celestia

Prop 2: Pay for IBC Middleware Audits

Two IBC middlewares are set to be adopted by the entire cosmos community. These are the Packet Forward Middleware (PFM) and the Relayer Incentivized Middleware (RIM). The PFM enables the unwinding of bridged tokens, resulting in a dramatically better experience for users. The RIM enables a native mechanism for paying infrastructure providers.

Social consensus, via the CIP process, has been reached for the eventual adoption of these middlewares.

https: //forum.celestia.org/t/cip-packet-forward-middleware/1359/13

https://forum.celestia.org/t/cip-relayer-incentivisation-middleware/1383/6

Single exploits could result in significant coordination overhead to fix in the best case scenario, and users losing funds in the worst. Issues with determinism could cause the chain to halt, if not handled promptly, the halting of Celestia could also cause a halt in the rollups that build on top of it. This proposal aims to pay for the audits of both middleware modules by sending funds from the community pool directly to the address owned by the auditors, Zellic. While audits do not guarantee that the code is not exploitable, they do significantly reduce the risk in which this occurs.

The IBC middleware proposed here is not strictly related to Celestia, it can be applied to all chains that make use of the go implementation of IBC. Not only can it be applied, but it is currently included in many of the most important chains in the cosmos ecosystem and has compounding benefits the more chains that adopt these middlewares.

This proposal simultaneously protects the Celestia ecosystem while also giving back to the cosmos community, from which Celestia was built from, and from which Celestia exists in. This is why we think the community pool is a perfect source of funds.

Zellic was chosen as an auditor due to their previous work on IBC and great history of finding low level difficult to spot vulnerabilities. They have also shown substantial initiative by offering to audit one of the modules for free before this proposal was first discussed.

The document below further discusses the auditors credentials, scope, readiness, and the cost to audit RIM. The specified cost is 27,500USD. This proposal aims to pay the auditors for both RIM (27,500USD) and PFM (27,500USD) for a total of 55,000USD. Payment will take the form of an equivalent amount of TIA instead of USD.

https://docs.google.com/document/d/1_7g4HiNLcJoQG9914VbwkzH083XWJRcg/edit?usp=sharing&ouid=104308677909331740418&rtpof=true&sd=true

The addresses of the auditors can be found on their github.

https://github.com/Zellic/public-addresses/tree/4fb4f64f47e0b0bc2986521329a16dd4f8f1cf7a

Upon passing, this proposal will send 8568TIA (valued at 55,000USD at the time of writing this proposal) to celestia1j4h0ec6t2ktr465uxlcqwy2yqw2gef8h8xjned as payment for the ongoing PFM audit, and to be scheduled RIM audit.

Further Discussion of this proposal can be found on this forum post https://forum.celestia.org/t/community-pool-proposal-help-fund-audits-of-ibc-middleware/1664