Proposal “DCG-Core-Audit“ (Active)Back

Title:DCG Core Code Security Audit Apr May
Owner:glennaustin
Monthly amount: 196 DASH (10860 USD)
Completed payments: 1 totaling in 196 DASH (1 month remaining)
Payment start/end: 2022-04-12 / 2022-06-11 (added on 2022-04-05)
Votes: 722 Yes / 12 No / 0 Abstain
Will be funded: Yes
Manually vote on this proposal (DashCore - Tools - Debugconsole):
gobject vote-many ef92c2b2206ee9d125285ac9a572633c3343ba4e96b9be2ef2f320563e620320 funding yes

Please login or create a new DashCentral account for comfortable one button voting!

Proposal description

Dash Core Group April 27th Funding Proposals
DCG is submitting 3 funding proposals for the April 27th budget cycle:
1) DCG Compensation (in month 3 of 4)
2) DCG Core Code Security Audit (in month 1 of 2): $50,000
3) DCG Platform Code Security Audit (in month 1 of 2): $76,240

What is this proposal about?
As a follow-up to the September-October infrastructure proposal, Dash Core Group has officially engaged with Least Authority to perform security audits on both the Core and Platform codebase.  Least Authority was established in 2011 and also has a development division so there may be future opportunities to utilize them for feature development after the audits.

There were many factors that contributed to this decision; Least Authority has a good portfolio of payment centric audits/affiliations, they have experience with decentralized storage systems, they have a robust privacy-focused philosophy/mission, they were very responsive throughout the proposal process, and they came back with a revised proposal with a reduced scope (the other firms were not willing to do so).  Also notable is that they are providing a fixed quote (as opposed to T&M), they are flexible with regard to the scheduling of work and their audit report is quite comprehensive.

How much will this proposal cost?
The original proposal from Least Authority for the Core protocol audit was a little more than 110,000 Euros (~ $122,000) and the other two short-listed firms had proposals of $192,000 and $500,000 (T and M estimate).  After many revisions of scope with Least Authority, the final cost came to 62,866 Euros (~ $70,000 USD).  The start date for the Core audit has been aligned with the development estimates for version 0.18 and is scheduled to start in May 2022.  This alignment is important as this version of Core will include significant changes to our implementation of InstantSend, which is one of the key features of our protocol that we want a 3rd party to validate.

The first Dash network proposal was originally intended to cover the first stage of the Core audit from the first Least Authority proposal (which would have been about $60,000 USD).  After reducing the scope of the Core audit, the amount required for the first payment was reduced to about $22,000. After deciding to use the same firm for the Platform audit and delaying the start of the Core audit the remaining funds allowed us to cover the initial payment for the Platform audit as well (about $38,000 USD).  This was done to ensure the Least Authority team could be reserved for the time periods that we have agreed on as waiting for another Dash network proposal would have risked further delays if their availability changed.  

The remaining payments for the Core audit that will be required are as follows:
  • 30 June: 38,746 Euros (~44,000 USD)
  • 15 July: 5,260 Euros (~ $6,000 USD) 

All USD amounts noted above are based on the EUR/USD exchange rate at the time of submitting this proposal.  Due to the upcoming Super Block reset and depending on the fluctuation of the Dash/USD and USD/EUR rates over the April and May periods, a third proposal may be required in June to cover any shortfalls of the above-noted payment schedule.  

Requested funding is as follows for the April 27th budget cycle; with the same amount requested for the May 27th budget cycle:
193.5 Dash ($25,000 USD @ $129 per Dash)
    2.5 Dash reimbursement for the proposal cost
Total: 196 Dash

Show full description ...

Discussion: Should we fund this proposal?

Submit comment
 
1 point,1 month ago
Is there a link to Least Authority you can post here?
Reply
2 points,1 month ago
Here is a link to the portion of the proposal that has the company background, project team, audit practices, etc. There are links to their website and sample audit reports on the last page.

https://drive.google.com/file/d/13JAJIM34zpYFqyB9X0WG6MhhMysa0o0G/view?usp=sharing
Reply
1 point,1 month ago
Impressive list of talented people. We committed to this, it is both necessary and useful. So let's get after it.

solarguy
Reply
0 points,1 month ago
I agree, thank you!
Reply