Approve Polkadot Assurance Legion Bounty
Requested bounty: 540,000 DOT
The subject of this proposal is to set up a bounty which will be used to help selected Polkadot parachains undergo rigorous audit procedures.
The primary goal of the proposal is to contribute to an overall greater level of security in the Polkadot ecosystem. Its secondary goal is to establish a pool of high-quality auditing companies specialized in Rust (specifically Substrate pallets and ink! smart contracts) which, over time, will help make audits more accessible for the whole Polkadot ecosystem, and make Substrate more attractive to new builders.
This proposal is brought forward by the Polkadot Assurance Legion (PAL) - a security governance club comprising the following parachain teams: HydraDX, Interlay, Astar Network, Manta Network, Acala, Centrifuge, Zeitgeist and Equilibrium.
Payouts via the bounty mechanism are open to any Polkadot parachain, subject to a set of eligibility criteria and criteria for determining priority.
The bounty will be managed by 7 curators who are well known within the Substrate community for their expertise in Rust development and security.
Full proposal:
https://docs.google.com/document/d/1I1vXSG6mjeeulKmRbG4lrERtqVGwHNyDR9pVE4wSQvI/edit#heading=h.30vpm6dndo0i
Comments (13)
Proposal Passed
3
of 3Summary
0%
Aye
0%
Nay
Aye (90)0.0 DOT
Support0.0 DOT
Nay (74)0.0 DOT
Voting Data
Approval%
Support%
Threshold0.00%
Threshold0.00%
Hello team,
Question... Why should the relaychain public funds be used to audit non-system parachains' code?
The onus should be on the individual parachains to prove to the relaychain public that their code is safe and not the other way around... don't you think?
Please advise..
Thanks and best regards
Milos
What if a Parachain does not want to subscribe to the PAL 'certification'? I am concerned that it creates a perceived standard that would deem parachains which didn't apply for an audit with PAL as unworthy and unsafe. If a potential parachain project forks one of the 7 curators' parachain and made slight tweaks to what was implemented, and then successfully obtains a parachain lease, would there be any conflict of interest in allowing for audits to happen for that new parachain? How would the conflict of interest be resolved in this case? Thanks!