Proposal: CertiK Audit Subscription Agreement Renewal


CertiK has provided Venus high quality security assessment services for the last two years and for the last year, has provided them on a monthly basis in the form of our Audit Subscription Agreement. We are proposing a renewal of the Audit Subscription Agreement for an additional two years.

Venus shall pay an aggregate subscription service fee of $420,000 (four hundred and twenty thousand dollars), payable in 24 equal monthly installments set forth below (the “Subscription Service Fee” or the “Fee”). Customer shall retain CertiK to perform the Services on a subscription basis for a total of fifty (50) hours per month (the “Subscription Hours”) at a rate of three hundred and fifty dollars ($350.00) per hour (the “Hourly Rate”) for a total monthly subscription fee of seventeen thousand five hundred dollars ($17,500.00) per month (the “Monthly Subscription Fee”), commencing on the Effective Date through the end of the Term of the Subscription Agreement.

Upon CertiK’s receipt of the Monthly Subscription Fee, the Customer shall be credited with that month’s Subscription Hours towards Services for that month (the “Monthly Subscription Allocation”). In the event that fees for Services requested in any month exceeds that month’s Monthly Subscription Allocation (plus any rollover of unused Subscription Hours as set forth below), CertiK will send Customer an invoice for the fees related to such excess Services within seven (7) days at the Hourly Rate set forth in this Agreement and such excess fees shall be due and payable within twenty-four (24) hours of receipt thereof by Customer and in any case, in advance of any Services being performed.

Rollover of Certain Subscription Hours:

Upon payment of the Monthly Subscription Fee each month, the Customer shall be credited to receive Services for up to, but no more than, such month’s applicable Subscription Hours without any additional payments. During the applicable Service Month (as defined below), if in such month, the Customer receives Services at less than the Subscription Hours, the Customer is entitled to allocate and carry over the unused Subscription Hours of such month into the next month (which shall increase the Subscription Hours for the following month by the amount of the unused Subscription Hours), provided that (i) all unused Subscription Hours will only be carried over during the Term of this Agreement and (ii) by the end of the Term, the aggregate unused Subscription Hours shall be automatically adjusted to zero (0).

CertiK agrees to a start date for each project as follows: (i) within seven (7) business days or less of receiving the In-Scope Source Codes if such In-Scope Source Codes will be assessed in forty (40) hours or less or (ii) within fourteen (14) business days or less of receiving the In-Scope Source Codes if such In-Scope Source Codes will be assessed in forty-one (41) hours or more.

About Certik

CertiK is a pioneer in blockchain security, combining expert manual review with best-in-class AI technology to protect and monitor blockchain protocols and smart contracts. Founded in 2018 by professors from Yale University and Columbia University, CertiK’s mission is to secure the web3 world. CertiK applies cutting-edge innovations from academia to enterprise, enabling mission-critical applications to scale with safety and correctness.

One of the fastest-growing and most trusted companies in blockchain security, CertiK is a true market leader. To date, CertiK has worked with nearly 4,100 enterprise clients, secured over $370 billion worth of digital assets, and has detected almost 70,000 vulnerabilities in blockchain code. Our clients include leading projects such as Aptos, Ripple, Sandbox, Polygon, BNB Chain, and TON.

CertiK is backed by InsightPartners, Sequoia, Tiger Global, Coatue Management, Lightspeed, Advent International, SoftBank, Hillhouse Capital, Goldman Sachs, Coinbase Ventures, Binance, Shunwei Capital, IDG Capital, Wing, Legend Star, Danhua Capital, and other investors

Partnership Scope

CertiK will provide the resources needed to perform ongoing security assessments of Venus’s codebase(s). If issues are found, CertiK will provide findings and options for Venus’s consideration on how to remediate the codebase. Venus will be responsible for providing access to personnel, content, resources, systems, and information (including any consents, authorization, or licensing) as may be needed by CertiK to perform the activities under this partnership.

Each distinct engagement under this agreement will be staffed with two (2) auditors and one (1) staff security engineer, allocated by CertiK for the execution of the task. CertiK will guarantee a minimum of two (2) returning auditors for each new engagement to maintain consistency and familiarity with Venus’s codebase.

Terms & Conditions - Cancellation Policy

By approving this proposal and proceeding to make payment of the fees to CertiK, Venus agrees to the terms & conditions set forth in the Subscription Service Agreement. Pursuant to the agreement, Venus shall be entitled to terminate this Agreement by providing at least ten (10) business day’s prior written notice to CertiK of its intention to terminate the Agreement at the start of the following month.

1 Like

Hello Certik team, I would also like to see an update on our rating, which has remained roughly the same for about a year now, despite the many developments we’ve undergone in recent months. Our overall rating was weakened by a fundamental category, which seems to have been dependent on bad debt. In recent months, we’ve managed to repay everything except for the dust (which will be addressed later as it requires filtering through a large number of addresses with minimal balances), which is a significant milestone that should be taken into account in this assessment. I believe that currently, the fundamental category should be able to catch up with the other categories, which should ultimately have a very positive impact on our final rating.


Good proposal. I hope Certik can continue to cooperate with Venus to ensure the code security of the Venus protocol.

1 Like

Safety before all ! This renew is important.

@CertiKMarshall : Please review the CertiK Security Score based on the last Venus improvements (security features, cleared shortfall), multiple audits (20 from CertiK) etc

Fundamental score should be definitely better for this project.

1 Like

Hey @wonderomg ! Thanks for the response. I encourage you to view CertiK - Security Score which details more about our security score and how it is determined. At this time, the Venus team do have a few things that they could implement that would increase the security score. We will synch with the core team and do our best to implement these features so that Venus can have the highest security score possible!

Hey there @Frayst ! thanks for the response. I detailed a bit in another reply as well but definitely recommend checking out CertiK - Security Score and reading more about our score.

We will work closely with the Venus team on implementing certain features like a team KYC, Bug Bounty setup and Skynet Monitoring which would all have a positive impact on Venus’ security score!

1 Like