Hi,
Spensa here. I want to clarify a few things:
There were no official audits, since it’s pretty hard to get an audit for the NEAR contracts. There was a live contract review from Eugene for older version of a lockup contract. We’re waiting for the full audit from Eugene for the core contract, but it will take time.
The link to the contracts source code is posted above. The contracts are pretty well tested with the simulation testing. Especially the sale part and the referrals part. Of course, it doesn’t mean there can’t be an error somewhere.
When compiling the contracts for mainnet we used contract builder from NEAR SDK. I’ve added a build script recently that uses the same Docker to rebuild the contract binary and compare it to the one from the release folder. It’s the same binary that was deployed on-chain. Try rebuilding it for yourself using: contracts/docker_build.sh at master · skyward-finance/contracts · GitHub
When we were building/deploying contracts to the mainnet, we have decided to opt-out from the upgradability in favor of full decentralization and autonomy. The contract/account is fully locked: NEAR Explorer | Account It means it doesn’t have any keys. You can also inspect the code to see that there is no upgradability mechanism.
In case we need to upgrade the contract, we’ll have to deploy a new version on a different account. It’s a tough choice, but it was possible because of the way Skyward Treasury works. If there is a need to move to a new contract, all funds can be withdrawn without any penalty from the Treasury by their respective owners (tracked by SKYWARD token).
Finally, if there is a security issue or a bug found in the contract and we are aware of it. The best we can do is to not disclose the issue itself, but disclose that it exists. So the community can withdraw the assets from the Treasury.
P.S. We only two devs on the projects and don’t have too much resources to complete all features yet. That’s why some features are missing from the UI such as treasury redeeming and creation of the new sales. We’ll add them in a coming days/weeks. As well as add docs for the contracts, so they can be accesses from CLI and other contracts. Good thing we don’t need to work on the contracts anymore, because we don’t have control over them
Thanks for believing into us so far.