Ackee < > Neon - Governance audit

Recorded: Oct. 27, 2022 Duration: 0:26:37

Player

Snippets

Hey guys, we're just starting out. Please wait. Thank you.
Hey Joseph nice to meet you. We're just starting up. Uh, yep. Please wait guys.
Hey guys, we're just waiting for the speakers. Please hold on a couple minutes till everybody turns up and then we'll begin.
Okay, I see we have our last guest and the audience, we just bring him up to speak and then we'll begin.
Okay, everyone's up. Thank you for joining us here today guys. We're here with another AMA. Today we're here with Aki Blockchain, an auditing firm. Let's start off with the Aki Blockchain guys. Could you please introduce yourselves?
[Clapping]
Aki, guys, would you like to introduce yourselves and then Neon team guys? Sure, let me start. Hey guys, thanks for having me. I'm Thomas and in a key blockchain, I'm responsible for all projects and internal processes.
Hi guys, thanks for having us as well. I'm Joseph, I'm CEO of AT Block Chain and now I'm behind AT Block Chain Twitter account.
Also, we have developers and our head of partnership at Neon on the speakers panel. Could you guys introduce yourself?
Hey guys, my name is Niki and I'm responsible for partnerships at NeonLabs, so please do me an interview and super happy to be here. Looking forward to the great discussion. Thank you.
Hello everyone, I'm Mikhail and I'm an engineer in new labs. I was involved in governance development process and auditing process, so I'm here. Thank you guys.
Hello guys, my name is Semiron, I am head of development and new on loves. I am glad to join you today and providing some information about all this on new on e-vm.
Awesome, thanks for the introduction guys. My name is Z, I do socials at neon. Let's kick it off. I've got a few blocks in. Could you please tell us a bit about Larry yourself and yeah,
What you guys do? Thanks. So we are an auditing company. We are a lot of a small team. We are auditing EVM Chains and Solana. And that's maybe the reason why we are also auditing in the UN and we are very happy to be happy to you guys with security.
Nice. Thank you. Thank you very much. So, guys, would you please introduce Neon? What is it and how does it work?
I'm sure that some of you know
Let's develop our basic utilize all of the familiar children built seamlessly on Solana and during
and or a lot of great advantages to developers, we're given its GPS and speed and everything. And so what Neon does is basically any data or build a tier-in-based application.
And actually then benefit from lower gas fees and higher throughput. And on a more technical level, of course, Nioh is building a smart contract of
Solana written in Rust, Solana's native smart contract language and compiled to PPS bytecode. So that's a little bit about Neon.
Thank you for that. Thanks. And maybe I will fire up with some kind of questions for the audience who don't don't know you guys. So what are like the main advantages of neon EVM?
Sure. So if you are like I can actually explain you more on the business side and then like maybe some of our developers like Mikhail can jump also add some stuff. So basically the main advantages of new EVM are that like as you may know when it
comes like to networks, they usually like what happens is that they compete for limited resources and users, right? And in the end of the day, lots of builders, they have to build applications on different blockchains networks. Therefore, it's
like can be challenging like at times for a variety of reasons. So basically one of the hurdles can be that of the developer in flow is actually the tooling. So if you look at for example, Solana Solana has a greater cost system and actually
So, it actually provides like lots of benefits for the developers to come and build there, but if we look for example at most of the DAPs essentially a lot of them are written in solidity, right? And the thing is that when it comes for the DAPs to move to Solana, they have to essentially
Teach us and for most of the developers.
Because it was a challenge, they have to dedicate considerable time and resources make actually this possible. And what neon attempts to do, it actually attempts to overcome these challenges by introducing truly Ethereum-like transactions on Solana.
This is important because it essentially allows developers to seamlessly build Ethereum based applications on Solana and actually unlock the network's performance, in this case Solana's performance and liquidity. So what can users do is like users can then benefit from lower gas fees and higher throughput.
And yeah, so those are the basically major actually advantages and for the developers actual to come and build on neon is fairly straightforward and simple. It's all about like in the end of the day locating correct RPC endpoints and the thing is that all of the Ethereum tools are supported.
So which involves a travel, red hat, metamask, or sorry, remix, yes. So basically all the developers can take advantage of Solana's throughput and also lower gas sheets and deploy their applications easily.
Thanks. So maybe now let's let's speak about the project we were working on together, which is Neon, Neon,
and before going into the audit or into the technical things, forming personally like it's very interesting. What was the motivation behind creating this governance scheme?
Yeah, concerning governance, you know that neon wave will be governance by Dow. So we needed to choose any tool
that we could use for governance, for proposals and we chose Salana SPL governance because it's developed by a regional Sanosalana team and
So, one is PL governance has some abilities, but that functionality didn't match all our requirements, but so on, the SPL governance has functionality
to add some addings to it. So we had to create to develop some addings to much our requirements and we did it successfully and also new and governance include the
Sorry, Mikai. I think you cut out.
Okay, so maybe we can fire up next topic and wait for Michael to reconnect. So maybe it would be interesting for me as a CEO of Active Blockchain, like how did you find out about Active Blockchain and why did you choose Active Blockchain for this audit?
So we found out about Ockie blockchain from one of our developers. They know about them really well. Like we've heard like you guys do really good work with EVMs. And so we
decided to look into you guys and tell them that you guys do a good job. And while working with you, our developers were like really impressed. So yeah, that's why we wanted to work with you guys.
So maybe I could continue with the next questions. General speaking writes like this question is for the team the amazing team from Aki like how was the overall audit process?
for new and down governance and like which parts were audited by your team maybe you could like, uh, walk us through it, let's like the audience know how it went.
Well, it was actually a usual audit process and what was really small for us to be agreed on scope and collected the Commodash a week before the start we set up the select channels for technical discussions between Neon Dev team
and our auditors. Then we reviewed if there are any changes in scope and then the audit itself could begin. Once we finished, we scheduled a readout call to go through all the findings and to make sure that there are
everybody understand in detail to all the issues. Regarding the scope, yeah, in SPL governance, our team audited edin fixed rate and edin investing program. Joseph, sorry, did you want to add something?
maybe just like for the technical high level point of view, where you're learning the process like there is no magic ball or magic tool. So our process is manual called review. So basically we are trying to understand the protocol, which takes significant time and then we are trying to break it.
Yeah, so basically, I'll just...
There's some echo. I will just into the once again say the intro so we are now speaking about the about the audit of the governance program because we at the blockchain are now auditing also the EVM but I'm not not speaking about the EVM right now.
while speaking about the governance because this is the finished audit. Regarding this audit, we were auditing it during the summertime. It was somewhere between June and July and we were the second auditing company that audited this scope.
Before us there was a very respectable company, a great job on the first audit. After the first audit, the audience has fixed the issues that the first auditing company has found and we are the second auditors. Which always is a little bit tricky because like the long hanging fruit of the
issues are collected by the first audit. Either you look kind of like that you return an audit where you found nothing or on the other side if you are a little bit lucky you find there some issues that the first team has missed. In this case I would say you are quite lucky and it's also the reason why it's
make a complete sense to have multiple audits even for the same scope, which is like good practice and I'm lucky that or I'm happy that the Neon is doing this. And so regarding the findings, I think this discussion doesn't have to be too much technical so I will not like to work through audit report but audit
or the publish so we can of course have a look at it. Maybe I was a straight pick like one issue we have found. It was a critical issue which means it could somehow break things and of course as to be fixed before the launch and it was already fixed. So this issue
was found in the fixed add-in, which basically is like extension to the SONA program library of the governance program that NeonT implemented. And the change or like the new implementation of the NeonT was that there
There's a three-fine members who have the same voting rights before the token is launched. So basically there's like a governance every member which is hard coded has the same voting rights and voting power. But there is an option which is the implementation
that a new team has introduced that for example when I am voting for some proposal I don't have to use like 100% of my votes I can vote only by 40% of votes so this is the thing that we have been a little bit checking deeper and we have found that there is like instruction which is called set vote percentage the
which is an argument, and argument accepts basically how much percent I as a member want to allocate for voting for the proposal. So I can choose anything like between 0 and 100 percent. And there was a missing check. So basically the member could set not 100 percent, but for example 1000 percent.
And with this, the member could vote by, let's say, 10 times more voting power than he was supposed to be. So basically it was a very easy one-liner or missing check, but it could cause a critical issue. And this is what we have discovered. And it's of course fixed right now.
We hope that's super helpful guys and general speaking right after completing the audit. What do you think about the security and quality of the project?
Yeah, as I said, we as old age, so I see.
or something like, okay better. Auditors will never tell like, yes, it's secure, you know, so what we are trying to do is to minimize the risk, but what we can tell is of course that Neon is following like a really good practice regarding the
process, which means there are multiple audits, all the code is audited, the companies are respectable. So this process is on very high in the system level and what I can also comment is the quality of the code and the quality
of the code is just, I would say very, very well. So from my point of view, like you are doing great engineering job and great, have great processes to be, to be on the top security attraction.
Awesome awesome so just another question right from our side for our audience like did you journal speaking encounter any difficulties or challenges while auditing Neo
Well, in the beginning we had some minor discrepancies in documentation, but it was cleared out really quickly. Maybe Josef if you have something else? Yeah, maybe this audit on the governance process.
The program was quite specific, but it happens in a lot of cases. And it heavily depended on a third party library. And sometimes the protocols tend to approach to us as auditors. And they'll, hey, we are using this library, but the library was already audited.
You know, so don't care about the library just audit our our changes or our implementation, but it's not that easy because of course the auditors they need to understand to what What is happening in the code so in our case as we have never audited any project on SPL governance so on
library before about half of the time of the audit to cause basically to understand the code of the solar library. So that was a bit like a challenge for us to basically explain to you guys that we needed
That much time to just audit a few lines of code because of course the usage of third-party library was here very heavily dependent on the library and we need to know what's going on there and there was the challenging to really be oriented into the program.
Awesome. I'm glad like it wasn't that hard, but like you guys are able to understand everything. And yeah, we have corrected our documentation like kudos to our developers, to our technical writers. While you guys have actually been working
with us and you've seen us make the correct changes in the code to fix the bugs you guys found. Are you guys happy with the way we've solved all the issues and the security findings that, like how we resolve them pretty much?
Yeah, basically so the critical issue I mentioned here was fixed basically by one liner so it was not not a big issue. Then there are like other issues which which were also fixed or acknowledged so
You can see the updated audit report because of course we have delivered the audit, Neon team has fixed the issues and then we have again looked into the code and updated the audit report so this happened
during September, so basically this is everything I would say following the good practices and we are basically ready for round here.
Awesome. Thank you, man. I really appreciate those words. But guys, do you guys have any questions from the audience? I see we have, like you know, requesting, you know who I am.
I'm requesting to speak. I'm going to bring you up to the stage. If there's anyone else in the audience, please guys raise your hands. I'll bring you up. You guys can ask your questions.
You know, would you like to ask your question, please?
Okay, we have another speaker up, you know, please ask your question or I'll have to remove you from the stage. Ehor, could you please ask your question? Yep.
Okay, really before that, improving the security, I would get off now on governance contracts, or is it already a fully perfect product? If the answer is yes, please tell us what exactly you plan to improve.
Simone would you like to take that? Actually no, we don't have...
for plans to, but maybe something will change in future and will have plans. For now, we plan to change it.
Thanks for your question, Anymore. Anyone else from the audience? Do you guys have any questions? Please raise your hand. I'll bring you up so you can ask.
Yeah, we'll just wait one more minute if we have any questions guys please do So maybe maybe I have a question like guys what are your plans for breakpoint and what events do you do? Organizer are going to attempt
Yeah, so I can tell you guys about our events. We have a layer 2 meetup with Polygon, Fuel, VM, and I believe Aurora. So we're going to be talking about layer 2s.
these guys come join us. What else do we have? We have a Web 3 Gold working space where everyone can come and talk. If you're developing, if you just want to place the show, relax, just come here guys. It's nice. Ok, guys, if you guys are in Lisbon, please do come in.
We have been in York or in space in Barcelona and it saves us because you are I think the only co-working space that that AC so yes we have we don't have finished they come here. Yeah, I'll say tell the our events coordinator should be really happy. I'm pretty sure we'll have
basically here too. Okay guys, if we don't have any questions, thank you for tuning in today for this AMA. We'll be back next week. Thank you. Take care. Thank you guys. Thank you for everything else. Thank you guys. Pleasure. Bye bye.

FAQ on Ackee < > Neon - Governance audit | Twitter Space Recording

Who was the speaker from Aki Blockchain responsible for all projects and internal processes?
Thomas
Who was the CEO of At Blockchain?
Joseph
What is Neon?
Neon is a development framework utilized to build seamlessly on Solana for creating dApps.
What are the advantages of Neon EVM?
The advantages of Neon EVM are Ethereum-like transactions on Solana, which allow developers to build Ethereum-based applications on Solana and unlock the network's performance, thereby reducing gas fees and increasing throughput.
What is the purpose of the Neon governance scheme?
The purpose of the Neon governance scheme is to create a Dow to use the Salana SPL governance tool for governance and proposals.
How did Aki Blockchain get selected for the audit?
Aki Blockchain was selected for the audit on the recommendation of a developer who knew the company did good work with EVMs.
What was the scope of the audit by Aki Blockchain for the Neon Down governance?
The scope of the audit by Aki Blockchain for the Neon Down governance was EDEN fixed rate and EDEN investing program.
What was the process of the audit like?
The process of the audit involved agreeing on scope, collecting the codebase, setting up channels for technical discussions, reviewing for scope changes, conducting the audit, scheduling a readout call to go through all findings, and making sure that everyone understands the issues.
What is the technical review process used by Aki Blockchain?
The technical review process used by Aki Blockchain is called manual code review, where the auditors try to understand the protocol and break it down.
When was the audit for the Neon Down governance conducted by Aki Blockchain?
The audit for the Neon Down governance was conducted by Aki Blockchain in June or July.