Security Audit Funding

108% Funded

The grin security audit funding campaign was completed on December 20th 2018. Thank you to all who generously donated!

UPDATE 2019-10-23: The report and findings have now been published: https://forum.grin.mw/t/grin-security-audit-2-results/6264

TL;DR Grin is nearing its final phases of development before the release of its cryptocurrency network (mainnet). To do so safely, the Grin codebase needs to undergo a security audit.

Status: Closed

Goal: 16 BTC

Raised: 17.28 BTC

Who?

On our end, the Grin Council (which handles all governance oversight) nominated 5 secretaries. Those 5 individuals generated a 3-of-5 bitcoin segwit multisig address under supervision of the council, to guarantee funds’ safety. Note that everyone in both the council and the secretary group are fully independent individuals, working in entirely different capacity in different parts of the world.

Why?

When Grin launches, it will likely be used to secure the equivalent of millions of dollars (or euros, yuans, yens, pesos, etc) on its chain within a few days or weeks. While the Grin development team has done everything it can to identify and fix possible major security failures, Grin is still a very young and unproven codebase.

To reduce risks and follow standard industry practices (at least in the security industry), the Grin team is requesting a general code audit by a professional firm. The cost of the audit is estimated to be around $100,000.

How?

Multiple firms have already been contacted and we will be undergoing a process of selection in the next few weeks. Once a firm is retained, we will strive to pay it directly from the fund (most firms accept bitcoin). Any excess will be used for the general maintenance of the Grin project.

We expect the audit to last one to two months, during which every new Grin development will undergo extreme scrutiny. Once the audit is finished and all discovered issues are either fixed or found to be minor, we will be ready to launch Grin’s main network.

More generally, the guidelines in the Grin security policy apply.