There is no organization that helps Polygon DeFi protocols follow the security steps to mitigate the avoidable, common mistakes that plague the rekt list. Too often we see keys lost, treasury drained, website cloned and updated code hacked. Pulling on over 2 years of experience of the DeFiSafety team we will build a Security Framework.
Using our aerospace safety experience our process will give protocols a clear set of actions for superior security. We map each threat, list mitigations, create alerts (on chain or off) and develop response plans. By using generic threat lists, the time we ask of the protocol team is minimized. We are used to working with devs and through DAO’s.
This grant is to kick off this process. Once started it can continuously improve, funded by the protocols it helps.
Stage 1: Improve generic framework docs, find two protocols (40k)
This phase will take 2 months
The Security Framework is based on a generic set of threats, each with a list of mitigations, alert strategies and response plans. This first phase will add to the existing list. We would welcome comments and suggestions from the Polygon technology team as we build. The generic security framework docs would be public.
In addition, we would ask the assistance of the Polygon Technology to find two protocols for the next stage.
Stage 2: Apply the Framework to 2 different protocols (60k)
The core of the framework involves helping protocols improve their security process. In stage 2 we apply the framework to the two protocols chosen in stage 1. We take the generic threat list and work with the team the filter to threats applicable to their application. Next, we talk about each mitigation and alert offering suggestions and actions. If the DeFiSafety team can implement the suggestion, we will. We always minimize the impact on the core teams time.
Upon completion, each protocol has a customized threat list with mitigations, alerts and response plans.
This would be the end of the grant process, but not the end for the protocols. DeFiSafety would offer regular reviews, implementing improvements and ensuring security stays current.