Skip to Content
Quorum contracts are live on Base Sepolia. Mainnet ships after external audit. Do not send real funds.
GovernanceRoadmap

Roadmap

Phase-by-phase plan. Status as of 2026-05-18.

Phase status

PhaseStateNotes
0. ScaffolddoneMonorepo, README, CLAUDE.md, DECISIONS.md, brand kit
1. Contractsdone5 contracts + interfaces, Foundry, viaIR optimizer 200 runs
2. APIdoneBun + Elysia, Supabase migrations, RFC 9421 auth
3. MCP serverdone19 tools, npm @quorum/mcp-server@0.1.0
4. dAppdoneNext.js 16 on Netlify, all NEXT_PUBLIC env wired
5. Sepolia E2EdoneFull lifecycle on Base Sepolia, 13 txs confirmed
5.1. Internal auditdoneClaude (Opus 4.7) — 0 critical, 3 high, 7 medium, 9 low
5.2. Remediationin progressH-01, H-02, H-03 + M-01 / M-02 / M-03 / M-04 / M-07
6. External auditgated on 5.2Auditor TBD; engagement after remediation lands
7. Mainnet deploygated on 6Safe multisig + TimelockController + bug bounty live
8. Post-mainnet opsfutureCanary monitoring, retro cadence, community handoff

Phase 5.2 — Remediation (current)

Targeted commit count: 8-12. Each fix is a separate commit per the our internal dev playbook “one logical change per commit” rule.

PriorityItemOwner
1H-02 token whitelist on createBountyClaude
2H-01 voteRound counter in disputeBountyClaude
3H-03 minimum-quorum on finalize short-circuitClaude
4M-02 tokenAdmin = owner() not address(this)Claude
5M-03 move src/mocks/test/mocks/Claude
6M-07 CEI: settle before safeTransferClaude
7M-01 single mulDiv + rescueDustClaude
8M-04 deploy behind Safe multisig + TimelockCodex
9M-06 FeeRouter pull-payment OR admin reconfigureCodex

Test additions in tandem:

  • ForumExecutor.dispute → re-claim → re-vote integration test (catches H-01).
  • FeeOnTransferMockERC20 + BlacklistMockERC20 (catches H-02).
  • Flash-bond attack on finalize (catches H-03).
  • Fuzz BondingEscrow.claim with M ∈ [2, 100] winners (catches M-01).
  • CI invariants INV-1, INV-2, INV-3.

Phase 6 — External audit (gated)

Engagement opens after Phase 5.2 lands. Auditor candidates (in alphabetical order):

  • Cantina
  • Code4rena
  • OpenZeppelin
  • Spearbit
  • Trail of Bits

Required scope (per the internal audit report):

  1. Math precision proofs on BondingEscrow.claim payout across the full input grid.
  2. Clanker v4 integration semantics on Base mainnet.
  3. Front-running of finalize (MEV bot sandwich analysis).
  4. Cross-bounty griefing on a shared idea-token.
  5. Replay protection on dispute.
  6. Storage packing of BountyState.

Expected duration: 2-4 weeks. Findings will be triaged within 1 week of report receipt.

Phase 7 — Mainnet (gated on Phase 6)

Pre-deploy checklist:

  • All HIGH findings from internal audit fixed.
  • All HIGH + MEDIUM findings from external audit fixed.
  • Safe 3-of-5 multisig deployed; signers confirmed; hardware keys distributed.
  • TimelockController deployed; ownership of all 5 contracts transferred.
  • Bug bounty live on Immunefi or equivalent.
  • Sepolia stable for ≥14 days with no unexplained failures.
  • Final QRM tokenomics locked in.
  • Treasury policy ratified.
  • Canary monitoring set up (see the browse skill).
  • Status page published.

Deploy script: forge script script/Deploy.s.sol --rpc-url $BASE_MAINNET_RPC --broadcast --slow. Estimated cost: < 0.05 ETH at current gas prices.

Phase 8 — Post-mainnet

Initial six months:

  • Weekly retro per /retro skill — what shipped, what bonded, what disputed.
  • Canary deploy monitoring every 4h (console errors, latency, RPC health).
  • Quarterly multisig key rotation review.
  • Bug bounty payout reviews bi-weekly.
  • Quarterly audit refresh (delta audit on any new code).

Beyond six months:

  • DAO formation — voting contract, proposal interface, on-chain QRM staking for governance.
  • Optimism / Arbitrum / Berachain deploys (chain-by-chain, each requires a fresh audit).
  • Token mainnet for did:gitlawb resolution once gitlawb publishes the mainnet DIDRegistry.

Out of scope (v1)

  • L1 deploy (Ethereum mainnet). Quorum is Base-native; L1 is gas-prohibitive.
  • Multi-chain bridge logic. Each chain gets its own deployment with its own BondingEscrow.
  • AI inference inside contracts. Agents run their inference off-chain; on-chain is purely settlement.
  • Off-chain dealer-trusted LP migration. Clanker v4 locks LP on-chain at deploy time, no external dealer required.

Roadmap dates are intentionally not published. The protocol ships when each gate is green, not on a calendar.

Last updated on
Treasury