On Wednesday, September 26, Matthew Di Ferrante of ZK Labs announced Community Audits, an initiative to audit projects that have not held an initial coin offering and don't plan to. Eligible projects are those that "serve as a utility to the community," such as tools and libraries helpful to developers, nonprofit EDCC (aka smart contract) infrastructure, and open-source code.
Although many nonprofit projects would qualify for the initiative, the nonprofit designation is not necessary for eligibility. Di Ferrante noted that, for example, "a state channel platform that has some fee system built in could be fine." He added that, ultimately, the purpose of the initiative "is for grassroots projects to be able to receive quality audits without needing to think about raising large amounts of funding before the project can go live," or without having to undergo the complex process of acquiring an Ethereum Community Fund grant.
Di Ferrante, Nick Johnson of Go Ethereum and the Ethereum Name Service (ENS), and Dean Eigenmann (also of the ENS) are confirmed auditors for the Community Audits program. Di Ferrante indicated that he would "commit to doing at least one reasonably sized community audit per month," also mentioning that the team hopes to recruit more volunteers as the initiative unfolds.
Longer, more complex audits would be funded by a charity multisig wallet maintained by ZK Labs, although Di Ferrante maintained that a "percentage of profits from ZK Labs will go to fund the initiative." Individuals are also welcome to donate – plus, they can indicate which types of projects they would like their money to go toward (such as open-source code or libraries).
The team has already completed two audits under this initiative. The first is SolidStamp, which, according to its website, "connects smart contract users and security auditors to ensure the safety of their ethers [sic] and tokens," as well as maintains an on-chain registry of Ethereum audits. The second is Token Subscription, which allows "applications to create a trustless subscription model" without requiring users to transfer tokens, according to Di Ferrante.
ZK Labs recently audited bZx, a 0x-integrated protocol on the Ethereum network created for non-custodial decentralized margin lending and trading services. In the audit, Di Ferrante concluded that the "code is generally well structured and properly compartmentalized" and that it faces a lower risk of bugs.
Correction (9/26/2018): An earlier version of this article listed the announcement date as September 25. This was a typo.