What is Solady?
To demonstrate how Cantina’s security marketplace and network of expert researchers can be used, we’ll be conducting the first major public goods security review. Specifically, we’re talking about Solady, an open-source collection of gas-optimized Solidity snippets. Solady provides highly efficient implementations of commonly used Solidity libraries and is a testing ground for exploring new optimization techniques. Simply put, it helps Solidity developers write highly performant and gas-efficient contracts.
As a public good, anyone can use or contribute to the code available on Solady. Created by ERC-721A co-author and Sound.xyz protocol lead Vectorized.eth, Solady exists in the same vein as preceding repositories like Solmate. It stands out as a place for cutting-edge optimization work and has been used by teams like Sound.xyz and Reservoir Labs. Gas-optimized code is a uniquely challenging aspect of improving smart contract efficiency and scalability for any EVM chain. A security review is essential for Solady, so that projects can confidently use the library.
The Opportunity
The main obstacle for public goods resources is that there’s no organization or funding behind the project, so conducting a security review is not generally in the cards. With the wealth of Solidity experts in the Cantina network, we’re uniquely positioned to coordinate a review for Solady. We see this as the perfect opportunity to contribute positively to the Solidity community, making the code available on Solady more reliable for the thousands of developers leveraging it in their builds.
The Execution
In our Intro Post we talk about why leveraging Cantina for conducting a security review will grant access to an unprecedented selection of expertise without breaking the bank. With over 100 security researchers already in queue before launch, Cantina has the niche expertise to tackle projects like Solady. Through crowdfunding and a few fantastic sponsors, we’re raising funds to contract a team on Cantina for the review. Contributors can be assured their funds will get the best value available on the crypto security market, and 100% of funds raised will go directly to the researchers.
The team for this review will consist of 2 Lead Security Researchers (LSR) and 1 Junior Security Researcher (JSR), costing a total of $99,000. The engagement involves a 3-week review period, followed by a 2-week fix period, capped off with a report of the findings. As for the scope of the review, 8 of the most used libraries will be examined to maximize our impact; ERC1967Factory, ERC20, ERC721, ERC1155, LibClone, MerkleProofLib, SignatureCheckerLib, and ECDSA
How to Get Involved
If you’d like to contribute to the Solady review, we’ve set up a fundraising page (https://cantina.xyz/crowdfund/solady), where you’ll find the contribution address. The review will accept USDC, USDT, or LUSD on Ethereum mainnet; we (and the community) thank you in advance for any contributions. If fundraising exceeds our target amount, then we’ll be expanding the scope of this review to additional libraries and bringing in more researchers. We’re excited to be kicking off the future of crypto security with a public goods review and we hope that you will join us as we embark!
Secondly, for those looking to join the Cantina marketplace on either the researcher or client side, we’ve added an email signup on Cantina.xyz. Enter yours and be the first to know when Cantina opens for business; it won’t be long. In the meantime, follow us on Twitter for more details, watch for the upcoming Discord launch, and give our intro blog post a read for a look at Cantina’s vision for the security market.
About Cantina: The first marketplace for web3 security. We've aggregated the security talent and solutions so you don't have to. Find the expert security researchers that fit your needs all in one place.