Callisto Network security department.

Callisto Network as a security platform.

Here you can find an article describing Callisto fundamentals. One of the main goals of Callisto was to serve as a third party security expert for those who want ensure their investments safety.

Main issues in the development of the Callisto Security Department.

1. Structure of the Security Department.

Since the very start we relied on the full time team of security auditors. We hired employees based on the results of test tasks that we gave them. However, in this approach there is a problem of scalability — test items must be compiled and updated. If we are going to support more networks (for example ETH, ETC, TRX, EOS and others) then we need to maintain these test tasks which could be time-consuming in quickly evolving crypto industry.

2. Reward calculation.

Auditor rewards are calculated in proportion to the scope and effectiveness of the work they perform. The remuneration system is faced with the task of ensuring that auditors work with maximum efficiency by sacrificing the amount of work done. On the other hand, it is undesirable to make it so that “beginner auditors” or auditors who do not have sufficient experience in performing these tasks receive too little salary, which would not cost their time.

3. Competitiveness and scalability.

One of the main problems of the Callisto Security Department is the small number of participants and, as a result, the lack of competition. However, we cannot hire more auditors or offer higher salaries than now because the work of auditors does not directly affect the price growth rate.

  • First, our main clients should be investors, not contract developers. Investors most likely will not pay for an audit of a project in which they have not yet invested their funds.
  • Secondly, we will engage into competition with ordinary audit companies. The difference is that ordinary audit companies do not have a whole network with its own emissions and value. The entire income from company audits is spent on maintaining employees, while in Callisto, in addition to auditors, there are still many aspects of the project.
  • Callisto will not be able to fulfill its main mission if we start charging for audits, as in this case there will be projects that no one will audit or request an audit for and this projects will possibly cause damage to the entire crypto industry in the same way as it was with TheDAO or Parity Multisigs.

4. The issue of incentivisation.

There is another fundamental problem in Callisto. Auditors are not interested in following the rules of the Callisto Security Department if they find a serious mistake. Callisto Auditing Department system is designed so that auditors should not know each other. The only incentive for auditors to follow the rules of Callisto is not knowing what mistakes other auditors find. Penalties for failure to find errors may exceed the chance of success if the auditor decides not to report an error and exploit it after the audit completion.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store