PoolTogether

PTIP-16: C4 Audit Contest

PTIP-16: C4 Audit Proposal

This proposal will fund a Code Arena (C4) contest to audit the critical components of the PoolTogether codebase as well as new yield sources.

The audit is tentatively scheduled for June 16, but it’s first-come first-served so it depends on how quickly we can run this PTIP.

Abstract

This proposal will transfer 72k USDC to the C4 team to fund the contest.

Motivation

PoolTogether is continually evolving and expanding. New smart contracts are being written and existing contracts are updated. With these changes some significant risk. Any smart contract that holds or has access to user funds is mission critical and must be scrutinized before being deployed. Scrutiny must come from someone with deep knowledge of the relevant protocols as well as an understanding of smart contract attack surfaces. Auditing firms specialize in this knowledge, so they are extremely valuable in de-risking smart contracts.

The core PoolTogether codebase has received third party audits from both OpenZeppelin and Diligence. Both are great firms, and we’ve had positive experiences with them. However, auditing firms are in short supply and lead times are now very long. Additionally, our protocol has a steady stream of new smart contracts that need to be audited. The classic ‘waterfall’ model of auditing the entire system in one shot no longer fits our process. We also need an auditing firm that is willing to deal directly with protocols.

Specification

Overview

This PTIP funds the first C4 auditing contest for PoolTogether. The scope of this contest includes several of the critical core PT contracts, as well as yield sources:

Core PoolTogether contracts:

Yield sources:

Code Arena has scoped the contest and recommends a 50-70k USD prize pot. We’re going to put up 60k USDC for prizes, and allocate 10k of the pot to optimizations. C4 takes 20% on top of the prizes to cover the cost of judging and administration. That makes the total 72k USDC.

Rationale

Code Arena takes a community-driven approach to competitive smart contract audits. A contest is created for a codebase; there is a pot of funds for exploits, and another for optimizations. Anyone can privately submit exploits to the contest and a skilled expert, the “judge”, curates the exploits into a final audit report. The prizes are split among all who contributed to the audit report. This has some major advantages:

  • Less resource-constrained
  • Builds a knowledgeable community around participating protocols

To bootstrap the C4 community’s knowledge of PoolTogether, we should start with a comprehensive up-front audit. Once the knowledge has been seeded, we can start running more frequent flash contests; wherein a small piece of code (think: yield source) can have a short, dedicated contest. I think this would be a great fit for our iterative process.

Ideally, flash contests can be funded by the PT Grants Committee.

Technical Specification

USDC.transfer(0xC2bc2F890067C511215f9463a064221577a53E10, 72000000000)

  • Yes, let’s audit our protocol!
  • No, let’s not audit anything

0 voters

3 Likes

I know this isn’t a best practice but could I request this PTIP also move the remaining USDC into sponsorship of the USDC prize pool? Otherwise that USDC is sitting idle.

1 Like

That would set a precedent, wouldn’t it?

If there are a group of PTIPs that aren’t contentious, we could certainly bundle them.

This is kind of interesting…I believe the cleanest thing to do is create a separate PTIP for the USDC sponsorship to first prove it’s not contentious.

Once we establish both aren’t contentious, then we can have a combined vote to save gas.

How does that sound?

3 Likes

Fully in support of this PTIP. lets get in on chain asap.

1 Like

Also support the proposal. The reports created by C4 are of very high quality. Good point to potentially fund flash contests through Pool Grants!

1 Like