Governing Element Finance, A Security Roadmap Update

We take security as our top priority at Element. As such, we have dedicated many resources to our continuous security efforts. Our previous security update came with our audits of the Element Protocol and the announcement of our public bug bounty program in partnership with Immunefi.

Today, we’re excited to share the key findings of Element’s Council governance protocol audits, together with the complete reports, our open source code, and the extension of our bug bounty scope for anyone to see!

If you’re not familiar with Element’s governance system, we recommend you first read An Introduction to Element’s Governance Model, and Element Governance: A Technical Architecture Overview.

Security Audits

Element’s audit reports provide an in-depth analysis of our governance system. They include essential and informative findings as well as the actions taken to solve or mitigate the reported issues.

Both Runtime Verification and ChainSafe’s audit reports are public and can be accessed by the community in the sections below.

Runtime Verification Final Audit Report

Runtime Verification Inc. is a company aimed at using runtime verification-based techniques to perform security audits on virtual machines and smart contracts on public blockchains. They are dedicated to using dynamic software analysis approaches to improve the safety, reliability, and correctness of software systems in the blockchain field.

You can learn more about Runtime Verification here.

Summary of Findings

Runtime Verification’s Audit discovered a total of seventeen reported bugs with impact. This includes 0 Critical, 9 High, 1 Medium to High, 3 Medium, 4 Low vulnerabilities, and informational findings and suggestions. All identified issues were fixed or resolved. Please see the details in the table below.

You can read Runtime Verification’s full audit report here.

We also recommend you to read Runtime Verification’s blog post, where they expand on their auditing framework and findings. You can read it here!

ChainSafe Final Audit Report

ChainSafe is an R&D and infrastructure solutions firm for Web 3.0 with a multi-chain perspective. They are contributors to Ethereum, Polkadot, and Filecoin ecosystems. They also work in product development via their privacy-first file storage solution, ChainSafe Files, their blockchain gaming infrastructure ChainSafe Gaming SDK, and their blockchain bridge ChainBridge.

You can learn more about ChainSafe here.

Summary of Findings

ChainSafe’s Audit discovered 1 critical, 5 major, 7 minor, and 37 informational/optimizational issues. All the identified high severity issues were fixed or resolved. Please see the details in the table below.

You can read ChainSafe’s full audit report here.

Element’s Council Governance Protocol is now Open Source!

At Element, we’re committed to building new primitives that can help move the DeFi space forward. Over the course of the past few months, we’ve been focused on the design of our governance system, which, we believe, introduces new building blocks that tackle the most critical challenges being faced by governance systems today:

• Lack of vision (post-governance)
• Lack of governance participation (from voter fatigue and voter apathy)
• Plutarchy and governance attacks
• Capital loss and opportunity costs
• Activist investors
• Lack of flexibility and experimentation

From the start, our ethos has been to build Element to be an open, community-governed protocol that grows through collaboration since we believe that to go far, we must go together. And it is with this same lens that we’re delighted to announce that the Element’s Council Governance protocol smart contracts are now open source and available to all!

You can find the Council smart contracts here!

You can quickly access some of the most important Council smart contracts below:

• CoreVoting.sol
• simpleProxy.sol
• GSCVault.sol
• LockingVault.sol
• OptimisticRewards.sol
• VestingVault.sol
• Timelock.sol
• Treasury.sol
• History.sol

Documentation

We have also added in-depth smart contract documentation for the contracts that make up the Element’s Council governance protocol, so don’t forget to check out our developer portal at docs.element.fi for all your Element Protocol and Council documentation needs.

Bug Bounty Program

We have now extended our Immunefi bug bounty program’s scope to cover the Council protocol’s smart contracts and welcome any and all community members to dig into the code!

Summary

Our security efforts have resulted in the discovery of a number of bugs, including some critical-and-medium-severity issues. The team has taken the appropriate actions to evaluate and mitigate these issues, and we look forward to continuing to work with our audit partners as we get closer to the official launch of Element’s Council Governance Protocol.

While no system is perfect, in combination with two audit reports, high coverage unit and integration testing, and a continuous bug bounty program, we hope that our efforts will help build confidence in the security of the Council Governance Protocol.

Next Steps

Moving forward, we will continue to ensure that our security efforts surrounding the Element Protocol and Council are rigorous, and should any additional issues be identified, we will share the results with utmost transparency.

In terms of more immediate next steps, we will focus on the following:

• Actively discussing with our community about our governance model, future voting vaults, and governance experimentation.
• Rolling out more content and updates on our progress, such as blog posts explaining the GSC and how to get involved, how our Optimistic Grants model works, sharing our vision and motivation for Element’s governance core principles, and a complete overview of the proposal framework and off-chain governance processes.
• Sharing updates on our governance dashboard with sneak peeks!

We are excited and look forward to working with our awesome community to bring the Council Governance Protocol to life along with bringing back experimentation and incentives to the decentralized governance space.

Join Our Community!

We want to hear from you! Join our #governance discord channel and get involved in the discussion!

Twitter | Discord | Website | Paper |