[Proposal] Unlock MNDE from the treasury to finance security audits

Hello everyone,

Marinade recently upgraded its main liquid smart contract (see this article). The upgrade was audited beforehand by top auditors Neodyme, Sec3 and it is also currently being audited by Halborn.

Marinade put forward the deposits needed to begin the auditing process. Marinade will now have to cover the remaining costs as the audits were or will be completed.

What do you propose?

Receiving audits from the very best firms is expensive but is critical to the security of the protocol and absolute necessity when upgrading a contract holding so much SOL. The cost of audits should not be considered an “operational cost”, part of an existing marketing or operational budget, but a separate cost covered by the DAO treasury which stands to benefit from its success.

Since audit companies cannot share their pricing models in public, Marinade must operate with discretion regarding the payments.

For this reason, I’m suggesting a transfer of 2,000,000 MNDE to the Marinade Council, out of which the necessary amount to pay for the audits will be used. The rest of this budget will be earmarked for other potential security expenses or bug bounties. If any part of this budget ends up unused at the end of December 2024, it will be returned to the DAO treasury.

What is the rationale behind the proposal?

  • The smart contract upgrade was planned because it included significant improvements to security and performance and would have become necessary when the redelegate instruction became available. Given the large amount of funds in the smart contract and Marinade’s leading position on Solana TVL, it would be unthinkable to proceed to an upgrade without conducting comprehensive audits from leading firms on the upgrades.
  • Security audits are private deals with external companies whose details cannot be shared publicly. So the Marinade core contributors have to act as an intermediary between the DAO and them.
  • Nonetheless, the cost of re-auditing and upgrading the protocol’s security and performance (as well as maintaining it) should be taken on by the DAO itself through the DAO treasury.

What is the expected positive impact of this change?

  • Marinade can complete payment for three audits without depleting its operational budget or reducing the runway.

Any other considerations?

  • MNDE will partially cover the audit costs and will be distributed as MNDE and not sold into the market beforehand.
  • The audit deals included using a moving average price of MNDE over the audit duration, which prevented the Marinade DAO from having a precise number beforehand.