MIP: 1
Title: Auditing
Authors: Benjamin Zumbrunn, benzumbrunn@gmail.com; Simon Emanuel Schmid, simon@schmid.io
Status: Final
Type: MIP
Created: 2018-04-24
Reference implementation: https://github.com/melonproject/reporting/blob/master/src/contracts/src/Auditing.sol
Abstract
This MIP describes standard functions an auditing contract must implement in order to be compatible as a Melon Auditing module.
Background
The auditing process goes like this:
A clearly defined algorithm can extract on-chain and off-chain data (I.e. meta data on IPFS) from a fund into a well defined format for a specified timespan.
Invariant: A call to generateData with the same arguments should always return the same data.
Note: To generate a report over the whole lifetime of a fund, set: timespanStart = fund.inception and timespanEnd = now
An auditor performs an audit on that data and if everything is good he or she signs the hash of this data on the blockchain.
Who actually can perform audits on a fund is considered an implementation detail of contracts following this standard.
Motivation
Different fund setups have different auditing requirements:
Some want to provide a whitelist of auditors to perform and sign audits.
Others want to implement complex functionalities with identity lookups.
Some just want to open it for everybody or do not want any audits at all.
In order to follow the modularisation approach of the Melon smart-contract system we hereby define a standard so that minimal requirements can be met. This leads to an open system where module developers can implement their auditing functionality according to their needs outside of our imagination.
In the reference implementation, we require that only approved auditors can use the method add(...). The approved auditors are supplied on contract creation via the constructor.
It is possible to validate if an address is an approved (i.e. stored) auditor:
Abstract
This MIP describes standard functions an auditing contract must implement in order to be compatible as a Melon Auditing module.
Background
The auditing process goes like this:
A clearly defined algorithm can extract on-chain and off-chain data (I.e. meta data on IPFS) from a fund into a well defined format for a specified timespan.
generateData(fundAddress, timespanStart, timespanEnd): FundReportJSONgenerateDatawith the same arguments should always return the same data.timespanStart = fund.inceptionandtimespanEnd = nowAn auditor performs an audit on that data and if everything is good he or she signs the hash of this data on the blockchain.
Who actually can perform audits on a fund is considered an implementation detail of contracts following this standard.
Motivation
Different fund setups have different auditing requirements:
In order to follow the modularisation approach of the Melon smart-contract system we hereby define a standard so that minimal requirements can be met. This leads to an open system where module developers can implement their auditing functionality according to their needs outside of our imagination.
Contract details
The
_auditoris represented by their address.The
_dataHashis the hash of the Fund Report Data of a report._timespanStartand_timespanEndare required to generate the report that was audited.An
_opinionis an integer which represents the result of the audit, e.g. whether the auditor approves the report or not.The
_commentis a string representation of the opinion, where an auditor can voice his thoughts.Transactions
add
Add a new audit of a melon fund to the blockchain.
msg.sender == auditor.Calls
exists
Validates that the provided data is mapped to an existing audit.
getLength
Get the length of the audit array for a specific melon fund. This is needed to iterate through audits with
getByIndex().getByIndex
Get the stored information of an audit.
Requires that
_indexis smaller than the size of the audit array.isApprovedAuditor
Checks if the provided address can use the add function on the contract.
If there are no restrictions on who can audit, this funtion shall always return true.
isComplete
Checks if a fund is completely audited for a given timespan.
Risk management might prevent trades if a fund is not completely audited. For example:
A fund that is audited every month could have the following lookup in risk management:
isComplete(0xfundaddress, fund.inception, now - 30*24*60*60)Events
Added
Triggered when a new audit is stored successfully.
Auditing Interface
AuditingInterface.sol
Reference Implementation
Auditing.sol
In the reference implementation, we require that only approved auditors can use the method
add(...). The approved auditors are supplied on contract creation via the constructor.It is possible to validate if an address is an approved (i.e. stored) auditor:
Contract developers are free to use their own enumeration of opinions. In the reference implementation, we use the following values: