SolSec is a platform built in Grizzlython that promotes web3 security on the solana ecosystem. Protocols can organise audit contests on the platform where rust developers from across the world can review their code base and submit bug reports.
Using SoSlSec, any project can create a contest where they submit their codebase along with a prize pool. Since the project can choose the amount of money to be distrbuted, it allows smaller projects to participate and get their code audited. Auditing is a crucial step for any protocol that is serious about launching on mainnet and handle customer funds.
SolSec is meant to be governed by a DAO. It is desiged in such a way that will eventually lead to the members of the community taking decisions on day to day opertions and sharing the profits generated by providing it's services.
Becoming an auditor requires a lot of work. Making that jump from a developer is often not easy and straight forward. Building up a portfolio of finding bugs can be very difficult for beginners.
SolSec makes this process easy by allowing any developer acess to code bases from various upcoming projects. Since these projects are pre-audited, it is relatively easy for other developers to find vulnerebilities that protocol might have missed or overlooked. If developers find any bugs, they can make a report exlplaining the bug, how it can be exploited and how to potentially fix it. They can compile these findings in a github repo and submit it's link along with a severity rating (high risk, medium risk, quality assurance or gas report) they seem fit.
A group of judges review each report submitted for a contest and decide if it is legitimate and if the explaination is satisfactory. A judge can change the severity of the report submitted the way they seem fit. They then compile of the valid bugs and publish a final report. Developers who's submissions make it in the final report get paid from the prize pool based on the severity of their finding.
This money is then distributed to them in their solana wallet.
Auditing has become a crucial step for protocols that handle any significant value. Hacks on new projects are very common and a thourough audit is the only way to minimise such security risks.
Audits tend to be expensive but SolSec allows upcoming projects to host auditing contests that can help secure their code in a fraction of the price of traditional audits by top firms.
Any project can sign up to our platform where they submit their codebase and pay a minimum fee to host a competitive auditing contest. As the contest goes live, developers from across the world can view the code base and find vulnerebilities. Judges compile these reports at the end of the contest and provide it to the project so they can fix these issues and make their code more secure.
The fee paid by the protcol is distributed by the DAO amongst themselves, the judges and the auditors. Each party is incentivised to provide the best service to the protocol. This is great news for the projects and the solana ecosystem as our platform ensures the projects deployed on mainnet are secure.
SolSec needs judges to review all the reports submitted by developers. These reports need to compiled into a final audit report that contains only valid vulnerebilities and discards incorrect submissions. Judges play a crucial role in the functioning of our platform and as a result get a healthy cut of the prize pool as incentice for their services.
Anybody can apply to be a judge by filling a form explaining why they're an ideal candidate and providing a staking amount. The DAO reviews each application and chooses a set of judges to oversee each contest. The judge has to stake a decent amount of sol to take part in a contest which will be retuned after a succesful completion of the contest.
Staking is necessary as any misconduct by the judges is detremental for the reputation of the DAO. After the judge submits the final report, a 2 day period is given to anyone that can point out mallicious behaviour in the final report. If misconduct is found, the DAO can vote and slash the judges stake to discourage any malpractices.
Members of the SolSec DAO are responsible for the decison making processes. The DAO members get to vote on which judges are selected in a contest and making sure there is no misconduct in the final report. The DAO members are responsible to slash the judges stake if they are found to be a bad actor.
The DAO members are incentivised to take the best decesions for all parties involved and maintain the reputation of the protocol. This is because a cut of the prize pool is disbuted amongst the DAO members (analogous to dividends being distributed to shareholders). Any bad decision taken by the DAO can lead to a loss of trust in the platform and would discourage the parties involved to interact with SolSec.