OpenZeppelin Continuous Audit & Security Services Proposal
Summary
The Compound DAO’s long-term security requires a comprehensive and continuous set of audit and security solutions to prevent loss of funds and protect its reputation resulting from risks to the Compound protocol, specifically those introduced by community-proposed upgrades
OpenZeppelin will provide dedicated continuous audit services for all Compound governance proposals and will work with the Compound community to develop comprehensive security requirements and to implement best practice security monitoring.
OpenZeppelin’s services will be coordinated by a dedicated Security Advisor who along with the OpenZeppelin team, the Compound DAO and the community will work to:
- Improve the overall process to ensure the security of community proposed upgrades to the Compound Protocol
- Provide continuous audits and dedicated resources to respond rapidly to all community proposed upgrades and changes
- Coordinate the creation of documented security checklists and requirements that can be shared with all proposal authors
- Implement an open security monitoring and security dashboard solution that will allow the community to validate security
- Integrate, support, and analyze other possible future important security program components such as formal verification, bug bounties, and white hat monitoring approved by the DAO.
The combined effort of the OpenZeppelin team, the Security Advisor, and the Compound community will thereby reduce potential security risks and further assure the DAOs trusted reputation.
OpenZeppelin has revised its original proposal to focus on community feedback and excludes performance fees. OpenZeppelin’s fee will be the equivalent of $1 million USD in COMP every quarter for one year. This fee covers all services defined in the proposal. Payment will be made using a streaming grant based on recommendations given by community member feedback on the forum. Please see our full revised proposal here:
We believe that no other firm in the market can bring the same breadth and depth of offerings to the DAO. We provide best-in-class continuous auditing and security advisory services; established leadership in secure development and secure operations; and external relationships and partnerships at a cost to value no other firm can match.
We would be honored to partner with the Compound DAO to not only deliver continuous auditing but to also work together to be leaders and innovators in how to securely and efficiently run an effective DAO security program!
Voting Instructions: Audit Selection Process
All three audit proposals will be submitted to governance and voted on by the community. The proposal with the most “For” votes will win and the community multisig will then cancel the losing proposals after the vote is completed. Please only vote YES once for your preferred proposal.
See the complete Forum discussion for more details
| Voter | Cast Power | Vote & Rationale |
|---|---|---|
 0x9AA8...62cCF1 | 321,024 | FOR |
 0xea6C...c13BF7 | 305,957 | FOR |
 0x6125...9396dE | 256,761 | FOR |
 0x8169...539806 | 101,000 | FOR |
 0x3e41...35c049 | 66,000 | FOR |
VOTE POWER
Proposal Status
- Published Onchain
0xeC40...b9ec1E - Wed December 15 2021, 06:41 pmVoting Period Starts
- Sat December 18 2021, 07:51 pmEnd Voting Period
- Sun December 19 2021, 09:22 pmQueue Proposal
- Wed December 22 2021, 12:03 amExecute Proposal
Current Results
1-FOR
1.37M
2-AGAINST
3,267.93
3-ABSTAIN
N/A Tokens