TripHut: DAO Open Source Code Audit & Bug Bounty

[GENERAL] Name and surname of main applicant

[GENERAL] Email address of main applicant

Additional applicants

Alwayne White - Chief Creative Officer

Randy Burrell - Chief Technical Officer

Gashwayne Hudson - Head of Art

David Harris - Head of Operations

Richard Burnett - Head of Community

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

It's best practice to have third parties audit and review code for intended function and bugs, hence the dependency on agents external to Yaad Labs, TripHut & those involved in writing the initial contract. This process is essential to the projects delivery, as we need to ensure the contract is safe for end users and those that wish to reference or use the code for their own DAO's.

[GENERAL] Will your project’s output/s be fully open source?

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Project will be fully open source.

[METADATA] Category of proposal

[IMPACT] Please describe your proposed solution.

There are great examples of DAO's and DAO's-as-a-service in the Cardano ecosystem but not everything is open source (understandably so); and not everyone wants a cookie-cutter solution, as they may want or need more flexibility, as well as a greater sense of control. Our code, when audited, would provide a reasonably safe alternative for developers and project owners to leverage for their own DAO's, without having to commit the same amount of time and dollar expenditure as we have. This would reduce new entrant friction and allow for projects to ship faster, cheaper, safer & with more directional flexibility. It would also help compound ecosystem growth, as developers would have the bandwidth to tackle other problems facing DAOs on Cardano.

Additionally, our smart contract system is unique, as it spins up an upgradeable DAO responsive to more than one policy IDs, with:

A configuration NFT minter

A configuration validator

A vote minter

A vote validator

A treasury contract

A tally NFT minter

A tally validator

A specific proposal contract

A general purpose disbursement proposal

A upgrade proposal type

We see more audited open source smart contract code as a win for the ecosystem and believe its the best approach to help developers and project owners with the heavy lifting associated with running a DAO. The impact for which can be measured by the code's efficacy and usage. It would also be keen to note, that our intention is to use the code ourselves to start a travel club (TripHut) - one for which relies on this code and stands a really good chance of onboarding "real world users".

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

As is the desire of the challenge, Cardano can become the go-to-choice for builders if it has both the successful reference points, as well as the open source code and tooling needed to attract them. Our project will provide both (TripHut & its audited open source code). And as previously stated, more audited open source DAO contracts on Cardano can only benefit the ecosystem, as it provides a reasonably safe alternative for developers and project owners to leverage without having to commit the same amount of time and dollar expenditure.

For our own project (TripHut), we believe we can get to 1000 users at launch (in the short term) and grow towards hundreds of thousands, possibly a million users over the long term (7 years + operating). But importantly too, we strengthen the eco system with more audited open sourced alternatives to building DAO's on Cardano.

That is "Number of DAO toolset/frameworks available for DAO Ops (>1)".

[IMPACT] How do you intend to measure the success of your project?

We intend to measure the success of our project (TripHut) by how many users we attract and the success of this proposal by how many developers use our code.

We believe our aim of 1000 users in the short term is realistic based on the amount of interest we see present projects attract on Cardano; and we believe our long term goal of 1 million users is also achievable based on what we've seen in the "real world equivalent" of what we are tying to build - which is a Travel Club.

And again, as previously stated, audited open source code improves the productivity of the ecosystem which is also a good qualitative measure for the projects success.

[IMPACT] Please describe your plans to share the outputs and results of your project?

The code and any updates to same can be found on Yaad Labs' Github. Outputs, including the auditors report and findings ascertained from the bug bounty will also be shared through Catalyst's reporting mechanisms - which rests in the public domain. We expect the audit to take three weeks and are also intent on running the bug bounty for another three weeks. To account for any mishaps, we are budgeting a total of 12 weeks to complete the project instead of 6.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

We have very experienced developers working on the project - Randy Burrell & Jonathan Fischoff of Cannonical. We've already completed the code which anyone can reference in the links we included as part of this proposal; and the third parties we intend to use are also recognized and capable - M Labs, Vacuum Labs & the wider Cardano Dev community.

The community can also reference the delivery of our last proposal "Driving Adoption via Travel D'Apps". This proposal is actually the natural follow up to our last submission.

In terms of steps:

Step 1 - First set of funds will be released immediately to vendor

Step 2 - Second set of funds will be released on completion of audit

Step 3 - Third set of funds will be put up for a bug bounty

Step 4 - Only after having completed steps 1-3 will any funds be released to the team

It would be keen to note that a part from the first tranche, catalyst doesn't release funds unless specific milestones are met, which should help alleviate concerns over mismanagement of ADA.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

The two main goals are as follows:

To complete the code audit within 6 weeks of the first disbursement - evidenced by a third party report

To complete the bounty within 6 weeks of the completed audit - evidenced by findings & bounty distributions

Between these two activities, we will know if our approach is both feasible and safe.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Milestone 1 - Code Audit

Tasks: Vendor Selection, Agreement, "Code Handover", Review, Adjustments if needed, Review & Report

Timeline: 6 Weeks

Cost: 116,000 ADA

Milestone 2 - Bug Bounty

Tasks: Publicize the bounty, get feedback, review & correct if necessary, disburse based on terms

Timeline: 6 Weeks

Cost: 23,200 ADA

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Our first milestone will produce an auditors report and our second milestone will produce bug fixes. The ultimate outcome being, reliable, production ready, open source DAO code.

All documentation and outputs will be shared publicly. The code will be used for our own project (TripHut) and will be available for other developers use.

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

Budget Breakdown

Audit - 116,000 ADA

Bounty - 23,200 ADA

Miscellaneous - 20,800 ADA

NB. The intention is to pay the auditor the quoted $33,000 USD in the ADA equivalent and to set a bounty of 20% of the auditors fee. The ADA balance quoted in miscellaneous is to cover any fluctuation in the price of ADA at todays price (.28 cents at the time of writing), fees associated with conversion if needed & the administrative & dev cost that comes with updating the code and managing the admin needs of the project.

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

We represent value for money as we strengthen the ecosystem with audited open sourced smart contract code. The code will also be used in the implementation of a DAO called TripHut - a decentralised travel club that sends its members on free or discounted vacations. This is a novel implementation that we believe can attract 1000 users in the short term and as much as a million users over the long term.

The figures quoted are industry standard for the audit given our code base ($33,000 USD), the bounty (20% of the audit amount) and in house admin & dev time for what we expect to be simple-enough fixes (capped at 20,800 ADA).

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.