Proposal 28: Mixbytes security audit subscription service for PowerPool
The security of any DeFi project is a key factor in the successful development and growth of its capitalization. The latest high-profile hacks on the market (more than $ 120 M over the last year) confirm the conclusion that the process of auditing smart contracts should be constant and built into the process of releasing new protocol functions.
However, hiring qualified and experienced auditors, or hiring them on a project-based basis, presents challenges to the availability of audit teams.Classic bug bounty programs cannot always attract the necessary specialists, since it does not guarantee compensation for the time spent on searching vulnerabilities.
We offer a security audit subscription service that will solve the above problems.
The subscription service offer is designed for blockchain projects with continuous code output that require availability and timeliness of the security audit process. It will be suitable for such projects like PowerPool since it triggers constant updates and improvements, which should be audited prior to the launch into mainnet.
The benefits of the subscription are as follows:
- Continuous security check without time loss and acceleration of deployment into production
- Security auditors capacity & availability guarantee
- Savings on audit as a service cost compared to ad-hoc audits
- The audit team is always up to date and stays current with the development context
Scope of work within security audit subscription service
For each new project \ smart contract submitted for an audit as a part of the subscription service, MixBytes undertakes to perform the following scope of work:
- Project architecture review
- Reviewing project documentation
- Reviewing logic and performance
- Mockup prototyping
- Checking the system for compliance with the stated requirements
- Detecting specific and known vulnerabilities and attack vectors (e.g. reentrancy, gas limit, flashloan attacks etc.) according to the Company’s internal checklist
- Identifying language-specific issues
- Analyzing invariants, mathematics and code self-consistency
- Analyzing cryptographic primitives
- Static analysis (by Slither)
- Exploits PoC using brownie test environment
- Interim report with the list of vulnerabilities with recommendations on improving the source code
- Re-audit after bug fixing
- Final PDF security audit report with statuses on every vulnerability found
- MixBytes’ GitHub public audits repository entry (optional)
- Announcement about passing the audit on the official MixBytes’ Twitter (optional)
Depending on codebase volume the annual budget may amount to $200 000
Recurring subscription to continuous audit and code review: the client pays an advanced fixed amount for each subscription period, MixBytes, for its part, guarantees constant availability of the audit group , consisting of 2 auditors and 1 tech lead , subject to the subscription package chosen.
Since the auditors group will be constantly available, it will allow auditing the guaranteed amount of code every month. It will allow PowerPool team to deliver new products and updates faster and be sure that there is available audit capacity for new code.
The auditors team will be paid every month in CVP based on the monthly bill. Bills can vary based on the amount of work done. The team will send CVP from a multi-sig wallet at the end of every month based on the CVP/USDC exchange rate calculated at 1inch.exchange aggregator. For a year of audits, the budget of $200,000 in CVP equivalent will be reserved if this proposal would be approved.
The auditors team will provide detailed reports regarding their work with PowerPool code every month on the community forum, including security reports.
Approving this proposal, you vote FOR starting continuous security reviews by MixBytes paid by the CVP community
Rejecting this proposal, you declining continuous security reviews for PowerPool code offered by MixBytes
Estimated start date of work within the subscription: based on agreement with PowerPool core team.
MixBytes() is a fully staffed team of engineers, auditors and analysts, experienced in decentralized systems and blockchain technology. We are among the top leading audit firms in the market. We performed security audits for such well-known DeFi projects like: Aave, Curve Finance, Yearn Finance, 1inch, PieDAO, Sushiswap, Cover protocol, Opium protocol, Aragon, Biconomy, Akropolis, etc.