[PROPOSAL #687][VOTE ON CHAIN]Replicated Security 3rd Party Audit

@Damien any progress to report on this? Audit happening or paid for?

1 Like

We’re finalising the contract with Oak. Expecting this to go up on chain next week!


awesome :+1: looking forward to it, has my vote YES

1 Like

Thank you for the initiative. Support this.

1 Like

Hi all,

Thanks so much for all the support so far. We’ve gone ahead and put the proposal up for voting!

I concur with the proposal put forward. We have already conducted an internal audit, and I believe that engaging a third-party auditor would be highly beneficial. Doing so would increase the confidence of larger teams in joining the ICS initiative.

However, I recall that Jacob from Notional had previously stated that they would provide audit services to teams within the Cosmos Hub, and that the community had funded Notional with the aim of safeguarding the Cosmos Hub. It may be worth exploring whether the proposed audit falls within their scope of work, and if not, obtaining a quotation from them.

To summarize, I remain uncertain about the selection of the proposed auditor and suggest that we consider other options, including the possibility of working with Notional, given their previous commitments and the community’s support.

1 Like

Thank you for your contribution @wassie!

With respect to the choice of auditor, we spent quite a while looking at different options and speaking to different people to gather their input.

From what we saw, OAK Security were an experienced firm who have done many audits in the industry and for the magnitude and importance of this audit, we needed someone who has the necessary tooling and experience at hand to deal with this.

Notional’s proposal was a good one but even Jacob had mentioned that they never had completed an audit of this size and scope before.


I agree, we need this. But it is expensive service. Hope it is worth it!

I’m always for improving security and checking for vulnerabilities. Curious to understand why Oak was selected over other third-party auditors though. If I missed it in the forum please link me :slight_smile:

1 Like

Since the proposal is now live and with the imminent launch of Neutron’s proposal to be onboarded as a consumer chain, I just want to re-iterate the point that this proposal/audit WILL NOT have any effect on Neutron’s timeline.

Hey @Othman - Happy to answer this. I mentioned in a reply above that the reasoning behind choosing Oak was because of discussions we had with multiple parties.

The general sentiment was that in the Cosmos Ecosystem there are a limited number of experienced auditors. Usually people would recommend Informal - but since they already conducted the initial audit, we asked around to see what people would recommend after Informal. The majority said that OAK Security were an experienced and reputable firm to handle such a task having done audits for Stride, Mars, Persistence, LIDO and more. So after seeing this, we opted to engage with them.

You can see what they have audited in the past here: GitHub - oak-security/audit-reports

As can some persons see, there is a large conflict of interest of paying a validator to start an audit not committed by this validator.
This is not the role of a validator and it’s simple not ethical to ask a percent of the price of the audit.

I understand the time it takes but as I said, it’s just a conflict of interest you should not ask.

Regards, Valentin.

I have read this proposals good such a nice idea. But any appointments Project from me to approve it take Times. Because I need the real Confirmation from our community’s to started Processing all together"