FluidTokens Protocol Security Audit

[GENERAL] Summarize your solution to the problem.

Our focus at the moment is to implement code review for FluidTokens smart contracts and audit them to release the latest version as open source

[GENERAL] Summarize your relevant experience.

Our team is formed by:

• Haskell senior developer (IT doctor)
• Cardano senior developer (Electronics engineer)
• Full stack developer that completed the Plutus cohort n2

And we are collaborating with GeniusX as partner and Canonical as Auditor

[IMPACT] Please describe your proposed solution.

At the current state of the art it is important to audit the smart contracts created by our internal team with an external partner:

Team experience:

• https://cnft.io/ as part of the developers team
• https://www.pavia.io/ as part of the tech leads
• https://cnftacademy.com/

Canonical Experience:

• https://github.com/Canonical-LLC
• https://www.canonicalllc.com/

[IMPACT] Please describe how your proposed solution will address the Challenge that you have submitted it in.

In collaboration with Canonical the smart contracts created by FluidTokens team will be assessed and reviewed to avoid any possible exploit considering how new lending and borrowing is in Cardano

[IMPACT] What are the main risks that could prevent you from delivering the project successfully and please explain how you will mitigate each risk?

Risks are:

• Exploits that are not found during the auditing part but are found after open sourcing the platform

Solutions:

• We have a lag release of opensource of the code, the current version of the platform is an improved version of the opensource one, in this way any malicious attacker cannot attack the current platform

[FEASIBILITY] Please provide a detailed plan, including timeline and key milestones for delivering your proposal.

• September 2022 starting the audit of current smart contract and new smart contract version
• October 2022 final code review with our tech partners
• November 2022 opensource of the code after finalizing the audit stage

[FEASIBILITY] Please provide a detailed budget breakdown.

Considering the amount of hours for the auditing:

• QA 100 hours
• Testing 50 hours
• Code Review 200 hours
• Code fixing 50 hours

The cost of engineer and plutus developers in order to provide the audit is $90000, considering $10000 in case of extra costs

[FEASIBILITY] Please provide details of the people who will work on the project.

• Alicia Basilio
• Raul Rosa
• Matteo Coppola

[FEASIBILITY] If you are funded, will you return to Catalyst in a later round for further funding? Please explain why / why not.

Even if FluidTokens is already scaling and it is strongly appreciated by the Cardano community, the costs of a widely accepted auditing are high for a recently created platform. In the next months, for any complex smart contract we're going to release, we'll probably need additional funds to audit them

[FEASIBILITY] Are you or any member of your team working on any other proposals in this Fund9?

[FEASIBILITY] Are you or your team working on any other proposals from previous Funds?

[AUDITABILITY] Please describe what you will measure to track your project's progress, and how will you measure these?

Team will release monthly updates on the current state of the development in order to be trasparent and open

[AUDITABILITY] What does success for this project look like?

The success is not defined by a complete absence of bugs (which can never be guaranteed) but to ensure the absence of any known attack vector and the use of the most accepted best practices when writing smart contracts. Transparency with the Cardano community is also a must.

[AUDITABILITY] Please provide information on whether this proposal is a continuation of a previously funded project in Catalyst or an entirely new one.

It is not