[AlphaGrowth] Building processes between vendors

General goal: Build processes that speed up feature delivery and keep up with market demand.
Short-term goal: Ship features by ETH Denver event.
Challenge: Blockers which cause delays in the delivery of features.

Solution:

  • Align service providers schedules.
  • Build a framework where each party knows its priorities, tasks, and other vendor timelines and requirements.

Align service providers schedules

Here is a schedule we gathered along with AlphaGrowth. We request and encourage other vendors like Gauntlet and OpenZeppelin to help fill the gaps.

Initiative Risk
Org.
Risk
# Days
Left
Risk
Due Date
WOOF
Devs
# Days
Code
Due Date
Audit
Org.
Audit
# Days
Left
Audit
Due Date
Voting Starts
(8 Days)
Live on Chain Due Date
FBTC GA Done Done Done 1/22/25 OZ Done Done Feb 12th Feb 18th
tBTC GA Done Done 5 1/26/25 OZ Done Done Feb 12th Feb 18th
Linea GA Done Done Done 1/29/24 ? 15 2/15 Feb 16th Feb 24th
Uni-
Chain
? 15 2/15 7 2/7/25 ? 15 2/15 Feb 16th Feb 24th
Ronin CR Done Done 14 2/7/25 ? 15 2/15 Feb 16th Feb 24th
wBTC Market Mainnet GA Done Done 7 1/29/25 OZ 15 2/15 Feb 12th Feb 18th
Sonic ? 15 2/15 8 2/18/25 ? 31 3/1 Mar 1st Mar 8th
Rewards v2 NA NA NA Done 11/27/24 ? 17 2/17 Feb 18th Feb 26th
Migrator v2 ? 31 2/2 15 2/15 ? 31 2/29 Mar 1st Mar 8th
wSuperOETHB GA Done Done Done 1/29 ? 24 2/24 Feb 25th Mar 4th
Frontend Pentest NA NA NA Done 1/23/25 OZ 10 2/10 NA NA

Org. Key: OpenZeppelin (OZ), Gauntlet (GA), ChainRisk (CR), WOOF! (WF), Unknown (?)

Build a framework

Each vendor should share the requirements they need to deliver specific solutions (like adding a new market, chain, or collateral). For example, OpenZeppelin requires a questionnaire to start estimating an audit of the new market.

Thus, every party will be able to rely on others to comply with their requirements and processes.

2 Likes

Speed is needed. I like the timelines

Not the biggest fan of ChainRisk managing a deployment or Comet since 1. they are unproven 2. they arent even getting paid by the DAO and 3. we already have Gauntlet on board.

Seems odd to include them here without them even going through with a Gov Vote on their Trial Program.

They are also super long winded, too much text in their proposals. Read Gauntlet’s and get 10x the info faster than reading 1000 lines of info of ChainRisk saying the same thing.

I mean Gauntlet has the experience and can be succinct while ChainRisk tries to prove itself. Just, I mean, we have seen multi risk manager models fail in the past. Why do you want to do it again? How will that speed up governance? It will definitely slow it down in the case of a conflict

Just my opinionn. Trying to stay positive / neutral in my framing so I dont get banned or temporarily suspended again

3 Likes

Oh, also wanted to task why there are questionn marks in the Audit section, shouldnt that be Open Zepplin?

1 Like

Attn: @jbass-oz

Could we please get timeline information for these audits?

Regarding the table:

  • At the time of this post, we had only estimated to provide the pentest results by 2025-02-10. We’ll likely deliver it earlier.
  • With the exception of the pentest estimated delivery date, all other “audit due dates” were arbitrarily determined without input from OpenZeppelin.
  • Many of the scopes in this list are still in progress and are not available for OpenZeppelin to estimate or schedule.

Regarding timeilne request:

@Kyle Please find the requested status and schedule estimates on Compound’s Github.

Hi, I am Shelly, Co-founder and CTO of Certora. Our process is straightforward. You can reach out via any communication channel and ask us for an effort estimation (including sharing the code when private). Within 24 hours, we will review the scope and come back with a proposal for an audit or formal verification project. We are usually able to start new projects within a week.

For example, with RewardsV2, we reviewed the code and know we can complete an audit in 1 week. If formal verification is requested, we will need an additional half week, totaling to 1.5 weeks. We are available to start on Monday.

For potential projects like Migrator V2 and wSuperOETHB, we will need to review the code and come back with an effort estimation. Feel free to reach out to us on telegram (@sofiviss) to initiate this process.

2 Likes

Are you offering to help OZ? I dont understand, isnt OpenZeppelin the security team for the DAO?

We are proposing to help OZ in order to meet all of Compound’s deadlines. We have worked with the Compound DAO in the past and are familiar with the code.

Hi @dmitriywoofsoftware - this is Chris here from Sherlock. I saw the discussion around audits, and I wanted to jump in because this is exactly where Sherlock excels.

We operate a hybrid security model that eliminates bottlenecks entirely. We have a core team of dedicated professional security researchers available for traditional audits, but what truly sets us apart is our platform of 10,000 vetted security professionals—ready to be deployed at any time. This gives us an unmatched ability to scale up instantly, ensuring that projects get the attention they need without delays.

Even better, our ELO-style leaderboard and deep auditor database allow us to assign exactly the right person for each task based on proven skill and past performance. Whether it’s a deep-dive audit, targeted security review, or a rapid assessment, we can spin up the ideal team in real time. Our modular, flexible approach means you never have to worry about slow turnaround times or limited capacity.

We would love to connect and explore how Sherlock can help!