Project & Development Update #11

April 28, 2022

Good afternoon, pilots. It's time for the next internal project update.

In this post, we’ll start by sharing our final audit report from Solidity Finance and addressing some of the report verbiage that may be confusing. From there, we’ll cover our progress since the last update and outline the steps forward as we prepare for launch.

Let's dive in. 👇

🔸 Full Final Audit Report

We're extremely excited to announce that we received our final audit report from Solidity Finance yesterday, and that all of our contracts passed on the first try.

This report covered multiple new contracts, as well as significant modifications that we’ve made since our initial audit from February. As an added bonus, Solidity Finance was able to pinpoint a few additional gas optimizations, which we implemented this morning.

The results of this audit are a huge testament to the thousands of hours of work that have gone into securing the foundation of Citadel, and to the strength and loyalty of our community, who have supported us through every step of this process, allowing us to reach this point.

We seriously cannot express our gratitude enough. From the whole team: thank you!

As before, in the spirit of transparency, you can find the full report here.

Report Verbiage

We wanted to clarify a couple of points where the report’s verbiage may be confusing:

"Centralization of Control" - WARNING"

The report does not examine our migrations, which include the step that relinquishes roles to governance. Because migrations cannot be subjected to audit, Solidity Finance has agreed to assess the decentralization of the project once our contracts are deployed to the mainnets. If they find any major points of centralization, we will adjust and redeploy until our decentralization meets their standards.

Please note that the finding is marked as a warning, and clearly states that we intend to relinquish these privileges to governance. This can only happen after the contracts are deployed, and before launch. Once it does, Solidity Finance will update the report.

"NFT metadata that contains information about the Ships is stored using an off-chain URI endpoint."

All metadata comes from an onchain endpoint, but as we’ve discussed before, the image is a link to IPFS. We’ve discussed this with Solidity Finance, and this is their standard verbiage whenever any part of the metadata is stored off-chain. However, they have agreed to explicitly state which parts of the metadata are kept on- and off-chain in the final audit report.

"Multiple contracts rely on off-chain logic."

Ship uploads and winning bid submissions for the auction depend on the construction bay backend's off-chain logic. We've designed the contracts so that they will behave properly if certain assumptions are fulfilled, and so that they do not cause damage in the case that those assumptions are not fulfilled. Solidity Finance has agreed to check these assumptions and update the report to reflect them.

"Proxy contracts may potentially be updated by the team rather than the CitadelGovernor contract."

In production, "the team" will mean the team multisig, which includes the Machinations team (a third party). The address of the secondary updater for each contract is determined by the migrations. Because migrations cannot be subjected to audit, Solidity Finance has agreed to verify that the team multisig has been designated as the secondary upgrader once our contracts are deployed to the mainnets. If they find that this is not true, we will adjust and redeploy. ㅤ

🔹 Progress

• Completed tests of Tally Polygon and confirmed it to be viable for the governance UI
• Completed the Discord bot that provides asteroid belt notifications
• Completed set up Datadog for Vercel in preparation for load testing
• Completed and published the updated yellowpaper v2
• Completed preparation of all repos for publication and added READMEs
• Completed all docs in the governance category
• Completed custom in-game icons for the GUI
• Completed community resources channel and expanded CAIS capabilities

• Created the pre-written royalty removal and founder removal proposals for the community
• Updated the subgraph to include extra data relevant for Machinations reports
• Added data on dock transactions to the subgraph
• Revamped the articles site to support the community docs section
• Worked with Machinations to expand the final economic report

• Passed the final audit round for all 25 main contracts and 18 supporting contracts
• Drafted the updated whitepaper, pending revisions

🔹 Remaining Focuses

• Finishing the GUI (so close!)
• Finishing the soundtrack and SFX
• Finishing art-refresh for the in-game map
• Finishing the remaining art for officer ships

• Load testing at scale w/ Vercel

• Revising the whitepaper based on feedback from the architects, then publishing it
• Finalizing the DAO portion of our community resources

🔸 The Steps Forwards to Launch

Here is an outline of the remaining milestones left to cross before launch.

1. Pass the final security audit with Solidity Finance and apply their suggested gas optimizations. (completed today)

2. Release all of The Citadel’s smart contracts for a community bug bounty program.
3. Publish Whitepaper v2! This will be a complete overhaul of the previous version, updated to match the current state of the game.

4. Publish “The Citadel Library”, a collection of community resources & project documents. This will include resources for playing the game, editing the contracts, interacting with governance, and using polygon. We’ll also include a handful of miscellaneous docs and writing that we’ve accumulated while working on the project.

5. Conduct The Citadel Playtest with the architects (orange people). This will allow us to collect and apply feedback from a focused group of players.
6. Team Dox! Team Dox! Team Dox!
7. Set a concrete launch date and announce the mint process, including its implications for the DAO
8. Launch the game and start the mint!