The Pocket team is happy to share that CertiK will be the security firm taking care of the bridge audit. CertiK will be performing a Vulnerability Assessment Penetration Test of our finished product along with a static, dynamic, and manual assessment of the bridge smart contract.
Pocket expects to be closing an additional service agreement with another well-known firm, for a second application security penetration testing with the objective of preventing vulnerabilities of the bridge.
Once the audits are complete, the community will receive a transparency update, especially if the results require any adjustments to have been made.
As explained last week in Devlog 4.0, to operate the wPOKT bridge a 5/7 Gnosis Safe multi-sig is required to securely mint wPOKT to supply tokens as needed to the liquidity bridges.
Rather than electing a predefined selection of signers for the wPOKT multi-sig, the Pocket team wants the community to be able to come forward and volunteer to be signers.
This makes the selection process more inclusive of the Pocket Network community.
Security by Anonymity Option
The Pocket core team recommends including a “security by anonymity” option in the multi-sig selection process.
If the DAO approves this option by a 50% majority (of those who voted), the Pocket Network Foundation will select 3 anonymous signers, and the remaining 4 signers will be selected from the volunteers.
We are inviting anyone to volunteer to be a signer for the multi-sig wallet by January 6th. There will then be a 1-week vote by the DAO to determine the final signers.
If you are serious about taking on this communal responsibility, submit your pitch to the community and DAO in the comment section of this proposal:PIP-10: wPOKT Multi-sig Signer Selection
The upcoming wPOKT open test will happen in January, the exact date is TBA soon. If you are interested in participating then fill out this form.
In this test, wPOKT will be running on the KOVAN Testnet Network.
This means that you will not be playing with real mainnet money, these tokens are testnet-only and hold no value. The main objective will be to identify any potential issues or bugs to be fixed before the launch, with the help of the Pocket community.
Who knows, there could be POAPs for testnet wPOKT farmers!