We’ve learned our lessons from the first team that we had that was working on Safex.
Every person who was involved was let go, or resigned (would be let go either way). We reformed the entire process how we go about coding and deploying said code. We have spent the past 9 months live testing, each and every feature.
Then, about the audits. We are working on a platform that not many Firms. No matter how long they have been around. It takes at least a couple of months to gain any familiarity with the environment we are in. Knowing this, we continued to pursue our new formation and strategy.
Not many cooks in the kitchen to cause stress and problems like the past team. The level of attention and seriousness is paramount from Igor, and myself. We have a large tester group that for months has illuminated small quirks and bugs and bigger potential issues.
We have also build tests around each and every feature in full. We have core tests (scenarios) and we have unit tests (the values qualify).
We have spent countless hundreds of hours this year formulating and protecting against everything that can go wrong on the system itself.
So we have done the equivalent of auditing. That is why we have been ongoing and ongoing even after the live testing, and even though the living testing is working well. We continued to formulate any issue we can want to imagine.
So you want to find a firm to audit. OK. so please find qualified cryptonote auditor and to provide a reasonable price. Also, if it is not acceptable to you our approach, then please obtain this inspection, or at least ask the community to support your initiative and to make a transparent contract that people can fund.
Also, keep in mind that just because you did this, then it can still be dubious. It is a lazy approach, to think that some non specialist will suddenly be your foundation for your software being sound. it is naive.
Here is a proof of two auditing firms, and still a hacking. Defense comes from inside the group first and foremost. The past teams were not with it well enough, there were too many gaps and the team did not communicate or perform. Literally, while I found a replacement, this team was idling and eventually was dropped when we confirmed we have a dedicated and competent contributor: Igor.
Nonetheless, I did contact several monero community developers, none of whom responded to my request to join our team. Igor and I spent 3 months 1 on 1 together and then each week at least 2 days 3 hours duration minimum on the phone sorting through the whole production, with my intense skepticism which were replied with proofs in the source code of safexcore.
We have developer documentation, and a more valued project will attract those developers that we need to take things to new levels. If you decide it’s not worth the risk after all of this measures we already did, then it is your choice, but no one progressed without moving forward. If we just throw in the towel, we will Never get any new talent, we will never move ahead. If we launch, then we will be visited with attention that should lead to expanded teams.
This is also why we kept things very simple, we want the voting system, but it is more complexity, we want auctions, but it is more complexity, we want escrow but again it is more complexity. So we kept things direct, deliverable, fully covered and documented, launchable, and usable.
If that is still unacceptable to you, or anyone else for that matter, then it is up to you to verify further on your own to organize that, or provide us with funds to do even more checking than we already extensively have done, and all of that checking is straight up in the tests https://github.com/safex/safexcore/tree/develop/tests
Note this is on the
develop branch in the safexcore repository.