Audit of DXgovernance Contracts by Team Omega [DRAFT]

While DAOstack contracts had been previously audited, and DXdao hired an audit of the new wallet schemes, it makes sense to get a second audit that encompasses a wider scope than just the wallet schemes and includes a look at the contracts they interact with as part of the governance infrastructure.

Scope of the Audit

  • ./contracts/dxvote/PermissionRegistry.sol
  • ./contracts/dxvote/WalletScheme.sol
  • ./contracts/dxvote/DXDVotingMachine.sol
  • ./contracts/dxvote/utils/DXDVestingFactory.sol
  • ./contracts/dxvote/utils/DXdaoNFT.sol
  • ./contracts/daostack/controller/Avatar.sol
  • ./contracts/daostack/controller/Controller.sol

Auditing Process

The auditing process includes:

  • A thorough inspection of all the code, and the Solidity contracts in particular
  • An analysis of whether the contracts implement the behavior described in the specifications
  • Automatic analysis of the contracts using tools such Slyther and MythX
  • An assessment of the tests and test coverage
  • An assessment of how these contracts are being used in a wider context

Deliverables

Our findings will be formalized in a intermediate report that includes

  • A description of the methods used for the audit
  • An evaluation of the overall quality of the code, including test coverage and documentation
  • A description of any issues we find

After the first report is delivered and the dxDAO team has addressed any issues that were found, team Omega will review these fixes and deliver a final report in which it is verified that any errors or vulnerabilities previously identified have been properly remediated.

Any additional reviews are subject to newly negotiated terms and pricing.

Team Omega

The audit report will be compiled on the basis of the findings from three auditors. The auditors work independently. Each of the auditors has many years of experience in developing smart contracts on Ethereum, and has a a pluri-annual experience with developing contracts for DAOs

Liability

The audit will be on a best-effort basis. In particular, the audit does not represent any guarantee that the software is free of bugs or other issues, nor is it an endorsement by Team Omega of any of the functionality implemented by the software.

Timeline

Exact timeline will be addressed in the online proposal but initial report should be delivered sometime in January.

Payment Conditions

The total price for this audit is $45,000

  • $15,000 will be payable in USDC upon accepting this agreement
  • $15,000 will be payable in USDC on delivery of the first report
  • $15,000 will be payable in USDC on delivery of the final report
8 Likes

@JohnKelleher can you add the commit of the code to be used?

3 Likes