Is Auditing Worth It?

Benefits of being audited as an Akash provider.
June 01, 2022

Intro

Akash-Audit, now Moultrie Audits, received CAB funding in December of 2021, along with setting up our Validator on Akash Network. The premise of Moultrie Audits was to create a decentralized auditing system to test providers, improve security, and sign their addresses on chain so tenants can query these attributes. As we approach six months into the project, we think it is useful to describe our progress, challenges, where we're headed, and most importantly, whether getting audited actually matters.

Progress Report

We successfully created the initial uptime monitoring audit and then built out and launched our tiered auditing framework. We have three tiers that include regulatory compliance frameworks, operating system security, censorship monitoring, custom task lists, and continuous reports for deployment issues. To date we have signed five providers and conducted nine audits. We launched our validator, promised not to sell any commission for 2022, and introduced Proposal #16 on the network to continue funding the Community Awards Board (CAB). We remain active on the Akash CAB and contributed to privately funding aspiring developers. We currently have 22 active deployments, which at the time of writing accounts for ~9.2% of the total network share.

Challenges

Challenges have been plentiful: firstly, our grant decreased in value from 100k to less than 25k. We have previously discussed funding requirements for the auditing process and, after the Terra collapse, we were forced to sell to continue our work. Secondly, Akash has not received the level of adoption where audited providers are as "sought out." In a mature market with hundreds of thousands of complex deployments, having a large pool of high-security providers is a necessity. With the current Akash deployment count of 239 (2124 EST 01JUNE2022), there isn't a "need" for more than a few highly secure providers. Deployments like microinstances, miners, and ephemeral projects can be fulfilled with cheaper, less secure options. This has led to some providers not wanting to go through the trouble of implementing changes, which is time-consuming, cumbersome, and can temporarily break things if not done properly. Lastly, a majority of tenants are likely to use the Akashlytics templates, and not add in custom signatures to query for.

Upcoming Work

First, we are going to begin a Bronze audit blitz for every provider on the network and then sign those which meet the stipulations. We want as many providers signed as possible. Second, we are working on various smart contracts that will have frontends hosted on Akash.

Lesson Learned

The biggest lesson learned is how incredibly impactful cooperation with other developers is. Akashlytics has simplified the deployment process for less technical users, increasing the total number of deployments and therefore increasing the required provider pool. Praetor then stepped in to streamline the provider creation process, increasing the number of providers who can get audited. It is at this stage that we can be the decentralized regulator to verify the providers are secure and functional, and notify them of any issues. The three main CAB projects are thus intertwined and add value to each other, building off each other's efforts to grow the Akash ecosystem. We'll have a full article on the impact of the CAB later this week.

Is Auditing Worth It?

Finally, the question of whether providers should get audited at all needs to be addressed. We already touched on the reality that at this stage of Akash's adoption, it isn't fully necessary. However, having the system in place prior to large adoption is important, and the separation of auditing from official Akash members is essential to maintaining a decentralized ecosystem. On average, getting audited does correlate to an increased average deployment count for providers. Providers with a Moultrie Audits signature (2124 EST 01JUNE2022) have an average of 43 active deployments, ~286% more than ones without a signature (~15). Beyond security and verification, there is evidence that auditing increases tangible value accrual to providers.