--- type: decision entity_type: decision_market name: "Umbra: UMBRA-001 — Fund Security Audits" domain: internet-finance status: passed parent_entity: "[[umbra]]" platform: "futardio" proposer: "Umbra team" proposal_url: "https://www.metadao.fi/projects/umbra/proposal/71nYHjLpgY7evn9G4UaGCBd6cYHpGWzrzd3ESs2KUduG" proposal_date: 2025-11-12 resolution_date: 2025-11-15 category: "operations" summary: "Fund Umbra security audits before mainnet launch" tracked_by: rio created: 2026-03-24 --- # Umbra: UMBRA-001 — Fund Security Audits ## Summary Umbra allocated treasury funds for security audits before mainnet launch, following the same pre-launch audit pattern as Omnipair (OMFG-002). ## Market Data - **Outcome:** Passed - **Duration:** 2025-11-12 to ~2025-11-15 ## Significance Second FaaS-launched project (after Omnipair) using futarchy to approve pre-launch security audits, establishing this as a standard governance pattern. ## Relationship to KB - [[umbra]] — parent entity, pre-launch security - [[futardio]] — governance platform ## Full Proposal Text *Source: futard.io, tabled 2025-11-12* **Proposer:** Kru **Requested:** 105,000 USDC **Recipient:** Kru (for audit coordination) **Purpose:** Security audits for Umbra before mainnet ### Summary We are in the final stages of Umbra going live on mainnet alongside Arcium and we've spent the last month evaluating different audit partners. So far the best partner for us seems to be Halborn. This proposal looks to initiate a spend of $105,000 USDC for the same. **About Halborn** * **Founded:** 2019 * **Focus:** Cybersecurity and auditing firm * **Value Secured:** Over **$1 trillion** in digital assets * **Clients:** 600+ across exchanges, custody infrastructure, and blockchains * ### Solana Ecosystem Security Work: Conducted **audits for Solana Foundation, Solana Labs, and Anza**. * ### Reviewed 150K+ lines of code across SPL programs and Layer-1 components. **Goal** * Halborn will secure and verify both ZK circuits and Anchor program before Arcium mainnet launch. ### Challenges and scope as highlighted by Halborn ### Challenges * Two codebases nearing completion, with ZK circuits ready for audit and Solana programmes following within weeks. * No prior external audit of Umbra's cryptographic logic \- high need for independent ZK \+ Rust review. * Tight launch window (\~30 days) creates risk without parallel audit execution and structured issue tracking. * Complex dependencies on Arcium's evolving MPC infra make code freeze and scoping fluid. * Global, remote team (India \+ Spain) requires timezone-aligned engineering collaboration and rapid feedback loops * **Scope Includes** * Software, System & Process design advisory * Technical & Security Overview * Penetration Testing & Source Code Security Assessment * Mobile Application Security Assessment * Red Team Exersice ( OpSec ) * Cloud Security Assessment You can read more about the payment terms and scope of work here: [(Halborn Retainer Doc](https://drive.google.com/file/d/1vKMGEAI_m0nyABQQkNffKNVcETRO35M3/view?usp=drivesdk)). ### Execution and Timeline * **Total:** $105,000 * **Disbursement:** * Upfront: $35,000 * The remaining balance of $70,000 shall be paid upon the earlier of: * (a) Approval of the payment and release of funds allocated to Umbra * (b) Delivery of the draft report by Halborn to Client. * **Timeline:** 35 Days * **Note:** To ensure we can meet our launch timelines Kru will be making an upfront payment of $35000 to help us proceed with the engagement with Halborn without any delays ### Raw Data - Proposal account: `71nYHjLpgY7evn9G4UaGCBd6cYHpGWzrzd3ESs2KUduG` - Proposal number: 1 - DAO account: `BLkBSE96kQys7SrMioKxeMiVbeo4Ckk2Y4n1JphKxYnv` - Proposer: `BF8hxzzR4KuVxfsyAUFyy26E6y2GhsSZgBoUQrygwof1` - Autocrat version: 0.6