IBC has proven to be incredibly valuable to the entire cosmos. I believe this value is greatly enhanced by its track record for exploits. Audits can help IBC remain relatively unexploited, by allocating the time and expertise of trained individuals to find vulnerabilities before they become an issue.
The PFM has a pro-bono audit scheduled, and I’m unaware of a scheduled audit for RIM. Given the importance and universal adoption of these modules, and the expense of audits, I think it makes sense that the community pools across many cosmos chains come together and contribute funds towards auditing these modules.
I’d like to start the conversation here over which teams have bandwidth for auditing, and getting estimates or expectations around cost. Given Zellic has already committed to auditing the PFM, these community funds could be retroactively paying them for their services.
Fortunately, audits have well defined scopes and measurable outcomes. As far as scope:
I think it makes sense that the community pools across many cosmos chains come together and contribute funds towards auditing these modules.
This would be ideal, and I hope it’s feasible to defeat the free rider problem with enough community coordination and goodwill. Most chains that rely on IBC as their main interoperability solution understand how critical infra is and the current audit coverage gaps.
Regarding launching a public audit RFP process to be funded by the community pool, I believe some prior examples can inform us what has worked in the past.
The Neutron example is closer to the RIM audit, as it’s a single package scope and a more lightweight process overall, which I believe better suits a younger community like Celestia and a potentially multi-community pool effort.
$27,500 in USD or USDC stablecoin to provide a total of 1.1 engineer-weeks of availability. This payment is inclusive of all services defined in the proposal.
My understanding is that the audit for the PFM is roughly equivalent in the number of hours required, and therefore we can double this payment to retroactively pay for that audit.
I think the next steps are to coordinate with other chains. I have started this process with individuals who have already expressed interest. I can also prepare a governance proposal for Celestia.
Lastly, Zellic has indicated that accepting TIA directly is fine, so we should just be able to include an address verified from their socials in the gov proposals.
The audits have not yet been scheduled, and their confirmation is presumably blocked on the results of the proposal. The proposal will likely be up by the end of the week. Zellic will be providing an address publicly on their github / socials, and then we will proceed.
Who would be best to include in a channel with the auditors to schedule any calls and answer any questions about the codebase?
Here’s the final proposal that will posted without further feedback
Pay for Audits of two IBC Middlewares
Two IBC middlewares are set to be adopted by the entire cosmos community. These are the Packet Forward Middleware (PFM) and the Relayer Incentivized Middleware (RIM). The PFM enables the unwinding of bridged tokens, resulting in a dramatically better experience for users. The RIM enables a native mechanism for paying infrastructure providers.
Social consensus, via the CIP process, has been reached for the eventual adoption of these middlewares.
https://forum.celestia.org/t/cip-packet-forward-middleware/1359/13 https://forum.celestia.org/t/cip-relayer-incentivisation-middleware/1383/6 Single exploits could result in significant coordination overhead to fix in the best case scenario, and users losing funds in the worst. Issues with determinism could cause the chain to halt, if not handled promptly, the halting of Celestia could also cause a halt in the rollups that build on top of it. This proposal aims to pay for the audits of both middleware modules by sending funds from the community pool directly to the address owned by the auditors, Zellic. While audits do not guarantee that the code is not exploitable, they do significantly reduce the risk in which this occurs.
The IBC middleware proposed here is not strictly related to Celestia, it can be applied to all chains that make use of the go implementation of IBC. Not only can it be applied, but it is currently included in many of the most important chains in the cosmos ecosystem and has compounding benefits the more chains that adopt these middlewares.
This proposal simultaneously protects the Celestia ecosystem while also giving back to the cosmos community, from which Celestia was built from, and from which Celestia exists in. This is why we think the community pool is a perfect source of funds.
Zellic was chosen as an auditor due to their previous work on IBC and great history of finding low level difficult to spot vulnerabilities. They have also shown substantial initiative by offering to audit one of the modules for free before this proposal was first discussed.
The document below further discusses the auditors credentials, scope, readiness, and the cost to audit RIM. The specified cost is 27,500USD. This proposal aims to pay the auditors for both RIM (27,500USD) and PFM (27,500USD) for a total of 55,000USD. Payment will take the form of an equivalent amount of TIA instead of USD.
