Multi-sig Trading Audits & Security

[IMPACT] Please describe your proposed solution.

Security is of utmost importance for Tent and the ecosystem in general. We truly believe external code audits and security/penetration testing should be standard practices among developers. Sadly those are out of reach for most small projects.

While our code has been thoroughly developed with security as priority number one, nothing comes close to a third party taking a look at the code or trying to break the app to detect any sort of vulnerability.

With the requested funds we will be able to have top-level security guaranteed not only by us but also by third parties not associated with Tent. Everyone benefits from this. The users can fully trust Tents codebase and server security and the ecosystem gets an incredibly secure trustless trading system.

[IMPACT] Please describe how your proposed solution will address the Challenge that you have submitted it in.

Once both the penetration/security testings and the code audits have been done, we will proceed to develop and implement any changes needed to improve the security of Tent, providing the most secure environment to craft multi-sig trading transactions between 2 wallets.

[IMPACT] What are the main risks that could prevent you from delivering the project successfully and please explain how you will mitigate each risk?

Finding critical vulnerabilities in Tent's security infrastructure. If any finding is critical, this might affects Tent's development time or even uptime. We hope it never comes to this, but if needed, Tent could even go offline for some time until any critical vulnerability is fixed.

[FEASIBILITY] Please provide a detailed plan, including timeline and key milestones for delivering your proposal.

1-Code Audit (~4 weeks)

A third party will be hired to conduct an industry-standard code audit, allowing us to find any sort of vulnerability in our app and codebase.

2-Server Audit: Security and Penetration Testing (~4 weeks)

Another third-party firm will be hired to conduct security and penetration testing on Tent's infrastructure, with the purpose to find any sort of vulnerability.

3-Security Improvements & Development

With the results of each of the different audits, we will proceed to do whatever changes are necessary to guarantee and comply with the instructions and guidelines.

[FEASIBILITY] Please provide a detailed budget breakdown.

1-Code Audit ($5,000)

2-Server Audit: Security and Penetration Testing ($5,000)

3-Security Improvements & Development ($5,000)

[FEASIBILITY] Please provide details of the people who will work on the project.

Horia Schiau: Tent's Lead Developer

Full-stack blockchain developer. In charge of both front and back-end development. As the lead dev for Tent, he will be the one in charge of the project, leading every aspect of it: the selection and hiring of the auditing firms, the communication and collaboration with them, and the implementation of any changes needed to both infrastructure or codebase.

Roberto Burgos: Project Managment

Roberto will work in close collaboration with both the hired firms and every team member involved in this process to guarantee a timely execution and implementation of every step of the process.

Sam Portillo & Carlos Arnecke: Product Design

If during the process any change is needed on the front end-user experience of Tent, both Sam and Carlos as a team will tackle the UI & UX aspect of whatever change is needed.

[FEASIBILITY] If you are funded, will you return to Catalyst in a later round for further funding? Please explain why / why not.

There is no further funding planned in terms of security for the near future, but we foresee a future where we will come back for further funding. Naturally, as Tent grows and more features are implemented according to our plans, more audits and security tests will be needed, which should of course be done by third parties and not ourselves.

[FEASIBILITY] Are you or any member of your team working on any other proposals in this Fund9?

[FEASIBILITY] Are you or your team working on any other proposals from previous Funds?

[AUDITABILITY] Please describe what you will measure to track your project's progress, and how will you measure these?

The realization of both a server and a code audit and the implementation of any changes needed.

Naturally, and because of security, not all results may be shared, but whatever progress we can share, we will be sharing with our community. The final audit results will also be shared to the best of our abilities.

In the end, both security audits should be reflected on communication and marketing materials, such as the website, social media, and even on the Trading Tent app itself, allowing users to know they can trust both the codebase and the infrastructure.

[AUDITABILITY] What does success for this project look like?

With a successful code and infrastructure audit, and concrete changes (if needed) developed in order to strengthen the security of the platform for our users.

[AUDITABILITY] Please provide information on whether this proposal is a continuation of a previously funded project in Catalyst or an entirely new one.

No, this proposal is not a continuation of anything.