Now that we’ve seen our first example of a Node Provider audit from the pilot programme, I’d like to voice some concerns.
The ParaFi situation serves as an interesting case study.
Having read the auditors write-up, it seems that the audit has been limited to the information that the Node Provider supplied the auditor. The writeup is also full of comments that make it clear the audit has not been comprehensive.
My main concern is that it makes authoritative statements that it can’t actually back up, and are in fact wrong (or at best, very misleading).
I think we should be viewing this audit process from the perspective of - would it catch a motivated and well organised bad actor out?
At the moment, it would seem this wouldn’t be sufficient. I hope to see discussion about the suitability and transparency of this process before the IC goes all in on NP audits.