Compensating security assessment costs for Lido-on-X projects

Hi all,

Chorus One commissioned and paid for two audits for the initial Lido on Solana program in Q2/3 2021:

  • $15,000 for an initial Brahma Systems audit
  • $90,000 for a thorough Neodyme audit of the initial Lido on Solana (Solido) program and all related components

In addition, the about to be released bSOL / Terra Anchor integration was audited by Neodyme again in Q1/2 2022:

  • $90,000 for Neodyme audit of Anker; the stSOL → bSOL Solana/Wormhole/Terra interaction and integration into Anchor

All audit reports can be found here.

Vendor Amount USD Date of pmt Pmt method
Bramah Systems 8,750.00 7-Jun-2021 c1-audit-pmt-proof.pdf - Google Drive
Bramah Systems 8,750.00 9-Aug-2021
Neodyme 90,000.00 28-Dec-2021
Neodyme 90,000.00 29-Mar-2022 Solscan
TOTAL 197,500.00

We would like to ask for the reimbursement to this Ethereum address:

0x3983083d7fa05f66b175f282ffd83e0d861c777a

We sent transactions to and from this address from our Lido operator address to confirm that it’s ours:

Best,
Felix

Is this not included in Lido on Solana - Proposed Transition from Chorus One to P2P 650k LDO payment for development effort?

3 Likes

It is true that this audit compensation proposal came up in parallel to our other proposal. I’m honestly not sure how this should be factored in.

Shard Labs paid an additional amount to Oxorio for auditing PR (Fix/audit 67 by idirall22 · Pull Request #69 · Shard-Labs/PoLido · GitHub) like it was mentioned in the original post (Compensating security assessment costs for Lido-on-X projects - #13 by ShardYaco)

The payout was done in two batches of 13750 USDC:
Ethereum Transaction Hash (Txhash) Details | Etherscan
Ethereum Transaction Hash (Txhash) Details | Etherscan

The compensation can be issued to the same address we used for the first part: 0x4290db8e966a880d7Fd734884FBa93ee671984ea

1 Like

Last batch of ShardLabs audit comp is sent: Ethereum Transaction Hash (Txhash) Details | Etherscan, all the audits for Lido on Polygon are compensated

1 Like

Lido on Avalanche team has sent $19,000 to Dedaub as a deposit for our audit.

https://etherscan.io/tx/0x636efa87ad74e2a1fe080d5d5a04a5ff34b3cb38d926fd2294d4527313e97b1f

Compensation can be sent to 0x1e16f01eE68599dbCc67f602366b56A572c8Ec3C

1 Like

MixBytes are requesting additional audit by Dedaub for Lido on Polkadot and Kusama.
It is agreed to be $23K with updating previous report as V2.

Payment address: 0xF5Da01d6aFfEf5af0E326bff01b6A1c2bd93c046
Preferred tokens: USDC / USDT / DAI / BUSD

2 Likes

DAI 23K has been transferred as a compensation for additional audit to MixBytes:

1 Like

Lido on Polygon V2 audits are done:

Total: 26740 USDC

Also, there were 3 payouts to immunefi hackers for vulnerabilities:

Ethereum Transaction Hash (Txhash) Details | Etherscan Ethereum Transaction Hash (Txhash) Details | Etherscan

Ethereum Transaction Hash (Txhash) Details | Etherscan Ethereum Transaction Hash (Txhash) Details | Etherscan

Immunefi cost
0.36 ETH + 0.036 ETH
5000 DAI
0.56586050406853702 Ether + 0.056586050406853702 Ether

The compensation can be issued here: 0x4290db8e966a880d7Fd734884FBa93ee671984ea

2 Likes

Hi @ShardYaco,

I want to schedule a payment, but got one question - will payment in USDT or DAI be ok as well?
Thanks.

USDT, USDC and DAI are fine, thank you @Alex_L

1 Like

Hi Yaco, audit compensation transferred.

1 Like

Hey, here’s your compensation, sorry for the delay.

1 Like

Immunefi expenses have been compensated:

1 Like

Lido on Avalanche team has sent the remaining balance to Dedaub for our audit :partying_face:

RockX sent 28,000 USDC and compensation can be sent to this address: 0x425a9D0D5955cB82D77fdA64d01561dD960E7E9f

Hyperelliptic sent 9,000 USDC and compensation can be sent to this address: 0x1e16f01eE68599dbCc67f602366b56A572c8Ec3C

Thanks :blush::pray:

1 Like

Lido on Solana team has sent $150,000 to Neodyme as payment for audit services.

Compensation can be sent to 0xE22211Ba98213c866CC5DC8d7D9493b1e7EFD25A

The full audit report is available here

Best,
Pavel

Hey @pvlpvlv, thanks for the report!

I believe it was budgeted per this proposal, so better to pass it via RCC payment, lemme just check some details with team finance and I’ll return to you in DM.

Take care,
Alex.

1 Like

Hey, @k_hyperelliptic thanks for the update!
I’ll check with LEGO folks on the ops, could you please confirm in the meantime that payment in DAI is also fine? (LEGO budget now consists of LDO + DAI, it would be nice to avoid extra swaps).

Confirming for Hyperelliptic team that we’re equally happy with DAI as USDC :+1: Thanks!

3 Likes

Hey @J_Hyperelliptic!
Compensations are made:
RockX and Hyperelliptic

1 Like