Proposal for a Polkadot Assurance Bounty
The subject of this proposal is to set up a bounty of 540,000 DOT which will be used to help selected Polkadot parachains undergo rigorous audit procedures.
The primary goal of the proposal is to contribute to an overall greater level of security in the Polkadot ecosystem. Its secondary goal is to establish a pool of high-quality auditing companies specialized in Rust (specifically Substrate pallets and ink! smart contracts) which, over time, will help make audits more accessible for the whole Polkadot ecosystem.
If successful, the initiative will be expanded in the next iteration to formal verification methods (assurance) and the development of security tooling which will allow it to accommodate a more holistic approach to security in Polkadot.
This proposal is brought forward by the Polkadot Assurance Legion (PAL) - a security governance club comprising the following parachain teams: HydraDX, Interlay, Astar Network, Manta Network, Acala, Centrifuge, Zeitgeist and Equilibrium.
Payouts via the bounty mechanism are open to any Polkadot parachain, subject to a set of eligibility criteria and criteria for determining priority.
The bounty will be managed by 5 curators who - together - cover the set of expertise needed for the task.
Read the full proposal here:
https://docs.google.com/document/d/1I1vXSG6mjeeulKmRbG4lrERtqVGwHNyDR9pVE4wSQvI/edit
Comments (6)
Comments (6)
I support this initiative as ecosystem needs comprehensive security audits to proactively identify potential vulnerabilities in the system.
This is a great initiative that will help parachains teams be more secure. As I'm one of the curators, I can shed a bit of insight into finding auditors and the benefit this proposal will bring:
- Typically, it takes a couple of months to find an auditor. This tends to be a tricky timing effort as development timelines are in flux, and projects have a hard time balancing anticipating the time for audit readiness and spending time on finding auditors and getting and comparing quotes. This proposal will help in taking away overhead in finding free audit slots.
- Substrate is still considered early-stage technology. We need more experienced auditors that can accomplish two things: verify that the base substrate configurations are correct (weights, XCM configurations, ...) and that the protocol built on top is correct. This is hard to find at the moment, but we think that with having a pool of auditors specialized in substrate, we can get closer to that ideal.
I support this initiative as ecosystem needs comprehensive security audits to proactively identify potential vulnerabilities in the system.
This is a great initiative that will help parachains teams be more secure. As I'm one of the curators, I can shed a bit of insight into finding auditors and the benefit this proposal will bring: