[SOLUTION] Please describe your proposed solution.

While VESPR Wallet is founded on rigorous security standards, we aim to elevate user trust and assurance through a professional security audit and/or penetration test.

We plan to employ expert services with proficiency in mobile app security and the Flutter framework to conduct a comprehensive security audit and/or penetration test. This in-depth examination will identify and allow us to promptly address any hidden vulnerabilities or potential security breaches.

As a component of the Cardano ecosystem, we understand our role in shaping users' perception of Cardano. By fortifying users' confidence in our commitment to asset protection, we enhance not only VESPR Wallet but also the overall reputation of Cardano. This endeavor, in turn, will elevate Cardano's attractiveness and credibility, strengthening its position as a leading blockchain platform.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

Our proposed solution directly addresses the challenge by fortifying trust in the Cardano ecosystem. By undertaking a professional audit and/or penetration testing of VESPR Wallet, we aim to enhance user trust in the services built on Cardano, setting a high standard for security in the ecosystem.

Our solution's benefits to the Cardano ecosystem are multifaceted:

1. VESPR will be the first Cardano mobile wallet to undergo a security audit, providing verifiably safe access to the Cardano network on users' mobile devices – a critical factor for mass adoption.
2. It elevates user trust and confidence within the ecosystem by illustrating VESPR Wallet's commitment to strict security protocols, potentially leading to increased user engagement, volume, total value locked (TVL) in decentralized financial (DeFi) products in the Cardano ecosystem, delegation (decentralization), and adoption.
3. It positions Cardano as a robust, secure platform to attract new users, developers, and even businesses by proactively mitigating potential security risks.
4. It establishes a standard for other projects in the ecosystem to follow, urging the adoption of best security practices and protocols, ultimately strengthening Cardano's overall security posture.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

We are an agile team of three individuals equipped with both the technical expertise and operational prowess necessary to execute this project successfully and responsibly.

Our work with VESPR Wallet, not only speaks to our deep understanding of Cardano's architecture, but it also showcases our vested interest in preserving a positive reputation within the Cardano ecosystem. The success of the VESPR Wallet and the trust it has earned from its user base serve as evidence of our team's dedication and integrity.

Alex, our Lead Senior Architect, has significant experience in mobile app development and has led projects on security-critical mobile applications for leading financial institutions like American Express, Virgin Money, and Tesco Bank. His stringent emphasis on security and industry best practices guarantees a high standard of delivery in our projects.

Derek, our UI/UX Designer, Product Owner, and Social Media Manager, has been instrumental in shaping VESPR Wallet, manifesting not just his creative prowess in designing intuitive and engaging user interfaces, but also his strategic acumen in product management. Derek's diligent social media efforts have also been key in fostering a vibrant and supportive community around VESPR Wallet, underlining our commitment to ongoing engagement and responsiveness to our user base. As a result, VESPR Wallet has become a notable success in the Cardano ecosystem and serves as both a testament to Derek's skills and a validation of our team's overall competence and commitment.

On the operational front, we’re very fortunate to have Andy, who brings over a decade of leadership experience in business management, specializing in operational efficiency and financial goal attainment. He has a proven track record, most recently coordinating and spearheading the 2022 CNFT Con Afterparty in Las Vegas, successfully managing five different teams contributing to the event, and showcasing his adeptness at fund management and event organization. His expertise ensures diligent and transparent handling of funds as well as strategic business direction.

Our unique blend of technical knowledge, proven record in Cardano-based project execution, and solid business management make us highly capable of delivering this project.

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

We plan to adopt the Agile project management methodology, facilitated by bi-weekly meetings to assess progress and resolve issues. Our team will use Discord for continuous communication and Trello for task and deadline management. Regular updates will be provided to the community, enhancing transparency and accountability.

We anticipate the entire project to span approximately two to three months, commencing from the time of funding receipt. These estimates, however, do not factor in potential unforeseen challenges or delays.

<u>Milestone 1: Selection of Audit Firm </u>

Expected Duration: weeks

Expected Cost: $1,000

We will select the audit firm based on costs, industry reputation, and alignment with our project's needs.

Success Criteria: Finalize and contract an audit firm for the project.

><u>Milestone 2: Initiating Audit</u>

Expected Duration: 1-2 weeks

Expected Cost: $20,000

The initiation of the security audit and/or penetration test conducted by the chosen security firm.

Success Criteria: Paying the audit firm and initiating the audit process.

><u>Milestone 3: Initial Audit Report</u>

Expected Duration: 2-6 week

Expected Cost: $0 (included in audit costs)

Delivery of the audit report will detail any potential vulnerabilities or issues that need to be addressed by our team. We will regularly monitor and communicate with the firm to ensure the audit is progressing as planned.

Success Criteria: Receipt of a comprehensive audit report.

><u>Milestone 4: Issue Addressal</u>

Expected Duration: 3-4 weeks

Expected Cost: $8,000

Post-audit, we will address any vulnerabilities or issues highlighted in the audit report.

Success Criteria: Successful resolution of identified vulnerabilities and issues.

>Milestone 5: Validation of Fixes, Final Audit Report, & Marketing

Expected Duration: 2-4 weeks

Expected Cost: $1,000

The audit firm will validate the addressed issues, ensuring that all vulnerabilities have been effectively rectified.

Success Criteria: Obtain validation from the audit firm on the effective resolution of all identified issues.

>Only 5 main milestones.

[RESOURCES] Who is in the project team and what are their roles?

Our team is comprised of three members with a diverse set of skills that covers every aspect of this project:

Alex Dochioiu | Founder, CEO & Head of Development

Twitter: https://twitter.com/alex_vespr

LinkedIn: https://www.linkedin.com/in/alexandru-dochioiu

Alex Dochioiu, the founder and senior software architect of VESPR Wallet, oversees the project's technical aspects. Drawing on over six years of experience in developing safety-critical mobile applications for major financial institutions, Alex is responsible for the development of the Flutter SDK and its integration into VESPR Wallet. He ensures adherence to industry best practices and navigates any technical challenges we encounter.

Derek Delgado | Co-Founder, Head of UI/UX Design, Product & Marketing

Twitter: https://twitter.com/rokindo_

LinkedIn: https://www.linkedin.com/in/derek-d-662290105/

Derek Delgado, our co-founder, UI/UX designer, product owner, and social media manager, applies his keen eye for design and deep understanding of user experience to guide the wallet's visual and functional aspects. He manages the product lifecycle and works closely with Alex to align the product's design with its technical implementation. Moreover, he cultivates VESPR's online presence, fostering engagement, raising product awareness, and broadening our user base.

Andy Belichkov | Co-Founder, Head of Operations, Business Strategy & Human Resources

Twitter: https://twitter.com/andy_vespr

LinkedIn: https://www.linkedin.com/in/andybelichkov

Andy Belichkov, co-founder, is responsible for business operations, business strategy, and human resources. With a background in healthcare administration and extensive experience in operations, quality management, and data analysis, Andy oversees the project's management, coordinating between different roles and ensuring that we meet our milestones on schedule and within budget.

We are all active members of the Cardano community, regularly engaging in technical discussions on Discord and Telegram. We also have direct lines of communication with various technical experts in the Cardano ecosystem and out via our personal external networks.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

Our budget of $30,000 or roughly ~₳105,000 at the time of writing will be allocated across the following areas: security auditing, vulnerability resolution, project management, and community engagement. Here is the detailed breakdown:

Security Audit: 70,000₳ (~$20,000)

The majority of the funds will be allocated for the security audit. This includes penetration tests, code reviews, and vulnerability scanning. The estimate is based on the average quotes from several reputable security firms.

Vulnerability Resolution: 28,000₳ (~$8,000)

Following the security audit, these funds will be utilized to address any vulnerabilities or issues identified. Our experienced development team will rectify these vulnerabilities, ensuring our wallet's security and reliability.

Project Management, Administration, & Marketing: 7,000₳ (~$2,000)

This allocation will go towards the effective coordination and management of the project, ensuring that milestones are reached timely and efficient. We will also allocate some of these funds for marketing the successful audit.

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The majority of the budget is allocated towards professional security audit services. These specialized firms provide thorough evaluations of our application, pinpoint potential vulnerabilities, and thereby safeguard our users' assets and maintain the Cardano network's overall integrity. The costs associated with these services reflect industry standards and are based on quotes received from multiple reputable security audit firms.

Funds have also been designated for the development team to address any security flaws discovered during the audit.

Additionally, a small portion of our budget is set aside for project management, administration, marketing, and community engagement. This allocation ensures that project timelines are efficiently met, expectations are effectively managed, and consistent updates are provided to the community.

Our budget determination is rooted in industry standards, prior professional experience, and a detailed analysis of project requirements.