Lido on Ethereum: Form Audits Committee

Abstract

From the very start of Lido, external audits used to be one of the cornerstone quality standards for the code used in Lido products, specifically for the on-chain code. With Lido’s growing success, audit reports have eventually become an integral attribute of any significant Lido release.
However, until now there was no clear and public process around planning audits for major protocol upgrades. This results in messed-up timelines, release delays, and hectic operations around finding audit slots, posting finalized audit reports, and funding the related expenses.

Proposal to form Audits Committee

We propose forming the Lido on Ethereum Audits Committee aimed at reducing the operational load of the dev team, optimizing audit pipelines, communicating with auditors and the DAO on related topics, and also increasing awareness of Lido security standards within the community.
The main goals of the Audits Committee would be:

  • Secure at least two finalized audits for each significant release.
    The most critical (e.g. Withdrawals-related) projects should have 3 audits on them. Rotating auditors from the partner pool and the previously not engaged ones should be considered a good practice. Not having 2nd public audit report for a major project should be a blocker for release.
  • Besides the audit slots for the scheduled releases, have the ability to secure mid-sized audit slots on-demand. Consider a retainer from a reliable partner.
  • Figure out and maintain a sustainable workflow to secure formal verification for critical Lido protocol parts.
  • Communicate with auditor service providers, and establish long-term relationships with reliable parties.
  • Secure funding from the DAO, and budget audit-related expenses based on current demand.
  • Keep the community posted about the important audits secured, in order to increase the community awareness of Lido’s security standards.
  • Maintain public docs hub page/website page with all the completed audits.
  • Perform internal housekeeping of audit slots, their occupation, and scheduling

Proposed Committee composition

We propose including core contributors familiar with Lido roadmaps and short-term timelines in the Audits Committee:

Invitation to partner with Lido

Lido is open to partnership with any existing audit service providers including community contest-based solutions.
We encourage entities to approach Lido on Ethereum Audits Committee to discuss partnership opportunities and find the best ways to keep Lido secure. Please email us at [email protected] – we will be happy to chat!

8 Likes

There demand for high-quality audits in Lido is quite significant, as the security of the protocol is a must. The proposal communicates the workgroup and an entry point for audits, as well as notes the current focus on the Ethereum Lido protocol.

5 Likes

Hey, thank you for the public audit committee introduction.

Hope that it’s a win-win initiative for the Lido DAO and audit service providers. Excited to be a part of it.

2 Likes

Hi, thanks for this initiative. Definitely, the ecosystem needs good and reliable auditors.