[PROPOSAL #954][PASSED] Permissionless ICS 3rd Party Audit

Authors: Simply Staking

TL;DR - Simply Staking will commission Zellic to conduct a third-party audit of the Permissionless ICS feature. This will follow a similar format and process as our third-party audit conducted last year on Replicated Security (Prop 687) and this year on Hydro (Prop 927), and Interchain Security (ICS) using the Inactive Validator Set (Prop 943)

Background

This proposal aims to use community pool funds to commission a third-party audit for Permissionless ICS. Permissionless ICS will allow anyone to create an opt-in consumer chain, without a governance proposal. This will allow chains to launch more quickly and with less friction.

For more information, we advise you to review the CHIPs forum post.

As we saw in one of our proposals regarding an audit of key Cosmos Infrastructure (ICS) in Proposal #687, it Is always key to get a second set (or more) of auditors who had no involvement in the designing and building of the code to audit the codebase. This will allow for unbiased vulnerabilities to be disclosed (if any).

Details of Funding Request

Zellic, one of the most reputable auditors in the space, will conduct this audit. With the audit scope already known to the auditor, they (Zellic) have presented a quote and timeline for the audit. Zellic is seeking $90,000 for the audit of the Permissionless ICS codebase with an estimated 3.6 engineer-weeks over the course of a 2.4 calendar-week period by 2 Zellic security engineers.

We believe that the terms and quotes presented by Zellic are fair and ideal. It is a relatively small request for an audit of this importance.

Management

Since this is a community pool spending proposal, we want to ensure the community that the funds will arrive at the designated recipient by creating a multi-sig.

The multisig should be comprised of various reputable parties:

• Damien, Simply Staking
• Jehan, Informal, Inc
• Brian, Informal, Inc

Breakdown of Fees

We (Simply Staking) will be the main point of contact with Zellic, meaning we will handle all things related to answering their questions and queries. We will also act as the main coordinator for building and maintaining the multisig to ensure a smooth transfer of funds from the multisig address to the designated recipient (Zellic). For the work with Zellic and the multi-sig coordination, we seek a compensation fee of around 10% of the total ask.

Funding

Zellic Quote: $90,000 + 20% price buffer to account for the volatility of the ATOM token during the voting period: $108,000

Simply Staking Fees: $9,000

• Community consensus via forum and on-chain proposals
• Sourcing vendor quotes
• Coordinating vendor payments and milestones
• Multi-sig coordination

Total ask ~ $117,000

All leftover funds will be sent back to the community pool. We will provide an ATOM value prior to the proposal going on-chain to reflect prices at that time.

Due to the Importance of this proposal, we are expediting this proposal and it will be up on the Forums for 1 week rather than the standard 2 weeks. We are asking for the support from the community to approve this.

Governance votes

The following items summarize the voting options and what it means for this proposal:

YES - You agree that this external audit should be funded.

NO - You disagree that this external audit should be funded.

NO WITH VETO - A ‘NoWithVeto’ vote indicates a proposal either (1) is deemed to be spam, i.e., irrelevant to Cosmos Hub, (2) disproportionately infringes on minority interests, or (3) violates or encourages violation of the rules of engagement as currently set out by Cosmos Hub governance. If the number of ‘NoWithVeto’ votes is greater than a third of total votes, the proposal is rejected and the deposits are burned.

ABSTAIN - You wish to contribute to the quorum but you formally decline to vote either for or against the proposal.

@Damien you might wanna update the post to reflect it’s on chain, and entered voting period.

Respectfully, these are my thoughts on #954.

NO to Cosmos Hub Proposal #954

The failure to include critical security audits in #839’s original budgeting represents a material oversight by Informal and Hypha teams.

Approving supplementary funding sets a bad precedent, and also undermines the touted “direct accountability mechanisms” through which #839 was sold to Hub governance.

#Cosmos Hub should reject #954 and require the dev teams to fulfill their obligations within the originally allocated budget.

If additional funding is absolutely necessary, the teams should approach the ICF, the Hub has already funded another supplementary request from Informal and Hypha this month (!) via proposal #943 passing: Mintscan

This action will reinforce the Hub’s commitment to fiscal responsibility, professional standards, and real accountability for teams that receive its CP funds.

BACKGROUND

A. Proposal #839, approved 11/2023, allocated $5.7 million for Cosmos Hub development in 2024, including Interchain Security (ICS) work by Informal and Hypha.

B. Funding for Proposal #839 was not solely from the Cosmos Hub:

• The ICF contributed by transferring 341,693 $ATOM (approximately $3.5M of $5.7M total funding request) from its Treasury to the Hub CP in March 2024:

• This transfer was characterized as a “reimbursement,” effectively co-funding the development work outlined in Proposal #839.

C. Recent proposals (#943, #954) successfully secured and seeks (again) additional funding for ICS code audits, not included in the original budget.

ANALYSIS

A. Proposal Obligations
Security audits are standard practice for critical infrastructure development.

Omission of audit costs in the original budget indicates a significant lapse in professional judgment, especially given the scale of funding asked for and given.

#839 established (purportedly) a comprehensive budget for development work, implicitly including all necessary work such as security audits.

Informal and Hypha, as experienced blockchain teams, should have reasonably foreseen the need for such audits. They didn’t. Their bad.

B. Accountability Mechanisms
Proposal #839 explicitly aimed to create “direct accountability” between the dev teams and Hub community. So let’s exercise the limited direct accountability the Hub can exercise and refuse #954.

Unlike the hub, the ICF has organizational capacity to exercise meaningful oversight and accountability for #839. However, their stance on proposals #943 and #954 remains notably absent. This raises important questions:
Why hasn’t the ICF weighed in on these supplementary funding requests?
Are they not concerned about the proper allocation of resources, including those they provided?
Or is their silence indicative of a reduced interest in grantee’s resource utilization and management now that the Hub is co-subsidizing this development work?

C. Fiscal Responsibility
Approving additional funding may incentivize future underbidding and piecemeal funding requests.

This practice could impair the community’s ability to effectively evaluate proposals and manage the community pool.

It potentially undermines the goodwill demonstrated by Hub in providing substantial and unprecedented co-funding with the ICF.

RECOMMENDATIONS

1. Reject #854 to maintain the integrity of the original funding agreement and accountability structure.

2. Require Informal and Hypha to conduct and finance the necessary audits within their existing budget allocation.

3. Alternatively, suggest that the teams seek additional funding from the ICF, given ICF’s substantial contribution to the original funding.

This approach would maintain the integrity of the Hub’s community pool allocation. It would appropriately leverage ICF’s existing investment and organizational capacity in the #839 funding matter.

4. Direct #839 Oversight committee to conduct a thorough review of the teams’ budgeting, planning, and spending processes:

• End of 2024 fiscal year, #839 Oversight report should include an assessment of how the teams utilized both Hub and ICF #839 funds; with itemized breakdowns.

-Publish the results of this review to ensure transparency.

5. For future funding proposals, mandate explicit provisions for all foreseeable expenses, including security audits; and require clear delineation of funding sources and their intended uses when multiple funding entities are involved.