Summary
Request for a security budget of $500.000. The scope covers an audit and formal verification by Certora for the EVM and Solana codebase.
Motivation
Instadapp and now Fluid have always maintained the highest security standards on the market. Instadapp has never lost a single dollar of user funds in 7 years via a smart contract vulnerability, nor has it ever had a security vulnerability. Similarly, Fluid has been live for almost 2 years with no incidents. Overall, all of our protocols combined have been thoroughly audited more than 20 times. Fluid alone (on EVM+SVM) has 12+ audits, and more audits are in progress.
To maintain our highest standards, we want to carry out another set of audits for the whole codebase (including for the upcoming DEX v2 on EVM and Solana), as well as formal verification on both EVM and Solana.
Specification
Deliverables:
β A Formal Verification Report including formally verified properties, violations, proposed mitigations, and overall security recommendations;
β Specification files of formally verified properties that can be integrated into the CI processes;
β An Audit Report including all identified vulnerabilities.
Scope:
β Solanaβs Liquidity Layer, Lending & Vault;
β EVM Liquidity Layer, Lending & Vault;
β EVM Dex & Oracle Verification;
β Solana Dex Verification.
Next Steps
Escalate this proposal to the on-chain IGP and withdraw 500.000 $GHO from the treasury to cover the costs for the extensive security coverage.