TIP-8 - Codebase Audit by OpenZeppelin

Authors

@lewi, @eqparenthesis

Summary

The ESD protocol has had a number of governance changes since the last audit. A new audit is proposed to ensure the continued safety and stability of the protocol.

This audit will be carried out by OpenZeppelin and aims to be finalised by the middle of February.

Value Proposition

• ESD has been slowly changing over the past months as new governance proposals are implemented. Another audit will reaffirm the Certik audit finding and cover changes made via governance since then.
• ESD benefits from having continued audits as the protocol grows and progresses

Timeline

• January (Late) - The audit will begin.
• February (Mid) - The audit will be completed and sent privately to the ESS team to review and implement any required changes.
• February (Mid-Late) - The audit will be published on the ESD GitHub once any required changes have been implemented

Funding Request

65,000 USDC to be sent to OpenZeppelin’s address ( 0x43Be2Bf0a854F03D2368bAF040901D6D9da6D586 ) immediately after the vote passes.

I strongly support this proposal. I can’t think of a better use of funds generally than improving security of the protocol, and OpenZeppelin is one of–if not the–best smart contract security companies out there.

An audit is a no-brainer for us, and OpenZeppelin is among the best. Strong support for this proposal.

Agree to everything above. I don’t think anyone will have a problem with it.

Ideally this should be done with every single code change. Although the one line code changes don’t warrant the price, maybe OZ has a discounted rate for maintenance type audits.