FIP#49 - Request for Funds - V2 Audit Budget

Summary

Floor V2 will introduce a new staking mechanism for FLOOR holders as well as onchain voting for the Floor Wars and automated sweeping contracts.

This new functionality introduces new risks that the DAO must mitigate. This proposal recommends a budget for a Private Code Review and a Public Audit.

Motivation

V2 contracts will store value from users in the form of staked FLOOR tokens as well as implement onchain authorities that will allow the DAO to decentralize further in the future.

The new protocol will also enforce buybacks (and burns) as well as automated NFT sweeps, providing onchain guarantees of execution. This will increase the utility of the FLOOR token whilst also reducing operational overhead of the team (an important step towards decentralization).

Considering the value stored within the protocol, the need for a thorough review and audit is essential to mitigate any potential exploit risk.

Proposal

This proposal is split into two parts, a Private Code Review and a Public Audit.

Private Code Review

The DAO would hire an independent contractor to review Floor V2’s core contracts. Put forward in this proposal is alpeh_v - previously the protocol lead at Element/Delv and now a Senior Security Researcher at the world-leading audit firm, Spearbit. https://twitter.com/alpeh_v, https://spearbit.com/

771×579 28.3 KB

Budget: $37,500 USD

Public Audit

Following the private code review and implementing any recommendations, the DAO would hire an audit firm to conduct an additional review of all contracts. Put forward in this proposal is the Omniscia (https://omniscia.io/) who has provided the following quote.

Budget: $49,500 USD

The earliest start date will be mid-July and will be subject to availability of those selected.

The total budget may not need spending in full, in which case remaining funds will be released back to the DAO.

It would be proposed that the DAO either sell or leverage CryptoPunks to cover the cost of this ask - exact method to be discussed in Discord.

Total Ask: 87,000 USDC

Polling Period

The polling process begins now and will end at 13:00 UTC on 2023-07-04. Shortly after this a Snapshot vote will be announced.

Do you think both Audits are required or would 1 be ok?

It sucks that the cost of these audits is greater than the cumulative amount we’ve ever spent on floor buybacks lol. Security be expensive fr fr

IMO this is quite reasonable for an audit these days, and I’d always prefer 2 audits over 1.

It sucks that the cost of these audits is greater than the cumulative amount we’ve ever spent on floor buybacks lol

The DAO should definitely prioritise protocol security over increasing token price.

it can easily do both, they are not exclusive

I think given that we are not securing user assets (outside of FLOOR) there’s an argument that one audit might be enough and there’s not a great deal at risk (outside of Treasury, which can be a focus of unit testing and audit).

If there was a strong preference for a single audit then I think we should consider it but unfortunately security is giga expensive even in this bear market

Securing v2! Let’s sweep

I can see the appeal of a singular audit, and if the DAO votes to amend as such it wouldn’t be of vast detriment. The benefit of a public audit would hopefully be to gain additional trust through a more visual and digestible format.

I think we can justify, and would really benefit from, both with the Treasury if the perceived benefit from the wider community is enough.

Hi all, aleph_v here, I’d be happy to work with y’all if this proposal passes. Let me know if you have any questions about the process I use when working with teams to review for security. I’d also be happy to talk any questions my qualifications or track record.