Hi! I’d like to propose a Committee for Audits and Testing, meant to augment the development committee with people who’ve demonstrated skills at redteaming code/protocols to audit and set testing standards for secret contracts so we avoid/minimize events like the past few days.
I’ll start with my relevant creds:
I’ve been redteaming crypto work semi-informally for the past 3 years, the way I first got in touch with the SN team was redteaming the MPC protocol, I’ve got credits for finding holes in other protocols too (in particular some safetrace holes, some Novid holes, I’ve got a citation in the apple/google repos for it, etc).
I’ve been running engineering teams for 3 years, during which time much of my work was CRing/setting testing and devops standards for the teams I was on.
I’d want others to join me in this (I’ve got time to run things like 5-10 hrs a week at most, not enough time to be FTE), but I’m mainly putting this out there to gauge interest
It would be great if developers have access to a team of competent reviewers. As the tech is new and pioneers the space, it is hard to find reviewers (even among audit firms).
If the pool were to pay for this, the pool is going to be covering costs that normally come as an expense for developers. Although we could argue that this may make the development environment more attractive, I wonder if the majority of the network believes these costs should be covered by the pool instead of the developers themselves.
I think I would prefer to see a team of recognized reviewers that can be hired by developers to do reviewing, instead of funding the team from the community pool.
I’m very open to discussion on this. They are, as described, my initial thoughts.
I’d see this complementary, rather than a substitute to such expenses. If people started to use “audited by the secret network audit committee” as some sort of marketing badge then I can see it would become problematic but as long as the expectations are clear then it sounds like a good idea.
Do you think there is sufficient need yet for a team to be built to review contracts on the Network? Are there a significant number of contracts beginning to be churned out?
Also, do you know if there are any other members in the community that would be able to take on an initiative with you considering the amount of hours you would be able to contribute?
I like this idea a lot. We need people reviewing code. More eyeballs on something won’t hurt. I think especially if we want to have a large DeFi community and act as a hub or many chains it’s important. Do you have anyone else who can join you in mind? I’m very happy to support this because we’re so early in the network. Any exploit at this stage effect the entire brand. It’s not one of hundreds if it fails, it’s one of a few.
I have 8 years of software engineering experience, 4 of which as a team lead. I do not have audit experience within the crypto community specifically, but my background is in fintech and aviationtech, both of which has extremely strict reliability requirements.