diff --git a/lelantusaudit.md b/lelantusaudit.md new file mode 100644 index 0000000..973020c --- /dev/null +++ b/lelantusaudit.md @@ -0,0 +1,36 @@ +--- +layout: fr +title: Lelantus Code Audit +author: Zcoin Core Team +date: May 18, 2020 +amount: 14800 +milestones: + - name: Commencement + funds: 7400 + done: + status: unfinished + - name: Completion + funds: 7400 + done: + status: unfinished +payouts: + - date: + amount: + - date: + amount: +--- +An important component of ensuring Zcoin's code is safe are third party code audits. We are seeking funds for a code audit of Lelantus cryptography and implementation. + +While the core team has renewed development funding post halving, this comes into effect only in September and even then assuming similar market conditions, would have a significant impact on the Core Team's reserve funds that are used to tide over challenging market conditions. + +From our discussions with various code audit companies (for e.g. [Trail of Bits](https://www.trailofbits.com/), [SmartDEC](https://smartdec.com/)), a reasonably comprehensive review of the Lelantus cryptographic library and the wallet implementation code will cost around USD64,000. We will update this proposal from time to time to reflect the actual cost. + +We believe this cost is worth it given how critical Lelantus is to Zcoin and the potential impacts of a vulnerability in Lelantus. + +A smaller scope that just covers the implementation without going into the cryptography would be quite a bit cheaper but if the budget permits, it makes more sense to have a reasonable coverage of both. + +We hope to begin audit in July and the code review is espected to take about 2-4 weeks after which we will take another few weeks to incorporate the fixes as recommended by the audit. The results of the audit will be made public. + +Should the code audit be cheaper than anticipated, the balance will be kept for future code audits which may be required as we will be implementing Lelantus Direct Anonymous Payments after the initial deployment of Lelantus and/or our [code bounty program](https://zcoin.io/zcoin-vulnerability-bounty-program/). + +Should the core team have excess funds we will also contribute towards this proposal and disclose these amounts.