The following describes the proposed payment scheme for security auditors for their work. The developed scheme is universal and is based on the length of the code of the auditable smart contract.
Motivation
One of the main goals of Callisto is to develop a self-sustaining DAO-like security auditing department structure. Therefore, the payment schema should ensure a high level of automatization and formalization.
Specification
In the Security Department of Callisto, smart-contract auditors are paid once a month, on the 15th day of each month.
In this proposal each auditor has base salary and multiplier values. This values affect the paid salary. Both of these values are calculated based on the quantity and quality of tasks completed during the month.
In this proposal, a total amount of X CLO is allocated for the monthly budget of Security Department. The reward for each contract is proportional to the length of the contract code compared to the total code length of all contracts audited during the month.
contract reward = X * contract_code_length / total_code_length
Auditors review the code and report findings. Each finding has a certain weight in points. The following values will be used to evaluate findings according to their severity:
Severity
Weight in points
Critical
100
High
45
Medium
8
Low/Note
1
Auditors will receive reward for each audit request they have worked on, depending on their share of reported findings and contract reward value of the contract.
number_of_auditors is the number of auditors who worked on the audit of this contract.
At the end of the month an average multiplier is calculated for each auditor. The salary of the auditor is calculated as a sum of auditor's rewards for the month multiplied by auditor's average multiplier for the month.
Abstract
The following describes the proposed payment scheme for security auditors for their work. The developed scheme is universal and is based on the length of the code of the auditable smart contract.
Motivation
One of the main goals of Callisto is to develop a self-sustaining DAO-like security auditing department structure. Therefore, the payment schema should ensure a high level of automatization and formalization.
Specification
In the Security Department of Callisto, smart-contract auditors are paid once a month, on the 15th day of each month.
In this proposal each auditor has
base salary
andmultiplier
values. This values affect the paid salary. Both of these values are calculated based on the quantity and quality of tasks completed during the month.In this proposal, a total amount of
X
CLO is allocated for the monthly budget of Security Department. The reward for each contract is proportional to the length of the contract code compared to the total code length of all contracts audited during the month.contract reward
=X * contract_code_length / total_code_length
Auditors review the code and report findings. Each finding has a certain weight in points. The following values will be used to evaluate findings according to their severity:
Auditors will receive reward for each audit request they have worked on, depending on their share of reported findings and
contract reward
value of the contract.auditor_1.reward
=(contract reward) * auditor_1.findings / (auditor_1.findings + auditor_2.findings + auditor_3.findings)
auditor_1.findings
/auditor_2.findings
/auditor_3.findings
are sums of finding values (in points) reported by each auditor.Then the "multiplier" value is calculated for each auditor.
auditor_1.multiplier
=number_of_auditors * auditor_1.findings / (auditor_1.findings + auditor_2.findings + auditor_3.findings)
number_of_auditors
is the number of auditors who worked on the audit of this contract.At the end of the month an average multiplier is calculated for each auditor. The salary of the auditor is calculated as a sum of auditor's rewards for the month multiplied by auditor's average multiplier for the month.