Audit of the most sensitive contracts

A security audit is already long overdue. Yes, there were talks but instead i’m seeing Dash bridge in place, and not something more important IMHO - news of the audit…

I’m sure the community can crowd fund this if that’s the main issue, right guys?

This needs TBD and become #1 priority.

A security incident would send this great project at least a year back in time…

8 Likes

I like your username :slight_smile:
The team may already have some plans but do you have any recommendations for auditing firms? Any idea on costs too? I’m curious but I imagine it’s quite expensive and the audit could be outdated within weeks as the team is constantly upgrading. However—I don’t know if they are upgrading all of their contracts. For example, the ETH smart contract holding all of the ETH related funds could be an isolated and higher at-risk contract to audit. (I’m just speculating). I trust the team with my funds but I have more in incognito than I’m willing to lose.

1 Like

The ETH contract is the minimum and the right place to start, and it must be a top priority as I said. The team already mentioned some auditors that are suitable, just that… Time passed and nothing sealed. We all wanna see the ball rolling in this regard.

2 Likes

They are working on it , the past week we made a zoom call with Certik so we have another option. Anyway i’m also curious if they agreed with one of those team or if they are still evaluating the different options on the table. @andrey

3 Likes

One more very important problem - the whole incognito app and many other parts rely on the incognito.org domain.

The incognito.org domain is registered at godaddy.
Godaddy support and security is crap and is known to get hijacked often like it happened for Guarda 3 weeks ago:

And this is not a singular isolated case.
Until the team redesigns the app to be less domain reliant, domain management should be switched to some entity more security oriented and less ran by pedos.

There are also other issues but… Let’s get these done first shall we?

Thank you for your attention.

7 Likes

Please, speak for yourself.

Hey guys, a quick update about it. We are moving forward with Coinspect. Those guys audited Zacash, Aragon, Bitcoin, WBTC, and other contracts. As you can see they are experienced with Eterheum and private networks.

@SecurityFirst regarding security for the application. We work to build in the house security team. They will be building firewalls and responsible for application security

Regarding domain, as I know @cusdt.eth suggested to mirror and make Tor friendly all pages including website, forum, and upcoming web pDEX.

9 Likes

Concerning this—I agree godaddy is the worst. We should pick anyone else as the registrar. I’d recommend someone outside of the US.

5 Likes

For me also it is SECURITY FIRST!

4 Likes

Thanks for seconding me @marko - this is the way.

1 Like

Glad to see the new year hasn’t changed Jamie’s shitty quality of customer service.

4 Likes

I am so glad to hear this Andrey. I have a large portion of my modest net worth on incognito and I recommend it to all my friends for small positions. The more incognito is audited the more I can shill PRV! A second auditing firm would be good to have as well soon.

Could we get incognito Dex on coinmarketcap soon? If we can post our numerous market pairs all over the place we will get a TONS of exposure from that. Its possibly the best marketing we can get in the short term.

2 Likes

You missed the memo on me leaving the team. Only the users with a grey badge next to their name are moderators or involved with the team in other ways.

Not representing anyone else than myself here. I am free to disagree with anyone and say so.

1 Like

Any news on the external audit front? I have been following the project for a while now and have gradually moved a very large portion of my holdings on to the app… I suddenly realize I can not find clear information regarding the security of my funds and I’m suddenly concerned…

Absolutely with you. I’d donate to that cause if needed… I cannot find clear information on the security of holding funds on incognito and that is concerning to me.

Coinspect did the first round of audit of the Ethereum bridge back in Feb, in March we’ve done fixes recomended by them and send the contracts back for second round. I think once they finish the second round, there will be more information to share.

3 Likes

Thanks for the reply.
I understand. It is still alarming that there is no information to share in all this time the topic is discussed… When do you think the information will be published? This has been streched sufficiently (:

I guess when they hear back from Coinspect?

You guess correct!
As you dont represent incognito any longer I won’t ask if you have a time estimation for that which is what I asked andrey…

To be fair, Andrey is no longer representing Incognito either. I guess you didn’t read all his posts.

If he had known a time frame I am sure he would have mentioned it.
They are working on it. Hyping things unnecessarily doesn’t make them move faster that is all.

2 Likes