TRC 128.1 - Funding Request for First Phase of Bunni v2 Security Program

Funding Request for Pashov Audit Group to Conduct First Security Audit of Bunni v2 Protocol

Summary

This proposal requests approval for a $120,000 budget allocation to fund the first phase of a comprehensive security audit program for the Bunni v2 protocol. The funds will be used to engage Pashov Audit Group for a thorough examination of Bunni v2's smart contracts.

Background

Security is paramount for the Bunni protocol. Comprehensive audits are essential to identify potential vulnerabilities, logical errors, and inefficiencies in our smart contracts. This first audit, conducted by industry experts, will serve as a crucial step in fortifying our security and increasing trust in the platform.

The Timeless Engineer Unit (TEU) has selected Pashov Audit Group for this first audit based on their strong reputation in several audit contest platforms, reasonable pricing for the amount of engineer-weeks required, and willingness to engage in a long-term relationship with Timeless's projects. Multiple trusted sources and projects have recommended Pashov Audit Group.

Current Treasury Context

As of August 19, 2024:

• Total liquid assets (ETH, rETH, etc.): $1,217,386.00

• Additional native asset (LIT): $1,779,762.00

Proposal

We propose funding the first phase of the Bunni v2 security audit program:

1. Engage Pashov Audit Group for the first audit: $120,000

2. Fund the audit by liquidating the required equivalent value of WETH and ETH currently held in the Timeless's treasury (0x9a8fee232dcf73060af348a1b62cdb0a19852d13)

Implementation

The audit will be executed as follows:

1. Upon approval, initiate the contract with Pashov Audit Group

2. Provide Pashov Audit Group with access to the Bunni v2 smart contract codebase

3. Conduct the audit over the agreed-upon timeframe

4. Review and address the findings from the audit

Budget

• Total Funding Request: $120,000 USD

• Payment Method: USDC on Ethereum Mainnet

• Funding Source: Liquidation of equivalent value in WETH and ETH from Timeless treasury (0x9a8fee232dcf73060af348a1b62cdb0a19852d13)

Next Steps

This proposal serves as a temperature check to gather community feedback. The key next steps are:

1. Community Feedback: We encourage all community members to provide insights, suggestions, and concerns regarding this proposed audit funding.

2. Proposal Refinement: Based on the feedback received, we will refine this proposal as needed.

3. Formal TRC: If broad community support is evident, we will proceed with a formal TRC (Timeless Request for Comments) 4 days after the publication of this proposal.

4. Snapshot Vote: Upon completion of the feedback period and any necessary refinements, the proposal will be put to a formal vote on Snapshot on Thursday, August 22, 2024, 12:00 PM, and will last for 3 days, it will end on:

Sunday, August 25, 2024, at 12:00 PM.

5. Implementation: If approved, the TEU will initiate the contract with Pashov Audit Group and proceed with the audit as outlined in the proposal.

We invite all community members to actively participate in this process to ensure the best outcome for the security and future of the Bunni v2 protocol.

Conclusion

Approving this proposal will fund the first crucial phase of the Bunni v2 security audit program. This approach balances robust security measures with financial prudence, considering the current treasury position. A second funding request for an additional audit will be published when the TEU selects the second auditor in the coming days, ensuring a comprehensive review of the Bunni v2 protocol.