Proposal: Sigma Prime Audit

We recommend that Tracer DAO should evaluate engaging Sigma Prime for a security audit of Tracer’s code. You will find below below:

  1. Sigma Prime’s proposed remuneration and deliverables for these services (including a Services Agreement prepared by Sigma Prime); and
  2. A technical implementation for the audit.

If DAO members are in favour of the audit, a formal proposal to the DAO must be made and approved to appoint Sigma Prime.

Summary

Tracer DAO is considering engaging Sigma Prime for an audit of Tracer’s code.

This audit will likely be a month long process, during which Sigma Prime will detail any errors found with the Tracer Perpetual Swap codebase and initial factory smart contract implementation. Sigma Prime are a preeminent auditing team, and, if engaged by the Tracer DAO, will commence work on 15 March 2021. The Lion’s Mane team would work with Sigma Prime throughout the audit to fix any bugs and help them to navigate and understand the codebase.

This initiative aligns with the Tracer Whitepaper (Tracer: Perpetual Swaps), where it is suggested that Tracer DAO should adhere to strict security standards in relation to smart contracts within the Tracer ecosystem.

The current Perpetual Swap codebase can be found here: Lion’s Mane Github.

Remuneration

Sigma Prime has requested 112050 USDC, transferred upfront, to pay for the audit.

  • Sigma Prime’s Address: 0x9CE6e6E4D9C9d6163258Db90a4AAB86ef4d1F7D5

Deliverables

If Sigma Prime is engaged by Tracer DAO via proposal, it will provide the services in accordance with the Services Agreement below:

Services Agreement

231 KB

Technical Implementation

In order for Sigma Prime to be engaged to provide the services described here, the following targets and relevant proposal data must be passed to the DAO, via Proposal, by a current DAO member, in order to facilitate the execution of that Proposal. For each piece of Proposal data provided, the function encoded data that must be passed into the DAO is present, as well as the parameters and function calls used to generate this data. By utilising a package such as web3, any DAO member may verify this data using the web3.eth.abi.decodeParameters function (web3.eth.abi — web3.js 1.0.0 documentation).

The steps that the DAO must execute in order to appoint Sigma Prime are as follows:

  1. Transfer 112050 USDC tokens to Sigma Prime (0x9CE6e6E4D9C9d6163258Db90a4AAB86ef4d1F7D5).

The following is the data that must be passed to the DAO, via Proposal, as well as the relevant raw data in order to verify the correctness of the Proposal data.

Step 1

Name: Transfer 112050 USDC tokens to Sigma Prime

target: 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 (USDC Token Address)

proposalData: 0xa9059cbb0000000000000000000000009ce6e6e4d9c9d6163258db90a4aab86ef4d1f7d50000000000000000000000000000000000000000000017ba3e1fb5a817880000

raw data:

  • Function: transfer
  • Parameters:
    • Type: address
    • Name: recipient
    • Value: 0x9CE6e6E4D9C9d6163258Db90a4AAB86ef4d1F7D5
    • Type: uint256
    • Name: amount
    • Value: X

Proposal on Github

4 Likes