glad to see discussion on audits. I didn't comment on this in the proposal because I knew it would come up and thought it would be easier to respond to than get ahead of.
I certainly have nothing against thorough review of code to ensure it is safe and secure -- this is a non-sequitur. I'm glad to see this is a strongly held belief across the board. That said, I have my own issues with audits. Having gone through six of them myself, plus through conversations with other devs, I've found audits to mainly suggest cosmetic changes and (if lucky) gas optimizations. I think there is a fair bit of harnessing of fear and the natural desire for accolades/rubber stamps by auditors to extract tens/hundreds of thousands of dollars out of projects while providing no assurances and often missing any real issues (if they exist). They are no silver bullet, or often any bullet at all: I'll evidence this with the fact that Olympus alone has never seen an exploit on unaudited code, but found issues post-release on two occasions with audited code (though luckily we have a fantastic developer community that caught these early and prevented any damage from occuring).
My belief is it ultimately comes down to the code, and thorough peer review is sufficient in cases where code complexity is low and moving pieces are few (as is the case here). My desire is to prevent the needless expenditure of money and time (which carries a direct monetary cost here from an interest perspective). That said, I am in no way advocating for unsafe or reckless deployment of treasury capital. Loss of funds is always the worst possible case and I do not take risk lightly. FWIW this codebase has gone through 10 months of development, iteration, and refinement to make it (as far as I can tell) absolutely bulletproof. But, of course and always, my word alone should not be sufficient.
The decision ultimately rests with all of you. Personally, I believe peer review and staggered live incentivization is enough; but, if consensus is not with me there, I would advocate for a code4rena competition. That is the best process I have seen to date and does a good job minimizing the issues I see with the audit process as it stands. To that end, I have created additional documentation that you can find here which will walk you through each and every line of code in question. I think this is important to make an informed decision here and, if that decision is to go through a formal audit process, I hope it will help there as well. I'd encourage anyone to look, even if you're not a dev; I think it's pretty easy to follow and you might find it fun!
As always, I appreciate the engagement and concern on behalf of the health of Olympus. It is inspiring and in no way offensive to me.