[SEP 34][OBRA: Strategy 2] Resource Lock Module - Cometh & Gnosis Guild & OneBalance

Hey @espina! We worked with Ackee Blockchain Security. We (as in Rhinestone) also funded the audit for the ZK Email recovery module. It was slightly below 4k USD. The rest of the audit (from a Solidity perspective) was on their core contracts and was a lot less than 75k.

ZK Email is a public good and 100% grant-funded, and I believe the quote you are referring to (that specific proposal you linked) relates to getting all the ZK Email offchain infra (ZK circuit, relay, etc) audited.

Module diversity is an interesting point. When modules need to be opinionated and meet different product requirements, module diversity can be important. From a security perspective, modules should be scoped and well defined to reduce unintended outcomes. When a module has a specific function that in itself can be used in a general manner at the application layer, I believe we should focus energy on establishing a battle-tested and composable/reusable module (e.g., passkeys, session keys, etc.). This is just a general comment though. It’s hard to apply this reasoning without knowing the proposed spec and exact functionality of a module.

@Kurt_Larsen thanks! I’m sure that will be helpful to get a quote from them and compare.

definitely agree that modules should be well scoped and defined. I do think module diversity is healthy for the ecosystem, to have those battle-tested modules emerge organically, rather than via a top-down approach. for something as broad and complex as chain abstraction, I don’t expect a monolithic approach to work. module diversity also decreases risk from having a single point of failure. this is probably a much larger discussion though (which I’d be happy to continue elsewhere!).

As of August 5 2024, this proposal has been ratified.

Screenshot 2024-08-06 at 09.19.481428×816 64.6 KB