Finished

JBP-272: Fund the NFT Rewards Smart Contract Audit

Author

Anon

Cycle

33

Requesting

73,800 USD

loading

Proposed Transactions

Payout action loading...

Status: Discussion

Author: Nicholas
Date: (2022-10-04)

Synopsis

Send $73.8k worth of ETH to the NFT Rewards Audit Fund Juicebox project, which is fundraising for a Code4rena audit of the NFT Rewards Contracts that will cost $72k, plus 2.5% in JB fees, for a total of $73.8k.

Fund a JBX distribution of 3 million JBX to be divided between donors to the Audit Fund before the fundraising deadline (approx. Oct 17).

This proposal would also serve as a pilot integration of Juicebox and Code4rena, who have asked how they might use Juicebox Protocol to allow anyone to fundraise for C4A smart contract audits.

Motivation

The NFT Rewards contracts are complex and deeply integrated with the Juicebox Protocol's various affordance, allowing features such as tiered NFT rewards, NFTs that are a claim on overflow, and NFT governance tokens that can directly control Juicebox projects in onchain governance. While NFT Rewards are only attached to a given JBP Funding Cycle, it would be best if the contracts are free of bugs and vulnerabilities.

In recent weeks, C4A reached out to Nicholas to ask how they could use JBP to permissionlessly create fundraising pools for any protocol or smart contract on Ethereum. Their goal is to enable anyone to donate to an audit pool, which can be spent on C4A code contests. They have observed that many DAOs want to audit each other for technical dependency vigilance. Individual stakeholders, users, and observers of smart contracts may also want to pitch in to fund an audit, without supporting the whole cost of the audits alone.

This proposal is part of a pilot project to move this integration partnership forward via measured experimentation on mainnet. The NFT Rewards Audit Fund is a JB project raising funds to pay for the NFT Rewards contracts audit. It is accepting donations from the public. The goal is to raise $73.8K, then disperse the funds as DAI to C4A to kick off the NFT Rewards audit contest. If JBDAO supports the present proposal, then it will put $73.8k back into the treasury without generating any new tokens (addToBalance()). If this proposal passes, donors to the initial fundraise will be able to redeem their tokens to receive a refund for their original donation — courtesy JBDAO, who will have picked up the bill.

To kick off the contest on Oct 18, C4A needs to receive the funds by Oct 17. In order to incentivize supporters of the NFT Rewards audit fund in advance of this deadline, if this proposal is approved, JBDAO will distribute 3 million JBX (1.4% of JBDAO’s current JBX position) to donors who pay the project before Oct 17 16:00 UTC. 1 million JBX will be split evenly between wallets that donated within each of the >0.1 to < 1eth, >1eth to <10eth, and >10eth tiers. This incentivizes larger donors who will share the JBX incentive with fewer fellow tier members.

This experiment allows us to locate and solve roadblocks in the rollout of a JBP x C4A integration partnership. These are being actively documented and discussed in Discord. This project will simultaneously get NFT Rewards audited by C4A, the protocol devs' preferred auditing solution of late, AND contribute to a genuine experiment that pushes partnership discussions forward and identifies and creates solutions to problems along the way. For instance, DrGorilla is writing an allocator, which will allow any JB Project to do payouts in DAI, because C4A requires that contests be funded in stablecoins. Note: This particular feature may or may not ship in time for the NFT Rewards audit.

Specification

Pay $73.8k from JBDAO v1 to 0x6052faf32b26edbbcfadb5527654e458fe7c0e35 (v2/256 project payer that does not mint tokens)

Send 3 million JBX from the multisig to safe.auditfund.eth. Nicholas, Jango, and the JB multisig will coordinate to make the tokens available to eligible addresses according to the donation tiers described above.

Rationale

This is a project payer address that points funds at @auditfund (v2 project 256) without minting any new tokens. This will allow the v1 JBDAO treasury to pay the v2 @auditfund.

Risks

Project 256 could be misconfigured and the redemption could somehow go not as planned. Partnership talks could also evaporate.

Timeline

Added to current cycle payouts on JBDAO v1 and v2.

Votes

loading