Charli3 Oracles has selected Anastasia Labs to conduct a comprehensive audit of our code.
Charli3 continues to focus on security and efficiency. Through a long process of estimates and comparisons, we have confidently selected an effective and experienced team to conduct a comprehensive audit of our on-chain and off-chain Oracle code bases.
The Catalyst funds won in fund 11 to conduct this audit will be used for payment to the auditors, as well as further fixes, additions, and management of future necessary audits. (reminder, catalyst funds were proposed with ADA estimated at $0.25 at the time)
We spoke to 3 companies to enquire about audit processes and quotes. (these quotes are unique and specified to our code base and volume of work necessary to audit it all)
- Anastasia — $236,000k ADA (Plutus specialized— Cardano experienced)
- TxPipe — $180,000 USD (Plutus specialized - Cardano experienced)
- Certik — We decided against exploring this further given lack of necessary experience in Plutus code.
Our focus was on selecting the best team to improve our overall process and future function. Data security for our customers and the Cardano ecosystem is of paramount importance.
Audit Services:
1 Project -
- The Client is hiring the Auditor to audit the Client’s on-chain oracle contract, off-chain node code, software off-chain, Charli3 back-end and the alert system. Specifically, the Auditor will: perform a manual review of the on-chain oracle code, manual review of off-chain architecture, identifying security vulnerabilities and inefficiencies of alert and monitoring system (for data source endpoints, node operators, internal architecture), general security of entire Charli3 networks, identify security vulnerabilities and inefficiencies and provide a detailed audit report containing a list of findings along with recommended fixes. The Auditor will employ an external team to manage the proposed fixes, after which the Auditor will also audit the fixes made. Finally, the Auditor will verify that the issues are fixed and will mark them as resolved accordingly.
1.2 Schedule —
- The first two weeks will be dedicated to discovery and planning, and the Auditor will become familiar with the code base and specifications. In the next six weeks, the Auditor will perform a manual review of the code to identify vulnerabilities after which, the initial findings report will be published. From there, the Auditor will work with the Client to apply the suggested fixes in order to produce a finalized audit report
Given the above, paired with Anastasia’s experience with Plutus architecture, and the optimized timeline of 8 weeks, we selected Anastasia to manage the audit process of our code.
Follow along with us and join the community on discord