plowsof: Thank you! What do you mean by ACK'd? Did they say yes, "we are interested", etc.?

CypherStack ack'd receipt of the request - no further info. David Wong of zksecurity reached out and said "That sounds like interesting work" and requested an actual spec of the work to be carried out / budget (we do not have this yet) . certik ack'd receipt of the request. so i am waiting for David/Certiks next follow up - which i assume would involve a call of sorts / an actual spec of 'what we need exactly'

(full disclosure: i believe certik where accused/found to have missed something in one of their audits. but at this stage a pricing / timeline quote is still important bsc.news/post/certiks-audit-miss-2-…esult-in-over-2m-rug-pull-on-zksync)

Writing a security proof is different from auditing smart contract code. I hope they do the former better than the latter.

What happens if we contract someone to write the security proof and they try but cannot develop the proof?

Doesn't necessarily mean that a proof doesn't exist. Just means that the contractor couldn't find one.

Writing the proof isn't the last line of defense. Reviewing the proof for correctness is a last line of defense. Then auditing the code that implements the protocol is another last line of defense. Both the proof and the code have to be correct to prevent fatal problems.

<plowsof11> "(full disclosure: i believe..." <- people have been posting pictures of the titan submarine with "certified by certik" on it. This company seems to have a bad rep and hiring them might have the opposite of the intended effect.

would any of the outfits used for the randomx audits be useful here?

I think the one guy, JP Aumasson, who was at one of those companies but has moved on, would be qualified

others may be too

i await JP's ACK