Summary
Since our initial assessment of the Spiderchain on November 25th, 2024, we got in contact with the BotanixLabs team and had the opportunity to clarify several important points. The additional information we got did not change our initially positive outlook on the Spiderchain.
On the topic of code security, the team has informed us that SigmaPrime is currently auditing the reth forked client that will be used as the Spiderchain consensus and EVM client, with a publicly disclosed audit expected in the next few weeks. In addition, to guarantee the Bitcoin-related code, the team is in contact with Bitcoin core developers. The team has also informed us of their intent to create an Immunefi bug bounty before the mainnet is deployed, which is expected to happen in at least 3 months from now.
Some details of parties considered for the 15-member Federation have been shared with us. Although the NDA we signed prevents us from disclosing further information, we can publicly vouch that they are serious actors in the space and represent a sufficiently decentralized set of unrelated entities. The application process to become a federation member includes a questionnaire, which includes questions like the security processes in place as well as whether or not the company has passed a SOC-2 audit.
Regarding governance, the team mentioned the possibility of a future DAO with a governance token and a Foundation, although this is not a priority now. The selection of Federation members is anticipated to adhere to stringent security criteria to implement a framework of credible decentralization within the Federation. None of the members is expected to assume custody of assets, thereby preventing the need to comply with direct regulatory obligations related to asset custody. However, these projections remain speculative under the protocol’s current configuration, making assessing the regulatory implications for individual Federation members impractical at this stage. If and when specific entities are identified as Federation members, an appropriate due diligence process can be conducted to evaluate their compliance posture and associated risks.
Disclaimer
This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.