Reference Implementation of Settlement Pattern and Reference DEX Implementation for Canton #108 Milestone 4: Audit, Production Hardening, and 12 Months of Maintenance

OPENIssue
by pedrodneves06-05-2026
200K CC requested
View on GitHub ↗← All Proposals

Milestone 4: Audit, Production Hardening, and 12 Months of Maintenance

  • Estimated Delivery: begins after Milestone 3 and covers the following 12 months
  • Focus:- take the reference DEX and settlement-pattern implementation from integration-ready to operationally maintainable, with external audit, remediation, and sustained support for adopters.
  • Deliverables / Value Metrics:

- third-party security audit commissioned once Milestone 3 scope is stable and deployment-critical workflows are frozen - published audit summary and remediation status - closure or accepted-risk disposition for all critical and high-severity findings - production hardening pass across the reference workflows - examples: authorization review, cancellation paths, failure handling, replay/idempotency checks, and operator recovery procedures - maintenance and support for 12 months after audit release - security fixes - compatibility updates for supported Canton / SDK / token-standard changes - bug fixes for the published reference workflows - public maintenance log or release notes covering fixes, upgrades, and workflow-impacting changes - operator runbook for deployment, monitoring, upgrade, and incident handling - documented support for external adopters using or evaluating the reference

| Milestone | Description | Compensation | |---|---|---| | Milestone 4 | Audit and maintenance for 12 months | 200,000 CC upon committee acceptance + Audit cost which will be submitted for approval once Milestone 3 is completed |

_Originally posted by @pedrodneves in https://github.com/canton-foundation/canton-dev-fund/issues/108#issuecomment-4388431766_