Tapir budget request #217
Comments
|
Are we paying people 12k a month for maintaining a spreadsheet and writing a simple 2 page doc? |
The main task is conducting internal security reviews of every contract that Yearn ships. Additionally, each V3 strategy that is reviewed will be included in the risk document. Assessing the risk according to criteria and justifying the scores with comments will be a relatively simple task, considering the hard work of creating the criteria is already done |
|
How many internal security reviews are you conducting per day/week? |
Good question, working 8 hours a day, full-time, as I have been doing for years under the hood of ySecurity. I appreciate the thorough questioning. I assumed that the people reviewing this budget would be the contributors who already know my contributions. However, I was wrong, as this is a public budget request for the YFI ecosystem. Please let me know if you have any other questions regarding this budget request! |
|
It would probably help build more confidence in this type of requests (especially after the last hack) if this sort of budget requests would be more data driven. If this sort of data is available to yBudget it's great as they are the ones that ultimately make the decision but it looks completely opaque from the outside and it shouldn't really be. |
I agree. I have been conducting security reviews of all Yearn-related code, from strategies to completely new products like yETH, Yearn Boosted Staker, factories, veYFI... There haven't been any hacks so far, which might be a good indicator of the quality of my work. You can also check the previous "Security Team Budget Request" to see the reviews that's done previously in given time period You can also check the strategies that are reviewed in both v2/v3 here: |
Disrespectful comment. we should be lucky to have him (many examples of this). |
Totally agree with @wavey0x. @tapired has been doing a great job making internal security reviews. And it is not only "maintaining a spreadsheet and writing a simple 2 page doc". |
I'm sorry wavey if it sounded disrespectful, that wasn't my intention. Again, I'm deeply sorry if it sounded harsh or anything like that, that wasn't my goal, but I would still like to see a more results/data driven approach to this type of budget requests. |
Scope
This budget request is to fund Tapir for the month of May for the work already done and the following 2 months, allowing Tapir to continue contributing to the activities outlined in the continuous activity plan.
Plan
Continuous activity:
About the Risk Assessment
I have already worked on and determined criteria for the risk scores, which you can find here.
I have also compiled all the V3 strategies into an Excel sheet.
From now on, for every strategy I review, I will assign scores according to the criteria and update the Excel sheet. Additionally, I am pairing up with Marco to craft a brand new UI for the Yearn Risk Assessment Dashboard, which is already 25% complete and should be ready for an MVP by next month.
About the future of ySecurity
Meanwhile, during this temporary BR, I am planning to recruit a new ySecurity group with clear goals and a roadmap. The ySecurity group will be responsible for all security-related aspects within Yearn, including security reviews of strategies, risk assessment, and maintenance. Additionally, we can explore the development of bots for monitoring external protocol contracts, including depegs, bad debt, and timelock transactions, similar to the SONNE timelock listener and the Pearl treasury’s DAI bot.
Furthermore, the new BR will specifically recognize Marco's contributions to the Yearn Risk Assessment Dashboard. Most likely, he will receive a one-time grant for the excellent work he has done in building it
Deadline
2024-07-31
People
tapir
Money
One time backpay for the work done in May, $12k DAI
Monthly $12k DAI for June and July
Amount (Total)
36000 DAI
Wallet address
0x80c9aC867b2D36B7e8D74646E074c460a008C0cb
Reporting
Monthly
The text was updated successfully, but these errors were encountered: