Statement from Cardano Foundation

Cardano Foundation (CF) is aware of the concerns of some in the community via comments on social channels. In light of this we would like provide some further context on the issues raised around the audit and also about the work of the Foundation.

With regards to our audit work, back in November 2017, IOHK invited the CF to audit the build of Cardano SL. Ensuring stakeholder accountability is one of the key objectives of CF so this was an exciting prospect and a natural fit. The audit of Cardano SL was proposed with the intention to thoroughly review the code, technical documentation and operating procedures of Cardano’s Development team. CF engaged FP Complete, an independent Haskell specialist firm, to carry out these audits.

The first audit report was shared with IOHK in December 2017 and reports have been sent every month since, the last one being August. The idea, agreed and supported by IOHK, was that the reports would become public for full transparency.

The first public audit report was released in February 2018, it was agreed with IOHK that CF would share these reports with the community monthly. Since the first public report was released, CF have not received feedback from IOHK on the audit points raised, CF felt it counterproductive to highlight audit points to the community without showing a balanced response from the auditee. In order to release fair and objective audit reports, CF believe the best approach is to allow IOHK time to adapt to the process and CF remains hopeful of releasing the next audit very soon.

CF believes that this collaborative approach is in the interest of project harmony and will benefit Cardano in the long run. CF is excited to be able to share the extensive and valuable work carried out by FP Complete over the past 9 months.

The Cardano Audit Reports discussed above should not to be confused with the Haskell Library Reports. The Haskell Library Reports are a separate initiative that CF and FP Complete are working on. Whilst carrying out the auditing of the Cardano SL code, FP Complete noticed areas within the public Haskell Libraries, not built by IOHK, that could be improved. Following discussions CF decided that their findings should be made public. These reports benefit both Cardano and the wider Haskell community, which we are pleased to support. CF has now released two of the Haskell Library reports, the last being released yesterday and committed to this project.

In addition to the audit work, CF continues to work on a wide range of initiatives to add value to the Cardano ecosystem. Our team based in Switzerland and the UK have grown, engaged with and educated the Cardano community. This includes setting up a global meetup network with over 6000 participants in 27 countries, moderating a range of official online communities creating a safe place for the community to connect and encouraging interaction between IOHK or Emurgo and the community. We have an active high-quality research programme, that to date has produced a number of reports looking at the application of Cardano and wider blockchain technology. We also sponsor and collaborate on projects that benefit Cardano, this includes integration of Ada on the Ledger wallet and debit cards.

Lastly, CF are aware of the need to provide transparency as to CF’s Ada holdings and addresses . Our plan is, and always was, to release a full statement after the regulatory filings are complete (scheduled for the end of September 2018). In the interim we can confirm that CF has used none of it’s Ada allocation and that it commits to using these resources for sponsoring community projects, rewards and grants that benefit the protocol and wider industry.

Hopefully, the above points provide some clarity and further context. While we are fully aware we have a long way to go, we are completely committed to continue scaling CF in a sustainable way. CF has a very important responsibility within the project to remain, non-profit, independent and objective.

At times this will cause friction between us and our fellow partners, we see this as a healthy environment for the project to thrive within. With independence and an objective view we can ensure that discussions, decisions and actions ultimately benefit the project. With this unique perspective we will continue to help balance the work and interests of both the community and the for profit entities that carry work out within the project. Our planning for our 2019 activity is well advanced and we will be communicating further in coming weeks, while continuing to absorb feedback and ideas from the community.

Cardano Foundation

This looks like Cardano and IOHK have a poor working relationship?

@tom.kelly @jonmoss

If no ada was used, whats the problem posting the address like iohk did?
Regulator filings should not be affected by non actions like not moving ada
Are the rules you need to follow a secret? can you post the link to it?

You really think this sort of answers look well on „CARDANO FOUNDATION”! ?

No, I wouldn’t say that.

IOHK has to balance investing resources to deal with the FP audit reports vs. further building new features.

It’s a hard call and as CF has no technical staff so they can’t really judge if the decisions taken by IOHK in this respect are good or bad.

Nevertheless don’t forget this is something very unique in the cryptocurrency space to have an independent, non-profit public organization overseeing the project. It does create frictions sometimes, however has significant value proposition and ensures quality over time.

Simply put the Cardano project has put the bar super high and they are working and developing their project against much much higher standards then anyone else. Sometimes there is a need for compromise to keep the speed dictated by the market.

Why being so upset about this.

They will reveal everything in a few weeks.

I believe it was a fair statement.

Also don’t forget this is by far the most transparent crypto project out there. Set your expectations accordingly.

Do you think EOS has any report or audit where they are spending the 4 billion USD they raised for their ICO? Give me a break!

What did I say that makes you think that I am upset? I dont wanna start a fight over this. I asked a few simple questions.

Ok cool then.

Please also note that as someone who is used to software audits I can tell you Auditor companies tend to be really punctilious with their audits. The better the code the harder for them to justify their added value, so they blow up the smallest findings to be severe. This is applies even more to security audits.

Not sure about FPs case, but I trust Duncan has strong affinity to quality and would deal with the real issues identified.

Regarding the Foundation ADA addressees I believe you may find them out yourself (there is a video on YouTube with the ADA wallet distributions from @philipa). Also until the Foundation is not selling lower then the ATL market price (not the ICO price) and they do this in a moderate way I wouldn’t have issues with that until they can justify the need for extra liquidity.

To be also critical I would expect much more from the Foundation in respect of unleashing the power of the global Community. Forum, Meetups, Social Media channels is just not enough, it’s what everyone else is doing. They need to move far beyond this …

You re missing the point my friend. Please dont let your love to Cardano project cloud your judgement.

If no ada was used, whats the problem posting the address like iohk did?
Regulator filings should not be affected by non actions like not moving ada
Are the rules you need to follow a secret? can you post the link to it? What law doesnt allow CF to post their address right now? There is no such law dude! They think they can say whatever and we will accepted as the total truth withou fact checking?

How productive or financially prudent is it to spend resources on auditing a codebase that changes fast anyway? By the time your report is out, it could be irrelevant.

Maybe auditing would be more useful when we have a completed product. For now you could hire FP complete to work alongside IOHK, to live-review and correct code as they build Shelley.

You may have heard the term “technical debt”

Technical debt is accumulated when a technical decision is made in order to make progress in the project or in order to patch production issues knowing that what was done is not as sound technically as it ought to be.

It takes discipline to go back and redo the part that the team knows could be done in a much better way. As you pointed out, it’s not always a straightforward decision. Time and resources are always in limited supply. However, like all debt, technical debt incurrs cost “interest” down the road. Over a long period that cost could become significant and manifest as deficiencies in product quality.

Audits provide an additional and independent emphasis on repayment of known or unknown technical debt.

Interesting statement.

The first public audit report was released in February 2018. I would imagine that 6 months should be sufficient for IOHK engineers to accept or reject the audit findings, present high level action items and provide estimates regarding the timeframe required to resolve them.

Just looking at the first report it’s obvious what might have happened.

So this is my theory below.

The auditor was far more knowledgeable, experienced & mature in Haskell Development or generally in Software Development then the auditee.

So it was a bit of shocking for IOHK to realize how much they have improve their delivery processes, CI/CD, testing methodology, tooling, etc.

It was also a huge risk that they would have to signficantly invest to level up their delivery capability & quality (I am not speaking about CMMI 5 levels here), which would slow them down dramatically.

Not to be “forced” by the Foundation through the audit reports to reserve so much capacity & focus on improving these capabilities, they temporarily ignored them and kept building the various parts of Cardano to move along the roadmap. In the meantime doing small improvements month by month.

Technical debt does indeed accumulate like this, which IOHK should resolve before their official contract ends in 2020 or whenever Cardano is developed. It must be only acceptable by the Foundation to receive a fully audit proof solution in the end.

I don’t see a big issue here …

They work on their timeline, not on yours/mine. So if they don’t post it come end of September, then you’ll have a reason to raise a red flag. Ultimately, It is their prerogative if and when they choose to publish, as is ours to form opinions based on their actions or inaction.

Did you read what I asked? I didnt say they should publish anything faster. I am asking something you should also ask instead of trying to „hide it under the carpet”…

The flag is very red already! What law forbides someone to say this address belongs to CF? How can publishing it could affect „regulatory fillings” if no ada was used? Its ridiculous

I did.

Your sentence was specified in present tense, which assumes why haven’t they posted it so far or why haven’t they posted it today, or “now” per your request. If I interpreted your thoughts incorrectly, my apologies.

I want to kindly ask CF members indicate what law they need to follow (Link pls!) that is not allowing them to post an address on a PUBLIC chain…

Honestly it seems to me this situation as a shot in our own feet!

There is something called competitivity, and we are competing with other projects that are very secretive about their work!

Yeah I love transparency, yet I do also believe in good judgement in a business world!

It’s crazy tha a lot fud toward cardano is caused by stuff like this, wake up people

Cardano is amazingly frigile now! Don’t add gasoline to the fire

It’s called “peer pressure”. I have seen several of these, it has a momentum which will slow down by the time. We should live with it, as it’s based on our nature.