Dispute on Chain

On-chain escrow and dispute mechanism for vulnerabilities found during a smart-contract auditing process.

Comment 1

Inspiration

At AuditOne, we offer smart contract audits to our clients by pooling auditors together. Our auditors initially review the code individually. Besides a base payment for the audit, the auditors get a bonus payment on top for every issue they find. Later, the auditors meet with a committee to agree on the issues. We created an on-chain governance to vote on vulnerabilities found during these smart contract audits to make the process faster and more reliable (multisig on the found issues). Additionally, until now the clients had to make 2 payments (deposit and final payment) as we had no escrow that would lock the funds during the audit and release them only after an audit was completed.

What it does

The smart contract receives payment from the client and locks it. After each auditor in a pool submits their finding, our committee votes on the vulnerabilities (5 members of the committee; 3/5 votes; This is a vulnerability=True/ This is NOT a vulnerability=False). This way, we can ensure that no false issues are included in the report. When the issues are disputed by the committee, the auditors and committee vote again (4 auditors + 5 committee members; 5/9 votes). If rejected again, the issue is abandoned.

Contract address

0xFd9069966977CCA4EdADDd2eCfEb7612009C77Fb

Frontend

link

How we built it

We mapped out the logic of the solution in miro (See our video with explanation). Then we discussed how we can build this on Q with Florian from Q-team. We decided to created similar system as the Expert Panel at Q. The smart contract was built in Remix with Solidity. The frontend in React. Finally we tested it and deployed.

Challenges we ran into

Checking if the vote is cast by the member of the committee - we encountered a lot of bugs in this part. Unification and handling data to be displayed in on the frond-end.

Accomplishments that we're proud of

We created a dispute voting system and deployed it. Most processes can be automated on-chain which makes it not only more efficient, but also transparent for all stakeholders.

What we learned

Q governance system. Dispute solving on chain - how to do it and how it works. An expert panel (our auditor committee basically) can be leveraged to have an independent opinion on the found issues during the audit. The infrastructure of Q governance can enable us to bring voting and approvals on-chain.

What's next for Dispute on Chain

Implementing frontend. Voting on separate issues. Testing.

Built With

Share this project:

Updates