Who will do the code audit?

Hi all. Long term Safex holder here. I just wanted to stop by and ask what company will be doing the code audit on safex once it’s finished. If you’re familiar with software, it’s known as very good practice to have all your code audited by a reputable auditing company that checks it over for bugs and general mistakes. They catch a lot and can be a huge help because security holes and critical bugs (like exploits) will be eliminated. This does of course cost money, but it adds a big credential to your project when you can say it’s been audited by one of these reputable auditors.

So I was just wondering which one Safex will be using, and when you think it’ll be done. Sorry if this question has already been answered, or if it’s common knowledge around here. I don’t get by that often, I tend to just hold and wait.

1 Like

We’ve learned our lessons from the first team that we had that was working on Safex.

Every person who was involved was let go, or resigned (would be let go either way). We reformed the entire process how we go about coding and deploying said code. We have spent the past 9 months live testing, each and every feature.

Then, about the audits. We are working on a platform that not many Firms. No matter how long they have been around. It takes at least a couple of months to gain any familiarity with the environment we are in. Knowing this, we continued to pursue our new formation and strategy.

Not many cooks in the kitchen to cause stress and problems like the past team. The level of attention and seriousness is paramount from Igor, and myself. We have a large tester group that for months has illuminated small quirks and bugs and bigger potential issues.

We have also build tests around each and every feature in full. We have core tests (scenarios) and we have unit tests (the values qualify).

We have spent countless hundreds of hours this year formulating and protecting against everything that can go wrong on the system itself.

So we have done the equivalent of auditing. That is why we have been ongoing and ongoing even after the live testing, and even though the living testing is working well. We continued to formulate any issue we can want to imagine.

So you want to find a firm to audit. OK. so please find qualified cryptonote auditor and to provide a reasonable price. Also, if it is not acceptable to you our approach, then please obtain this inspection, or at least ask the community to support your initiative and to make a transparent contract that people can fund.

Also, keep in mind that just because you did this, then it can still be dubious. It is a lazy approach, to think that some non specialist will suddenly be your foundation for your software being sound. it is naive.

Here is a proof of two auditing firms, and still a hacking. Defense comes from inside the group first and foremost. The past teams were not with it well enough, there were too many gaps and the team did not communicate or perform. Literally, while I found a replacement, this team was idling and eventually was dropped when we confirmed we have a dedicated and competent contributor: Igor.

Nonetheless, I did contact several monero community developers, none of whom responded to my request to join our team. Igor and I spent 3 months 1 on 1 together and then each week at least 2 days 3 hours duration minimum on the phone sorting through the whole production, with my intense skepticism which were replied with proofs in the source code of safexcore.

We have developer documentation, and a more valued project will attract those developers that we need to take things to new levels. If you decide it’s not worth the risk after all of this measures we already did, then it is your choice, but no one progressed without moving forward. If we just throw in the towel, we will Never get any new talent, we will never move ahead. If we launch, then we will be visited with attention that should lead to expanded teams.

This is also why we kept things very simple, we want the voting system, but it is more complexity, we want auctions, but it is more complexity, we want escrow but again it is more complexity. So we kept things direct, deliverable, fully covered and documented, launchable, and usable.

If that is still unacceptable to you, or anyone else for that matter, then it is up to you to verify further on your own to organize that, or provide us with funds to do even more checking than we already extensively have done, and all of that checking is straight up in the tests https://github.com/safex/safexcore/tree/develop/tests

Note this is on the develop branch in the safexcore repository.

4 Likes

btw: I also respect and appreciate your question to be able to give you a summary after several months of consideration of the matter and picking the best possible path that we can stand by.

4 Likes

Thanks for the reply! I assume you will be adding the voting, escrow and auctions at a later time?

1 Like

do you realize that it’s moon soon for safex ?
Daniel is crystal clear and explained everything perfectly.
We are so fortunate that the marketplace was tested by passionated people , people on the same mission who understand the project and safex has become a part of their life.People who want to become rich and to open new horizons .Do you think an audit would have done a better job…
Voting, escrow, auctions, verified accounts, refund, integrated shipping, multilanguage
wallet, rating %,adverts,NFTs, donation option, advanced vendor account, wanted items page will all come in the next versions , how soon will depend on how attractive safex will become, to accomplish that we all must contribute anyway we can even if we are not developers by mining,promoting,hodl,buying and selling products on the marketplace.

3 Likes

That’s 100% right, with 1.0 (4.0) mainnet live and the new year coming up, we should analyze our environment, consider pooling resources to hire a few more developers, and continue to expand the offering and improve user experience.

That’s exactly right, there is a lot for us on the horizon that the protocol is designed to accommodate. We just need to type it out to the end.

2 Likes