Why do we need code auditors?#

Our platform is built as a permissionless open-source project and can be used by anyone. That’s why end-user security is one of our topmost priorities.

Any developer can join our community as a code auditor. This is a highly respected expert-level role in the ecosystem. An Auditor’s job is to check dapplets and adapters for any malicious functionality and ensure overall code quality. The audit workflow is formalized as a set of verification tasks and auditing questions, which makes the job feasible for any skilled developer.

Since all complex and low-level work is done by adapters, developers can keep dapplet code clean and simple. A basic dapplet usually contains around 100 lines of code. This makes its audit much easier and more reliable for the end-user.

How to become an auditor?#

Even though the platform is an open community and any user can check a dapplet’s code, Auditors perform a very important role. They guarantee that the dapplet does not perform any malicious activities and bet their professional reputation as well as their Auditors Stake on that fact.

If the audit is performed correctly, and the final conclusion is in line with reality, then the Auditors Stake stays untouched. In fact, if that is the case, the Auditor receives additional rewards from the dapplets capitalization growth.

However, if the audit is not performed correctly and the final conclusion does not correspond with reality, then another Auditor can refute the faulty conclusion and give their own correct one, thereby placing their stake to ensure their credibility.

If an Auditor’s conclusion is refuted, their stake is partially burned and partially received by the Auditor who provided the correct conclusion.

This means that:

  • Any auditor can conduct an audit of a dapplet that hasn’t been audited before, and confirm this using their Auditors Stake.
  • The community is financially motivated to refute and challenge audits and claim a part of the previous Auditors Stake.
  • The person that refutes an audit becomes the new Auditor, they confirm this with their stake and their auditing conclusion becomes visible to the users.
  • An audit consists of various questions. The community confirms the list of auditing questions. The Auditor must answer all of them.
  • If the community changes the list of auditing questions, the Auditor must re-audit the dapplet and answer the questions that are added or changed.
  • The Auditors Stake is burned proportionally with the number of questions that were answered wrong.
  • The size of the Auditors Stake can be fixed or may vary depending on the Dapplets DAO vote.

The Auditor’s reward#

  1. The Auditor's reward is created in a separate auditors' pool, which is filled from different sources and by various actors.
  2. For example the Owner and Listers may fill the pool, because they are interested to get the Dapplet audited. Stakes of refuted audits may fill the pool as well. More donors may join later on - the auditors pool is generally permissionless.
  3. The dapplet Owner can conduct the first audit themselves and receive the reward from the auditors' pool. If their audit is correct and is not refuted, then the commissions from the pool will go to the Owner of the dapplet.