Summary

Discourse link: here

Tracer DAO is considering engaging Runtime Verification for an audit of Tracer’s codebase. Runtime Verification provide a smart contract analysis and verification service with experience in formal modelling, analysis, safety, security, validation and verification. They have worked with "NASA, DARPA, Boeing, and Toyota, on formalizing and verifying safety and mission critical systems, and with IOHK and the Ethereum Foundation to formally model and verify not only smart contracts, but also consensus protocols, programming languages and virtual machines.

This audit will be a 7 week process, during which Runtime Verification will detail any errors found with the Tracer Perpetual Pools and vesting contracts codebase. The Mycelium team will work with Runtime Verification throughout the audit to fix any bugs and help them to navigate and understand the codebase. This initiative aligns with the Tracer Whitepaper (Tracer: Peer-to-Peer Finance), where it was set out that Tracer DAO would adhere to strict security standards in relation to its smart contracts.

If engaged by Tracer DAO, Runtime Verification will commence work on 25 October 2021. This proposal seeks to remunerate Runtime Verification for their services to Tracer DAO.

Consideration

For the provision of these services, Runtime Verification requests:

1. 105,000 USDC immediately; and
2. 105,000 USDC at the conclusion of the audit.

Deliverables

If Runtime Verification is engaged by Tracer DAO via proposal, it will provide the services in accordance with the points below:

1. Provide a comprehensive security audit for the Perpetual Pools contracts; and
2. Provide a comprehensive security audit for the DAO vesting contracts.

Variation and Termination

1. Runtime Verification acknowledges that, if engaged, its engagement can be varied or terminated by future Proposals.
2. Runtime Verification expects that any engagement will be terminated if they fail to deliver in accordance with the deliverables specified above.

Conflicts of Interest

In the context of the Tracer project, conflicts of interest include:

1. Existing Service Providers who are Related Parties; and
2. Existing (vested and unvested) holdings of TCR tokens.

Runtime Verification wishes to declare the following conflicts of interest:

1. No conflicts of interest to declare.

Interpretation

Unless otherwise defined in this offer, all terms beginning with a capital letter that are defined in the Participation Agreement have the same meaning unless the context otherwise requires.

If this offer is accepted as a Proposal under the Participation Agreement, Runtime Verification may more formally document aspects of that Proposal.

Copyright Waiver

Copyright and related rights to this Proposal are waived pursuant to CC0.