Orcfax architecture audit
An audit funded through the Catalyst F12 campaign.
This page will provide documentation pertaining to the execution of the proposal and links to each of the deliverables required for their respective Milestones. The full Catalyst proposal can be found here.
Problem statement
Cardano dApps use Orcfax oracle data to trigger transactions with significant financial outcomes. Their users need assurance from a qualified auditor that Orcfax delivers authentic and accurate data.
Proposed solution
Orcfax will procure auditing services for its on-chain and off-chain architecture, perform fixes and enhancements as per auditor recommendations and report on the audit status and outcomes.
Milestone 1
Because Orcfax has divided the audit into two separate deliverables (i.e. on-chain and off-chain architecture audits), Orcfax will leverage best practice and precedence within the Cardano ecosystem to identify auditing firms and request quotes for each.
Once identified, Orcfax will finalize a Contract for Services with the selected audit firms.
On-chain
Orcfax contacted several auditing firms in order to receive quotes for performing an audit of its on-chain components.
Our team has selected TxPipe to go forward with the audit and successfully signed a contract for services in August of 2024.
Off-chain
Orcfax contacted several auditing firms in order to receive quotes for performing an audit of its off-chain architecture.
Our team has selected BlinkLabs to go forward with the audit and successfully signed a contract for services in September of 2024.
Milestone 2
Auditors will release feedback relating to the first review round; this feedback will be formatted into an audit status report.
Milestone 3
Orcfax will respond to feedback with code pull requests for software fixes and enhancements that address any concerns highlighted in the audit feedback.
Auditors will execute a secondary review of Orcfax architecture once the above changes are committed.
Milestone 4
If Orcfax has passed its Audit, then proceed to final milestone, otherwise
Orcfax will review secondary review feedback from auditors, formatted into an audit status report, which assessed changes made in response to the previous feedback.
If necessary, Orcfax will complete code pull requests for software fixes and enhancements that address audit concerns in feedback.
Milestone 5
A final report containing auditor findings, recommendations, and summary of Orcfax team remediation actions in response to audit.