Summary: Decurity proposes to conduct a comprehensive audit for Compound with funding covered through the Optimism grant program. As a trusted security auditor on Optimism’s list, Decurity believes this initiative will greatly enhance the security of Compound and further benefit the ecosystem. The audit will involve multiple senior researchers to ensure thoroughness and minimize risks of missing critical issues. In addition, we will grant free access to our real-time threat detection system, which already monitors Compound contracts.
Decurity is a trusted security auditor for Optimism, and we’ve previously conducted an audit for Compound through a grant from their current security auditor - OpenZeppelin. Additionally, we are already monitoring Compound contracts using our on-chain monitoring tool and will grant free access to this system as part of the audit process.
Proposed Solution: Decurity will apply to the Optimism grant program on behalf of Compound to fund the audit. If the judges approve the application, Optimism will cover the audit cost. Our approach involves using multiple auditors to ensure a comprehensive review and reduce the chances of missing critical security vulnerabilities. After the audit, we offer a free retest once all issues identified are fixed by Compound team. Furthermore, we will provide Compound with free access to our real-time threat detection system during and after the audit.
Goals and Key Results:
- Conduct a comprehensive audit of Compound.
- Identify and mitigate any potential security risks.
- Offer a free retest after all issues are addressed.
- Ensure that the audit is fully funded through Optimism’s grant program.
- Provide free access to our real-time threat detection system for continuous monitoring.
Action Plan:
- Apply for the grant through Optimism’s grant program.
- Perform the audit with a team of 4 senior researchers.
- Provide the audit report with findings and mitigation recommendations.
- Offer a free retest once the issues are fixed by Compound.
- Grant Compound free access to our real-time threat detection system during and after the audit.
Budget:
- Our standard rate is $25,000 per team week (4 senior researchers), which includes the entire audit process.
- The total estimated cost will depend on the scope and complexity of the audit, but we will ensure the grant will cover this expense.
Benefits:
- Free audit for Compound if the grant covers the expenses, which will increase security and mitigate risks.
- Decurity has a proven track record of successful audits, with no reported hacks after our assessments.
- Increased trust in Compound’s security, which benefits both the protocol and its users.
- Free access to our real-time threat detection system, which already monitors Compound contracts, providing continuous security oversight.
Risks and Mitigation:
- There are no significant risks as we carefully estimate the scope and allocate adequate time for thorough audits.
- Any delays or issues in the process will be mitigated by our extensive experience in auditing, ensuring the project stays on track.
Evidence/Examples: Our public portfolio (1inch, Yearn, Gearbox, Zircuit, Ether Fi, Symbiosis, p2p, etc) can be found here: Decurity GitHub Portfolio. We have previously conducted audits for Compound via grants from their current security auditor, and we have a strong track record of successful outcomes. Additionally, we already monitor Compound contracts using our on-chain tool, which has a proven track record of detecting threats in real-time.