The following article is an update from Robert Genito, Founder of Genius – original article appearing on Medium.com/@Robertgenito
I wanted to share something one of the users in our amazing community brought up the other day as far as auditing in the crypto space. The following is from Dimas (thank you) — leaving out your full username for privacy:
In reality, an independent [code auditor] researcher dedicated to auditing the contract might find a lot more issues with the code than a 3rd party firm even if it’s dedicated to [security crypto] audits. The 3rd party has a limited time to dedicate to review and often has to switch contexts between several projects and several languages, often relying on static scanners to find low hanging fruit to get them started.
Often, audits are also done with less than optimal communication with the dev team to understand the intangibles or really dive deep into use case. It is really good that an independent auditor worth their salt is engaged. In addition to probably finding deeper issues along the way this person can assist the team in running interference between the devs and the external audit team if necessary to convey salient points to focus on to review.
This has been our experience entirely and we’re extremely grateful for the talent and insight the auditor we’re currently consulting with has brought to the table. One of the biggest factors that is mentioned above is simply — depth. Even the best paid 3rd party companies often don’t have the time, desire, or ability to dive into a project completely to learn all of the nuances of the contract and the tokenomics, that — in reality — it is only through this form of intimacy that one can truly conceptualize the entire framework of what is being developed and “hack” at that to be able to break it — and expose the security flaws that may be present in such a scenario.
It’s been my personal experience, that often some of the worst entities to engage with, are those “purported experts.” Take drs., lawyers, marketing agencies, etc. one thing people seem to neglect is that these entities are companies and have a few major obstacles to integrating with 3rd party businesses (IE their clients). Why are they lacking at the very thing they’re supposed to be selling, developing, assisting with, etc? For a few reasons, but it comes down to an alignment of incentives:
Profit — profit comes first and foremost (and for good reason, but this isn’t always the best way to do things from a “client” perspective — take Apple for example who has successfully run its own in house ad agency for many years now).
Culture — Communication and culture is different between your company, project, product, and that of the company.
Operations — as tools, languages, and the digital world becomes increasingly complex, the ability to stay at the forefront is exceedingly difficult. A company generally has too much getting in the way — culture, management, internal fights, marketing, client acquisition, client steering, top down or bottom up tech decisions that make no sense for 3rd parties, etc. etc. — all of which have virtually nothing to do with the underlying technology.
All of the above come together in order to prevent progress and innovation.
Now with all of this said, there is a place and time for 3rd parties (as I previously stated in my article on audits) and I’m excited to announce we’ll actually be making an announcement soon that audits are under way with one of the top Crypto Security Auditors in the industry. They’ve been extremely professional and I’m excited to be engaging with them — as is the rest of the team — and we believe we’ll be able to get everything finalized and audited in advance of the launch of the contract on 9/9. But wait… there’s more…
I’ll also be making an announcement that we’re actually doing a 2nd audit with another one of the top 5 in the space for the very same thing. My goal with this is to be one of the most reviewed, audited and trusted contracts/projects in the space.