teleo-codex/inbox/archive/2025-11-12-futardio-proposal-umbra-001-fund-umbra-security-audits.md

type	title	author	url	date	domain	format	status	tags	event_type	derived_items
source	Futardio: Umbra-001 - Fund Umbra Security Audits	futard.io	https://www.metadao.fi/projects/umbra/proposal/71nYHjLpgY7evn9G4UaGCBd6cYHpGWzrzd3ESs2KUduG	2025-11-12	internet-finance	data	processed	futarchy solana governance umbra	proposal	decisions/internet-finance/umbra-fund-security-audits.md entities/internet-finance/umbra.md

Proposal Details

• Project: Umbra
• Proposal: Umbra-001 - Fund Umbra Security Audits
• Status: Passed
• Created: 2025-11-12
• URL: https://www.metadao.fi/projects/umbra/proposal/71nYHjLpgY7evn9G4UaGCBd6cYHpGWzrzd3ESs2KUduG

Summary

🎯 Key Points

The proposal seeks $105,000 USDC to fund security audits by Halborn for Umbra before its mainnet launch, ensuring the integrity of ZK circuits and the Anchor program.

📊 Impact Analysis

👥 Stakeholder Impact

The approval of this proposal will directly benefit the Umbra development team and its users by enhancing the security of the platform before launch.

📈 Upside Potential

Successful audits could significantly boost user confidence and mitigate risks associated with vulnerabilities in the code, potentially leading to increased adoption.

📉 Risk Factors

Delays in the audit process or unexpected findings could jeopardize the timeline for the mainnet launch, impacting project momentum and stakeholder trust.

Content

Proposer: Kru
Requested: 105,000 USDC
Recipient: Kru (for audit coordination)
Purpose: Security audits for Umbra before mainnet

Summary

We are in the final stages of Umbra going live on mainnet alongside Arcium and we’ve spent the last month evaluating different audit partners. So far the best partner for us seems to be Halborn. This proposal looks to initiate a spend of $105,000 USDC for the same.

About Halborn

• Founded: 2019

• Focus: Cybersecurity and auditing firm

• Value Secured: Over $1 trillion in digital assets

• Clients: 600+ across exchanges, custody infrastructure, and blockchains

• Solana Ecosystem Security Work: Conducted audits for Solana Foundation, Solana Labs, and Anza.

• Reviewed 150K+ lines of code across SPL programs and Layer-1 components.

Goal

• Halborn will secure and verify both ZK circuits and Anchor program before Arcium mainnet launch.

Challenges and scope as highlighted by Halborn

Challenges

• Two codebases nearing completion, with ZK circuits ready for audit and Solana programmes following within weeks.

• No prior external audit of Umbra’s cryptographic logic - high need for independent ZK + Rust review.

• Tight launch window (~30 days) creates risk without parallel audit execution and structured issue tracking.

• Complex dependencies on Arcium’s evolving MPC infra make code freeze and scoping fluid.

• Global, remote team (India + Spain) requires timezone-aligned engineering collaboration and rapid feedback loops

• Scope Includes

  • Software, System & Process design advisory
  • Technical & Security Overview
  • Penetration Testing & Source Code Security Assessment
  • Mobile Application Security Assessment
  • Red Team Exersice ( OpSec )
  • Cloud Security Assessment

You can read more about the payment terms and scope of work here: (Halborn Retainer Doc).

Execution and Timeline

• Total: $105,000
• Disbursement:
  • Upfront: $35,000
  • The remaining balance of $70,000 shall be paid upon the earlier of:
    • (a) Approval of the payment and release of funds allocated to Umbra
    • (b) Delivery of the draft report by Halborn to Client.
• Timeline: 35 Days
• Note: To ensure we can meet our launch timelines Kru will be making an upfront payment of $35000 to help us proceed with the engagement with Halborn without any delays

Raw Data

• Proposal account: 71nYHjLpgY7evn9G4UaGCBd6cYHpGWzrzd3ESs2KUduG
• Proposal number: 1
• DAO account: BLkBSE96kQys7SrMioKxeMiVbeo4Ckk2Y4n1JphKxYnv
• Proposer: BF8hxzzR4KuVxfsyAUFyy26E6y2GhsSZgBoUQrygwof1
• Autocrat version: 0.6