TRC 129 - Funding Request for Second Audit of First Phase of Bunni v2 Security Program

Funding Request for Trail of Bits to Conduct Second Audit in First Phase of Bunni v2 Security Program, Managed by Timeless Engineering Unit (TEU)

Summary

This proposal requests approval for a $219,300 budget allocation to fund the second audit in the first phase of the comprehensive security program for the Bunni v2 protocol. The funds will be used to engage Trail of Bits for a thorough examination of Bunni v2's smart contracts, with the project managed by the Timeless Engineering Unit (TEU) on behalf of the Timeless Foundation.

Background

Security remains a top priority for the Bunni protocol. Following the initial audit in this first phase, this second comprehensive audit is essential to further identify potential vulnerabilities, logical errors, and inefficiencies in our smart contracts. This audit, conducted by the renowned Trail of Bits, will serve as a crucial step in fortifying our security and increasing trust in the platform.

The Timeless Engineering Unit (TEU) has selected Trail of Bits for this second audit of the first phase based on their industry-leading reputation, extensive experience in blockchain security, and their ability to provide a different perspective from the first audit.

Current Treasury Context

As of August 21, 2024:

• Total liquid assets (ETH, rETH, etc.): $1,097,386.00

• Additional native asset (LIT): $1,779,762.00

Proposal

We propose funding the second audit in the first phase of the Bunni v2 security program:

1. Engage Trail of Bits for this audit: $215,000

2. Administrative fee for TEU's operational entity (2%): $4,300

This fee covers:

• Costs associated with offramping USDC to USD

• Expenses related to Know Your Transaction (KYT) and Anti-Money Laundering (AML) procedures

• Banking fees and currency conversion costs

3. Total funding request: $219,300

4. Fund the audit by liquidating the required equivalent value of assets currently held in the Timeless treasury (0x9a8fee232dcf73060af348a1b62cdb0a19852d13)

Implementation

The audit will be executed as follows:

1. Upon approval, Timeless Foundation will enter into a service agreement with the TEU's operational entity.

2. The TEU will initiate the contract with Trail of Bits.

3. Provide Trail of Bits with access to the Bunni v2 smart contract codebase.

4. Conduct the audit over the agreed-upon timeframe.

5. Review and address the findings from the audit.

The TEU's operational entity will ensure the project management and handle all administrative and operational efforts, including the payment to Trail of Bits in USD via traditional wire transfer. This is part of the TEU's current mandate to ensure the security and reliability of projects under the Timeless Foundation umbrella.

Budget

• Total Funding Request: $219,300 USD

• Audit Cost: $215,000 USD

• Administrative Fee (2%): $4,300 USD

• Payment Method: USDC on Ethereum Mainnet

• Funding Source: Liquidation of equivalent value in liquid assets from Timeless treasury (0x9a8fee232dcf73060af348a1b62cdb0a19852d13)

Next Steps

This proposal serves as a temperature check to gather community feedback. The key next steps are:

1. Community Feedback: We encourage all community members to provide insights, suggestions, and concerns regarding this proposed audit funding.

2. Proposal Refinement: Based on the feedback received, we will refine this proposal as needed.

3. Formal TRC: This proposal will serve as the formal TRC (Timeless Request for Comments) for a 4-day discussion period starting from today, August 21, 2024.

4. Snapshot Vote: Upon completion of the feedback period, the proposal will be put to a formal vote on Snapshot on Sunday, August 25, 2024, 12:00 PM, and will last for 3 days, ending on Wednesday, August 28, 2024, at 12:00 PM.

5. Implementation: If approved and the required quorum is reached, the equivalent of $219,300 worth of assets held in the Timeless treasury will be liquidated in exchange for USDC. This USDC will be transferred to the TEU's operational entity to handle payment and project management of the audit.

We invite all community members to actively participate in this process to ensure the best outcome for the security and future of the Bunni v2 protocol.

Conclusion

Approving this proposal will fund the second crucial audit in the first phase of the Bunni v2 security program. This approach ensures a comprehensive review of the Bunni v2 protocol by engaging a different, highly reputable auditing firm. The involvement of the TEU adds an extra layer of professionalism and efficiency to the process, leveraging their expertise in managing such critical security initiatives.

This strategic approach balances robust security measures with financial prudence, considering the current treasury position. We believe this second audit in the first phase is crucial for the long-term security and success of the Bunni v2 protocol.