Auditor
Auditors are groups / people that have conducted audits, or intend on doing so. As each identity is tied to a single account, a Auditor can only be referenced by a single wallet address.
Requesting to Audit
If an auditor finds an open audit, they can request to audit that protocol. There are instances where a Protocol Owner whitelists an auditor, and in this case, they can bypass the request entirely. If an auditor requests to audit, it's at the Protocol Owner's discretion to verify or reject them.
Attestation Period
If an auditor was verified, and the Protocol Owner locks the audit, the audit moves to the attestation period. This is where Auditors must attest to all aspects of the audit, and can either accept or reject terms. Auditors also have the ability to leave audits during the period. Just because the audit was locked, it does not absolutely require that a certain Auditor conduct the audit.
An auditor can reject terms for any reason. If terms are rejected by at least 1 auditor, the Protocol Owner must update a component of the audit. If an audit is updated, the attestations reset. If and auditor leaves an audit during the attestation period, attestations for all remaining auditors will reset.
Once terms have been agreed to, meaning all auditors attest to the terms, the auditing period is kicked off by the Protocol Owner.
Auditing Period
During this period, the auditors actually conduct the audit. When an auditor submits their findings, the findings are completely obfuscated from all parties. Once all auditors submits their findings, the protocol owner can request to view them. A request to view requires the Protocol Owner locking their payment in escrow. No other actions are required by the auditor during this time.
Challenges
The challenge period occurs as long as the vesting period is ongoing. If it is deemed that the audit was faulty, then Bevor DAO automates the rolling back of the remaining portion of escrowed funds to the protocol owner. During the vesting period, payments are vested to auditors according to some predefined schedule.
Let's say $100,000 was put up as the price of the audit, on a 10 month vesting duration. After 5 months, the DAO deems the audit faulty. The remaining $50,000 in escrow would be rolled back to the protocol owner.
If a challenge occurs, then payments are frozen for the duration of the vote. This won't delay the overall vesting schedule, unless the voting period exceeds the time remaining in the vesting schedule.
Finalized
Once the vesting period ends, the audit is in a finalized state. Now the protocol owner and auditors have a fully on-chain representation of the audit that was conducted. This can easily be showcased, and better, provably belongs to the protocol.