[SOLUTION] Please describe your proposed solution.

We will likely proceed with a similar audit as we conducted with CertiK in 2022 with the appropriate outsourcing contracting team.

There are multiple parts of our architecture that will be reviewed under this audit that include:

1. Objective of the audit:
2. Scope:
3. on-chain oracle contract audit
4. off-chain node software audit
5. off-chain charli3 back-end audit
6. Security review
7. Alert and Monitoring system review
8. Audit Details:
9. We will contract a team (TBD) of equal or better quality than CertiK to conduct a full scale end-to-end review of our architecture
10. A focus on providing a public transparent report on our node software, handling of data by our node networks, and the on-chain consensus algorithm that filters data being put on-chain (e.g. identifying outliers and ensuring bad node actors do not influence data)
11. Methodology:
12. A line-by-line code review
13. Thorough testing with public results
14. Corrections addressed to pass the audit
15. Timeline of the audit is 8 weeks
16. Outcome:
17. Certified audit by a reputable organization
18. Detailed public report similar to https://skynet.certik.com/projects/charli3

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

In summary:

1. Increased trust in Charli3 price feeds will lead to more adoption and better protocols
2. Assurances that Charli3 architecture and node networks are robust will provide increased trust in our current customer’s protocols
3. Audits can identify enhancements for the future to better improve our solution
4. As one of the older solutions in ecosystem, we demonstrate to others the high standard in the Cardano ecosystem to continually get audits
5. Protocols will use better data feeds

Protocols relying on centralized or in-house solutions are taking potentially greater risks than if they used decentralized oracle data from Charli3.

Data sources go down, APIs update without notice, and in-house logic breaks without a dedicated team and monitoring solution focused 100% on ensuring up time.

Our flagship 2nd generation architecture mainnet feed (ADA/USD) has been up for over 12 months with 99.99999% uptime. Despite that track record, communities in Cardano want external independent validation that our feeds are supplied on a strong architectural foundation.

Charli3 is ready to launch our updated architecture and significantly expand our community free price feed offerings (planning on 30-50 new feeds in Q1 2024).

We want the community to trust our price feeds and an additional audit, similar to the CertiK one we completed in 2022, will gain the confidence and trust of the community to depend on our feeds.

The positive outcome will be more protocols using more secure data feeds and ensuring their users are best protected from bad, missing, or manipulated data.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Charli3 knows how audits go from our experience with CertiK. We also have good relationships with many top audit teams in the community.

Once we select the right partner for this audit we will update this proposal.

The caliber and track record of the team we pick will lend trust to voters that the audit will be serve its purpose.

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

Set by auditing team, but likely a full end-to-end review of each part of our solution with a report on security issues, passed code, fixes required to pass, and etc.

Resolving any issues raised during the audit by our team

Zero issues remain

Auditing company passes Charli3 and provides a public transparent report on their findings

[RESOURCES] Who is in the project team and what are their roles?

Robert Hever and Damon Zwarich Co-founders of Charli3

Auditing team - TBD

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

A full scale end-to-end audit costs anywhere between USD$80-250k.

We are in the process of getting estimates and will select the appropriate team and update the proposal with their budget/timeline.

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Charli3 will be launching 30+ price feeds for free in Q1 2024.

An audit will provide the confidence and trust of builders to use those feeds, thus saving them thousands of dollars a month on data costs using other solutions – or even worse – if they do not use a dedicated solution like ours, they risk catastrophic data issues such as de-pegging in DeFi protocols or stale data missing deviations during times of volatility. As we move into the bull market that is potentially coming, this risk is greatly increased.

The Charli3 feeds do not pull data from 3-5 sources, but sometimes 10+ so a single price feed cycle contains 70+ API calls and 100s of “triangulations”. We hope an audit can help gain the confidence of the community to start using our service we spent 2+ years refining.