100k+ developer opportunity - IC Dapp Auditing

These are valid concerns,
Sonic has thoroughly addressed these concerns. Firstly, the attacker graph presented assumes a 50% participation rate, meaning only half of the DEX participants are actively voting. Therefore, the actual voting power of the attacker would be reduced to 37%.

Additionally, there is a valid concern about the attacker acquiring more tokens from other pools, such as teams and investors. To mitigate this, time-locked token issuance is a solution. As @bjoernek mentioned, “The current SNS framework allows for the specification of a vesting period for neurons allocated to developers and seed investors. This vesting period serves as a lock-in phase during which the neuron can’t be dissolved, ensuring long-term dedication to the DAO”. At Sonic we put 4 vesting to the team and up to one year to all other allocations, so it will avoid a huge jump in circulating supply or tokens coming to market.

In terms of trading and LP rewards, Sonic has designed its system to base rewards on the value generated within the ecosystem. For example, trading rewards are directly linked to the fees contributed to the platform. This approach discourages artificial trading solely for the purpose of earning rewards.
Although the chances of such an attack occurring are very low, Sonic acknowledges the possibility over an extended period.

2 Likes

These are excellent suggestions. Thankyou.

1 Like

I would easily join any effort on this direction, especially if it involves Motoko (as I am not a Rust developer).

If anyone is trying to pull an auditing firm, feel free to reach out.

I don’t have specific experience as an auditor, but guess it wouldn’t take too long to learn and would be able to easily find / conceive creative ways to spot vulnerabilities. :smiling_imp:

Think both automatic and manual directions will happen.

The automatic can be something open and the effort shared. It can be paid out to run (in cycles), it can be funded on a Funded sale, and it can payout the best contributions.

The manual audit will need to be as any classic one, and many will exist for sure. Hopefully code & state can spun one with success and be a good model to follow. :smile:

1 Like