Author: Herbert Colm
Hi, I’m Colm and I work for Slock.it as a security expert, analysing and testing Smart Contracts. I am tasked with helping the community review the contracts that request addition to the white list of The DAO.
Since my last post about bytecode verification, The DAO has become very successful, therefore making it an obvious target. We must remain vigilant, as attackers are surely going to try and scam our beloved DAO. The first line of defense against attacks is… you guessed it, the whitelist.
The DAO cannot send ETH to an address that is not on the whitelist. The function of the Curator is to manage this list. It’s important to note that Curators aren’t here to gauge the ethical or financial merits of a Proposal, but only to ensure that the Proposal smart contract will operate as described, and is safe to be included on the whitelist.
Hundreds of people are going to want to join the white list so they can make proposals. We as a community need to streamline the addition process to find attacks and verify the bytecode of these addresses.
- Simple wallet or account addresses should be prohibited, addresses should be contracts.
- Proposal Contracts should only accept payment from the DAO once, and exclusively for a fixed amount.
- Proposal Contracts should allow for the return of all remaining ETH to the DAO upon request. In other words, the DAO should be able to fire the Contractor and collect the funds that have yet to be spent in the smart contract.
How to Submit your Proposal to The DAO
Step 1. Write your smart contract.
Please refer to this example of a sample Proposal matching the requirements above. This code has been tested and retested to ensure it is safe to be submitted to The DAO. Once you have defined all of your variables, deploy it.Document the whole process and publish it, so it can be verified. The documentation should contain compiler versions, parameters, sourcecode - everything you need to verify the authenticy of the deployed bytecode in an immutable form.
Step 2: Post on DAOhub.org
Once you are confident your contract matches all of the above requirements, create a post on the DAOHub forums here. In your post, please include the address of the deployed contract, a link to its source code, compilation instructions and the date, time and link of the Google hangout (preferred method) you will use to confirm your identity. A link to the details of your proposal should also be included.
You may be wondering why the link to the Google hangout. It’s important for Contractors that submit proposals to verify their identify — we wouldn’t want someone to falsely claim to be IBM or Andreas Antonopoulos for example. To prevent this, each person who holds a private key to the multisig of the Contract should join a Google Hangout to read their address aloud. This will then be made into a YouTube video automatically.
Pictures won’t suffice: It is relatively easy to photoshop pictures. But it’s very difficult to doctor videos especially live video where a person interacts in real time with external parties. As part of these interactions, you may be asked to sign a message to show that you do control this address.
Step 3: The Community Weighs in
Your forum post is public for the general community to verify that the byte code matches the source code and analyze your contract. Ultimately however, the final decision lays in the hands of the Curators.
The community will then verify your contract, which includes insuring the bytecode matches its source, and confirming that it will not allow for any attacks against the DAO. It’s a party and everyone is invited! If you want to be part of all this fun join us on DAOHub forums here, or join the DAO slackchat (signup) with the community.
Step 4: The Curators receive a report
This community will prepare a monthly report of the findings summarizing all the Proposals. This report will be published on the 7th of each month (on DAOhub.org). In order to allow time for community review we would ask that your Proposal submissions on the DAOHub forums with plenty of time before the deadline, to allow for a proper community review and response. Also please note that more complex contracts will take more time.
Of course, we shouldn’t let security hinder innovation, and these high-level guidelines will evolve overtime. Good luck with your Proposals!