Decentralised Security Marketplace Milestone-I

[ParthChaudhary31]

Milestone Delivery Checklist

• The milestone-delivery-template.md has been copied and updated.
• The invoice form 📝 has been filled out for this milestone.
• This pull request is being made by the same account as the accepted application.
• I have disclosed any and all sources of reused code in the submitted repositories and have done my due diligence to meet its license requirements.
• In case of acceptance, the payment will be transferred to the BTC/ETH/fiat account provided in the application.
• The delivery is according to the Guidelines for Milestone Deliverables.

Link to the application pull request: w3f/Grants-Program#1726

[Whisker17]

Hey @ParthChaudhary31, I'm interested in making an external evaluation right now, just have a look on your repos, seems I don't have access to check them, could you fix this problem?

[Whisker17]

Hey @ParthChaudhary31, I just finished my evaluation, could you please have a look at this? #946

[ParthChaudhary31]

Greetings,
@Whisker17
We have read, evaluated, and made the necessary amendments to the code wherever required, we'd like you to re-visit the same and continue with your work, Here are some remarks on the issues you raised by our devs :

1. The Readme file for the smart contracts has been updated.

2. Unit testing for the Escrow contract is not technically possible, since the functions to be called require the transfer of tokens which cannot happen in a contract's Unit tests. Here is a Quote from Ink! documentation stating the same :
   !https://use.ink/ink-vs-solidity/#unit-testing-off-chain

3. Swagger and Back end test cases have been updated, Refer to the readme file.

4. Docker File for FrontEnd has been fixed in accordance with multiple OS. Please refer to the updated readme File.

Let us know if you face any hindrances, Thanks.

[Whisker17]

Hey @ParthChaudhary31, I've tested your updates, seems good, but still left some problems, could you have a look at #946?

[ParthChaudhary31]

Hey, @Whisker17
We have assessed the issues you raised and made the necessary alterations to the code, here are some remarks from the devs :

1. We think, your struggle to run the backend test cases might be due to the collision between hosting ports which are the same i.e. 9000 (Default) when you run npm start and npx jest. We'd recommend running one of npx jest or npm start to avoid this conflict. We'd also suggest rechecking your mongo db connection as the test cases actually insert real-time entries into the database. Hence, It's suggested to change the payloads of test cases before running them or wipe those entries from the database itself as mentioned in the readme file in the testing section.

2. To refer to the swagger test failure, It's recommended that you use your own payloads as the ones mentioned in the swagger are mere examples.

3. The remaining issues were rectified. Please refer to the readme files.

If you face any other issue please feel free to tag us with exact steps to replicate the issue after you've made sure no solutions are mentioned in the read-me files. We can also offer to send you a dummy video on how to set up and navigate through various pages if you'd like.

PS : Wallet connect is currently only working for sub wallet, we'll add additional functionality to it in the next milestone.

[Whisker17]

Hey @ParthChaudhary31, I've tried backend test again, seems still be the same errors, I'll switch to another server to have a clean test now, I'll let you know if anything updates.

BTW, thx for your fix about frontend bugs, and I find another bug there:

• can't enter in the Email block of theAudit Request page.

Can you have a look at that? thx.

[Whisker17]

Hey @ParthChaudhary31, I've tested backend service in a clean server, unfortunately, the result of npx jest is still the same as I showed in the evaluation, my environment is:

• Ubuntu20.04
• node v20.5.0
• npm v9.8.0
• MongoDB v5.0.19
• tsc v5.1.6

I just did npm install in the backend repo and typed npx jest. Could you have a look or we can have a talk in Discord(xcwh1sker) or Matrix(@0xWhisker:matrix.org)?

[ParthChaudhary31]

Hey @ParthChaudhary31, I've tried backend test again, seems still be the same errors, I'll switch to another server to have a clean test now, I'll let you know if anything updates.

BTW, thx for your fix about frontend bugs, and I find another bug there:

• can't enter in the Email block of theAudit Request page.

Can you have a look at that? thx.

The Email block of the audit request page is locked only to show the corresponding email to that of the user that he entered during the login phase of the process.

We'll contact over Discord for the solution to the backend issues.

[Whisker17]

I've finished my evaluation #946, lgtm.

[semuelle]

Hi @ParthChaudhary31. Why are the repositories not public? I cannot evaluate the milestone, and the code being open source is required for the milestone to be approved.

[semuelle]

Also, removing two out of four smart contracts from the architecture is a significant change that might require approval from the grants committee. I will review the code once I get access to the repos to get a better idea of the changes that were made, but generally I strongly recommend discussing changes to the architecture or deliverables in general with the grants team first.

[ParthChaudhary31]

Hi @ParthChaudhary31. Why are the repositories not public? I cannot evaluate the milestone, and the code being open source is required for the milestone to be approved.

Got it, I'll make the repositories public.

[ParthChaudhary31]

Also, removing two out of four smart contracts from the architecture is a significant change that might require approval from the grants committee. I will review the code once I get access to the repos to get a better idea of the changes that were made, but generally I strongly recommend discussing changes to the architecture or deliverables in general with the grants team first.

While developing the platform, we felt that while one of the contract's functionality could be moved to the other one to reduce deployment costs (The audit directory contract's functionalities were moved to the escrow contract), Another smart contract's functionalities would have burdened our arbiters into paying the gas fees which could have proved a hurdle for them so we moved it to the backend, I'll make the repos public and you can have an idea of what's going on for yourself.

Ps : I've marked the repositories public, please go ahead

[semuelle]

Hi @ParthChaudhary31. Please have a look at the following issues.

• License is missing from all repositories
• Repositories are private
• Escrow contract has no tests
• Token tests are just called test_case_
• Token doesn't emit any events
• No metadata in token, so impossible to verify what audit it relates to

This last point was not explicitly mentioned in the grant agreement, but it seems to be that a thing called "reputation token" should come with some kind of specification what it was awarded for. See Gitcoin Kudos for example.

Also, please submit an amendment describing the changes you have made to the architecture. Given that this grant is a response to the "Decentralised Security Marketplace" RFP, any functionality moved from on-chain to off-chain should be discussed. Also, you specifically wrote that "the escrow smart contract will be developed in a platform-agnostic manner", and the changes you have made to the contracts structure seem at odds with that.

[semuelle]

pinging @ParthChaudhary31

[semuelle]

Regarding the soulbound tokens, see also EIP-6239.

[ParthChaudhary31]

@semuelle
In response to the issues raised :

1. We've added the Un-license to each of the repositories.
2. The repositories have also been marked public.
   3)Unit testing for the Escrow contract is not technically possible, since the functions to be called require the transfer of tokens which cannot happen in a contract's Unit tests. Here is a Quote from Ink! documentation stating the same :
   https://use.ink/ink-vs-solidity/#unit-testing-off-chain
3. Test cases for Reward token are also renamed to be more functionally appropriate. Please check the updated code.
4. Events where necessary have been added to the contract. Please check the updated code.
5. Metadata for reward token has also been added. Please check the updated code.
6. The escrow smart contract is platform-agnostic, any platform can use this contract to lock in their funds, with deadlines, and names of the patron, the auditor, and the arbiter_provider, the arbiter_provider is designed in such a way that it could either be a contract or a back end server that would serve the response of several arbiters who decide whether to extend the deadline, or whether the audit report is credible and sufficient or not.
   In our case, we're using the back end to solve disputes in cases when arbiters are needed to minimize the calls on-chain. From the first function create_new_payment itself, the patron decides which platform will serve the arbiters to solve the dispute in the future. We'll only cater to those who choose us as their arbiter_provider, otherwise, we won't have any say, purpose, or incentive to host their audit requests.

[ParthChaudhary31]

@semuelle

The Arbiter's voting contract has been added.

[semuelle]

Thanks, @ParthChaudhary31. I will review tomorrow.

[semuelle]

Thanks for the update, @ParthChaudhary31. A few more issues:

• The frontend and backend repos still don't have licenses
• The escrow and and voting smart contracts also don't have any tests

[ParthChaudhary31]

@samuelle
Thanks for the reply, In response to the issues raised :

1. The License files have been added to the BackEnd and FrontEnd repositories, Please check the updated code.
2. Unit testing for the Escrow and voting contracts is not technically possible since the functions to be called require the transfer of tokens which cannot happen in a contract's Unit tests. Here is a Quote from Ink! documentation stating the same :
   https://use.ink/ink-vs-solidity/#unit-testing-off-chain

[ParthChaudhary31]

Pinging @semuelle

[semuelle]

Sorry for the delay, @ParthChaudhary31. I have reviewed all deliverables, and your milestone is hereby accepted.
The testing was somewhat difficult, because the frontend isn't connected to the backend or smart contracts, so I head to test each separately. Also, it would be great if you could collect all documentation in fewer places. There are a lot of readmes and PDFs I had to go through to figure out how to test each item. Lastly, there were some minor items in the milestone spec that I couldn't find, such as 2FA, but I assume this will be there and functional with M2.

Your application again lists aUSD, and your invoice just a bank account. Could you submit an amendment of the application, similar to the grant management grant? I will submit your invoice for processing already.

[github-actions]

Congratulations on completing the first milestone of this grant! As part of the Grants Program, we want to help grant recipients acknowledge their grants publicly. To that end, we’ve created a badge for projects that successfully deliver their first milestone. Please use the badge only in reference to the work that has been completed as part of this grant, so please do not display it on your team or project's homepage unless accompanied by a short description of the grant. Furthermore, you're now welcome to announce the grant publicly. Please remember to observe the foundation’s guidelines in doing so. If you haven't already, reach out to [email protected] for feedback on your announcement and cross-promotion.

Thank you for your contribution, and good luck! If you have any remaining milestone, let us know if you encounter any delays by leaving a comment on the application PR or submitting an amendment.

[ParthChaudhary31]

@semuelle ,
Thanks for the reply, I'll be sure to simplify the documentation for the next milestone and yes, The 2FA will be fully functional in the next milestone after front-end integration.
I've submitted an amendment at w3f/Grants-Program/pull/1961. Thanks once again.

[lawmeskiviahs]

Hi @semuelle, have you guys processed the payment? I don't seem to find the transaction.

[semuelle]

I'm fairly certain the invoice is going to be paid this Friday. I have pinged the finance team; I'll let you know if I hear otherwise, @lawmeskiviahs.

[lawmeskiviahs]

Thankyou @semuelle for the update.

[fededubbi]

Hi @lawmeskiviahs,

The invoice was paid on 15.09.23.
I have problems attaching the confirmation, if you send me your email address i can forward it to you.

Many thanks,
Federica

[lawmeskiviahs]

Hi @fededubbi thankyou for the update.
Please share the details at [email protected]

[lawmeskiviahs]

@fededubbi I have got your mail, let me confirm and then I'll update you.

[lawmeskiviahs]

@fededubbi Thankyou, we have got the payment.

[fededubbi]

Hi @lawmeskiviahs,

Great thanks for confirming.

Regards,
Federica