Fund a Code4rena Audit of the Buyback Delegate
author: filipv
date: 2023-04-04
Synopsis
Allocate $35k worth of ETH to sponsor a Code4rena audit of the Buyback Delegate contract. The Buyback Delegate will route incoming payments to JuiceboxDAO's project to a Uniswap liquidity pool if doing so would result in the payer receiving more JBX than they would receive from by paying the project. Both payers and reserved rate recipients will benefit from better-priced JBX tokens.
This proposal will not ratify the deployment or usage of the Buyback Delegate – only an audit of the smart contract.
Motivation
An audit will help improve the security, efficiency, and reliability of the Buyback Delegate – JuiceboxDAO's previous Code4rena audits have been effective.
Specification
Within the next two months:
- Multisig to swap ETH from its balance for 35,000 USDC.
- Multisig to send USDC to an address provided by Code4rena.
Rationale
The multisig holds 160.04182 ETH, making it easier to use that ETH instead of pulling ETH from one of the DAO's projects.
Risks
- Audits are not guaranteed to mitigate all risks, and this audit has a comparatively modest budget.
- Token slippage – if ETH's price goes down relative to the price of USD before the multisig is able to swap ETH for USDC, the audit will be more expensive in real terms.
- The DAO may decide not to use the Buyback Delegate, which would mean the contract would only be useful for other Juicebox projects. No other projects have expressed interest in using the Buyback Delegate so far.
Timeline
To be executed within two month's of this proposal's ratification on Snapshot. The Code4rena audit is slated to start on May 15, 2023 at 20:00 UTC and to end on May 18, 2023 at 20:00 UTC.