I would propose an alternative structure for on-chain audits.
Create a “registry” contract that will allow anyone (or a select group of addresses) to issue an “audit report” for another address. This “audit report” should act as a Soulbound Token with configurable properties.
I have proposed this type of NFTs in the past (it is easy to turn into SBT by simply removing transferring features):
The SBT must contain the following properties:
- Issuer - the address of the auditor or an auditing company
- Critical findings: number
- High severity findings: number
- Medium severity findings: number
- Low severity findings: number
- Audit hash
- Audit report link
- Chain ID
It is possible to leave severity assignment to auditors I think.
In this way it would be possible to ask one contract (registry) and get a list of audits if there are multiple. At the same time if there is already one audit report that says “everything is fine with the contract” but in fact the contract has security problems - there will be a way for other auditors to submit reports that point out security problems of the contract.