Auditor Research
We use the Moloch.sol contracts for managing a DAO treasury and governance platform. These contracts have recently been updated to v3 and we would like to have the Baal.sol contract from MolochMystics audited.
Lines of code: 1430
06/01/2022
From Bill on June 17
- $90k cash
- or $60k in HAUS
- They said they could actually start in next week or two
Bill and Tae have contacts
Request submitted on March 15, 2022
We may have a credit
- They will get a contract sent our way (Individual plan: 100 hours $20/hour)
- They do accept crypto (ETH/DAI/USDC) but we have to have a human with a passport on the contract
- We need to get the Scribble annotations in place before sending payment
- Will kickoff with an hour long call between Tobias and anyone who will be using the tool
- Releasing a million monkeys on our contracts
- Automated bug and vulnerability detection
- Delivers vulnerability report
$2000 for 100 hours
Should be an adequate amount of time to deliver meaningful data.
- Add Scribble annotation to code
- Meet with ConsenSys Product Manager
Igor said they may be able to move us up on the wait list because we are actually building something cool.
Request submitted on March 15, 2022
Reply on March 15:
Currently our team is fully booked for the next 8+ months so I don't believe we would be in a position to meet your timeline for a manual audit. Another option we should explore is Fuzzing.
Request submitted on March 15, 2022
Request submitted on March 15, 2022
Reply on March 29:
I would like to suggest that you reserve a slot on the waiting list in order to start the audit at the appointed time.
Also, I would like to note that there is a waiting list for 3 weeks.
Reply on March 16:
We've checked your code.
We are performing a code review and analysis that allow to make sure that there are no Reentrancies, Ownership Takeover and tens of other vulnerabilities. Also there is a Business Logic review that the code is 100% matched with the business logic that was described in the documents like Whitepaper or Functional document, and that there is no difference between implementation and business logic.
The audit duration would be 7-9 business days and the cost would be $21,8k.
Need to note, that we have a queue of audits within 3 weeks ahead and book a slot after payment.
Request submitted on March 15, 2022
Reply on March 17:
That timeline sounds more than reasonable to us, and we can likely complete the work of our analysis and report within 3-4 weeks from the time we receive your final code.
Reply on March 15:
Thank you for reaching out and expressing interest in our services. We will be happy to support you with an audit of your project!
We appreciate you for sharing your repository with us. We have reviewed the code and have prepared our proposal for the completion of the analysis and audit report, which is attached to this email.
Our audit report will point out if there are security issues discovered within the contracts, any informational / optimization-related findings, and overall analysis and comments related to the mechanisms of the project. If there are issues found within the initial audit report, you can elect to make corrections to address these findings and update your code if needed.
If corrections are made, our team will review your updated code, determine if these findings have been corrected, then update the report to reflect the issues that have been resolved and we will send you the final report. There is no additional charge for our team to complete the second review as long as the modifications to the contract are specific to resolving an issue/optimization based on our report.
Please review the proposal, and feel free to reach out if you have any questions in the meantime. We will allocate our engineers to the work as soon as you provide us with a link to the completed transaction. Please keep in mind that the timeline that was stated in this quote may change if we do not receive confirmation within 24 hours.
Request submitted on March 15, 2022
Auryen said they would be ready to rock in two-weeks on March 28, 2022
"we estimate 3 weeks for the audit. We'd be able to get started first week of July (since July 4 is a holiday, Tuesday July 5) finishing on Tuesday July 26. I messaged Peter Pan about it and he said the timing works and that he's good with it and at the end of the day its your call whether you want to move forward. Would this timing work for you? Let me know your thoughts. Happy to jump on another call if you want"
Has long history in the space. They run a school and provide auditing services.
Cannot provide an estimate until code is locked.
- Do not have bandwidth until July
- Most likely will take two weeks to product preliminary report with recommended changes
- Final report with resolutions
- ~$25,000 per audit week
- 1 Lead Engineer
Core team services a community of researchers. Do not book further than two months out. Can generally start two weeks from pitch. Teams are composed of Lead Researchers, Security Researchers and Apprentices.
- Lock code
- Provide timeline and budget
- Pitch to the community
- Review complexity and scope
- After project kicks off communication and updates are done in real-time over Discord and GitHub.
- Team remains available for two-weeks after report is published
