# JBP-43 - Juicebox Smart Contract Audit


### **Author:**

[Mr. Goldstein](https://www.notion.so/Mr-Goldstein-ca59130fa1204f23b16863b88561d3da) 

### **Payout recipient:**

Certik (wallet address TBD) * PeckShield (0xf87099C8EDE8Cb6267B9A1bF7bDfb98504062815)

### **Proposal date:**

12/11/20211

### **Provide a comprehensive, 1-2 sentence summary of your proposal.**

With the launch of V2.0 the JuiceboxDAO would like to conduct an end-to-end audit of the updated smart contracts. This audit will help minimize the risk of future smart contract exploits and increase the security and reliability of the system. 

After review and negotiation with multiple potential providers, we have identified [CertiK](https://www.certik.com/) and [PeckShield](https://peckshield.com/en) as a potential provider. 

**Certik** is a known provider in the space and has previously conducted audits for projects such as Polygon, Bancor, Terra and The Sandbox. The company has been in operation since 2017 and has raised over $150M from various backers including Lightspeed, Tiger Global, and Coatue. 

**PeckShield** is a smaller company that has been working on multiple DeFi projects including Aave and Maker as well as protocols such as Harmony and Neo. While known less in the Western Hampshire, PeckShield is a known brand in Asia.

### **What is this payout for?**

Security Audit for the smart contracts located in the following Git library: ‣. The targeted start date of the audit is mid-January and the projected length is between 21 - 30 days for completion of both Audits.

### **Payout Amount**

Total: $120K

PeckShield: $66K ($12K paid upon agreement to reserve a slot). This was prepaid by Jango and requires an immediate refund of 3.15 ETH ([https://etherscan.io/tx/0x2291ca5b937422cfba3491117ac5b3fd20777911aadf75bd567d27e1a28529dd](https://etherscan.io/tx/0x2291ca5b937422cfba3491117ac5b3fd20777911aadf75bd567d27e1a28529dd))

Certik: $54K

### Payout invoice

PeckShield reserve payment txn: [https://etherscan.io/tx/0xfc55a16ba647423580082bfc97f8c62f711acab78aa0a85473a94c249efbdd4e](https://etherscan.io/tx/0xfc55a16ba647423580082bfc97f8c62f711acab78aa0a85473a94c249efbdd4e) 

![Untitled](Juicebox%20Smart%20Contract%20Audit%203d2bb4be397b4c0ebd82a94834db1545/Untitled.png)

### **What risks, drawbacks, or cons should be considered?**

Two key risks:

1. Counterparty Payment - we pay to the wrong ETH address; can be mitigated by communication only through official channels with the provider
2. Poor Performance - the Audit provider does not do a good enough job and doesn't identify potential exploits/bugs; mitigated by a secondary audit and a potential bug bounty program (bug bounty program launch proposed here:   [https://www.notion.so/juicebox/1a29a07bb815419996be81f24fef19a7?v=a317549fdf6f457b98fe787e38c3d2ae&p=18cf1b7d1c8c426fa0753163f59adbc4](https://www.notion.so/JBX-Bug-Bounty-18cf1b7d1c8c426fa0753163f59adbc4))

### **Sponsors:**

[Jango](https://www.notion.so/Jango-3d619a88d22048128b2be209c4fcbcb9) [twodam.eth](https://www.notion.so/twodam-eth-188b6f9a28dc4667b9d915fa0a379de1)