A platform to match people and groups who need and who perform security audits for smart contracts along with an insurance to cover potential risks.


This project aims to improve the quality of smart contracts that are deployed to the network by making security reviews accessible to projects of all sizes and providing insurance for the residual risk. For future reviewers it solves the problem of bootstrapping allowing them to build their reputation and access higher value projects. This is enabled by carefully aligning the incentives of the actors on the platform. The system consists of following components: Staking: Each party needs to add a stake to ensure they are invested in having their contract reviewed or reviewing a contract and are acting in good faith. Auction: The auction is designed to give bidders an incentive to bid their true value. Over time, this will help determine the fair price for a review in the market. Reputation: Reviewers increase their reputation by performing reviews of contracts that hold over time. This reduces the barriers to performing more complex reviews and gaining access to higher value tasks. This introduces transparency into the reputation building process. Insurance: To account for the residual risk of an audit and adjusted for the risk preferences of the actors, an insurance pool adds additional coverage, and efficiencies by opening up the market further. A reviewer wishing to increase their reputation could contribute a higher proportion of their fee to cover for risks, to perform an audit at the next higher level. Interest: While the staking and insurance mechanisms ensure that the right amounts are reserved or released, the stakes and insurance pool yield interest and any surplus that is not tied through a prior interaction may be withdrawn at any time.

CoverETH showcase

How it's made

The core of the mechanism is set up as smart contracts which are written in Solidity and deployed on the Ropsten. It includes an auction mechanism, staking and a workflow to resolve disputes. The project requires users to add stakes to participate. This is performed by converting ETH to USDC. The stakes are then deployed on to Compound to earn interest. The events that are being triggered by the smart contracts are monitored by subgraph deployed on The Graph. The front-end queries are connected via this mechanism and presented back to the users via a web interface. The smart contract as well as the review reports are stored on IPFS, so are the logs from the subgraphs that are deployed are stored on IPFS.

Technologies used

IPFS/FilecoinSolidityCompound APIThe GraphUSDC