Audits in the web3 space are notoriously costly, making them inaccessible for many dapps. At the same time, they are highly coveted, as dapp users tend to gravitate toward using audited dapps.
During the last governance call (September 13, 2023), we began exploring solutions to address this problem. The possibility of an auditing DAO came up, as well as what an auditing DAO would entail.
The purpose of this topic is to foster community brainstorming on how to tackle this problem.
In addition to the above, there’s another exciting development on the horizon. The Phi Labs/Archway team is in discussions to partner with a renowned auditing company as part of the Grant program. This collaboration aims to provide mature dapps with an opportunity to get their code audited.
This initiative by Phi Labs/Archway could serve as a bridge solution, ensuring that while the community explores and possibly sets up an auditing DAO, mature dapps still have a pathway to gain the trust of users through professional audits.
This is a promising initiative that has the potential to improve the security and accessibility of dApps in the Archway space. An auditing DAO might be a great way to help the ecosystem grow exponentially, but a few aspects should be considered.
Membership and Governance Structure: Determine how the auditing DAO will be governed. What decision-making processes will be in place?
Auditor Selection: Decide how auditors will be selected or onboarded. This might involve a vetting process, evaluating their track record, or open applications. Maintaining a pool of trusted auditors is vital. Among the
Audit Prioritization: Develop a system for prioritizing which dApps receive audits. This could involve factors like user base, transaction volume, or security concerns.
Awareness and Social Engagement: Consider including a promotional component to the DAO’s activities, this could be worked together with the Marketing DAO. Many developers and users may find this initiative highly valuable which could lure more users into getting involved with the ecosystem, so raising awareness might be positive.
Long-Term Sustainability: Plan for the long-term sustainability of the DAO. It should not rely solely on initial funding but rather establish a model that can support itself over time. On this aspect, the Dapp Treasury might be somehow involved.
Feedback Mechanisms: Create mechanisms for gathering feedback from the community, including dApp developers and users. Their input can help refine the auditing process and address evolving needs.
The main barrier with audits is their high price tag. If a DAO is an approach, it needs to focus on subsidizing audits for promising projects that commit to open-sourcing their contracts. The committee process would vote on which projects receive subsidized audits based on criteria like use case uniqueness, community impact, endorsement by trusted technical evaluators, etc.
The network (Phi Labs/Archway) could maintain a list of reputable firms that offer discounted rates. Projects would be selected from this list for their subsidized audit. The key benefit is unlocking access to audits for more projects through a cost subsidy. In return, we strengthen the open-source commons. Integrating the subsidy into the Grants program as a joint community and Foundation effort also makes sense.
Note: As it also seems that other DAOs are being formed to tackle different network issues it would also probably be advised that common guidelines are set for ALL network governance DAOs.