Replicated Secuirty Third Party Audit

Authors: Simply Staking

Summary

Commissioning Oak Security to conduct a third-party audit of the Replicated Security (Interchain Security v1) code with a similar scope as to the audit conducted by the Informal audit team.

The Proposal

This proposal aims to use community pool funds to commission a third-party audit for the Replicated Security code. This audit is to be conducted by Oak Security, one of the most-reputable auditors in the space.

The price of the audit will be $102,000 and will take roughly three weeks starting on the 29th of March 2023. The auditors will require payment upfront to start the audit process after which, contact will be kept with each other for progress updates and any questions during the audit.

The scope of the audit is to review the latest version of the Replicated Security code. The main aims are to double-check the audit by Informal Systems as well as review the code changes since that audit was completed to ensure that the latest version of the Replicated Security code is reviewed thoroughly and no new issues have come to light.

Since this is a community pool spend proposal, we want to ensure the community that the funds will arrive at the designated recipient by creating a multi-sig.

The multi-sig will comprise of:

• Jehan (Informal Systems)
• Zaki (Core Cosmos Contributor)
• Jacob (Notional)
• Kai (Neutron)

The address of the Multi-Sig: cosmos1j20yq6atn9nuanwgsancnv4wk4nszagk3wwudp

Breakdown of Fees

With this proposal, we (Simply Staking) have been and will be the main point of contact with Oak Security which means that we will handle all things related to answering their questions and queries. Even though we are not a direct part of the multi-sig, we are the coordinators for the multi-sig. For the work with Oak Security and the multi-sig coordination, we seek a compensation fee of around 15% of the total ask.

From that 15% that will be given to us for our work, a small fee would be distributed to the multi-sig members as a form of compensation. The members are being paid due to requiring them to confirm that the audit was completed as described, prior to distributing of funds.

All payments are to be sent out to the recipients once the whole audit process is complete.

Funding

OAK Quote: $102,000 + 15% price buffer to account for volatility of the ATOM token during voting period : $117,300

Simply Staking + Multi-Sig Fees: $15,300

Total ask 11,050 ATOM @ $12 per ATOM ~ $132,600

All leftover funds will be sent back to the community pool.

For more information or for any queries, please reach out to Damien of Simply Staking on Twitter or on the forum discussion for this proposal - Forum Discussion

Proposal details on Github: Replicated Security Audit## Voting

• By voting YES, you agree that the community pool should fund an ICS audit with a third-party auditor.
• By voting NO, you disagree that the community pool should fund an ICS audit with a third-party auditor.
• By voting ABSTAIN, you express no opinion on the matter.
• A NoWithVeto vote indicates a proposal either (1) is deemed to be spam, i.e., irrelevant to Cosmos Hub, (2) disproportionately infringes on minority interests, or (3) violates or encourages violation of the rules of engagement as currently set out by Cosmos Hub governance