It’s been over a month since I posted the original request for auditors. Since then, we’ve received several comprehensive proposals from top-tier smart contract auditors. Candidly, I thought there would be some interest to audit Compound protocol, but I didn’t expect we’d get as many proposals as we did. It’s spectacular to see so many vendors vying for Compound’s business. If you’re looking for what a B2DAO process looks like, this is it.
As mentioned in an earlier post from this thread, Compound protocol does not have a clean and efficient process for evaluating several vendors. As a result, tokenholders and vendors aren’t sure what happens next. This is problematic for both parties: Compound needs an auditor as soon as possible, and the audit firms have a business to run and need to assign resources to their customers ahead of time. In short, we need a process for picking the vendor of choice.
I spoke to several community members about this, and folks suggested a quick and easy process. In a nutshell, we’d be using the community multisig to run a simple process. The community multisig would first whitelist each vendor to make a proposal. After that, tokenholders would vote on their favorite proposal. The proposal with the most “For” votes wins. To prevent more than one proposal from winning, the community multisig would then cancel the losing proposals after the vote is completed.
I’m including a more detailed version of the process below.
Audit Selection Process
- Reverie to create a form for vendors to submit their Ethereum address - 12/7
- Reverie to confirm the address belongs to the vendor through a video call - 12/8
- Reverie to share addresses with the community multisig - 12/8
- Community multisig to whitelist the address for each vendor - 12/9
- After being whitelisted, each vendor will submit their proposal for an on-chain vote - 12/13
- Tokenholders vote for their favorite proposal after a two-day review period - 12/15-12/17
- Winning proposal is queued for execution in the timelock; losing proposals are cancelled by the community multisig - 12/17
Since Reverie (the company I started with Derek Hsue) initiated the audit search process as part of this thread, we propose that we also complete the vendor selection process on behalf of Compound protocol. It took considerable time for us to reach out to the audit firms, explain Compound’s needs to them, encourage them to submit proposals, and to walk them through the process. We would appreciate a $75k COMP grant for the work we’ve done here.