A is the list of indices from auditor 0 to auditor 50. Each index represent a specific auditor and they are ordered consecutively [0,1,2,3,4 .. 50]. When the algorithm is applied to the list the positions of the indices will change randomly. If AuditOcean needs 12 auditors for an audit round the first 12 indices from the shuffled list will be selected.

auditorPool = [0,1,2,3,4 .. 50]

auditorPoolShuffled = [30, 13, 10, 19, 21, 45, 23, 47, 31, 50, 4, 28, .. 34]

selectedAuditors = [30, 13, 10, 19, 21, 45, 23, 47, 31, 50, 4, 28]

auditorGroups = [ [30, 13], [10, 19], [21, 45], [23, 47], [31, 50], [4, 28] ]

The auditors are randomly selected using the Fisher-Yates algorithm and finally grouped. AuditOcean requires 2 auditors per project so in this example there are 6 groups for the first 6 projects chosen by the community through governance. The permutations occur on all indexes so there is no need to perform new permutations for role assignment or grouping.

This Fisher-Yates haskell version can be used as a reference to create a plutus implementation. The code inside a plutus contract is deterministic it is necessary to use an oracle that generates a random number for the random variable or use a pseudo random number generator (PRNG) that takes the hash of the last block generated by the blockchain as a seed of entropy.

2.4 Report Minting

The auditor report and its respective review are two different but necessarily related resources they make up a complete audit report. To ensure the immutability of its content it is necessary mint them as non-fungible assets. This can be done automatically from the backend integration at the end of the Auditing stage. The latest version of the .json documents sent by the auditor and the reviewer will be hashed to subsequently mint 3 copies. 1 NFT will be sent to the wallet provided by the auditor. Another will be sent to the reviewer’s wallet and another will be stored in a wallet of the DAO. They will be stored in IFPS and Github.This mechanism can be implemented in the smart contract for its operation during the Auditing stage. For example, supplying the contract with the list of wallets that have authorization to mint and some status variables to indicate if they have already minted their report or not. Or use identity tokens as a form of authorization to mint. However this will

be the subject of investigation for future versions of the smart contract.

Platform Growth and Promotion

We hope we have adequately outlined and explained our plan to decentralize the platform that we have built. We feel this is the most important part of the proposal so have made this the primary focus. But there is also a secondary focus which is to promote the platform and encourage the community to utilize it. The first version has been built and delivered. And while the decentralized version is what we are working toward, the current version is still very useful and provides some great benefits to the Cardano Community. So we are also requesting funding to continue to build out those non-technical aspects of the platform. To create content for the platform, to moderate it, and to promote it.

How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Our project addresses the challenge because we believe it will be a commercially viable product that the community actually utilizes and benefits from, while also contributing back to the Cardano community by releasing everything we develop Open Source. To fully cover how our project addresses this challenge we have taken the guidelines provided by the challenge and have written in our responses to each below.

How does success looks like?

• More open-source projects, developers, and users

This project and everything else we have built is Open Source and available for the community to leverage. So just from that alone, we have more open source projects and developers which addresses this point.

• Improved visibility and quality of open-source projects

The platform we have built and would like to fully decentralize through this proposal (https://auditocean.com/) serves as a place to coordinate community driven audits and research as well as a type of social media where people can discuss Cardano projects, share red flags or strengths they have found, stay on top of recent news and developments within the Cardano ecosystem, and more. So we believe that this platform will improve visibility and quality of all Cardano projects, including those that are open source. In addition, since we are building a project in the open source challenge, we will be posting about it and others regularly on the platform, increasing visibility.

• Improved open-source infrastructure

We believe that this project is unique. Not just in our Cardano ecosystem but in crypto as a whole. We do not see a lot of projects pushing for decentralized audits, research, and social media, so it provides something new and unique to our open source infrastructure. Also, by releasing everything open source, we give any community the option to create their own similar community hub that we have with https://auditocean.com/. If any DAO, NFT, Dapp, or etc wanted to create their own decentralized community instead of relying on discord, they could be able to utilize our code and easily deploy it to create their own. We feel this alone is a very valuable and worthwhile contribution to the Cardano ecosystem.

Key Metrics to measure

• Increase the number and quality of open-source projects

As mentioned above, this project and everything else we have built is Open Source and available for the community to leverage. So just from that alone, we have more open source projects and developers which addresses this point.

• increase the number of open-source tools and frameworks

As mentioned above, by releasing everything open source, we give any community the option to create their own similar community hub that we have with https://auditocean.com/. If any DAO, NFT, Dapp, or etc wanted to create their own decentralized community instead of relying on discord, they could be able to utilize our code and easily deploy it to create their own.

• Increase the number of open-source contributions and maintainers

As this project is open source, by building it we are increasing the number of open-source contributions.

• Increase the visibility of open-source projects

As mentioned above, we believe that this platform will improve visibility and quality of all Cardano projects, including those that are open source. In addition, since we are building a project in the open source challenge, we will be posting about it and others regularly on the platform, increasing visibility.

• Increase in collaboration in and out of the ecosystem

The platform serves as a way of performing decentralized community audits and research, as well as the social aspects that have bene highlighted throughout. Practically every single use or purpose of this platform is to increase collaboration. We collaborate on the site when we determine which projects we would like to have expert research performed on. We collaborate on the site when someone shares a red flag that was found and we debate and discuss it to determine if we feel it is credible or not. We collaborate on the site when someone submits a research report and someone reads through to find errors that should be corrected. I don’t want to keep repeating myself, but collaboration is what this is created for. And because it is open source, people or projects outside of our ecosystem, such as Ergo, could use our code and create their own versions for their own communities as well.

• Improve adoption of Cardano technology

In order to have Cardano technology (primarily the products built on top of Cardano) we need to have a decentralized and trusted system to evaluate, audit, and discuss these products. It is no secret that scams are rampant in our industry and it ends up keeping a ton of people away. By having this transparent and decentralized service that can be used to audit, perform research, and share and discuss information, we send a clear message to users that we value safety and security on Cardano and that we are actively vetting these products to ensure they are safe for consumers to use. When consumers feel confident this is being done, we believe it will massively increase and improve adoption of Cardano technology.

• Improve integrations and interoperability between projects

Do to the social nature of the site, it creates a place for projects to be discussed, including different ideas and hopes that the community has for them. Based on the ideas and suggestions that people submit through the site, projects can see what people are interested in, what they like, what they don’t like, and what kind of integrations or collaborations they would like to see. It is a way for projects to keep their finger on the pulse and adapt based on what their customers are saying and asking for.

• Improve the documentation of open-source projects

We take our documentation pretty seriously. Here you can see the different documentation that we currently have for the site below. By building this project and sharing it open source, we are improving the documentation of open source projects.

scatdao.gitbook.io

https://github.com/SCATDAO/DAO-AuditOcean/blob/main/z/latex/SCAT1.pdf

What value does this bring to the ecosystem?

As mentioned in our problem statement, decentralized systems like Cardano require decentralized research, audits, and social media to realize its true potential. The points of failure that we try to solve with decentralization are just as relevant with our research, audits, and social media as they are with our blockchains. By having unbiased audits and research that cannot be impacted by one person or a small handful of people, people will be able to trust and believe that research and those audits. And by having this trustworthy source of information on our projects and ecosystem, it can cause an increase in investment and participation because people know that it is fair. Same thoughts apply to our social media and interactions. If we have a place where information is being freely shared and discussed, we can all be confident that it is free from bias, which will increase our participation and ultimately bring more people into Cardano.

How do you intend to measure the success of your project?

List of Key Performance Indicators (KPIs)

We have designed these KPIs to measure the success of our project. We feel these cover the main areas that we are trying to achieve and if we hit these marks, the project will have been a success. Again, these are all for the first 6 months that this proposal covers.

Number of on time Catalyst monthly progress reports

The goal for this will be to submit it on time each month. 6 on time progress reports over a 6 month period.

Number of met Milestones on Schedule

We have listed out 3 key milestones for this project. Our goal is to meet each of them on time. This will ensure the product development stays on track and is ultimately successful.

Number of Audit Ocean Accounts Created

The primary goal of this proposal is decentralizing the platform, but we are also trying to utilize the current version of the platform. A platform like this is much more effective with a larger number of people using it. So we hope to promote the site and encourage people to use it. Therefore, the number of accounts created will be a key milestone is judging the project’s success.

Our goal will be 200 accounts in first 6 months

Number of Expert reports voted on by community and created

This one is difficult to define. We have not started doing this yet so understanding how long the process will take and how much we leave ourselves. So we are going to set this low and plan to run our first one during the time period. If we do additional that is a bonus

Number of posts created on Audit Ocean

Our goal will be to have at least one post created per day on the platform. This would equal 30 a month and 180 for the entire proposal period.

Number of Medium Articles Written

Our goal will be to write at least 1 article per week. This would equal 4 a month, 18 total for the proposal.

Number of Youtube Videos created

Our goal will be to create at least 1 video per week. This would equal 4 a month, 18 total for the proposal.

Please describe your plans to share the outputs and results of your project?

Our organization has been around for almost 2 full years now. In that time we have built a solid organic following in our main social media channels. We currently have 4,871 followers on Twitter (@SCATDAO), 500+ members in our Discord (https://discord.gg/SbfHZBPpVA), 94 followers on YouTube with 37 different videos (@smartcontractaudittoken434), and 182 followers on Medium with 39 different articles published and several with thousands of views (@SCATDAO). And again, these are real organic numbers. We never purchase followers or engagement as we feel that is cheating and provides no real benefit since instead of supporters you have bots.

Since we have spent the time and effort to build this passionate and organic following, we now have several excellent vehicles to share the outputs and results of our project. We plan to make regular updates through the channels mentioned above to keep the entire community updated and aware of what we are doing, our progress, and our end results.

We also have our platform Audit Ocean https://auditocean.com/ that we have built and would like to improve and fully decentralize (which is the subject of this proposal). One of the main features of Audit Ocean is it is a type of social media where the Cardano community can share information, perform research, and learn about different Cardano projects. We plan to utilize the platform while we are making our improvements to keep the community informed of what is going on as well as to drive traffic and interest towards the platform.

Finally, we have a long history of joining Twitter spaces to discuss our project, recent developments, and answer and questions people might have. We plan to continue doing this to reach new audiences that might not be familiar with us and share our outputs and results.

What is your capability to deliver your project with high levels of trust and accountability?

First, we have already built and delivered the first centralized version of the platform. You can create an account at https://auditocean.com/ and start using it right now. We are not trying to sell you some obscure idea that may or may not pan out. The MVP is delivered and we are quite proud of it. So without knowing anything else about us, we believe this proves that we are capable of delivering our project with high levels of trust and accountability.

Second, we believe the best way to predict the future is by looking at the past. Projects and teams that have consistently delivered the things they have promised are likely to continue doing so while teams that have collected hundreds of thousands of dollars while delivering nothing will likely continue to do so as well. So I would start answering this question by looking at our track record in previous Catalyst rounds.

Our team has submitted 3 separate proposals in three different rounds (5, 6, and 9). We do not submit several for each round as it quite common for Catalyst, we submit one that we intend to focus on and deliver. If it does. Not get funded we do not have multiple others to fall back on, so we put a great deal of thought and effort into what we submit. And I am proud to say that we have closed out each one of those proposals. The close out videos are copied below to evidence this.

NOTE: If you look us up using the LIDO Nation tool, you will see a few other projects that we are associated with. These are things like the Audit Circle or of Token Vesting Dapp. This is something that one of our team members helped out with and so is included on the proposal but that we do not collect funds from.

F8 Close out video:

F5 Close out Video:

F6 Close out Video:

We have also posted our projects financials at the end to share our receipts and a breakdown of how the money was actually spent vs how it was budgeted. We feel this is very important and plan to continue doing it with this proposal. Below is the link to view our past proposals.

https://catalystaudit.com/smart-contract-audit-token-f5-expenses/

Lastly, we have not just been delivering on our proposals, but they have been getting actual usage and provide actual benefit to the Cardano ecosystem. Our DYOR Tool gets approximately 6,000 unique visitors each month. These people can learn how to perform research as well as view our large catalogue of DYOR reports to learn about the different dapps, tokens, and NFTs within Cardano. You can see the screen shots below that show the traffic and can visit the site yourself and check it out at https://dyortool.io/.

<https://youtu.be/EfS-eBq6zyg>https://youtu.be/aG22acr_8HY<https://youtu.be/8nZIGvcoqpg>

What are the main goals for the project and how will you validate if your approach is feasible?

Goal 1: To deliver a decentralized audit and social media platform to the Cardano ecosystem.

We have put a great deal of work into this proposal which outlines our entire plan in great detail. We believe that the plan presented is detailed and descriptive enough to demonstrate what we are trying to accomplish as well as its feasibility. This would be difficult to accomplish, but we have listed out clear deliverables for each month. We believe that if we succeed in delivering each of these, then we will have been successful in this goal.

Goal 2: To make the platform one of the most useful and utilized resources in the Cardano ecosystem.

This goal is a bit easier to quantify. Currently we have about 60K daily active wallets in the Cardano ecosystem. There is a good chance that many of these wallets belong to the same person, but we will go with the assumption that they are each related to unique people. Our goal would be to have at least 20% of the total number of active wallets in the ecosystem visiting our website each month. So with 60K daily active wallets our goal would be to have 12K unique visitors to the platform each month. As Cardano grows and we have 1 million daily active users, our goal would be to have 200K unique visitors to the platform each month.

We believe that this is feasible based on the work we have already delivered. We were funded to create the DYOR Tool (https://dyortool.io/) and with that we currently get about 6,000 unique visits each month. This is with practically no promotion other than word of mouth and posting on Twitter, and during a bear market (image below).

As you can see, the DYOR Tool is already seeing 10% of the current daily active users each month. Because of the increased functionality that Audit Ocean provides, we believe it is very feasible to double that amount to 20%.

Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

To accomplish everything we have set out for in this proposal, we expect the entire process to take 2 years. However, we believe it is much for fair and reasonable to the community to break it down into smaller 6 month components, and create new proposals every 6 months instead of requesting one large lump sum up front. We feel that this is better and lower risk to the community to request smaller amounts, deliver on our milestones, and then request additional funding after demonstrating what we have already built. Below we have broken out the entire project and its different milestones to give a holistic view of what we are trying to build, and have also indicated which ones specifically apply to this proposal.

Website: https://auditocean.com/

Documents: https://github.com/SCATDAO/DAO-AuditOcean/blob/main/z/latex/SCAT1.pdf

<u>SCATDAO / AuditOcean - Decentralization Level ( 4 Steps )</u>

Justification: Currently AuditOcean does not have its own smart contract and its level of decentralization is limited only to governance using a hybrid system. A smart contract will allow high auditability by the community decentralizing the most important functionality to carry out audits.

<u>Step 1</u>: Smart Contract for Audit Rounds

<u>NOTE: This is the step that is applicable for this proposal. The other steps are included to give the full picture but will be submitted for funding in future Catalyst Rounds</u>

<u>Description</u>

Implementation of a plutus contract that contains logic to control the states Pending, Governance and Auditing of an audit round. Having a state machine as basis is essential to evolve the contract and add the plutus logic dedicated to each of the stages of an audit round.

<u>Time</u>: 6 Months

<u>Milestone 1 (1st 2 Months):</u>

Platform creation: Create code repository / Contract decencies / Configure plutus SDK tools / Create State Machine / Types / Datum / State transition Logic.

Content creation: 8 Medium articles, 8 Youtube videos. 60 posts in Audit Ocean.

Monthly Report Deliverable:

Month 1 - Git public repository hosted in Github. On-chain and off-chain code, scripts, docs folders. Cabal setup and development environment. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Month 2 - Declaration of data types, values and params for stateMachineDatum and transition functions. will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

<u>Milestone 2 (2nd 2 Months):</u>

Platform Creation: firstTriggerFunction / startRound endpoint / Param validation / nextTriggerFunction / Time based trigger

Content Creation: Content creation: 8 Medium articles, 8 Youtube videos. 60 posts in Audit Ocean.

Monthly Report Deliverable:

Month 3 - Declaration of data types, values and params for firstTriggerFunction endpoint. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Month 4 - Declaration of data types, values and params for stateMachineDatum and transition functions. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

<u>Milestone 3 (3rd 2 Months):</u>

Platform Creation: Error correction / Quality Review / Reform Code / Deploy Test / Property Based Testing / Unit Testing.

Content creation: 8 Medium articles, 8 Youtube videos. 60 posts in Audit Ocean.

Monthly Report Deliverable:

Month 5 - Scripts that interact with the deployed contract to test the contract's functionality. Test logs. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Month 6 - Verification of the final quality of the code, corrections and necessary reforms. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

<u>Step 2</u>: Governance System (Plutus)

<u>NOTE: Again, only step 1 is applicable for this proposal. The other steps are included to give the full picture but will be submitted for funding in future Catalyst Rounds</u>

<u>Description</u>

• Create the implementation of the governance logic that uses plutus code for validation of parameters and project indexes.
• Create a snapshot capture mechanism and information processing to be displayed as a result of a round of governance in the UI.

<u>Time</u>: 6 Months

<u>Milestone 1 (1st 2 Months):</u>

Vote Endpoint / unsigned 32 Bits integer param validator,

Functionality to check UTxOs and valid $AUDIT policyID

Monthly Report Deliverable:

Month 1 - Code containing the logic related to the endpoint and its parameter validation.

Month 2 - Logic related to check UTxOs and valid $AUDIT policyID added to repository.

<u>Milestone 2 (2nd 2 Months):</u>

Develop a snapshot system that captures the state of the blockchain at a specific time.

Snapshot Storage / Mongo / Redis

Monthly Report Deliverable:

Month 3 - Code added to AuditOcean repository with snap-shot service implementation.

Month 4 - Implementation of the databases in the cluster.

<u>Milestone 3 (3rd 2 Months):</u>

Governance results UI Integration

Deploy Testing / Unit Testing

Monthly Report Deliverable:

Month 5 - Frontend modification on the AuditOcean governance page to show governance information.

Month 6 - Verification of the final quality of the code, corrections and necessary reforms.

<u>Step 3</u>: Contract Backend Integration

<u>Description</u>

• Contract Backend Integration
• Create scripts for automatic minting full audit reports and sending it to the auditors.
• Integration of the Eternl community wallet to perform login and voting in the governance stage.

<u>Time</u>: 6 Months

<u>Milestone 1 ( 1st 2 Months):</u>

Implementation of the necessary internal http handlers / PAB server setup / SDK Tools setup

Create scripts for automatic minting of full audit reports and sending it to the auditors and treasury.

Monthly Report Deliverable:

Month 1 - Isolated configuration of namespace for PAB service, HTTP handlers from internal requests coming.

Month 2 - Adding the scripts for the automatic minting of complete audit reports to the correspondent handler.

<u>Milestone 2 (2nd 2 Months):</u>

Implementation of API to handle public requests

Auditor Report Minting Integration (UI)

Monthly Report Deliverable:

Month 3 - Public API service to serve information about the state of the snap-shots in the governance stage. Websocket option. Websocket implementation for real-time reading from snapshot storage.

Month 4 - New option for auditors to mint or save their current report locally (UI).

<u>Milestone 3 (3rd 2 Months):</u>

Vote Panel Integration (UI)

Unit Testing / Integration Testing / Error Correction / Code Reform

Monthly Report Deliverable:

Month 5 - New option for users to login with their eternl wallet and vote in the governance stage (UI).

Month 6 - Property-based tests, test logs. Verification of the final quality of the code for production, corrections and necessary reforms.

<u>Step 4</u>: Assignment of Auditors (Plutus)

<u>Description</u>

• Create the logic of random assignment of auditors and their grouping.
• Create pseudo random number generator, last block hash entropy-seed-based.

<u>Time</u>: 6 Months

<u>Milestone 1 ( 1st 2 Months):</u>

Add param validation for auditorPool, blockSeed and requiredAuditors parameters to set into machineDatum

Pseudo random number generator that takes blockSeed to be used as entropy source into Fisher-Yates implementation.

Monthly Report Deliverable:

Month 1 - Logic that validates the auditorPool, blockSeed and requiredAuditors parameters added to repository.

Month 2 - Logic of (PRNG) added to repository.

<u>Milestone 2 (2nd 2 Months):</u>

Plutus implementation of Fisher-Yates that takes auditorPool as parameter and returns auditorPoolShuffled.

Logic to select the required auditors that takes auditorPoolShuffled, requiredAuditors as parameter and returns selectedAuditors. Finally set auditorGroups value into machineDatum variable

Monthly Report Deliverable:

Month 3 - Implementation of Fisher-Yates in plutus added to repository.

Month 4 - Implementation of the logic that selects and groups the auditors added to repository.

<u>Milestone 3 (3rd 2 Months):</u>

Deploy Testing / Property Based Testing / Unit Testing

Error correction / Quality review / Code Reform

Monthly Report Deliverable:

Month 5 - Test logs. Test files.

Month 6 - Verification of the final quality of the code, corrections and necessary reforms.

Please describe the deliverables, outputs and intended outcomes of each milestone.

We have provided detailed milestones along with deliverables and outputs in the above portion to give a comprehensive outline of what our project is. We have copied the portion specific to the deliverables and outputs here to respond to this question.

<u>Milestone 1 (1st 2 Months):</u>

Platform creation: Create code repository / Contract decencies / Configure plutus SDK tools / Create State Machine / Types / Datum / State transition Logic.

Content creation: 8 Medium articles, 8 Youtube videos. 60 posts in Audit Ocean.

Monthly Report Deliverable:

Month 1 - Git public repository hosted in Github. On-chain and off-chain code, scripts, docs folders. Cabal setup and development environment. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Month 2 - Declaration of data types, values and params for stateMachineDatum and transition functions. will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

<u>Milestone 2 (2nd 2 Months):</u>

Platform Creation: firstTriggerFunction / startRound endpoint / Param validation / nextTriggerFunction / Time based trigger

Content Creation: Content creation: 8 Medium articles, 8 Youtube videos. 60 posts in Audit Ocean.

Monthly Report Deliverable:

Month 3 - Declaration of data types, values and params for firstTriggerFunction endpoint. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Month 4 - Declaration of data types, values and params for stateMachineDatum and transition functions. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

<u>Milestone 3 (3rd 2 Months):</u>

Platform Creation: Error correction / Quality Review / Reform Code / Deploy Test / Property Based Testing / Unit Testing.

Content creation: 8 Medium articles, 8 Youtube videos. 60 posts in Audit Ocean.

Monthly Report Deliverable:

Month 5 - Scripts that interact with the deployed contract to test the contract's functionality. Test logs. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Month 6 - Verification of the final quality of the code, corrections and necessary reforms. Will share link to the videos, articles, and posts in YouTube, Medium, and Audit Ocean.

Please provide a detailed budget breakdown of the proposed work and resources.

As mentioned several times throughout this proposal, we have outlined our plan for 2 years to complete all of our work but are submitting proposals in 6 month increments so that we can demonstrate the value we are providing and continue to receive additional funding if we deliver on our promises. We feel this is much more fair to the Cardano community than requesting all the money up front. This budget is written for only the 6 months that this proposal covers.

Item 1: Design and engineering of Smart Contract for Audit Rounds

Description

Implementation of a plutus contract that contains logic to control the states Pending, Governance and Auditing of an audit round. Having a state machine as basis is essential to evolve the contract and add the plutus logic dedicated to each of the stages of an audit round.

Deliverables (1st 2 Months): Create code repository / Contract decencies / Configure plutus SDK tools / Create State Machine / Types / Datum / State transition Logic

Deliverables (2nd 2 Months): firstTriggerFunction / startRound endpoint / Param validation / nextTriggerFunction / Time based trigger

Deliverables (3rd 2 Months): Error correction / Quality Review / Reform Code / Deploy Test / Property Based Testing / Unit Testing

Budget: 2,600 dollars per month, 15,600 Total for 6 months

Item 2: General Project Management

Description

In order for our organization to run we have regular maintenance activities that would apply to most organizations. This would include processing monthly expenses for costs that we incur (servers, domain fees, etc) as well as doing the monthly bookkeeping for these. It would also include the time spent attending Catalyst meetings, preparing our monthly Catalyst reporting, preparing close out reports and videos, and everything else related to that.

Deliverables:

Pay all monthly bills, perform monthly bookkeeping, attend Catalyst meetings, submit catalyst reporting with evidence of completion. Submit milestone data. Process payments to team members from Catalyst funding received. Prepare and submit close out report, including close out video that demonstrates what was delivered.

Budget: 500 dollars per month, 3000 Total for 6 months

Item 3: Server Cost

Description

Our monthly server cost for Audit Ocean and DYOR Tool is about 200 dollars. See attached invoice to evidence this cost. We are including 6 months of server expense in our budget so that our sites can function.

Budget: 200 dollars per month, 1200 Total for 6 months

Item 4: Content Creation

Description

Our team puts out a great deal of educational content on Cardano. We have published 39 articles on our Medium, several with thousands of views and the majority with hundreds. The goal of these is to educate and inform the Community. We make regular YouTube videos to educate, with 37 made so far. We also put out regular Tweets with important information, updates, alerts for potential red flags, and similar type of content.

Deliverables: We plan to create weekly videos and articles as well as daily posts on Audit Ocean and with our Twitter.

Budget: 1000 dollars per month, 6000 Total for 6 months

Item 5 Content Moderation

Description

Our team has 5 members who are all involved in content moderation and assisting with questions or comments about how to use our tools, Audit Ocean, general questions about Cardano or how to perform research, etc. This is done primarily for our Discord and TG, and lesser for our Reddit or Medium. This will be even more important as we ramp up the use of our platform Audit Ocean, as it could become a target for bots, spam, and scammers. Without proper content moderation

Budget: 100 dollars per month per person, 500 dollars per month, 3000 Total for 6 months

Item 6 Promotion/Advertisement

Description

One of our goals if for this platform to be used by a large number of community members. For us to be successful in this goal we need to promote the platform and encourage people to use it. Our marketing strategy has always been an uphill battle as we do not like to “shill” the things we do are make. We never hire 3rd parties and we do not utilize bots or fake engagement to try to make things appear more popular than they are. We try to rely on facts, demonstrations, research contests, and educational materials. This can take quite a bit of effort vs paying for the bots but we believe it is worth it.

Budget: 600 dollars per month, 3600 Total for 6 months

Total Request in Dollars = $32,400

Price per ADA = .28 USD *

Total ADA Requested = 115,714

We are using a price per ADA of .28 USD in our proposal. As of the time of writing it is currently at .287 on Coingecko. Looking at the price of ADA over the last 6 months we can see it range from . 323 at the start, rallying to a high of .454, and seeing a low of .261 recently in June when the SEC created their lawsuit alleging that Coinbase was selling unregistered securities by selling ADA. As ADA has been in an overall downtrend since September 2021, we feel that using .28 is a fair conversion rate to the Cardano and Catalyst community as well as to our team that depends on the funding.

Who is in the project team and what are their roles?

Eric Helms - Eric is a Certified Public Accountant who has spent the last 10 years working in Corporate Audit from both the public and private side. He is passionate about blockchain and its ability to make society and business fairer and more transparent for everyone. He is currently a Veteran Community Advisor for Project Catalyst and is proud to be a member of the Cardano ecosystem. (<https://www.linkedin.com/in/eric-helms-cpa-97866a3b/>). Eric wrote all of the content for the first version of the DYOR Tool. Eric has written a large majority of our articles on Medium (<https://medium.com/@scatdao>) and is a member of the core team. He will continue working on creating content for the DAO to share through our social media channels, creating content for Audit Ocean to create interest and bring in traffic. Eric will also be working on general management of the DAO, performing our monthly accounting and reporting, and will also be responsible for managing the monthly Catalyst reporting.

Juan C Rey - Juan is a full stack dev and Plutus Pioneer Programmer from the first cohort. He has been in the Cardano ecosystem for many years, where he has developed his skills as a software developer and analyst. He has a degree in Computer Systems Development and a law degree. His inspiration is the thoughts of Nick Szabo. He combines his love for decentralized systems with his passion for contracts. He currently spends his time researching formal contract verification in the Cardano ecosystem. (<https://www.linkedin.com/in/jjcr1/>). Juan designed and built the platform for the DYOR Tool and Audit Ocean Platform. Juan will be responsible for designing and building the platform upgrades mentioned in the proposal.

Jimmy - Jimmy is a Certified Public Accountant who has 10+ years of experience in corporate finance and accounting, 3 of which were spent auditing public and private companies. He also built and operated a small business for the past 8 years. He is looking to leverage his experiences to help build a strong and effective DAO for the Smart Contract Audit Token project. (<https://www.linkedin.com/in/jimmy-huang-83a3689/>). Jimmy is the head of community and helps keep the DAO running. He helps answer questions and help newcomers in our Discord and on Audit Ocean and is responsible for distributing and AUDIT tokens that are earned throughout the month and administering any governance votes that we carry out.

Jed - Jed is a certified Enterprise Architect with 15 years of experience as an Interface Engineer and serves as a member of the Industry Advisory Board at Kutztown University, representing healthcare. He looks to serve the Cardano Community by helping people understand how to do their own research and raising awareness of project risk types. Jed’s passion for the Cardano Community’s safety is his motivating drive to help put the power in the hands of the community to protect itself through Smart Contract Audit Token. (<https://www.linkedin.com/in/jed-horning-8b577173/>). Jed is spearheading our advertisement and promotion of the platform. He creates new and original content that demonstrates the research our community performs, shares the platforms features and functionality, and creates general awareness. You can review the videos Jed has already created here (<https://www.youtube.com/@smartcontractaudittoken434/videos>)

How does the cost of the project represent value for money for the Cardano ecosystem?

We are requesting 115,714 ADA for this proposal ($32,400) for a 6 month time period. This money is used to support the work of 6 people. 2 people who works on the project full time in development and content creation, 2 people who work on it part time, and 2 who work as moderators part time. On our team we have 1 member who is Colombian, 1 member who is European, and the rest are from the USA.

We believe that $32,400 is a very good value for what we are providing. We believe that the utility that the platform will provide is very high and that alone is worth the investment. But the fact that we are releasing everything open source that allows any of Cardano community to launch their own custom platform and build off the work we are doing, means it is an even better value. That combined with the amount of informational and educational content we produce for the Cardano community that can encourage others to join, we believe that Catalyst voters are getting a very high Return on Investment (ROI).

We also believe that if you go though the other proposals on Catalyst and compare the funds we are requesting to other proposals, you are getting a very good deal here. We feel ours is on the low end of the spectrum for the smart contracts that we will be delivering along with the other content. We also believe that our history and track record have demonstrated that we are good stewards of any public funding that we have received. We have delivered working products and we have published our spending and receipts compared to our budgets to show how previous Catalyst funds have been spent.

https://catalystaudit.com/smart-contract-audit-token-f5-expenses/