Bringing DEX/NFT reviews like RugDoc.io to HarmonyUniverse.one

I’ve reached out to the developers at HarmonyUniverse.one about working with them to bootstrap some kind of community organized vetting process, including opt-in code reporting/review and a data based consumer risk score.

I have also reached out to https://twitter.com/TRO_crypto about helping to publish these reports and risk scores, including updates when changes are made, in the form of short youtube videos.

I have reached out to some community developers for feedback and would love to hear from the rest of the community about your thoughts or your willingness to participate in this kind of collective action?

The scale and growth of this challenge will only get harder to manage with time…
so we’re trying to take it one step at a time.

Can I get some feedback from you all?

Developers: what should we ask and score you on?
Community: what should we tell you about a project?
FEED US YOUR INPUT!

7 Likes

I just spoke to Samuel Harrison about this in a Twitter space; thank you so much for this idea. And I would love to help you guys with this if needed.

4 Likes

Hey Harmony! It’s me, RugDoc! I wanted to let you know we do indeed review Harmony farms! Check it out here: Harmony – RugDoc

All you need to do is request a review in my Telegram channel @RugDocChat and follow the request format- if you don’t know the format just ask in the chat! We will review requested farms within 36h and have them up on our main website RugDoc.io : )

Stay safe and happy farming!

6 Likes

That’s great to hear!
I’ve been one of those annoying people in your telegram trying to get you to start doing so! :nerd_face:

That will allow us to focus on the NFT space and Gaming with what we’re building for HarmonyUniverse.one

And there’s a lot to learn with what RugDoc has started!
Thank you!

3 Likes

I had to sign into the account after a month of inactivity :sweat_smile:

Due to the recent events that happened I’m compelled to help in anyway I can, all members of the community must make it their initiative to protect brothers and sisters by asking the right questions. Do it for everyONE!

3 Likes

What kind of help were you thinking?

The plan was to keep it as simple as possible.

Tro_crypto has his regular show and we’ve been talking about setting up developers for him to interview for a while.

HarmonyUniverse.one has a team that is building more than just that site.

TrustlessTeam.one has a team that is building FishFight.one and wants to help bring people together to help with any marketing resources and organization.

Looking for anyone that can jump in and share what they think they can bring to the table!

1 Like

This would be great to see come to fruition. It’s very good to see the community stepping up to these situations. They are bound to happen. What matters is how we deal with them.

2 Likes

I don’t know if it should be said but if we can have a LinkedIn to developers, an email or at very least an account tied to an exchange for KYC purposes.

1 Like

the primary discussion is …

  1. What is the relevant on-chain data we don’t already have immediately available that would help determine trust?
  2. What is the most simple and reduced MVP we can deliver to aggregate / collect this data to begin building better trust for teams, projects, developers, and communities?
1 Like

I support this!

There should be a fixed set of parameters used to judge every project fairly and objectively.

1 Like

From some conversations about this topic with developers, there’s 3 options that have come forward.

  1. Code review by a renowned 3rd party code auditor (like certik.org or paladinsec.co )
  • this is very expensive (between 6k - 30k+ USD per review)
  • this allows the project to remain anonymous, securing the project developers being attacked by criminals or governments.
  • this requires the project to pass certain technical tests and would result in differing degrees of certification.
  • Still possible to introduce new code and abuse people’s trust.
  1. A Community Driven DAO approach, defining standards and practices, and allowing for Opt-in KYC from developers to an elected 3rd party (DAO Governor)
  • This can be done in a manner where a DAO can elect governors to perform KYC and create an encrypted contract that the DAO would need to be able to call a vote to assert if Fraud had occurred; revealing the KYC details for anyone to attempt legal action.
  • This is a more affordable option for smaller projects.
  • This requires an active community to setup and self regulate.
  • This option does allow for a kind of Community elected Code-Auditor to emerge and perform similar code reviews a professional auditor would perform.
  • Secondary Actors may attack vulnerable systems.
  • Risk of bad code causing serious issues unintentionally remains.
  1. Harmony Foundation handles some form of KYC for valuable projects on a case by case basis.
  • This option does not scale.
  • This option is centralized
  • This option is secure.
  • This option is affordable
  • Code can be reviewed on a case by case basis; and they know what they’re doing.

Choosing which option is right for a project largely depends on where the developers are located and how much capital is tied up in the project, and how many people this project serves.

Please comment!

1 Like

I’ve been trying to outline a Project Publishing Data standard, so that we can allow projects to self-publish information about their project: contracts and repositories, medium posts and if they have been reviewed by any Auditors, and any team KYC they feel comfortable sharing.

That way we could create a format, allow projects to publish somehow that they are releasing (ideally on the blockchain) in a format which HarmonyUniverse.one (or any site) could list automatically.

Like a Simple Database entry inside of an NFT, added to a simple public contract… that perhaps the DAO would have control over via a voting mechanism.

I know the Harmony Team is sorting out how the DAO will function as we speak… so maybe that will help with this.

Please Comment!

That is a huge concern!

IMO It’s one of the biggest challenges with all of these processes…

The best thing we can do is stay vigilant in that pursuit. :fist:

Fantastic points! Thanks for breaking out all the currently available options a project can pursue.

I would advocate ( and it appears this is what you are suggesting ) that no project be forced to choose any of these options, but they be free to choose one or none.

It is up to the project to decide whether they want to pursue this layer of added trust with their users, and, ultimately, the larger crypto community.

1 Like

I think starting small would work better.
Let 1-2 people within the community review the code.

It’s quicker + cheaper this way.

Later on we could move to more trusted code auditors once the community grows.

All we’re looking for is:

  • Have they done anything or just forked a bunch of repos?
  • What they have done, is it good in terms of code quality? (clean + commented vs excessively long + unclear what the code does)

The latter is fine if it’s a hackathon project, but if they’re looking for large amounts of funding ($250k+), they need to at least demonstrate they can write good clean code beforehand.

Again, this is more of a rating of trust than a rating of ‘how goods this project’, so maybe it doesnt matter what the code quality is and more that the team can write their own code and haven’t just forked something over and changed some CSS and are now peddling it as theirs.

1 Like