OpShin Audit

[GENERAL] Name and surname of main applicant

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

The auditor will execute a meticulous audit of the OpShin language to ensure comprehensive coverage of edge cases and optimization of efficiency.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

No dependencies.

[GENERAL] Will your project’s output/s be fully open source?

[GENERAL] Please provide here more information on the open source status of your project outputs

The OpShin project is already open source under MIT license, and our audit report will be publicly available. We intend to complement this by providing additional documentation to support the auditing process.

[SOLUTION] Please describe your proposed solution

Our proposed solution entails a comprehensive audit of the OpShin language for smart contract development. Recognizing the imperative to address edge cases and optimize efficiency, the auditor will meticulously scrutinize the language's codebase. This approach is pivotal in enhancing the reliability and security of smart contracts, thus safeguarding user assets within the Cardano ecosystem.

Our project engages developers and auditors experienced in smart contract development. By providing detailed documentation, we aim to facilitate the auditing process, ensuring thorough coverage of edge cases.

What distinguishes our solution is its emphasis on transparency and collaboration, facilitated by the open-source nature of OpShin. This solution will benefit developers, elevating the quality of smart contracts written in OpShin and reinforcing Cardano's standing as a secure and trustworthy blockchain platform.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

1. Our project's success will notably bolster the Cardano community by fortifying the reliability and security of smart contracts built on the OpShin language.
2. Quantitatively, we'll gauge impact through a detailed audit report, tracking the decrease in reported vulnerabilities. This report, covering vulnerabilities from critical to informational, will provide a tangible measure of improvement.
3. Furthermore, we'll disseminate project outcomes widely. Public reports will articulate audit findings, offering insights into enhancing smart contract robustness.
4. Concurrently, we'll compile best practices for OpShin, equipping developers with valuable guidance.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The audit team comprises highly skilled developers who have made significant contributions to various community projects, including Lucid, Agora, and Liqwid-Plutarch-Extra.

They have extensive experience in developing and publishing end-to-end DApps, including production projects such as Discovery (SundaeSwap Liquidity BootStrapping Mechanism).

The team has audited numerous protocols, including MinSwap, Genius Yield, Optim Finance, Wanchain, Lenfi, Encoins, FluidTokens, Spectrum Finance, and Atrium Labs.

In addition to project involvement, the team has been actively engaged in the developer experience domain. They have participated in educational panels focused on DApp Security Practices and Design Patterns, and team members have served as co-chairs of the IOHK developer experience working group.

Furthermore, their collaboration with Emurgo Academy has been instrumental in educating aspiring developers, with the team playing an essential role in this endeavor. They have also recognized and recruited a number of exceptional talents from these courses.

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

Project Kickoff and Planning:

• Milestone Outputs: Defined project scope, objectives, and timeline. Established communication channels and project management tools.
• Acceptance Criteria: Approval of project plan by project stakeholders.
• Evidence of Milestone Completion: Signed project plan document by all stakeholders.

OpShin Language Analysis:

• Milestone Outputs: Detailed analysis report identifying vulnerabilities and areas for improvement in OpShin language codebase.
• Acceptance Criteria: Completion of comprehensive code analysis with documented findings.
• Evidence of Milestone Completion: Submission of OpShin language analysis by the auditing team.

Edge Case Identification:

• Milestone Outputs: Documented list of edge cases relevant to OpShin smart contract development. Strategies developed for resolving identified cases.
• Acceptance Criteria: Identification and documentation of all relevant edge cases.
• Evidence of Milestone Completion: Submission of resolution strategies by the auditing team.

Draft Audit Report Preparation:

• Milestone Outputs: Comprehensive audit report detailing identified vulnerabilities, recommended fixes, and best practices for OpShin development.
• Acceptance Criteria: Completion of audit report with all findings documented and recommendations provided.
• Evidence of Milestone Completion: Submission of draft audit report by the auditing team.

Feedback Integration and Finalization:

• Milestone Outputs: Finalized audit report incorporating stakeholder feedback and peer review comments.
• Acceptance Criteria: Incorporation of all relevant feedback and completion of final audit report.
• Evidence of Milestone Completion: Submission of finalized audit report with evidence of stakeholder feedback integration by the auditing team.

Public Dissemination:

• Milestone Outputs: Public dissemination of the finalized audit report, including presentation of findings and recommendations to the Cardano community.
• Acceptance Criteria: Successful dissemination of the audit report through appropriate channels, such as publication on relevant platforms and presentation at community events.
• Evidence of Milestone Completion: Documentation of the audit report publication and evidence of presentation or communication of findings to the Cardano community.

[RESOURCES] Who is in the project team and what are their roles?

Team Anastasia Labs

Philip DiSarro, Compiler & Programming Language Research, https://twitter.com/phil_uplc

Philip has an MS in Compiler Development & Programming Language Theory. He was the lead smart contract architect of many features on WingRiders DEX. Philip has also made significant contributions to the Cardano developer ecosystem. As a co-chair of the IOHK developer experience working group he worked to identify and resolve pain points that DApp developers experience in Cardano, and had an integral role in getting Lucid & Plutus Simple Model included in the Plutus Pioneer Program. He has a vast wealth of experience in smart contract security and auditing on Cardano. 

Philip is CEO and founder of Anastasia Labs and a senior Haskell developer on the XSY team, a consultant and lecturer for Emurgo.

Philip is responsible for introducing the new utility and convenience functions to Lucid and for assisting with general maintenance. Additionally, he will help create documentation for new features.

Jonathan Rodriguez, Functional Programming & TypeScript SDKs, https://twitter.com/solidsnakedev

Jonathan is a highly skilled smart contract developer specializing in Cardano, a blockchain technology that he is deeply passionate about.

His passion in smart contract development drives him to constantly polish his technical knowledge. In the pursuit of that knowledge he obtained the following certifications: Cardano Solution Architect, Cardano Developer Professional, and Associate Certificate.

With an extensive background in Haskell development, which is a critical language for Cardano, he possesses a thorough understanding of functional programming concepts.

His expertise extends to various aspects of the Cardano ecosystem, including the Cardano Toolchain, Transaction Structure, Plutus Smart Contracts, Native Tokens, DApp Connector, and other essential components. 

Jonathan is well-versed in conducting use case analysis and tokenomics, as well as interfacing with decentralized storage, server APIs, and integrating databases.

He is knowledgeable in establishing robust CI/CD (Continuous Integration/Continuous Deployment) flows and integrating them into development processes. Additionally, he is skilled in conducting thorough unit testing to ensure the reliability and security of his smart contract solutions.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

Top Tier Audit Team:

• Conduct audit and provide certified public report
• Approximate cost: 150,000 ADA

In-house or External Development Team:

• Resolve issues and work on remedies as prescribed by the audit team
• Approximate cost: 50,000 ADA

Total Estimated Cost: 200,000 ADA

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The costs outlined for the audit project represent a significant investment in ensuring the reliability and security of smart contracts written in Opshin. While the figures may appear high, they are justified by the expertise and thoroughness required for the audit process.

The top-tier audit team's cost reflects the specialized skills and experience necessary for conducting a comprehensive audit of the OpShin language. This rate is competitive within the industry and ensures that the audit is carried out by senior professionals who can identify and address potential vulnerabilities effectively.