Tokeo Audit & Source Availability

[GENERAL] Name and surname of main applicant

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

3 stages of security assurances which will include

External Code & Security Audit

• ISO 27001 Compliance
• Source Code Availability
• ISO 27001 Certification

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

This proposal will engage a 3rd party auditor. Right now Tokeo is in discussions (RFP) stage with a number of globally respected organizations, that specialise in the domain.

[GENERAL] Will your project’s output/s be fully open source?

[GENERAL] Please provide here more information on the open source status of your project outputs

All tokeo front end code - specifically code that is responsible for managing wallet keys will be made source available.

[SOLUTION] Please describe your proposed solution

External Code & Security Audit

• Conduct a thorough review of Tokeo's codebase and security protocols to identify vulnerabilities and areas for improvement. In particular provide assurances on the secure handling and storage of wallet keys.

ISO 27001 Compliance

• Engage a global partner for ISO 27001 compliance. The ISO27001 is a global best practices standard for information security management. Achieve compliance certification by Q2 2025.
• This step involves the documentation of security and information handling processes, along with documenting compliance over a period of time (6-months). Certification is then achieved via an external audit. See below for further benefits on the standard.

Source Code Availability

Tokeo's source code for front-end apps will be made available in a GIT Repository, allowing for community review and contribution. This is a crucial step in ensuring the security and transparency of the platform, particularly when handling sensitive information such as wallet keys.

By making the source code available, Tokeo:

• Demonstrates a commitment to openness and transparency
• Allows the community to review and audit the code for security vulnerabilities
• Enables contributors to identify and fix bugs, improving the overall security and stability of the platform
• Fosters a sense of community ownership and responsibility for platform security
• Encourages collaboration and innovation, driving the development of new features and improvements

Refactoring the source code for source-availability involves:

• Organizing and cleaning up the codebase to make it easily accessible and understandable
• Removing any sensitive or proprietary information
• Documenting the code and development processes
• Establishing clear guidelines for community contribution and engagement

By opening up the source code, Tokeo can leverage the collective expertise and resources of the community to ensure the platform's security and integrity, ultimately providing a safer and more reliable experience for users.

ISO 27001 Compliance

Engaging a global partner for ISO 27001 compliance is a crucial step in ensuring the security and integrity of Tokeo's information systems. ISO 27001 is a globally recognized standard for Information Security Management Systems (ISMS) that provides a framework for implementing robust security controls and best practices.

Achieving ISO 27001 certification demonstrates Tokeo's commitment to protecting sensitive information, including wallet keys, and ensures that the company adheres to a rigorous set of security standards. This certification is particularly important in the financial and technology sectors, where security and trust are paramount.

The process of achieving ISO 27001 compliance involves:

• Documenting security and information handling processes
• Implementing security controls and procedures
• Conducting regular internal audits and risk assessments
• Engaging an external auditor to verify compliance
• Achieving certification by Q2 2025

ISO 27001 compliance provides numerous benefits, including:

• Enhanced security posture
• Increased customer trust and confidence
• Improved risk management
• Compliance with regulatory requirements
• Competitive advantage

By achieving ISO 27001 certification, Tokeo demonstrates its dedication to protecting sensitive information and maintaining the highest level of security and integrity.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

This proposal will have a positive impact on the broader Cardano community by enhancing the security and transparency of the Tokeo platform. By conducting a thorough external code and security audit, Tokeo will identify and address any vulnerabilities, providing a safer experience for users and setting a high standard for security within the ecosystem. This will increase confidence in the platform and encourage more users to join the Cardano community.

Achieving ISO 27001 compliance will also demonstrate Tokeo's commitment to protecting sensitive information and maintaining the highest level of security and integrity. This certification will provide numerous benefits, including enhanced security posture, increased customer trust and confidence, improved risk management, compliance with regulatory requirements, and a competitive advantage. This will not only benefit Tokeo but also the broader Cardano community, as it will raise the bar for security and integrity within the ecosystem.

By making the source code available, Tokeo will foster a sense of community ownership and responsibility for platform security. This will encourage collaboration and innovation, driving the development of new features and improvements. The broader Cardano community will benefit from this open and transparent approach, as it will lead to a more secure and reliable platform, and encourage more developers to contribute to the ecosystem. Overall, this proposal will have a positive impact on the broader Cardano community by enhancing security, transparency, and innovation within the ecosystem.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The Tokeo team boasts a proven track record of consistently delivering high-quality products. Our core development team has collaborated for decades, demonstrating our expertise in managing timelines, sprints, and crucially, deadlines.

Throughout the bear, we've remained steadfast builders, dedicated to innovation, delivery, and contributing to the Cardano ecosystem.

With Tokeo, we're capitalizing on our ethos of fostering greater awareness and adoption across the entire Cardano ecosystem. Our focus is on enhancing access and improving interoperability for users entering our ecosystem from cross-chain.

Spanning the globe, our multinational team is headquartered in Byron Bay, Australia, with members hailing from Australia, North America, the Middle East, Africa, and Europe. Comprising over 7 capable, highly skilled, and dedicated members, our team's track record speaks volumes. Notable innovations include pioneering Cardano's First Smart Contract Minting Engine, Liquid Offers (multi-asset offers with a single batch of ADA), and Staked Offers (allowing buyers' ADA to remain staked within the contract of an offer).

The founders bring over two decades of tier 1 enterprise technology delivery experience, along with extensive startup expertise. We're complemented by a team drawn from the Cardano community for marketing, project liaison, and community engagement, with guidance from top thought leaders in our space. Driven by discipline, agility, and a commitment to community feedback, our team is adept at delivering rapid outcomes.

Additionally, we've engaged ambassadors and resources from cross-chain networks to accelerate adoption across multiple chains.

Our team has also played a pivotal role in early smart contract aggregation, facilitating greater accessibility to products and services across the ecosystem. We have used this principle in developing Tokeo, essentially aggregating the aggregators. We see the Tokeo Wallet being a portal to showcase all the amazing projects and products that Cardano has to offer. We have always taken a view that collaboration is vital to our overall success and we will continue to embrace this principle

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

Code and Security Audit

Outputs:

Engage 3rd party for the production of Security and Audit report on the Tokeo platform, and address any actionable issues identified.

Acceptance Criteria

No critical issues identified or left unresolved.

Evidence Completion

Audit report and action items made public.

IS27001 Compliance Engagement

Outputs:

ISO 27001 Processes and Gap Analysis

This report provides a comprehensive review of Tokeo's current security posture, identifying areas that align with ISO 27001 requirements and areas that require improvement. The report typically includes:

• A summary of the current state of the organization's information security management system (ISMS)
• Identification of gaps and weaknesses in the current ISMS
• Recommendations for addressing gaps and weaknesses
• A roadmap for achieving ISO 27001 compliance

This report serves as a foundation for the consultancy's subsequent work, providing a clear understanding of the Tokeo's current security posture and a plan for achieving ISO 27001 compliance.

Acceptance Criteria

Report produced and actions planned.

Evidence Completion

Report produced and actions planned.

Source Code Availability

Outputs + Acceptance + Evidence:

Source-available front end code via GitHub for community review

ISO27001 Certification

Achieve ISO 27001 Certification by Q2 2025

Acceptance Criteria

Achieve ISO 27001 Certification by Q2 2025

Evidence:

Certification made public

[RESOURCES] Who is in the project team and what are their roles?

Our Team

With a decentralized ethos at its core, Tokeo's team navigates the dynamic landscapes of wallets, Cardano, and cross-chain endeavours, propelling the project towards widespread adoption.

Simon Canil / MagicFlow

Founder, Development

X - LinkedIn

Magicflow leads the development team, overseeing product conceptualization and delivery. Additionally, he plays a crucial role in managing the Tokeo team and ensuring the commercial sustainability of the business.

Stephen Giderson / Geedo

Founder, Growth

X - LinkedIn

As a member of the founding team, Geedo contributes to growth, partnerships, and commercial matters within Tokeo. He also holds responsibility for token design, ISPO, fundraising, and marketing initiatives.

Zushan Hashmi / Shaz

Founder, Marketing

X - LinkedIn

Zushan leverages years of relationships cultivated within the ecosystem. His focus lies in marketing the Tokeo platform and collaborating with the leadership team on overall strategy.

James Stocks / JDS

Founder, Growth

X - LinkedIn

JDS ensures that incoming funds are meticulously managed and allocated to every aspect of the business. This ensures that funding is carefully distributed and evenly applied to specific development and marketing endeavors.

Gavin Harris / Gav

Senior Full-stack Engineer

X - LinkedIn

Gav, a senior full-stack engineer, possesses a profound understanding of smart contracts. Having graduated early from the Plutus Pioneers program, Gav has played a pivotal role in developing the Tokeo aggregation framework. He dedicates himself tirelessly to driving innovation and enhancing usability within the ecosystem for the community's benefit.

Chase Donavan / Chase

Engineer

X - Linkedin

Chase, a full-stack engineer, collaborates with the development team to introduce new and captivating features for Tokeo. A reliable and proven member of the team, Chase consistently excels and demonstrates the ability to deliver projects punctually and within budget.

Udit Gandhi

Social Media Marketer

X - Linkedin

Udit assumes responsibility for Tokeo's social voice, diligently ensuring users remain informed about the platform's features and benefits. Additionally, he actively engages the community by sharing updates on our roadmap and strategic partnerships.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

External Code & Security Audit - 40k ADA

• Conduct a thorough review of Tokeo's codebase and security protocols to identify vulnerabilities and areas for improvement. In particular provide assurances on the secure handling and storage of wallet keys.

ISO 27001 Compliance Partnership Engagement - 90k ADA

• Engage a global partner for ISO 27001 compliance. The ISO27001 is a global best practices standard for information security management. Achieve compliance certification by Q2 2025.
• This step involves the documentation of security and information handling processes, along with documenting compliance over a period of time (6-months). Certification is then achieved via an external audit. See below for further benefits on the standard.

Source Code Availability - 10kADA

Tokeo's source code for front-end apps will be made available in a GIT Repository, allowing for community review and contribution. This is a crucial step in ensuring the security and transparency of the platform, particularly when handling sensitive information such as wallet keys.

By making the source code available, Tokeo:

• Demonstrates a commitment to openness and transparency
• Allows the community to review and audit the code for security vulnerabilities
• Enables contributors to identify and fix bugs, improving the overall security and stability of the platform
• Fosters a sense of community ownership and responsibility for platform security
• Encourages collaboration and innovation, driving the development of new features and improvements

Refactoring the source code for source-availability involves:

• Organizing and cleaning up the codebase to make it easily accessible and understandable
• Removing any sensitive or proprietary information
• Documenting the code and development processes
• Establishing clear guidelines for community contribution and engagement

By opening up the source code, Tokeo can leverage the collective expertise and resources of the community to ensure the platform's security and integrity, ultimately providing a safer and more reliable experience for users.

ISO 27001 Compliance - 40 k ADA

Engaging a global partner for ISO 27001 compliance is a crucial step in ensuring the security and integrity of Tokeo's information systems. ISO 27001 is a globally recognized standard for Information Security Management Systems (ISMS) that provides a framework for implementing robust security controls and best practices.

Achieving ISO 27001 certification demonstrates Tokeo's commitment to protecting sensitive information, including wallet keys, and ensures that the company adheres to a rigorous set of security standards. This certification is particularly important in the financial and technology sectors, where security and trust are paramount.

The process of achieving ISO 27001 compliance involves:

• Documenting security and information handling processes
• Implementing security controls and procedures
• Conducting regular internal audits and risk assessments
• Engaging an external auditor to verify compliance
• Achieving certification by Q2 2025

ISO 27001 compliance provides numerous benefits, including:

• Enhanced security posture
• Increased customer trust and confidence
• Improved risk management
• Compliance with regulatory requirements
• Competitive advantage

By achieving ISO 27001 certification, Tokeo demonstrates its dedication to protecting sensitive information and maintaining the highest level of security and integrity.

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Value Representation

This proposal represents significant value for the Cardano ecosystem in several ways:

External Code & Security Audit [40k ADA]

This thorough review of Tokeo's codebase and security protocols ensures the secure handling and storage of wallet keys, providing assurances for users and setting a high standard for security within the ecosystem.

ISO 27001 Compliance [90K ADA]

Achieving ISO 27001 certification demonstrates Tokeo's commitment to protecting sensitive information and maintaining the highest level of security and integrity. This certification provides numerous benefits, including enhanced security posture, increased customer trust and confidence, improved risk management, compliance with regulatory requirements, and a competitive advantage.

Source Code Availability [10K ADA]

By making the source code available, Tokeo demonstrates a commitment to openness and transparency, allowing the community to review and audit the code for security vulnerabilities, and fostering a sense of community ownership and responsibility for platform security. This also encourages collaboration and innovation, driving the development of new features and improvements.

Final ISO Certification [40k ADA]

This proposal represents a significant investment in the security, transparency, and integrity of the Tokeo platform, which will have a positive impact on the Cardano ecosystem as a whole. By supporting this proposal, you will be contributing to a safer, more reliable, and more trustworthy ecosystem for all users.

Please fill in the brackets with the corresponding costs.