Governance proposal to have a security audit

I am proposing a security audit of the Kleros contract by a reputable security auditor. I know Kleros has some very hefty bug bounties open for security flaws in the Kleros contract. However, a security audit, though not foolproof, instills confidence in anyone using the Kleros contract or buying PNK for price appreciation.

I should add it makes sense to audit the v2 contract before it goes live.

3 Likes

I vote in favor of this proposal

I support this. It would be great if it is from a reputable third-party auditor.

1 Like

Trail of bits or https://callisto.network/ seem to be highly trusted

I support this but would be against making it a prerequisite for the launch of v2, as audits take typically 6-12 months. As long as there is a note somewhere that code is unaudited.

As usual the v2 code will undergo extensive peer reviews and there may be bounties as well.

Maximizing the amount of attention and eyeballs from qualified developer peers (not just Kleros devs) is still likely the best strategy to ship secure code. As we know, audited projects are routinely hacked (30% of the Rekt.news leaderboard).

I do understand that having a formal audit matters to some users or integration partners which is why I would support it.

4 Likes