Reestablish credibility with comprehensive third-party audit by Shipyard

By Mark Lurie (Shipyard Software)

Sushi needs a thorough outside assessment that is shared with the community. In traditional markets, when a company, fund or bank runs into trouble, the first thing that happens is an external audit to determine the current state of things.

Until there is an outside assessment, I don’t think any plan can be credible, regardless of whether it comes from leadership or community, because the community can’t make an informed vote.

So who will step up? We think it needs to be an operator, not an investor. The team needs to have shipped products, built organizations, and have a deep understanding of DEXs, finance and regulation.

In considering governance proposals, I think motivation matters most. So why would we want to do this? Because it’s important to us that someone does. Sushi is a leader for how DAOs operate, and its credibility is good for the whole community. We don’t want DAOs to have a reputation for dysfunction; inability to self-govern may prompt misguided external regulatory pressure. Instead, Sushi has the opportunity to prove the DAO model can work. I don’t think there are many teams well-positioned to help at this critical juncture. Shipyard Software is one of them.

A bit about Shipyard:

  • I am a 3x entrepreneur, ex FJLabs/Bessemer/Harvard (Linkedin).
  • My partner, Abe, is a 2x entrepreneur and perhaps the most published academic researcher on AMM design (cited in Uniswap v3 whitepaper). Ex AngelList, CS PhD at CMU + Harvard.
  • Our team includes top-tier Sr. Devs, ex-consultants who helped audit and restructure fortune 500 companies, etc.
  • Richard from Quantstamp wrote another post with a bit about us here.
  • We shipped

Here’s our proposal: The community gives us a mandate to speak with all parties and request internal information - not to assign blame or point fingers but only to understand Sushi’s current state. Based on what we find, Shipyard Software will prepare an in-depth report on Sushi’s capabilities, human resources and technology progress, and share it with the community. If the community considers it valuable, they can decide to compensate us after-the-fact, or not.

Sushi has a bright and exciting future, all we have to do is work together.

  • Yay
  • Nay

0 voters


Supporting this, community is looking for transparency & direction, and an external third party will be suited for this task.


Need a business plan before we perform surgery. Voting no for now.

Need a diagnosis before you can form a business plan before you can perform surgery


The diagnosis is that we lack leadership currently

If that’s true, I don’t think any credible outside leader would want to step in without knowing whats there first. Too big of a personal risk. And I dont think any inside leader could step up credibly without an outside party doing this kind of a report


One clarification in response to several questions we’ve received in the sushi discord:

I dont mean to imply that this report would necessarily be 110% exhaustive on every detail. I think one of the reasons it is important that whoever does this is an operator is that they will have better judgement for whats important to look at and not waste everyones time on being totally exhaustive. We would use judgement - the goal is to rebuild credibility without becoming a massive distraction to shipping code.

1 Like

Listen you aren’t wrong, we do need a full go-over of books and records and establish a proper business plan moving forward. But we need someone to pioneer that effort. CEO, CFO, etc.

I dont necessarily agree that someone won’t do it. With the correct incentive structure, turnarounds can be compelling. Im awaiting the Arca final proposal - they’ve said they are working on something in conjunction with Daniele of Frog Nation. Once we appoint someone to lead this effort, we can review the steps required to turn this ship in the right direction, first of which youre right is probably a full audit. But if we do that right now, im afraid it will just show what a shitshow things are and further cast us into the finger pointing abyss


how would we ever know to trust its results? How would we ensure that no collusion taken place, and the whichever report you end up producing is accurate?

Why sudden urge for charity? To do this big of an undertaking pro bono? What do you hope to acquire during the audit that would offset the cost of its creation?

Fully support this, I’ve been using Clipper and it’s a great tool for the small fish

1 Like

I feel like we addressed our primary motivations in the original post. But a few other things we’ve thought about, in case it’s helpful:

  • It’s not pro bono persay - it’s just that the community can decide what to compensate us after-the-fact based on whether we’ve actually done good work. I’m confident we’ll do good work and trust the community to do something fair. We’ll explain what the work entailed so you can make a judgement. Regardless, it’s not the main motivation.
  • There is some optionality that comes from this. It may turn out that, after the report, the community wants us to play an additional role. I don’t know what that is but it could be interesting for Clipper’s community as well.
  • If we produce good work and everyone values it there are reputational benefits.

I don’t think there is anything wrong with these as secondary considerations. Still seems win-win-win for everyone. We have an incentive to do good work that the community will value.


1 Like

I give you my word we wouldn’t collude.

Of course, philosophically, it’s impossible for you to know for sure whether we collude or not. But besides being unethical, it would be irrational of us to do so. Our identities are public, so we would be risking our reputations if we colluded. We’ve worked hard through our lives to build our reputation and credentials for competence & integrity; why compromise that for a quick buck?

In any case, it’s clearly more credible to have an outside party do it than an inside party.


This is a great point and you’re right. I think the first stage of the assessment should be fast and define what is needed from a new leader so that the right interim person can be appointed. Then the rest of the audit can continue.

This is great @markshipyard. I particularly like that you’re not requesting to be paid in this work up front. You see what I see in the current posture of sushi. If we can restructure and grow after some pain, it can be the case study for the future of DAO community operations. It offers a massive learning opportunity.

With that said, a couple of questions:

  1. Will Shipyard be signing an NDA and non-compete if they do this type work for Sushi? I’m assuming your organization will get access to proprietary information. How will that be protected, inasmuch, it can be protected in a very open-source operation?

  2. In your experience, how long does it take to accomplish an external assessment of this type?

  3. In your past experience, how much does such an assessment cost? Let’s assume the community decides to compensate you after it is complete. We’d definitely need to know the market value of such services.

  4. Would a multi-disciplinary team, including those with HR backgrounds, be appropriate to add to such an assessment?

In the legal field, we refer to it as more of an internal review. Law firms are often retained in similar situations to conduct investigations. I’m not sure we need something that significant at this point and many law firms are not familiar with crypto.


I think this is an excellent proposal. I don’t see anyone else making an effort to create a post-mortem for the community, and it is desperately needed to stop the constant questions and conspiracy theories. It can also help guide our restoration in the future. “You can’t know where you are going unless you know where you have been”


Hey Mark - excited to see you jumping in here.

This is a powerful statement:

I seem to agree but is a bit ironic coming to the same community and asking for their blessings (via a poll)

As you mention above, we need more information to make an informed vote:

First - have you, Shipyard, done this sort of diagnostic / auditing work before? It reminds me of a consultative approach in traditional industries and could be interesting if applied to crypto.

Second - how long do you estimate this whole process to take? With a team of a few people, this is a large build. Time is of the essence and waiting on the results may delay critical votes and restructuring.

This sounds like an easy benefit to the ecosystem if deployed promptly.

1 Like

Thanks @fig and @nickjrishwain for the questions. I’ll answer them both together.

You’re right, it’s very reminiscent of a consulting engagement. We have in multiple forms. I’ve diligenced many companies (former FJLabs, former Bessemer Venture Partners) for investments, Abe often evaluates AI/crypto tech for prospective investors, and our team includes a senior strategy consultant from a top management consulting firm who has exclusively worked with CTOs and CDOs of fortune 500 companies for the last 5 years and seen these specific problems many many times. I think a traditional consulting firm might quote a 4 person team for a 10 week review + partners and charge perhaps $1m. That probably gives a lot of people sticker shock, so to be clear, that’s not necessarily what I’m proposing here, I’m just sharing data.

You’re right, it’s also reminiscent of an internal review by a law firm.

However, management consulting engagements and law firm internal reviews are for big companies, and if this were a big company we probably wouldn’t be the best possible team to do this. Sushi, in contrast, is still a startup. As such, I think it’s more important that the team is led by experienced startup operators. Here are some ways I foresee running it differently.

  1. We will work way faster. Startup people just do, for a bunch of reasons.
  2. We will zero in on the important stuff and skip all the ‘cover your ass’ and ‘justify your existence’ work.
  3. We will synthesize and provide the key information necessary so that the entire community can propose solutions. I expect that our recommendations could come separately and be evaluated along with those from the rest of the community.
  4. We will solicit and vet functional experts from the community to help whereever needed (e.g. HR backgrounds, to @nickjrishwain’s point).
  5. Most of the real work here is mediating what is effectively complex board politics, which unfortunately I have a lot of experience in.

As a result, I think we can do this in a few weeks at much lower expense. Hard to say until we get in there but we will be transparent with the community as we scope it out better and, of course, provide a detailed report of our efforts at the end. Personally, I’m quite interested in how the community will value it and don’t have any specific request or preconception.

This would make sense for a consulting firm but not in this case, for a few reasons. (1) The whole point is to share with the community so an NDA doesn’t seem to make sense, (2) almost every team in DeFi competes with some aspect of Sushi’s product suite, and we quite obviously do compete on retail trades with, which is #crushing and the data shows we have best prices on small trades. To be honest, though, I’m not really sure what proprietary information there is or what advantage we could really gain from it. Most of it is open source already. Trident is great but I would describe it less as groundbreaking research-based technology and more as a series of design tradeoffs that make sense for Sushi but might not make sense for other DEXs. For example, we would never launch Trident given our mission and stage of company. It’s only viable if launched from a community platform as big as Sushi’s. In any case, those voting here will just have to decide if they would rather a consulting firm that will sign a noncompete but probably doesn’t know anything about crypto or if they would rather a team of domain experts who deeply understand the issues and products operating in good faith with their reputations on the line. I’d pick the latter.

Phew, that was a lot of typing. Hope that addressed everything.

Happy to do an AMA in the sushi discord if the team so desires.

1 Like

a greater diversify of auditors can do no harm - fully in favor.

Hi there, highly supportive of this proposal. I have been holding my xSUSHI since the very beginning of the adventure and despite following closely the various proposition and debates in the last few weeks I refrain from participating because I feel like I don’t have the information I need to develop a legitimate judgement.

I would very much welcome the Shipyard team working on an objective report to help community members understand the facts and internal power games/conflicts that have been at play.

I very much appreciate the proposed no upfront fee, but expectation for compensation if report is helpful.

I don’t think there is a need for any form of NDA, the process should be wide open, with full transparency on sources to help demonstrate objectivity and understand the roles and personae of the various key individuals involved.

More than leadership, we lack a vision.
We have to give a strong message to the world: a group of men can agree.
That the old financial dynamics (the old voting union schemes) can be overcome.
It is important that we, as a community around an interest, answer 2 questions:

  1. Who we are
  2. To solve what problem
    If to question 1 we answer: we are just a mass of tokens, then we show that the rich can have sushi. What sushi does it take to make money only for the rich.
    We need a vision.
    When we have it then we will be able to create the right products, communicate them in the right way and have the criteria to choose the right managers.
    Sorry, but i’m not native english language.

See this

1 Like