Hi Mango DAO and happy new year
Around this time last year, I asked for, and received a grant to cover time for a security review of the v3 repos and to build out automated security CI workflows to reduce risk and shift security left (i.e. catch issues earlier and rely less on audits).
Since then, over the past year, I have contributed to Mango through a range of security and DevOps activities, e.g.:
- maintained and improved the CI workflows for v3 (until v3 was deprecated)
- added mobile security testing for the upcoming app and worked with the devs to close vulnerabilities
- added and maintained security workflows for all v4 repos and closed out vulnerabilities as they’ve been raised
- added various functional testing workflows (rust/typescript) for all the v4 repos
- added various non-functional workflows to e.g. calculate compute units
- provided input to docker/runtime security configurations
- ad hoc pen testing of UI and repo scanning
- added v4 security policy and on-chain security details for v4
My contributions have not been funded and I have not been logging my time in any detail over the year. I’m asking the DAO to approve a grant equivalent to 1 working day per month for the past 12 months for my contributions. More specifically I’m asking for a grant of $15,360 USDC to cover my 2022 contributions.
I endeavour to continue contributing going forward, unless asked not to. Open to suggestions how to manage 2023!
Welcome feedback and questions,
Silas