Proposal to Fund Audit of Staking Contracts

Summary

Perform a professional audit of the GET staking & governance smart contracts to ensure safety and correctness of functionalities prior to deployment. The GET Protocol DAO’s long-term security requires a comprehensive audit of these upcoming contracts to protect depositors to the staking system and to protect the health of the token.

This proposal defines the scope of work, the entities auditing the contracts, and other conditions of the audit.

Why?

Software development is a human process and subject to human error, which must be minimized as much as possible. Mistakes within smart contracts account for $Billions in hacks within the last year alone. One way of reducing this risk is to perform a comprehensive audit with smart contract security experts that assess and test the code for bugs and is considered best practice prior to launching contracts holding custody of funds.

The staking & governance contracts are approaching production readiness and have been through multiple rounds of internal audit and are now ready for external auditors to assess the code for safety. The staking system has been designed to be future-proof, flexible, and multi-chain so it is expected that over time this will grow to hold a large percentage of the circulating supply GET and the impact of a hack could significantly impact the GET ecosystem.

The lockup conditions of these smart contracts will define the level of ‘skin in the game’ required for future governance participants and will form a long-lasting and important part of future governance operations. Given that staking is a DAO-governed process, run by and for the GET holder community, the decision on how to audit the staking contracts is also put to vote on by GET holders.

How?

A scope for the audit has been defined and multiple professional audit providers have provided proposals. The most effective and cost efficient of these are contained within this proposal.

Scope

The code to be audited is available within the GETProtocolDAO/LockedRevenueDistributionToken Github and will be initially audited at version 1.0.0.

The main focus of the audit will be the following files and their equivalent interfaces:

• src/LockedRevenueDistributionToken.sol
• src/GovernanceLockedRevenueDistributionToken.sol

The audit will contain a thorough inspection of all the code within the deployed contract, and analysis of the behaviour of the code, and a report of findings.

Providers

Two providers have been selected for their reputation as experts within security, their cost, and their availability to audit. Both providers have confirmed availability and would be able to begin the audit within the coming weeks.

yAcademy is an off-shoot of the popular Yearn Finance project to act as an audit team for Yearn’s smart contracts, notably auditing the veYFI governance contracts and external project such as Timeless Finance and Ohm. Yearn Finance has a reputation for being one of the most secure projects within the space and the yAcademy team help uphold this reputation.

Code4rena is a decentralized auditing platform offering audits in the form of competitions with a fixed prize pool. Audit competitions are launched for a fixed period and often attract over one hundred independent and professional auditors to assess each project.

yAcademy has been chosen as the primary provider for this audit due to having a more traditional audit structure resulting in dedicated auditors committing a fixed amount of time to analyzing the code. If also chosen, Code4rena will provide an audit of the contracts after issues from the yAcademy audit have been resolved and this will allow a wider group of auditors to perform a final sweep of issues.

Execution

GET Protocol’s blockchain development team will coordinate audits with the chosen providers after conclusion of the vote.

If option 1 (yAcademy) is chosen then $40,000 worth of GET from the DAO treasury will be sold at random intervals over the proceeding four weeks.

If option 2 (yAcademy + Code4rena) is chosen then $85,500 worth of GET from the DAO treasury will be sold at random intervals over the proceeding four weeks. The Code4rena audit will only begin once the yAcademy audit concludes and issues are fixed.

If option 3 (None) is chosen then the DAO chooses not to fund this audit from the treasury.

Voting Information

• This proposal will run for 5 days from the time of publication.
• This vote will be a ranked choice vote as defined in Snapshot documentation.