Last updated a year ago
Consumers have trouble trusting DeFi Dapps with their money. Dapps can be audited, but how can you trust a paid auditor to act impartially?
A DAO which will have audit projects chosen by the community and funded entirely through their treasury with zero conflict of interest.
This is the total amount allocated to Smart Contract Audit Token SCAT DAO.
With an industry as young and technical as blockchain, mass adoption of decentralized applications (particularly dealing with Finance) will move slowly until a sufficient amount of trust has been generated. This can be done slowly as people use them cautiously and wait to see if any errors occur, or these applications can be independently audited using a consistent set of standards and provide a rating or certification on the code, assessment of the projects team, and recommendation of its legitimacy. By creating this environment of trust, the DeFi ecosystem on Cardano will grow faster and attract a wider range of people.
The average dapp user does not have the technical expertise to read the code in a smart contract and understand if there is anything malicious included in it. Many people will want to participate in these Daaps, but lending any significant amount of crypto to an unverified application is unnerving for people, compounded by the fact that it is a decentralized entity that they cannot go to and complain to customer service. Without trust that these applications were written properly to do the things they claim, there will not be mass adoption.
But how can we trust a paid auditor to be impartial? We have seen Enron, Tyco, and countless other instances of paid auditors issuing bogus attestations to keep the client happy. The answer is we cannot. So we must create a new audit paradigm to change the way audits are chosen and paid for. Enter SCAT DAO (Smart Contract Audit Token Decentralized Autonomous Organization)
There needs to be Smart contract audit standards developed and consist applied by independent organizations, which can apply a clear rating to the dapp and inform the public that they are safe to use. It needs to assess the code used to create the smart contracts, assess the team that is creating it (including their backgrounds and history to determine if they have a history of rug pulls or other shady behavior). But more importantly, we need a DAO created which will have audit projects chosen by the community and funded entirely though their treasury.
SCAT DAO will create a governance token that token holders can use to vote on which projects they would like to be audited. The DAO will determine the number of audit projects that it can perform each quarter and will audit the projects that receive the most votes from the community. 40% of tokens will be kept in treasury in perpetuity. The treasury will be invested in various yield farming initiatives and the returns from that will fund operations (Initial returns from providing SCAT DAO to liquidity pools and then other opportunities are expected as the token gains popularity). Only dapps with the highest certification will be open for investment, and only DAPPS that have been audit by SCAT DAO will be eligible. 30% will be distributed to everyone that has a Cardano wallet (distribution will not be pro rate, every address will get an equal amount). The remaining will be used to develop the product and bring it to market. This will allow for it to be truly decentralized and give the community a say in which projects they would like assurance in. The hope is that people find value in the project and the token gains value as well. The higher the token is valued, the more the treasury will hold and the more audit projects that can be performed each quarter.
How does it work?
I will be working with a team to develop the audit methodology and standards that will be used to assess the quality of the smart contracts as well as the team who is creating the Dapp. The goal is for these to become the industry standard so that all audits are conducted in a similar way. Once these have been created, training material will be created that can teach anyone with an audit background exactly how to perform this work program.
As previously stated, SCAT DAO will not accept any money from any Dapp to audit their projects, the funding will be generated entirely by the passive income investments that the treasury has made into various DeFi projects to generate yield. The goal is to have this process automated and not managed day to day by a central authority. We also want to support the new DeFi community and investing our Treasury in their protocols is a way for us to demonstrate our belief in them. Auditors who perform an audit on behalf of SCAT DAO will receive a payment to compensate them for their time and effort. The compensation is still being determined, but it will be very competitive to the industry. And auditors from all around the world are encouraged to participate. The money will not be adjusted based on geographical location, which means an American Auditor and an Ethiopian Auditor would be compensated the exact same. This will hopefully encourage participation from the developing world where auditors are usually paid a fraction of what their western counterparts usually earn. In the spirit of Cardano, this project would like to empower audit professionals from all over the world with an opportunity to to supplement their income, add to their resume, and help build this new ecosystem.
We will develop a criteria of minimum qualifications required for an auditor to perform an audit on behalf of the platform. Qualifications such as professional certifications (CPA, CFA, etc), and work history (Senior Level auditor and above) will be required to ensure that the auditor has the skills necessary to perform the audits. Any auditor with the necessary qualifications can take the SCAT DAO audit training courses that will be developed and pass a test to demonstrate their understanding of the materials (the long term goal would be incorporating Prism to verify auditors ID and credentials). They will receive a certification for the completion of this course and will be eligible to include their names on the list of Active Available Auditors (AAA). If an auditor becomes busy and would not have the availability to participate, they can deactivate themselves at any time and return to the Active listing whenever they become available. Each audit project that is voted on and selected by the community will be randomly assigned an auditor from the AAA listing. In order to ensure high quality standards, a second auditor will also be randomly assigned to act as the AQR (Audit Quality Reviewer). The AQR must review the work performed by the auditor and concur with their findings in order for the audit to be completed. At the completion of the audit, the results will be distributed through the website and available to all.
Excess Treasury Funds
If the Treasury is generating a surplus and we can easily fund all of the audit projects that we need, the community can vote to grant a distribution to all token holders on a pro rata basis as a reward to token holders for supporting the project.
UPDATE: With the current speculation bubble we are seeing with DOGE, would also like to incorporate a section of the website to list the potential use case of a project and an assessment of its viability. We are seeing something that is meant to be a joke get pumped up with Billions of dollar and be worth more than projects with huge potential. Ideally would like it to be like a JD Power report on crypto that the general public can go to and review current projects, get unbiased information about them, and a summary in simply terms of their strengths, weaknesses, opportunities, and threats. When the bubble bursts on DOGE, its will hurt the credibility of the industry, and will also make people think twice of investing money into DeFi. Having a trustworthy source of information that is free from conflicts of interest will be important, and this is another thing that SCAT DAO can bring to the table. Would love feedback on this aspect as well.
Road Map
One Month: Build the team. I have a background in Financial audit and am partnering with a coworker in Colombia who is an IT auditor. We will need to build a team that can create the utility token, program the DAO to lock funds in the treasury, invest treasury funds to earn yield, and allow the community to propose projects and vote. During this time we will also be drafting up the audit methodology that we intend to follow and share with the industry in order to develop a uniform set of standards that everyone can follow.
Three Months: Finalize the audit program (will be making changes and improvements after getting started, but want to have our base completed). Have token minted and functionality tested on test net and ready to be launched on main net at the completion of Goguen.
Six Months: Have community select projects and begin first round of audits.
IP: All audit methodologies developed and training materials created will be distributed for free to create a standardized system for the industry to follow. All code used to create the SCAT DAO will be open source.
Public Launch Date: Alonzo Fork
Budget:
Creating the platform: 20,000
Creating the website: 5,000
Creating audit program and training materials: 10,000
NB: Monthly reporting was deprecated from January 2024 and replaced fully by the Milestones Program framework. Learn more here
Eric Helms is a CPA who has spent the last 10 years in audit with Big 4 public audit experience and Fortune 500 internal audit experience.