Pular para o conteúdo
Polkadot Ecosystem

Assurance Legion (PAL)

Committed to ensuring the security of the Polkadot network.
Site Github

Advancing security in the Polkadot space by making audits and formal verification methods more accessible to the ecosystem.

The Polkadot Assurance Legion (PAL) is an initiative by the Polkadot community aimed at improving the security of the Polkadot ecosystem by facilitating rigorous audits of parachain code. The initiative is designed to foster a safer and more secure environment for developers building on Polkadot, ultimately contributing to the ecosystem’s growth and long-term success.

What is the Polkadot Assurance Legion (PAL)?

The Polkadot Assurance Legion (PAL) is a security governance club that was established to increase the auditing capacity within the Polkadot ecosystem. By pooling resources and creating an effective system for supporting audits, PAL addresses key concerns regarding security and trust in the ecosystem. Through a bounty system, the initiative enables Polkadot parachains to undergo comprehensive audits of their code, specifically focusing on Rust-based Substrate pallets and ink! smart contracts.

The Core Objectives of PAL

  1. Enhanced Security: The primary goal of PAL is to improve the security of the Polkadot network by facilitating audits that uncover vulnerabilities in the codebase of parachains. With increasing concerns over vulnerabilities in decentralized applications (dApps), regular and in-depth audits are essential to mitigate the risk of exploits and attacks.
  2. Building a Pool of High-Quality Auditors: By providing funding for audits, PAL aims to establish and nurture a pool of expert auditors proficient in Rust, Substrate, and ink!. These specialized auditors will become a valuable resource, helping to reduce the overall cost of audits and increasing accessibility for all Polkadot parachains.
  3. Facilitating Access to Audits: Audits are critical for parachain teams to ensure the security and reliability of their products. However, the barriers to obtaining audits can be high, mainly due to limited availability of auditors and the complexity of Polkadot-specific technologies. PAL addresses this by creating a pathway for more parachains to access high-quality audits through a funding mechanism that reduces the financial burden.

Scope of the Polkadot Assurance Legion

Funding Mechanism

PAL’s funding is provided through a bounty system in which a pool of funds is used to subsidize the cost of audits. The initiative offers up to 80% of the cost of an audit, with a maximum cap of 18,000 DOT per audit, which can cover Substrate pallets and ink! smart contracts. The remaining costs must be covered by the applicant parachain.

PAL is designed to help 30 parachains in at least 3 audit seasons. Each audit season will feature audits of at least 12 distinct parachains, with one auditor per audit. The audits focus specifically on code critical to the functioning of parachains, excluding frontend, browser extensions, and other non-core components.

Eligibility Criteria

To participate in the Polkadot Assurance Bounty, parachains must meet certain eligibility requirements:

  • The parachain must be active on the Polkadot network.
  • The parachain must have open-source code that is production-ready and frozen for further development during the audit process.
  • The code must be related to Substrate pallets or ink! smart contracts.
  • The Polkadot Assurance Fund will cover up to 80% of the audit cost, with the parachain responsible for covering the remainder.

Prioritization of Applicants

Priority for receiving audit funding will be based on several criteria:

  • The number of active wallets on the parachain.
  • The total value locked (TVL) or other quantifiable measures of interest and usage.
  • The number of open bi-directional HRMP/XCM channels the parachain has established.
  • The number of audits the parachain has completed in the past.

This ensures that the funds are directed towards parachains with the highest potential impact, further increasing the overall security of the network.

The Role of the Bounty Curators

A team of 7 bounty curators, all experts in Polkadot security and development, oversees the Polkadot Assurance Legion’s operations. These curators are responsible for managing the audit process, selecting the parachains to receive funding, and maintaining relationships with auditors. They will also ensure that audit reports are publicly available and provide summaries of audit findings to enhance transparency.

The Curators’ Key Responsibilities Include:

  • Coordinating the bounty system and managing the pool of funds.
  • Maintaining partnerships with auditors to ensure availability and capacity.
  • Ensuring that audits are performed according to agreed-upon standards and timelines.
  • Preparing and publishing reports on the progress and results of audits.

Confirmed Auditing Partners

PAL works with a pool of auditing partners specialized in performing audits for Polkadot-based parachains. These firms bring expertise in Substrate and ink! smart contracts, making them crucial in the success of this initiative. Some of the confirmed auditing partners include:

  • Runtime Verification
  • SRLabs
  • Quarkslab
  • Oak Security
  • Code4rena (which organizes crowdsourced audit competitions)

The Importance of External Audits in Blockchain Security

In blockchain ecosystems, particularly one as advanced and complex as Polkadot, the need for external, unbiased audits is paramount. External audits not only identify vulnerabilities but also ensure that the code adheres to best practices and security standards. By providing funding for these audits, PAL allows parachains to improve their code quality and security without the financial strain often associated with these services.

PAL’s Long-Term Impact on the Polkadot Ecosystem

The Polkadot Assurance Legion is expected to bring several long-term benefits to the Polkadot ecosystem:

  1. Improved Ecosystem Security: By making audits more accessible, the initiative reduces the likelihood of vulnerabilities that could lead to exploits or security breaches. This makes the Polkadot network a safer environment for users and developers.
  2. Lower Costs for Audits: As more audits are conducted through the bounty system, economies of scale will lower the cost of audits across the ecosystem, making them more accessible to a broader range of parachains, including smaller and newer projects.
  3. Growing the Pool of Auditors: The initiative will help cultivate a specialized pool of auditors with expertise in Polkadot-specific technologies like Substrate and ink!, which is crucial for the continued growth and security of the ecosystem.
  4. Setting the Foundation for Future Security Measures: This initiative is just the beginning. As the Polkadot Assurance Legion matures, it will play a role in the introduction of formal methods for verifying parachain security, economic audits, and the development of new security tools.

Conclusion

The Polkadot Assurance Legion (PAL) is a vital initiative that addresses the critical need for improved security in the Polkadot ecosystem. By funding audits for parachains, building a specialized pool of auditors, and promoting transparency, PAL significantly enhances the overall security and reliability of the Polkadot network. As the ecosystem continues to grow, initiatives like PAL are essential in ensuring the integrity and trustworthiness of the projects built on Polkadot.

For more information about the Polkadot Assurance Legion and to apply for audit funding, visit the official Polkadot Assurance Legion website.

Useful links

  • Polkadot Communities

    Join one of the different communities in the Polkadot ecosystem and start your journey.

    Polkadot Communities

  • Help build this Portal

    Help us build this portal by contributing to the codebase or by suggesting improvements.

    Github Repository