Is the DAO secure?

ATMTA has engaged leading cybersecurity firm Kudelski Security to audit the programs used by the DAO.

ATMTA, Inc. engaged Kudelski Security to perform a code review of the GATE Proxy Rewarder
and Snapshot programs. The assessment was conducted remotely by the Kudelski Security Team. Testing took place from June 20 - July 1, 2022, and focused on the following objectives:
  • Provide an assessment of ATMTA's overall security posture and any risks that were discovered within the environment during the engagement.
  • To provide a professional opinion on the maturity, adequacy, and efficiency of the security measures that are in place.
  • To identify potential issues and include improvement recommendations based on the result of tests.

During this review, Kudelski spent considerable time working with ATMTA developers to determine the correct and expected functionality, business logic, and content of the DAO program architecture to ensure that the code implementation and program design are free of issues or vulnerabilities. Following this discovery phase the teams worked through the following categories:

  • Authentication
  • Authorization and Access Control
  • Injection and Tampering
  • Configuration Issues
  • Logic Flaws
  • Cryptography

During the Secure Code Review, Kudelski discovered 1 finding that had a medium severity rating, as well as 1 finding that had a low severity rating and 4 informational findings. ATMTA has taken steps to mitigate these issues and is awaiting an updated report from Kudelski which will be made available to the public. None of these findings affected user funds.

Furthermore, the other DAO-related programs -- Tribeca's locked-voter and governor program, and Goki SmartWallet -- have passed audits by a third-party on behalf of Tribeca and are in the pipeline for additional audits by Kudelski. ATMTA continues to engage Kudelski to perform threat modeling on high risk entry points to all our Solana programs. 

No audit can possibly guarantee the safety or prove the correctness of imperative programming. Neither ATMTA nor Kudelski can make any guarantees that the programs used by the DAO are completely safe. There are risks inherent to the irreversible transactions of smart contracts, including those used by the DAO.

That said, ATMTA prioritizes security in the design of all our programs. User funds are stored in individual escrow accounts, and there are no functions that can withdraw funds from escrowed funds on behalf of the user that locked them. The rewards treasury itself will be actively managed to keep it as small as necessary to pay pending rewards plus that necessary for payouts a few days into the future. Administrative functions, such as program upgrade authority and treasury emergency withdrawal will eventually be migrated to multisig control as well, pending additional audits. ATMTA is also deploying our own versions of all third-party programs to ensure that we control the source code deployed to mainnet. 

Perhaps the best assurance to program readiness is the fact that the locked-voter program has already been in use on mainnet for several months. Over six million dollars in Solana project tokens are currently locked in the primary Tribeca program deployment, and other tens of millions reside in various other forks as we’re doing. Lastly, don’t forget that ATMTA will be deploying over $80m of team POLIS tokens to our own lockers, which we would not do without a very high confidence in the design and security of these programs.