by 0x247e0896706bb09245549e476257a0a1129db418 (LordLike)
This is a poll to start the process of increasing security of DAO critical smart contracts by upgrading SAB with mandatory function as a second layer of security on top of the DAO Committee to mitigate risks that include scammers, black hackers or human factor.
SAB controls and can update Decentraland DAO core smart contracts, can add or remove DAO Committee members. It is vital for Decentraland and DAO to maintain and improve SAB security.
1.WHAT ARE DECENTRALAND SMART CONTRACTS ?
The Decentraland DAO owns several of the most critical smart contracts of the Decentraland platform. They are listed below:
The LAND contract. This is the contract that manages the LAND tokens. The DAO is the owner of the LAND smart contract. This means that any changes or modifications to that contract must be carried out by the DAO and the SAB.
The Estate contract. Like the LAND contract, the DAO owns the Estate contract which can only be modified by the SAB, after approval has been given by the DAO through a community vote.
POIs. The list of Points of Interest is also owned by the DAO. This list is stored on a contract and can only be modified after passing a vote by the community that is then enacted on-chain by the DAO Committee.
Names. The contracts used to mint the NFTs for unique avatar names in Decentraland are owned and controlled by the DAO. Any changes to the names contract must be approved by the DAO.
Banned names. The list of names that have been banned from the Decentraland client is stored in a contract owned by the DAO. This list can only be modified after passing a vote by the community that is then enacted on-chain by the DAO Committee.
Catalyst nodes.The list of Catalyst nodes that serve content and establish the peer-to-peer connections needed to keep Decentraland’s virtual world running is also owned and controlled by the DAO. This list is stored on a contract and can only be modified after passing a vote by the community that is then enacted on-chain by the DAO Committee.
Wearables collections. The contracts used to manage wearables collections are owned and controlled by the DAO.
Marketplace contracts. These contracts are also where the marketplace fees are defined, and can only be changed with the DAOs approval.
Grants. The vesting contracts used to make recurring payments as part of the DAO’s Grant framework are also owned by the DAO. These contracts are created by the DAO Committee on behalf of the DAO, and are overseen by the SAB to prevent any risk of monetary loss due to vulnerabilities or mistakes made by the Committee.
2. HOW DAO WORKS ?
Decentraland’s DAO uses off-chain voting for the community and a multi-sig wallet controlled by a “DAO Committee ‘’ to enact those off-chain decisions on the Ethereum blockchain. The use of a multi-sig wallet is controlled by a DAO Committee which is composed of trusted persons which guarantee the DAO security and enact proposals. A second multi-sig owned by the SAB provides a second layer of security on top of the DAO Committee.
3. WHAT IS SAB ?
SAB is the Security Advisory Board responsible for the security of Decentraland DAO Aragon smart contracts including LAND and Estate contracts. The SAB controls updates on DAO Aragon smart contract and other smart contracts owned by Aragon. They respond to vulnerability and bug reports in any of Decentraland’s contracts.
The SAB includes 5 experts that have initially been selected by the Decentraland dev team.
Any time a modification is to be made to the LAND or Estate contracts, the update must be unanimously supported by the SAB’s multi-sig. At least three signatories are required with no dissenting votes in order to make any changes to the LAND or Estate contracts. The SAB has the ability to pause, resume, or cancel any action taken by the DAO Committee.
Funds transfers from DAO Aragon smart contracts can be initialized by one DAO Committee member or done by 3 out of 5 SAB members (only in extreme cases related to security of smart contracts).
After a transaction is initiated a 24h execution delay starts. Within those 24h, any DAO Committee member (or SAB member) can pause or cancel that fund transfer.
4. WHAT IS DAO COMMITTEE
The DAO Committee is a group of three trusted individuals who have been selected by the community to hold keys in a multi-sig wallet. This multi-sig is responsible for enacting any passed votes with a binding action, like funding a Grant, banning a name, adding or removing a POI, implementing a Governance proposal or adding a Catalyst node.
Every on-chain transaction initiated by the DAO Committee has an automatic 24-hour delay before it is completed, allowing the SAB or the DAO Committee members to revoke the transaction during this period of time .
5. POSSIBLE RISKS:
In theory DAO Committee members can be hacked or colluded with each other for fraudulent activities and there will be no mandatory force that will stop them.
The Security Advisory Board does not oversee the operations and what is being done with the DAO or DAO Committee actions, they are purely for smart contracts security.
SAB can cancel funds movements from the DAO Aragon wallet, but they are not supposed to do it unless it’s clearly something that should not happen. (Rogue DAO Committee or hacked address trying to steal money).
Also, a 24 hour transaction execution delay is a pretty small amount of time and bad actors can choose date and time which will increase risk of transaction being unnoticed such as weekend, holiday or resonant event that will distract attention.
6. POSSIBLE SOLUTIONS:
Add SAB a mandatory function of overseeing DAO transactions including DAO Committee actions by certain filters, for example if the transaction is more than a certain sum or transaction frequency.
Increase transaction execution time delay. For example, from 24 hours to 48 hours.
Interview SAB members by the community once a year to ensure they are alive, in their right mind, have not lost the keys and are committed to continue performing their responsibilities. (Interviews can be held in Town Halls for example.)
The SAB members’ possible compensation can be discussed in other proposal.
These are forward thoughts to start community discussion on security issues or concerns that should be solved or mitigated.
7. VOTING OPTIONS:
Yes: I support this proposal as a starting point to increase DAO smart contracts security.
Final actions on improving DAO smart contracts security and their implementation pathways will be described in DRAFT and GOV proposals after achieving community consensus in discussions.
No: Leave as it is.
- Invalid question/options
Vote on this proposal on the Decentraland DAO