Code & contract audit

I was wondering if any of smart contracts used in handling PICKLE has been audited? If so how about we shout about this with some nice badge on the page with a link to a cert from auditor?

And obv if not then any chance this can happen? Can this be arranged? I’m sure this would greatly benefit the project, and also prevent fuckups like yum had in the past :wink:

2 Likes

Discussed quite a bit.

Consensus is that it’s mostly unnecessary other than to assuage the concerns of folks who are unfamiliar with the drag and drop contracts we are using.

THAT SAID, we understand that this could lead to more folks investing. Whatever we do, we need to fund it. If we want this to be funded, we need to create a treasury of sorts or increase the pickle emission percentage to the dev team.

I think it IS going to happen eventually, but nothing in the short term.

4 Likes

Do Jars also use a combination of existing contracts or face any extra risks?

I would be happy to participate in community-organized fundraising if necessary, so we wouldn’t have to wait for the dev fund and we could order the audit asap. Plus it will leave more funds for the devs to invest into research.

2 Likes

I appreciate that developers do not worry about this, but from the investors point of view this is a HUGE deal.

If you want PICKLE to go big building trust and strong fan-base is a must. One of ways to achieve this is via audits.

I’m more than happy in chipping in - I bet if we spread the word loads of people will support us.

PS. There is a reason why ISO certs has been created as a standard and some manufacturers would not even consider materials other than certified. In the same way you wont secure investment from some people unless you prove that code used is safe.

4 Likes

Yep I think community will be keen to this idea!

2 Likes

We actually have very little custom code. It’s mostly just the harvest function in the strategies.

This is because we use Yearn’s contracts for the vaults/jars and Sushi’s (audited) MasterChef contracts for the farms. You can see this brief tweet storm here: https://twitter.com/gammaarb/status/1304544993214894080

But at the moment, we’re trying to gather some funding for an audit just because we know a lot of people are just seeking that confidence as @jjdubs says above.

1 Like

Thank for an explanation - I understand you are reusing some other code - that’s what opensource is all about, yet people with serious $$$ wont give a damn about this. For them, it’s all about APY and assurance.

I think this project have serious potential, not only financially but as something that can have profound impact all over the crypto. When we look at the locked value in our LP we are starting to surface - now we need an official credability.

Can we organise some kind of pool where people can provide funds? I can’t emphesise it more how important it is for us to be audited (visit http://moonswap.fi/ - even that its not something amazing you imedietelly spot the badge in the bottom right corner - that’s very important). Maybe my view is a bit askewd as I work in insurance sector but assurance is the key :wink:

2 Likes

Hey @BigBrainBriner any chance you can share with us an expected date of audit? As we now this is one of the blockers for us being listed on e.g. coingeco or defipulse (Am I right?).

Any way we can help in speeding this up? I really don’t see problem in chipping in to get it faster.

Also any idea which company would be used for auditing?

CoinGecko doesn’t really need an audit for us to be listed, there was some miscommunication regarding our circulating supply but we are trying to sort that out. With DeFiPulse, they have been quite dismissive of us despite our efforts to approach them in good faith. It is unclear if they would be willing to list us at this time.

In terms of the audit, we’ve reached out to no fewer than 5 companies: OpenZeppelin, Trail of Bits, MixBytes, PeckShield, Certik, and maybe a couple more that I lost track of. The first two big names (OZ and ToB) don’t really have availability for quite some time, so unfortunately we might not go with them for our initial audit.

We are actively discussing with the rest of these companies, and we’ll likely prioritize speed over anything else. It sounds like the community wants us to have an audit done ASAP, regardless of how “big” they are. Governance could always vote to do another audit later on with a “big name” down the road.

Hope this update helps, we’re just as anxious as you guys are to get an audit done!

2 Likes

Thank you for an update - yep I have heard that from few colleagues when was discussing $PICKLE - the first thing they were asking was “is it audited”. As I stated before prob essential to go big :wink:

Please keep us updated and seriously any financial help needed - ask the community - I bet loads of people will come to the help :wink:

Have you tried https://solidified.io/ - never heard about them but seems interesting.

Also, We should run a bug bounty program - even with a small pool of cash in it.

1 Like

Bug bounty is an amazing idea, would you be up for championing it with a proposal on snapshot?

1 Like

sure - I’m more than happy to do that. Will do a bit of research first to provide a bit of background here and then will setup proposal.

Also coming back to the topic of audit you can check out Consensys - it looks like they are damn active in the whole audit & evaluation sector. https://diligence.consensys.net/