Seldon’s dictionary defines Rekt as putting your money into a project run by either inexperienced or just plain dastardly developers, which then have the protocol either rugged or hacked so that you lose all your money.
This is obviously bad. So as part of the Pangolin team designing for V2 of the protocol, this is something that we take very seriously.
So let’s do a bit of a history lesson in the biggest hacks in cryptoland.
Of the 42 projects that make up the leaderboard 17 (40%) went unaudited for an average rekting (sic) of $15,307,529.41
Fairly obvious not getting audited seems like a rather bad idea in the world of DeFi.
Audits however are expensive. Not only that, the best firms are often booked out 6 months in advance.
So how do proceed? We have a few options:
Not audit V2
Audit V2 with a second or third tier auditing firm
Audit V2 with the only security firm to not have been rekt
We’re proposing option 3. However option 3 is not cheap, it’s expensive. It’s going to cost alot of money to hire the best people in the world. However We’d argue, that since Pangolin currently has over $150 million in USD in TVL, anything less than 0.5% of that, represents an acceptable amount of money to ensure the highest probability of safety.
So, for argument sake, let’s say that everyone agrees that we should use the gold standard. The gold standard being Trail of Bits. How do we pay for their services:
Use the treasury funds
Use interest that we earn from the treasury funds
We’re proposing option 2. The community treasury currently has over 16 million PNG in it. We’re proposing that we take 1 million PNG and use that PNG to invest in BenQi and earn interest. We let the money earn interest until we need to pay for the audit when Trail of Bits becomes available and V2 is ready for review.
This, in my mind, serves the following benefits:
This will be our most expensive expense to date and we will be funding it with interest and not reducing our Treasury holdings
We will be diversifying our treasury
We will be supporting Avalanche native projects
We’d be very interested to hear your thoughts?