Lets poach samczsun and plant the seed for an auditing academy

Damn, would love to join this, though I’m already struggling to catch up on all that’s going on in DeFi and feels like it would need more than just some of my spare time …

The idea is great as I believe knowledge sharing improves code readability, quality and further enhances the community! Professional auditing I believe will ultimately fall into the hands of the insurance companies, though that might come further down the line, but looking at how fast DeFi is changing, that might be just around the corner

Maybe yall can just come work for us and do it here?

We fund a dao of auditors, and then the vcVault gets a % of their profits for auditing code whenever they are good enough?.. This sounds interesting.

Really great idea and back it 100%. This will not stop smart contract bugs but it definitely reduces their potential for failure and it creates a nice bridge or stop-gap until a formal audit can be performed by an outside party.

Last point, I believe yAcademy may have a better sound to it than yAudit.

I would be interested in participating/contributing as well. I used to be a financial auditor before, but would have to get up to speed on Solidity. But I am familiar with basic key controls.

Yes!! Lets do this! Attracting top dev talent can lead to a lot of other great things. We should build it into a prestigious institution for young devs to inspire to be part of.

I like the direction here but find the reward structure lacking. I would possibly support paying someone with a proven reputation to audit contracts. Yearn will grow, proposals will be implemented, it’s in our interest they’re fault free. Aligning someone’s incentives with ours and having them audit sounds great. Paying them is a way to do it. I’m not opposed. Something like having them hold YFI or some otherwise “closely tied to the value of yearn protocol thing” during their stay with us sounds more sensible. That way it’s in their direct interest to keep the yearn protocol running .

I think:

Mentees that show merit begin to receive rewards.

Needs more discussion.

With the academy, I worry a couple of generations later there is no reason the auditors would still be good auditors necessarily. Hence I think we can do better with incentives. Example: devs receive rewards for successful strategies, unless, a quorum finds their implementation buggy, in which case a reward goes to whoever pointed out the issue. Devs are incentivized to submit fault free contracts, auditors are incentivized to find faults. An adversarial set up in a way where the two compete in a way that benefits all.

I’m a yearn rookie, my previous example is no doubt full of holes, it’s just to get the thinking going on how we could have an incentive structure that keeps rewarding valuable auditors and doesn’t risk auditors being our test for if other auditors are showing merit.

So cool to see a community self-govern like this !
Thanks for your efforts in creating the proposal .

wow. brilliant. this protocol is and should be considered the standard

I’d be happy to work with Yearn. Maybe a collaboration like the Free Software Foundation. I welcome the experts to define the sector standards with us.

But I’m committed to doing this as a charity. So if you folks are cool with me giving away under a copyleft license and offering scholarships to educate new devs and auditors we can definitely work something out.

Great idea for the non-profit I’m starting. While we won’t charge much if anything for our services directly, would a great source of donations to help us grow.

Hi guys,
Awesome idea. I would be interested. Please count me in …

@ToiletPaperCoin

Thank you everyone for the feedback, I think the response is overwhelmingly positive so we should start preparation for the next step:

• incentive structure
• poaching founding member(s)
• collaboration platform
• admin coordinator

Then we specify a budget, and put it out for YFI gov vote on-chain.

Get involved and help out with these points if you can!

@Dark

seems to hinge on if Samczsun would actually want to do this. If not maybe we can find someone else?

@MoonRocks

who needs cz? i would rather back one of the multisig holders or even a lot of the active community members who are proficient smart contract builders

Sam is already an active member of the community, but we want to attract him to commit full time. There are other star auditors in the community as well, they can join as founding members, whether now or later.

@CryptoCap

what incentives are there for someone to audit YFI’s code for free? Just the hope to work with us officially later?
How expensive would/could this be exactly?

This needs to be a lean operation. So initial cost will be Sam’s salary and the support admin + platform costs. As it grows and the number of permanent members grows, costs will increase, but it will also mean the Academy will be ready to offer services to the outside and make money. Therefore, yEarn should get its investment back fairly quickly, thereby becoming self-sufficient and even profitable.

@Fernjosh

how can we assure we maintain a solid track record of audits? And not have it affect the yEarn “brand”

That’s why this is a trial-by-fire situation: only the best are rewarded, and only the best of the best are offered permanent positions. We also need to align incentives through equity in the Academy sub-DAO.

@Beepidibop

I think our in-house audit team should refrain from advertising audits on our own code, since it looks weird PR-wise (e.g. “The only ones saying their code are good are yearn themselves.”)

@eze247

Self-audits aren’t a good idea even if they’re a different section or team

Yes the Academy must have autonomy and can’t be pressured into speeding up work. Again, good incentives and power structure will ensure this.

@1A1zP1eP5

I think something like this could be more attractive to the founding member if it’s set up as its project from the very beginning

@Dark

We fund a dao of auditors, and then the vcVault gets a % of their profits for auditing code whenever they are good enough?.. This sounds interesting.

@alextes

I like the direction here but find the reward structure lacking […] I think we can do better with incentives.

These are great points. Yes we need to align incentives, and having shares in the Academy sub-DAO is a great way to achieve that.

@cyotee

Have the education process be handled by a non-profit taking input for the community and sector experts.
I’d be happy to work with Yearn. Maybe a collaboration like the Free Software Foundation.

In principle this is great, and Gitcoin are also interested in something similar. However the org you’re describing may be a “pre-requisite” program that aspiring auditors go through before joining the Academy. Because remember: this is a trial-by-fire no-hand-holding Academy.

Great ideal， give me the YIP,I will vote for.

Below are my recommendations:

• incentive structure (base salary + x% of yAudit (or yAcademy) revenue/profits(?) which scales down by y% per year as it grows + personal satisfaction of having mentored the next gen of smart contract auditors)
• admin coordinator (happy to help with this, I’m on discord if needed)

Hello, I would like to become a mentee, I am an Engineer with software developement background limited experience with solidity, this concepts looks great as it will allow people like me to learn by doing with real life project.

How could I participate?

Efforts underway to structure this and put forward a plan… stay tuned.

Great, WIll stay around.

Thanks

That is fantastic news.

How does being bound by the charter of a non-profit prevent voter manipulation?

were you able to put together a plan? sorry if i missed it somewhere