Get up to 28.4% more AXN by buying from our Accelerator.

Should Axion V3 be audited?

Axion Development Team
24 July 2021
axion DAO voting user community vote

The purpose of this DAO vote is to determine whether Axion should initiate an Audit of the v3 code before launch, and how it should pay for it. The Axion v3 code is a complete rewrite of the entire Axion ecosystem, and is truly a technological achievement that makes Axion’s smart contracts leaps and bounds ahead of any other staking token on the market. Axion v3 will result in significantly reduced gas fees (thus cheaper transactions) for all of Axion’s primary functions like staking, withdrawing, upgrading, V1/V2 stake withdrawal, and auction bids, as well as unlock features such as NFT stake minting and future token upgradability. Axion v3 is the foundation upon which Axion’s future rests.

Axion policy is to always perform audits on its code, but members of the community have requested to not delay the launch of v3 and that an audit is not necessary. The Axion Team has decided to put this decision up to a vote to allow the community to decide.

With such an important code upgrade on the line, there are several factors for our community to take into account regarding the audit, including timing, cost, and effectiveness of the audit. This proposal is to determine firstly if an audit should be performed, and a follow-up vote will be held if a YES vote is approved to determine how to pay for it.

 Vote now complete

Key facts:

Auditing provider: Halborn

Auditing timeframe: September 6th start to Mid-October completion

Auditing cost: $75,000 minimum

Launch timeframe with audit: End of Q3 to Early Q4

Launch timeframe without audit: within 3 weeks of DAO vote approval 

Breakdown:

Auditing is a core component of Axion’s vision, to inspire consumer confidence in its smart contracts. Auditing is the process by which the entire codebase is analyzed to ensure there are no bugs, exploits, or threats to the code or the ecosystem present in the smart contract itself.

Axion performs two audit types: internal and external. 

Internal audits are conducted with thorough analysis on the code itself and comprise of significant testing on:

  1. Re-entrancy attacks
  2. Minting features
  3. V1 and V2 withdrawals
  4. Backward compatibility
  5. Exploit & threat evaluation
  6. Mathematical consistency
  7. Code coverage testing
  8. Line-by-line assessments
  9. Gas cost estimations
  10. And more

These tests are performed by the entire Axion development team, composed of 7 members. Each member of the team is responsible for the writing, implementation, and evaluation of the code itself. They conduct thorough and regular testing on a regular basis throughout the entire development cycle.

Right now, Axion v3 has 95% code coverage on the entirety of the code, and 100% coverage on any minting functions. 

External audits are conducted by a third-party auditing agency, which can perform independent evaluations on the entirety of the code. They go line-by-line through the contract and map out any obvious exploits or issues as a part of their series of checks. Auditing firms can vary in quality.  Some will merely check the code for operational consistency using automated programs. Others will map out the entire contract and do a deep dive to understand the economic model behind the smart contract in order to better understand what the code is meant to do, like the one Solidity performed for Axion. Having these audits generally increases consumer confidence in the deployment of the code, especially when financial investments are concerned.

Cost Analysis:

The reason for the $75,000 minimum cost is due to two factors: One is that Axion v3 contains both the new code, as well as the code that supports V2 and V1. All of this would need to be audited in order to ensure total code coverage. The second is that Halborn is a top-tier auditing company with a timeframe that meets the team’s ideal launch window. Cheaper auditing could be performed, but it would not include the level of helpful, thorough, and analytical code coverage that Axion would need for its audit. Previous auditing partners are either unavailable or not of sufficient quality.

Audit Payment & Timelines:

In order to afford this audit, the community would vote on the following options if a YES vote is secured:

  1. Axion Foundation could sell $75,000 in AXN from the dev fund. This will result in an immediate price decrease as the amount is converted to a stable coin. At current volumes, we estimate between 5-7% price decrease with this sell. The timeline for Axion V3 launch would be End of Q3 to early Q4.

  2. Axion could pay from the liquidity pool. But with the community-provided LP tokens locked until the end of September, the Axion Foundation cannot pay for the audit until those tokens are released, pushing out the timeframe of the audit and the launch of v3 to Q4 2021 / Q1 2022. There would be no direct impact on the price; however, future buys and sells would have a higher price impact.

  3. Axion could pay from the proceeds generated through the auctions. The community has voted to allocate the current auction ETH proceeds to the Marketing Budget for the rest of Q3, in order to bring in new investors, so the fundraising effort would need to start in Q4. If the auction budget is reallocated to pay for the audit, it would take approximately 2-3 months at the current price / volume to save up for the audit using auction proceeds alone. Therefore v3 could launch in Q2 2022

  4. There is over 30wBTC in the staking contract from unwithdrawn dividends. The community could vote to borrow against this fund and repay it with auction proceeds, as it is statistically unlikely that all 30 wBTC would be withdrawn over the next quarter. The timeline for Axion V3 launch would be End of Q3 to early Q4.

  5. Axion Foundation could attempt to borrow funds sourced from member(s) of the community who would be willing to collectively put up a loan that would be paid back by any of the above funding methods. The timeline for Axion V3 launch would be End of Q3 to early Q4.

  6. Or some combination therein, such as a multiple-way split between funding sources to mitigate the draining/usage of any one. 

Note that the Axion team does not want to ask the community to raise the $75k to pay for the audit. The team feels like this should be an expense that the Axion Foundation must cover.

Primary points against the audit:

  1. Auditing is expensive. Currently, Axion Foundation does not have a convenient method of paying the $75k minimum for the audit. Each option (outlined above) requires some sort of sacrifice of time, price, or both. That $75k could be spent on marketing, salaries, community events, new token pairings, etc.

  2. Auditing isn’t always effective. Understanding code is tough, but understanding someone else’s code is even harder. With all of V1, V2, and v3 to cover, the likelihood of something being missed by the auditing company is high. For example, the auditing firm that was contracted to audit the VCA code missed a critical part of the VCA operations that could allow numbers to become negative, simply because they didn’t understand the functions. So although they performed a comprehensive audit, things were still missed. In the above example, the code for the VCAs was rapidly fixed by the development team after launch, despite having fully audited code. Upgradeable contracts allow for rapid deployment of fixes in the event of an error, so even if v3 isn’t audited, any fixes could come quickly.

  3. Auditing cannot be performed quickly. Six weeks ago, Axion began the search for the next auditing partner to tackle v3. The team has reached out to the top auditing companies available, but due to the sheer number of auditing requests and backlog, the timeframe for auditing Axion v3 is in the months-to-year time window. No reputable auditing partner can perform a check on Axion v3 that would allow us to launch within the next 30 days.

  4. The contract must be locked during the auditing period. If any new features or modifications to the code needed to happen, they could not be added until after the auditing process, or else the audit is rendered invalid as the codebase would change. This means that any proposed changes to the ecosystem would have to wait until the audit was complete. It is possible that any new functionality or code added to the codebase after the audit would render the audit invalid in the eyes of the auditor. This is not ultimately a concern, as we have upgradable contracts, so it is inevitable that this will happen.

Primary points in favor of the audit:

  1. An audit provides greater investor confidence. Regardless of the effectiveness of the audit, having an audit performed by a top auditing firm like Halborn showcases Axion’s confidence in its own ecosystem. An audit also acknowledges the positive sentiment that would come from current and future investors to know that their investment was safe, secure, and independently verified.

  2. Auditing provides a stable foundation for future development. Any updates to the contract in the future - voted on through the DAO - will be done on a codebase that has been proven to be reliable and secure. This will give the community more confidence in future utility developed for Axion by its development team.

  3. Every audit has found vulnerabilities, bugs, or gas optimizations. All three of the previous audits found relatively major vulnerabilities in the contract code. Beyond searching for exploits or vectors of attack, there are bugs or small optimizations that are discovered in these audits that can help v3 become even more efficient and secure. Having more eyes on the code helps create more opportunities for optimizations beyond what our team has been able to discover.

  4. Axion’s code can now become proprietary. Before v3, Axion has worked with an open development process, allowing its codebase to be revealed to the world as a way to inspire investor confidence. But with the Halborn audit, the code can now become private, trusted only to Axion and its community representatives. Because this code is written entirely from the ground up for Axion, having it become proprietary will further solidify Axion as unique in its own right, preventing copycats and cheap knockoffs from threatening the ecosystem that the development team has worked so hard to build.

  5. Auditing sets a strong community precedent. By voting to confirm the audit despite the price, it proves that the whole community did their due diligence together to showcase to future investors that Axion’s own community values oversight and doing things the right way, even if it is inconvenient.

  6. In the event of an exploit that drains the liquidity, it is statistically unlikely that Axion would ever recover, even with another community fundraiser. Therefore it is risky to launch without a full audit. 

Comments from the team:

The Axion team is in favor of an audit, even with a delay to the launch of v3.

The Vote:

The community needs to vote on whether or not the audit should take place, and how it should be paid. The first vote will determine whether or not an audit should occur. If the community votes for an audit to take place, another vote will occur to determine how it should be paid. 

The two voting options are as follows:

  1. NO AUDIT
    You would like Axion v3 to launch without an audit once the team is confident in its deployment. Timeline for launch would be about 3 weeks.

  2. YES AUDIT
    You would like to hold off on launching v3 until an audit takes place. You will be ready to participate in a follow-up DAO vote to determine how the audit should be paid. The timeline for launch is between Q4 2021 and Q2 2022 depending on the funding method.

 

Place your votes here:

 Vote now complete