πŸ”­ Role Overview

We are looking for per-project Security Auditor who should have extensive knowledge in cybersecurity, including expertise in frontend and backend security, and proficiency in JavaScript and Rust for auditing SDKs.

Must be experienced in web3 security, skilled in risk management and adept at identifying and fixing vulnerabilities. The role demands a proactive approach to enhancing security processes and sharing reports with the development team.

πŸ›οΈ About Streamflow

Streamflow is the distribution layer of Web3.

With ~$700 million in TVL and over $700+ million distributed, we are the permissionless, open, on-chain token streaming protocol used by hundreds of clients across five chains.

Our team is globally distributed and agile.

Our treasury is well-funded, and we have been profitable for several months.

We are excited to scale and launch some huge initiatives over the coming months and need creative, reliable, and driven operators.

🌟Job Description:

The Per-Project Security Auditor for Streamflow is tasked with conducting a thorough one-time audit to identify potential security vulnerabilities within various components of the Streamflow project. Key responsibilities include:

  1. Frontend Application Security Analysis: Analyze user-facing features, such as vesting, payments, and token locking, for security flaws. https://app.streamflow.finance/
  2. JS SDK Security Assessment: Perform a detailed security audit of the JavaScript (Typescript) SDK, assessing potential vulnerabilities in its interaction with blockchain protocols. https://github.com/streamflow-finance/js-sdk
  3. Backend Applications Security Review: Evaluate the security of three backend applications (Python), identifying potential weaknesses in data handling and protection:
    1. Contract manipulation (Vesting, Payment, Token-Locking)
    2. Airdrop manipulation (Instant, Vested)
    3. Authentication
    4. Address book
    5. KYC
    6. Team Dashboard
  4. Rust SDK Security Oversight: Conduct a comprehensive audit of the Rust SDK used for on-chain program integrations, identifying any security issues. https://github.com/streamflow-finance/rust-sdk
  5. Process Enhancement and Risk Management: Help in developing and refining security processes related to team operations and treasury management, identifying potential flaws and suggesting improvements.
  6. Reporting and Collaboration: Provide comprehensive reports on audit findings and work closely with the development team for prioritizing and addressing security issues.

Bonus:

  1. Perform fix of the flaws found in the section above

🀝 Why You Should Join Us

Values: Streamflow is built on the values of customer focus, respect, ownership, proactivity, and a growth mindset (internally known as CROP-G values).

We live by these qualities in our day-to-day and prioritize a happy and performant team. Therefore, it’s especially important that new teammates align closely with these values.