Threshold
Saxemberg has voted NAY on the Polkadot referendum 1715 DotFuzz - Hardening Polkadot through TryState invariants and CI-fuzzing. Notes: Funding through the PAL bounty could be sought. Polkadot-sdk audits specially independent ones, should have fellowship/core team approval and/or be heavily requested by 'em.
This referendum is eligible for vote overrule:
https://voting.opensquare.io/space/the-sax-guild/proposal/QmUzndbMoKpXg1irsBLJRTbQPg72i9rScyAA9rQBVT6B8b
This proposal should've been submitted under Medium Spender. As far as I know, Asset Hub currently assumes DOT @ 10 USD. That aside, it would be good to hear expert opinion on this from the fellowship, PAL, Gossamer, Quadrivium, and protocol developers, it's not easy if even possible for the community to make a decision without it.
kukabi | Helikon
Dear Proposer,
Thank you for your proposal. Our first vote on this proposal is ABSTAIN.
The Big Spender track requires 60% quorum according to our voting policy v0.2, and any referendum in which the majority of members vote abstain receives an abstain vote. This proposal has received zero aye and zero nay votes from eight available members, with five members abstaining. Below is a summary of our members' comments:
Members expressed interest in the proposal while emphasizing the need for more expert input before a full evaluation could be made. They questioned whether the proposed methods—embedding TryState invariants and establishing a fuzzing framework—would be effective, noting that additional feedback from core developers and various experts was necessary. One comment suggested that the proposal should have been submitted under a different spending category due to asset assumptions and budget considerations, while others underscored the importance of opinions from protocol developers. Overall, they conveyed a cautious approach, preferring to wait for more comprehensive evaluations from technical stakeholders before proceeding further.
The full discussion can be found in our internal voting.
Please feel free to contact us through the links below for further discussion.
Kind regards,
Permanence DAO
Decentralized Voices Cohort IV Delegate
📅 Book Office Hours
💬 Public Telegram
🌐️ Web
🐦 Twitter
🗳️ Delegate
TruthDAO voted NAY.
The proposal states: “During the 6-month effort, we will collaborate closely with Polkadot’s core developers and ecosystem stakeholders, with whom this proposal is closely aligned.”
On this point, the team needs to clarify which core developers and ecosystem stakeholders they are working closely with. Since this concerns the security of the Polkadot SDK, confirmation from key actors such as Parity or the Fellowship is essential.
Regarding the budget, there is no further explanation of why nearly $500k is required, nor a clear indication of how many people will be involved in development. Without this information, it is difficult to assess whether the requested amount is reasonable.
See more feedback here.
📖Truth DAO Governance Statement
💭 Email: open@truthdao.cn, Telegram
🗳️ Delegate
Le Nexus considers this to be within the scope of the PAL(Polkadot Assurance Legion) Bounty and therefore is not supporting the treasury to fund it as an individual proposal.
Le Nexus invites you to join our DV Office English channel on Discord to engage in conversation about OpenGov proposals.
https://discord.gg/NBtk4dam
Threshold
Why is fuzzing Polkadot-sdk a priority when the latest biggest vulnerability in the polkadot ecosystem in terms of value abstraction was a governance attack on a parachain. Not a lot of the biggest value transfers security bugs in web3 has been found using fuzzing(None of the latest 15 defi vulnerabilities where found with fuzzing), according to https://rekt.news/ , shouldnt it be a higher priority to focus on static code analysis instead?