Auditing is the key control and supervision tool for companies and their activity. In the case of the crypto industry, the search for errors and/or fraud in the codes of the protocols and smart contracts, and also the evaluation of the project development team, is essential for transparency and security for the massive adoption of decentralized applications (DApps).
The problem is that we have seen Enron, WorldCom, Tyco and countless other cases, where auditors issue fraudulent reports to keep the client happy, or mislead authorities and the general public, and continue to earn audit and consulting fees.
In the crypto industry there are startups that are emerging and auditing smart contracts, but they do not have a proven reputation.
The average user or investor does not have the technical experience to audit projects, so this team has detected the need. It has been proposed to create a new audit paradigm, bringing decentralization to technical control, and for this it undertook SCAT DAO, (Smart Contract Audit Token Decentralized Autonomous Organization).
The team believes there is a need for smart contract auditing standards, developed and consistently applied by decentralized organizations that maintain independence, can apply a clear rating to the DApp, and inform the public about their analysis results.
All this carried out through a decentralized DAO, which will have audit projects chosen by the community, and fully financed through its treasury, to avoid the conflict of interest that arises when paying an auditor for their service.
The team bases its project on the independence of the auditors, but also intends to extend the application of the tool, since basic audits cost between USD 5,000 and USD 10,000, and complex audits up to USD 100,000, relegating the work only to large projects, being this high cost a barrier to entry.
The idea is that the audits are funded by the DAO treasury.
If Cardano is a public and permissionless blockchain, it needs to have a certain analysis infrastructure that allows anyone to build their vision, regardless of their capital, and that allows access to an analysis of their product, which is publicly accessible to the community, giving thus greater transparency and quality to the entire ecosystem.
How It Works
Since smart contracts written on Plutus are just getting started, there aren’t many well-established auditing practices for them, and there aren’t many people with the skill set to audit them. The DAO plans to grow and add more talented people with experience.
The token holders will be part of the governance of the DAO, and they will be the ones who will choose the projects to be audited by voting, within a time frame, with a format similar to that of Project Catalyst.
They will also choose the audit method, whether it is hiring an experienced third party or sponsoring the ‘Bug Exterminator’ program (explained below).
You participate in governance by holding the AUDIT token, with no minimum to vote. The projects that receive the most votes from the community will be audited, counting 1 audit = 1 vote.
The team will develop the audit methodology that will be used to evaluate smart contracts, and organize the development team responsible for creating the DApp, with the goal of making it the industry standard.
Once created, training material will be developed and published. This audit process is not meant to be immutable, being possible to propose best practices, voted by the community to be implemented.
Applicants will be selected upon successful completion of the training materials with a passing score, receive certification, and be added to the Qualified Candidates list. Background, employment history, knowledge of Haskell/Plutus, completion of Plutus Pioneers or similar programs will then be considered. If approved they will be added to the Active Available Auditors list, and will be officially available to perform audits on behalf of SCAT DAO.
There will be no limit to the number of Active Available Auditors (AAA). As auditors successfully complete audits and demonstrate their competence and reliability, they will move up the ranks and have different roles, responsibilities, and compensation depending on their rank.
Each audit project selected by the community will be randomly assigned three auditors from the AAA list, without knowing each other, to avoid collusion. Two auditors will independently perform the entire work, and upload their results to the repository. The third person will perform an Audit Quality Review (AQR), who will assess whether both have reached the same conclusions.
If the work done by the auditors does not match according to the AQR, the auditors will be notified to go through the process again, until they can achieve matching results.
Auditors will be upgraded if their work was free of errors. If the AQR determines that there were errors in the work that would alter the reasonable opinion, it is demoted, Pawn 1 being the lowest rented rank. The categories will be Pawn (0-2), Knight (3-4), King and Queen (AQR).
Initially, the SCAT DAO team will perform AQRs, until Auditors with the rank of Queen are available.
After someone has successfully completed 10 audits, they will become a King, which has all the responsibilities of a Queen, including judging applicants. The King will be returned to Pawn 0, if admissions of Auditors without proper skills or rejected despite being qualified are discovered, and with a second offense will result in a permanent ban.
Auditors who perform audits will receive compensation according to their category, as described below:
You can see the process flowchart
Bug Exterminator
In addition, the team will launch a bug bounty program, called Bug Exterminator.
Anyone can be a Bug Exterminator, they just need to fill out a registration form, with a username, being able to remain anonymous.
The number of audits or rewards will always be based on how many funds are in the treasury. The value of each reward has yet to be determined, calculated using the following function:
[1] Reserves would be a level that the treasury plans to maintain for any unforeseen expenses that may arise
DYOR Tool
The team has created the DYOR Tool (Do Your Own Research), which evaluates the project holistically, but without analyzing the computer code, looking at the development team, Tokenomics, the community and business metrics.
The tool is available online for free to learn how to conduct research and share reports.
The DYOR Tool guides the user through 27 different assessment points, explaining the importance of each point, with clear steps to take to perform the assessment, calculating the score on a standardized basis, and generating a shareable report.
The idea is to obtain reports agreed upon by the community, maintaining the same evaluation standards, being a starting point but not a final version, admitting suggestions for improvement through a form.
SCAT DAO Funding
Initial funding was USD35,000 through Project Catalyst’s FUND5 , receiving full funding.
SCAT DAO will never accept money from any DApp to audit their projects, the funding will be generated initially with investments in DEXs. This will fulfill the need to generate income for trading while creating enough liquidity for people who want to trade the AUDIT token, and thus the token will not experience as much price volatility.
The liquidity will be half AUDIT and half ADA, to create the trading pair, therefore a sale to the public will be necessary to generate income in ADA.
More information at How is it Funded.
Currently, the team operates the AUDIT stakepool for an ISPO, then manage a new stakepool with three goals: support Cardano decentralization, create an additional source of revenue, and distribute AUDIT tokens.
The team reported that the stakepool will be owned by SCAT DAO, and will be operated by the DAO, not the development team, and all revenue generated will go directly to the treasury to fund audits.
The Roadmap
Tokenomics
A finite total of 1,000,000,000 AUDIT tokens have been minted (without issuance or burning). The team chose that amount because it will allow for a lower price for each unit, so the average investor will be able to buy it to participate in the DAO.
15% of the tokens will be distributed through an ISPO. More information in Smart Contract Audit Token ISPO Overview.
10% of the token supply is allocated to treasury, which will be used to provide liquidity to DEX and for its financing.
To encourage as much participation as possible, the team plans to airdrop 5% of the total supply, to the entire community, Discord members, and moderators, regardless of which stakepool they delegate to.
1% of the total supply will be sold in a public pre-sale to raise funds for the first version of the platform.
The team has been allocated 13.5% of the total offering, which will be awarded over a 3-year period, with the exception of ADAO (part of the team), who will receive their allocation in the initial DEX offering to keep in his treasury.
The Team
Eric Helms is the founder. The website reads he is a Certified Public Accountant who has spent the last 10 years working in Corporate Audit from both the public and private side. He is currently a Community Advisor for Project Catalyst.
ADAO is part of the team to develop the smart contracts that will be used to govern SCAT DAO and manage its treasury. ADAO is a “service DAO” dedicated to providing public goods that would be useful for all stakeholders of the Cardano network who are interested in using decentralized toolsets.
You can see all the members here.
