Smart Contract Audit Token: Proposed Catalyst Audit Strategy
By Eric Helms - SCAT-DAO
What is the risk we are trying to mitigate? 
There are several risks related to Project Catalyst funding that require audit, and there are several teams that will be focusing on each of those risks. For Smart Contract Audit Token, we have chosen to focus on financial risk, (e.g. proposers accepting Catalyst funds and pocketing the money or spending it on personal items instead of business expenses). We believe that the vast majority of teams who are awarded Catalyst funding are doing it with the right intentions, and will use it to build excellent products and services that bring true value and utility to the Cardano network. But when awarding millions of dollars in funding, this always creates a risk that teams will submit proposals as a way to earn some quick cash and never intend to actually build something. By creating a comprehensive audit program that checks for this behavior, we will be able to reduce the risk of it happening, hold everyone accountable, and ensure money is going to where it will create value for the community.
How do we mitigate this risk? 
So now that we have identified the risk we would like to mitigate, how do we plan on doing this? In our opinion, we can eliminate practically all potential financial fraud in Project Catalyst through periodic expense monitoring. This would mean periodically collecting the expense support from each team, physically reviewing it to ensure that the money spent was on valid business expenses, and ensuring that it reconciles to the activity in the teams spending wallet (i.e. all outflows of ADA should have corresponding receipts an explanations on what the money was spent on.
We feel that this makes sense for several reasons. First, teams who never intended to build something will not want to waste money on business expenses, they would want to just keep the money. So if we go through and verify that money is being spent on server space, employees, web development, or other things for their business, that is good evidence that they are not simply pocketing the money. We would also be able to differentiate and identify if teams are spending money on personal expenses instead of business expenses that will advance their product or service. Finally, it would allow us to identify and expose if teams are simply sending ADA to a personal wallet instead of building their product or service. As Catalyst funding is paid monthly, if we were able to identify teams spending money on personal expenses, hoarding ADA in a personal wallet, or not incurring expenses at all, we can recommend that funding be halted to those teams.
How will this work?
Each quarter (every 3 months), all teams receiving funding submit all business expense support to a repository. Teams will be expected to maintain a spending wallet where all funding is received and all project expenses are paid out of. All expenses submitted are reconciled against the wallet to ensure everything is accounted for (i.e. if $3,800 of ADA was transferred out of the wallet, then there should be $3,800 of expense receipt support). Business expense support is reviewed, analyzed, and assessed for reasonableness by our team of auditors who have years of experience in reviewing operating expenses. If there is any confusion or something that we are not able to understand, we can reach out to the teams if follow-up is required. Results are then tabulated and shared with dev teams first to allow an opportunity for them to refute or disagree with findings. This is important as it is always possible that our auditors have misunderstood something, and we would always want to give the teams an opportunity to clear that up. Reputations are extremely important in this industry, so we will be taking every measure possible to avoid unfairly hurting anyone’s reputation. After the results have been cleared with the teams, a report will be shared with the rest of the community.
While reviewing the expense support, we will be checking for 3 main things.
1. Expense support appears legitimate: Third party receipts will always be the highest level of support we can get for expenses. So anytime a purchase is made from a large third party such as Amazon Web Services, FedEx, Dominos, or any other business, the receipt should be retained, and this is strong evidence to support the expenditure. But there will be situations where expenses are made to independent contractors, small independent providers, or even friends. In these instances, an invoice and receipt should still be created, even if it is by hand to support the expense. It should clearly list the name and relevant information of the company or person who provided the product or service. It should also be itemized and list each item out individually instead of just providing a lump sum. If anything appears unusual, than additional support to prove the existence of the product or service may be requested. There may also be situations where a large portion of the expenditures are for salaries. This is fine, but we would expect to see detailed time sheets that list out the hours worked and well as receipts being sent to the employees (can be as simple as an email) which match the hour sheets. Finally, some teams may choose to convert their funding into a stable coin or fiat immediately so that price fluctuations do not affect their budgeting. This is totally fine. We would expect to see a screen shot of any funds in a brokerage or bank account that have been unspent, which reconcile to the total amount transferred out of the wallet.
2. Expenses are in line with budget from Catalyst proposal: We would like to implement stricter rules regarding submitted proposals budgets, so that they are more detailed and can be audited against. When reviewing the expenses that were made, we will compare them to the proposed budgets to ensure they are aligned. If someone included in their proposal budget that they will be spending 80% of the money they receive on their own salary or the salaries of their team and the community votes to fund that, then this is totally fine. When we review the expenses and see the vast majority being spent on this, it is within expectations and was transparent to the community during voting. If the proposed budget has 0 to 10% of the budget reserved for salaries and it turns out that they have been spending all of their money on their own salary, this is not what the community voted on and will be reported.
3. Expenses are in line with timeline from Catalyst proposal: Similar to budget requirements, we would like to implement stricter rules on teams proposed timelines, including their expectations for expenditures. If teams include in their proposal timelines that they expect to have their website completed and a good start to their smart contract in the first 3 months, we would expect to see expenses that match that. If we have not seen any spending in the first 3 months, that would raise a red flag and require further investigation.
We hope that the theme of we are looking for is transparency and accountability. We want all proposing teams to carefully think about what they would like to include in their proposals, because this is what the community votes for and this is what they will be audited against. And of course, unforeseen things can happen and some things can change, and that is OK. We would just expect that there is a clear line of communication so that any changes can be discussed, the community can be made aware, and the audit plan can be adjusted.
What changes do we need to make? 
In order for us to be able to implement this audit program, we need to make a couple changes in how proposals are made and what information funded teams need to retain. Most of these are already currently suggested to have in proposals, but they are not currently emphasized enough that every team is including comprehensive versions. We need to ensure that including these are a requirement for funding, and that teams are aware that they information they included will be used to audit and assess them. They are discussed below.
 New Requirements for Funded Teams 
We would like to make it a requirement that one primary wallet is used to collect funding and to pay expenses. By limiting it to one primary wallet, it makes it much easier for us to track what is going in and out, and be able to reconcile all expenses made to receipts.
If you have won more than 1 proposal for catalyst, we would ask that they maintain separate wallets and expense tracking for each project.
Records of all expenses paid including itemized receipts, description of expense and any necessary explanation, time sheets/pay stubs for salaries or any other support must be retained. (examples to be provided). The goal should be to have no expenses that do not have some type of support.
It is important that all outflows from the wallet can be supported with valid business expense support. If an outflow was a conversion to stable coin or fiat to avoid fluctuations in the price of ADA, balance support for the converted stable coins or fiat should be provided (e.g. a screen shot of the cash in a bank or brokerage account).
Every quarter, the expense support for the quarter will be provided to a repository for review. If follow up questions are required, teams will be expected to respond to questions in a timely manner.
New Requirements for Proposal Submission
Detailed Budget:
Detailed budget must be provided. Budget should break down total funding requested into each projected category, with additional details. It is very important that you think about this budget carefully. Expenses will be audited going forward and the information you provide will be compared to actual spending levels. If paying significant salaries, detailed information should be provided.
Example:
Total Funds Requested 54,280
Salaries – 32,800
Breakdown is as follows:
· We will have 2 people who will be working for 2 months (320 hours) who will be building our website, social media, and community building/outreach. They are earning $10 per hour *640 hours total = $6400
· We have 1 person working for 3 months (480 hours) building our user interface and API. They are earning $15 dollars and hour * 480 hours total = $7200
· We have 1 person working for 6 months (960 hours) to develop our smart contract. They are earning $20 per hour * 960 total hours = 19,200
Servers - $80 per month * 6 months = $480
PR Agency - $2000 per month for 3 month campaign = $6,000
Smart Contract Audit - $15,0000 - This is a best guess based on price matches for similar dApps
  New Requirements for Detailed Timeline
Please provide detailed information on where you expect your project to be at specific time intervals (e.g. 1 month, 3 months, 6 months, etc) or whatever makes sense for your project. Similar to the budget, the information you provide here will be assessed when reviewing expense spending as well as reported KPIs and milestones. If larger amounts of funding are required at different times, it would be good to note it. If no funding will be spent for extended periods of time, that would be good to note as well.
Example:
1 month:
Within the first month we will have completed building our team and officially launch our website and all social media presence. All employees will begin receiving compensation during this time, which means that we would likely request a larger initial payout. The whitepaper will be finalized. All of our servers should be up and running and we should have began our user interface and smart contract development.
3 months:
Our platform should be complete and going through beta testing on testnet. Considerable progress on smart contract should be made by this point while getting closer to completing. Token should be generated and have created a good amount of awareness amongst the community.
6 Months:
Smart contract is complete and we should be starting the audit process. We would plan to be doing our ISO during this time to begin distributing our tokens and preparing for the official launch at the completion of the smart contract audit. PR campaign would have began and completed during this phase.
 Conclusion 
We hope that this has clearly outlined the risk we are trying to prevent, why it is important we prevent it, and how we intend to do it. Overall we feel that implementing these changes will improve the overall quality of the proposals being submitted to catalyst, reduce the likelihood that teams will submit proposals with the intention to misappropriate funds, hold funded teams accountable to the community, and make Project Catalyst stronger and more transparent for all. We believe that practically all teams will already be keeping track of expenses for tax purposes, so adding this requirement will hopefully not create a large amount of additional work (we know they are already extremely busy) while providing extremely valuable information and insights into how the team is using its funds.
Last updated
