22 Eth awarded in contest helping ElasticDAO launch more securely
Code 432n4’s wolfpack teamed up with ElasticDAO to run a USD ~$40k code contest reviewing their smart contracts.
ElasticDAO is a governance solution inspired by Moloch, Aragon, PieDAO, and AAVE that aims to level the playing field and reduce early adopter advantages within DAOs. They aim to be “the first DAO where money does not buy influence, effort is equal to liquidity, and free riders are nowhere to be found.”
They’ve launched this past week. 🎉
As fans of ElasticDAO’s vision, the C4 team is honored to play a small role in helping them launch more securely.
C4 is an open organization comprised of security researchers, auditors, developers, and individuals with domain expertise in the area of smart contracts. In our contests, researchers review and analyze code in exchange for a bounty provided by sponsoring projects. You can read our intro post for more on our approach.
Congrats to the winners
The C4 contest pool is divided up among wardens based on their findings. The more bugs found and the greater the risk, the higher the total share of awards.
Our top three winners from this contest:
- 🥇 cmichel: 9.19 Eth (~$16,500 USD)
- 🥈 Team pocoTiempo: 5.12 Eth (~$9,200 USD)
- 🥉 pauliax: 4.15 Eth (~$7,400 USD)
Everyone who finds a vulnerability in a C4 contest gets a share of the pool. The minimum award this contest was ~$500 USD for one low-severity finding.
We’d like to thank everyone who participated as 🐺 wardens in this contest: Christoph Michel, Gerard Persoon, Janbro, Noah Citron, Paulius, s1m0, and the pocoTiempo team (Rajeev, Mariano Conti, and Maurelian).
Findings in ElasticDAO contest
We were thrilled by the quality, breadth, and depth of the review provided by our community.
In the ElasticDAO contest, wardens’ work produced dozens of findings, including several critical and high risk issues.
Contest judge Zak Cole reviewed and moderated the wardens’ submissions. ElasticDAO developers were informed of each issue and given the ability to respond to and resolve each item before publication of our report.
You can view the full report from this contest here.
What’s next?
The contest model began as an experiment, but as we’ve been wrapping up reports from our first couple of contests and planning a slew of new ones, it seems we’ve stumbled onto something that works.
Members of the C4 community have backgrounds in traditional security audit businesses and we’ve all seen the need for an emergent approach which matches the rapid pace and decentralized approach common to DeFi.
Given the demand we have seen for more contests, our team is working hard to create processes that allow us to scale up the number of contests we are able to run and increase our turnaround time.
We’re also working on a public leaderboard that will track warden findings and total winnings across all contests.
Want to participate in upcoming contests or sponsor a contest reviewing your smart contracts?
Just hop into Discord and say hi.
