EthereumCommonwealth / Roadmap

GNU Lesser General Public License v2.1
57 stars 17 forks source link

Auditing Department: business model amendment v1 #62

Open Dexaran opened 4 years ago

Dexaran commented 4 years ago

This amendment to the Security Auditing Department workflow is intended to establish a set of rules for accepting, approving and paying security audit requests at Callisto Network.

Motivation

Previously Callisto Team accepted any security audit requests and handled them free-of-charge by subsidizing the work of auditors from Treasury fund. Audits were processed in a continuous queue as auditors performed the work.

This model assumed that the audits are delivered in exchange for co-promotion and the general use case of Callisto as an independent security enhancement mechanism will boost its brand recognition and mass adoption.

The model had two main shortcomings:

A new model of accepting audits is hereby proposed to address the flaws of the previous one and ensure a long term sustainability of Security Department.

Specification

Limited monthly free-of-charge auditing campaign

It is proposed to handle a limited number of security audit requests paid from Treasury. A fixed budget must be allocated for a monthly "free-of-charge audits" campaign. Then an audit request that gained the most traction must be performed for free while the rest of audit requests must be left with "on hold" status until these are processed on paid basis or gain more traction in the next months.

The recognition and traction of a security audit request should be measured by the amount of social activity associated with the public announcement of the audit request on any public social media platform (twitter/ reddit/ bitcointalk/ facebook). Project-specific forums do not count. Callisto Team reserves the right to approve any audit request for a free-of-charge auditing campaign with an internal decision in case social activity is falsified.

Paid security audits

Security audits not included in the list of free audits should be processed on a paid basis.

Priority Payment formula
High 500 USD + (0.5 USD per line of code)

We accept ETH, ETC, CLO and EOS.

Any of Ethereum-based currencies (ETH, ETC or CLO) can be sent to this address 0x74682Fc32007aF0b6118F259cBe7bCCC21641600 as payment.

EOS can be sent to this address callistotokn as payment.

The payment amount will be calculated based on the exchange rate of the currency that was used for the payment (calculated at CoinMarketCap rate). The amount of payment depends on the length of the code of the auditable contract. Empty lines of code and comments can be excluded.

It is recommended to use SLOC counter to calculate the accurate amount of lines of code that require payment. The overpaid amount of CLO, ETH or ETC will be returned to the sender's address after the completion of the security audit. Highest priority audit requests are processed ahead of queue.

Security auditing fee

It is proposed to withhold a certain percentage of each audit request payment in order to fuel the sustainability of the platform.

Collected security auditing fees must be used to (1) market buy and burn CLO tokens and (2) payment of third party media representatives supporting the Callisto Network.

Example:

If a security auditing fee is set to 5% and 3% is paid to the third party media services then