Cardax DEX Plutarch Code Audit

[IMPACT] Please describe your proposed solution.

Cardax is developing an open-source decentralized exchange on Cardano. The goal of the project is to allow anyone to trade Cardano native tokens and ADA in a non-custodian way.

Full on-chain code security audit of our smart contracts from the team at Tweag: https://www.tweag.io

[IMPACT] Please describe how your proposed solution will address the Challenge that you have submitted it in.

DeFi is one of the most interesting applications for Dapps deployed on the Cardano network. We will address this challenge by making our DeFi application (a decentralized exchange) secure by providing a 3rd party audit of our-chain code.

Relevant Experience

Cardax B.V. is a software development company with focus on decentralized applications (Dapps) and Decentralized Finance (DeFi). We are the designers, builders and maintainers of the Cardax DEX. Our team is composed of experienced Haskell developers and security auditing experts.

Tweag is a software innovation lab that helps deep tech startups quickly scale their engineering performance and execute on high-risk, high-reward projects with confidence. We find the best wherever they live, to build better software by applying mathematics, computer science and the methods of open source.

[IMPACT] What are the main risks that could prevent you from delivering the project successfully and please explain how you will mitigate each risk?

The main risk is that the team of auditors could take longer than expected given that the fact this will be their first audit of Plutarch code. Nevertheless, the delay would not be more than two weeks.

[FEASIBILITY] Please provide a detailed plan, including timeline and key milestones for delivering your proposal.

Deliverables

A full external audit of the on-chain Plutarch code of Cardax DEX.

The focus of the audit will be to find potential problems or vulnerabilities such as:

1. Unclear or wrong specifications that might allow for fringe behavior.
2. Vulnerabilities that could be exploited by an attacker
3. General code quality comments and minor issues that are not exploitable.

Once finished, the audit report will be published on Cardax's website.

[FEASIBILITY] Please provide a detailed budget breakdown.

Budget Breakdown

We estimate the Tweag team will dedicate ~5 weeks of engineering time to complete the Plutarch on-chain code audit starting on March 28th, 2022. Based on 2 full-time Audit Engineers.

$3,200/day

+

$16,000 flat fee

Total: $96,000

[FEASIBILITY] Please provide details of the people who will work on the project.

The full Cardax team profile can be found on https://cardax.io/about-us

From Tweag: Guillaume Genestier and Mathieu Montin will be performing the audit with the supervision of Victor Miraldo.

[FEASIBILITY] If you are funded, will you return to Catalyst in a later round for further funding? Please explain why / why not.

For future versions of our on-chain.When we do a new audit we might return to Catalyst for funding as we think it's important to get the support and undesrtanding from the Cardano community. We think that all Dapps on Cardano should do an external audit of their code to protect their users. This would also elevate the professionalism among teams building on Cardano.

[FEASIBILITY] Are you or any member of your team working on any other proposals in this Fund9?

[FEASIBILITY] Are you or your team working on any other proposals from previous Funds?

[AUDITABILITY] Please describe what you will measure to track your project's progress, and how will you measure these?

We will measure the success of this project by getting the final report of the code audit. We will also publish it on our website for everyone in the cardano Community to see.

[AUDITABILITY] What does success for this project look like?

We will call it a success when we publish the final on-chain code audit report done by Tweag.

[AUDITABILITY] Please provide information on whether this proposal is a continuation of a previously funded project in Catalyst or an entirely new one.

Yes, Cardax got funded for the development of the on-chain code in Fund 4 and 6.