There are two types of participants in the described organization: Managers
and Auditors.
The main task of a manager is to control and verify the work of the auditors.
The main task of an auditor is to review the code of smart-contracts and
submit reports. Auditors receive karma for reviewing contracts. They also receive penalties for making mistakes. These statistics reflect each auditors results and determines their reward.
Both managers and auditors are paid from Callisto treasury.
The audit process will be managed through GitHub so that it will be
transparent and available to everyone. A smart-contract developer should open an issue to submit his/her smart-contract for auditors to review. At this point the manager will verify the security audit request details and mark the issue as approved. The manager should not mark dummy requests; requests that aim to spam the security audit queue or any requests that do not meet coding standard requirements. These requests will not be processed, and once these are identified and removed, every auditor will start reviewing the code.
An auditor with a contribution in the code review of a certain contract must
create a private gist and send the gist URL to the corresponding issue manager via email. E-mail address of each manager or auditor is transparent and available in the smart-contract of this organization.