Building a Marketplace for Security Audits

Incentivizing the use of Ethlance for auditing services

More than a year has passed since the infamous DAO hack without another high profile loss of funds resulting from poorly written smart contracts. This is a testament to the efforts of the Ethereum community and its security professionals who have introduced best practices and developed new standards such as the OpenZeppelin framework and the MiniMe Token. The teams behind these efforts can not receive enough credit for the work they do in ensuring the safety of all of our funds.

Understanding the importance of independent code review, we have committed to having three outside audits of our contribution period smart contracts performed before the start of the upcoming district0x Network fundraiser. We think all projects should do the same. Unfortunately, this is increasingly becoming much easier said than done.

While seeking price quotes for security audits, a couple of observations have stood out:

• Locating professionals who perform security audits is difficult with the lack of a directory or focal point for providers to list their services.
• Vast discrepancies in quoted prices exist (as wide as $80,000) even amongst professionals who are perceived as having similar levels of reputability due to the lack of a forum for public proposals and price discovery.
• An open and transparent marketplace for security audit services would benefit service providers and up and coming projects alike.

Ethlance as a Market for Auditing Services

Conveniently for us, Ethlance offers a solution. Ethlance is a decentralized job market powered by Ethereum and IPFS, and is the first district on the district0x Network. Using Ethlance, projects can create a listing for their audits, share their budget for the task, and receive proposals in an open and transparent manner with any bids submitted by applicants available for all to view.

We believe the added visibility afforded by a communal marketplace on the blockchain as opposed to private negotiations will add efficiency, introduce a means of price discovery, and provide a central location for auditors to advertise their services that stands to benefit the community as a whole. Taking a step towards installing such a marketplace, we will be accepting bids and hiring for district0x Network security audits exclusively via Ethlance. We are pleased to announce our friends at REX have agreed to do the same for their remaining audits, and we would like to welcome all up and coming projects planning a fundraiser to join them in doing so.

In support of this goal, we will be offering $10,000 to incentivize the use of Ethlance as a focal point for listing and contracting smart contract auditing services. We will cover 10% (up to $1,000) of the costs incurred by the first 5 projects to exclusively hire for audits via Ethlance. Additionally, we will match 10% of the value of services provided (up to $1,000) as a bonus to the first 5 security professionals hired to perform audits on the platform.

To kick things off, we have posted our listing for a code review of our contribution period contract here. REX’s posting can be found here. Also, ‘Smart Contract Audits’ has been added as a skill to make finding these and any future listings easy to find.

Refining the Market

We are always looking for ways to improve. Last week we announced the launch of our Community Advisor Program as a means of saying thanks for all of the great feedback we have received from the community since our initial announcement. To participate, simply join our Slack and share your thoughts on our project and offer any suggestions you may have to ensure the district0x Network develops into a valuable ecosystem for all.