Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auditing Department: business model amendment v1 #62

Open
Dexaran opened this issue Feb 10, 2020 · 0 comments
Open

Auditing Department: business model amendment v1 #62

Dexaran opened this issue Feb 10, 2020 · 0 comments
Labels
announcement callisto Projects that are marked with this label are related to Callisto development.

Comments

@Dexaran
Copy link
Member

Dexaran commented Feb 10, 2020
edited

This amendment to the Security Auditing Department workflow is intended to establish a set of rules for accepting, approving and paying security audit requests at Callisto Network.

Motivation

Previously Callisto Team accepted any security audit requests and handled them free-of-charge by subsidizing the work of auditors from Treasury fund. Audits were processed in a continuous queue as auditors performed the work.

This model assumed that the audits are delivered in exchange for co-promotion and the general use case of Callisto as an independent security enhancement mechanism will boost its brand recognition and mass adoption.

The model had two main shortcomings:

  • Smart contract developers tend to use security audits as part of their marketing campaign, and they will not promote Callisto as their partner if the audit identifies critical errors that could damage the marketing of the audited project.

  • Processing a constant queue of the security audits is expensive and it may hurt the long term Callisto sustainability.

A new model of accepting audits is hereby proposed to address the flaws of the previous one and ensure a long term sustainability of Security Department.

Specification

Limited monthly free-of-charge auditing campaign

It is proposed to handle a limited number of security audit requests paid from Treasury. A fixed budget must be allocated for a monthly "free-of-charge audits" campaign. Then an audit request that gained the most traction must be performed for free while the rest of audit requests must be left with "on hold" status until these are processed on paid basis or gain more traction in the next months.

The recognition and traction of a security audit request should be measured by the amount of social activity associated with the public announcement of the audit request on any public social media platform (twitter/ reddit/ bitcointalk/ facebook). Project-specific forums do not count. Callisto Team reserves the right to approve any audit request for a free-of-charge auditing campaign with an internal decision in case social activity is falsified.

Paid security audits

Security audits not included in the list of free audits should be processed on a paid basis.

Priority Payment formula
High 500 USD + (0.5 USD per line of code)

  • High priority audits are processed before any audits in the queue, except for the highest priority audits.

  • The security audit requester can further increase the priority of an audit request by negotiating a higher payment with the security auditing manager when submitting the audit request.

We accept ETH, ETC, CLO and EOS.

Any of Ethereum-based currencies (ETH, ETC or CLO) can be sent to this address 0x74682Fc32007aF0b6118F259cBe7bCCC21641600 as payment.

EOS can be sent to this address callistotokn as payment.

The payment amount will be calculated based on the exchange rate of the currency that was used for the payment (calculated at CoinMarketCap rate). The amount of payment depends on the length of the code of the auditable contract. Empty lines of code and comments can be excluded.

It is recommended to use SLOC counter to calculate the accurate amount of lines of code that require payment. The overpaid amount of CLO, ETH or ETC will be returned to the sender's address after the completion of the security audit. Highest priority audit requests are processed ahead of queue.

Security auditing fee

It is proposed to withhold a certain percentage of each audit request payment in order to fuel the sustainability of the platform.

Collected security auditing fees must be used to (1) market buy and burn CLO tokens and (2) payment of third party media representatives supporting the Callisto Network.

Example:

If a security auditing fee is set to 5% and 3% is paid to the third party media services then

  • 95% of each audit request payment goes to security auditors salary pool

  • 2% of each audit request payment is used to buy CLO tokens from the market and burn in a specific non-existing address

  • 3% of each audit request payment is redistributed among third party collaborators of the project (media representatives helping Callisto Team to announce and push the results of the security audit)
@Dexaran Dexaran added announcement callisto Projects that are marked with this label are related to Callisto development. labels Feb 10, 2020
@Dexaran Dexaran mentioned this issue May 21, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
announcement callisto Projects that are marked with this label are related to Callisto development.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Dexaran and others