Audit of Staking Rewards Distribution Contracts v2

The erc20-staking-rewards-distribution-contracts, which are used for Swapr DIY Farming, have been updated to allow the ability add rewards to ongoing campaigns. This feature is desired to allow multiple parties to contribute to funding a campaign and also to be able to increase the rewards rate of a campaign. One of the original motivations for developing the feature was in thinking about how an Omen Guild would want to experiment with many campaigns and add rewards to successful ones.

This proposal is to fund an audit of the updated erc20-staking-rewards-distribution-contracts by Team Omega.

Scope of the Audit

The code to be audited will be about 500-600 lines of Solidity code, comprising a contract suite to bootstrap staking campaigns. The code to be audited is on github, here:

at commit ee0605eee011394af82b90f407a9393e17e358fc

and includes
ERC20StakingRewardsDistribution.sol
ERC20StakingRewardsDistributionFactory.sol
but excludes
StandaloneERC20StakingRewardsDistribution.sol

The auditing process includes:

  • A thorough inspection of all the code, and the Solidity contracts in particular

  • An analysis of whether the contracts implement the behavior described in the specifications

  • Automatic analysis of the contracts using tools such as Slyther and MythX

  • An assessment of the tests and test coverage

  • An assessment of how these contracts will be used in a wider context

Deliverables

Team Omega findings will be formalized in a first report that includes

  • A description of the methods used for the audit
  • An evaluation of the overall quality of the code, including test coverage and documentation
  • A description of any issues we find

After the first report is delivered and the developers have addressed any issues that were found, Team Omega will review these fixes and deliver a final report in which it is verified that any errors or vulnerabilities previously identified have been properly remediated.

Any additional reviews are subject to newly negotiated terms and pricing.

Team Omega

The audit report will be compiled on the basis of the findings from three auditors. The auditors work independently. Each of the auditors has years of experience in developing smart contracts on Ethereum.

Liability

The audit will be on a best-effort basis. In particular, the audit does not represent any guarantee that the software is free of bugs or other issues, nor is it an endorsement by Team Omega of any of the functionality implemented by the software.

Timeline

The review process will start from the day when the first payment has been received and the code to be audited is provided

  • DXdao will deliver the code to be audited no later than November 15
  • The first report will be delivered within 2 weeks of the starting date.
  • DXdao will address any issues within 2 weeks of delivery of the first report
  • The final report will be delivered within 1 weeks after the developers have addressed any issues we may have found

Cost

Total cost is $12,000, half upfront included in this proposal, and the other half due upon completion. In addition to the first payment of $6000, this proposal also included $200 to cover gas costs for transferring funds to mainnet. The main motivation for the proposal being on xDai is to avoid the high cost to DXdao in passing proposals on mainnet.

5 Likes