How to verify a Proposals bytecode
In case proposal is approved, it can execute any code. Most business proposals, for example, will call some kind of contract tailored along the template of SampleOffer.sol.
But a proposal can contain other code. Especially, it can call any function of the DAO itself. If a proposals recipient is the DAO itself, the proposal will not be checked by the curators. People voting for a proposal should therefore not only rely on the plain text description of the proposal, but also verify that the code the proposal will execute will do what the plain text description promises.
Example
Proposal #17 of the DAO claims to rise the Proposal deposit to 11 ETH.
We will provide a step-by-step description how you can prove that the proposals code actually will set the Proposal Deposit to 11 ETH.
First, we will determin the bytecode of the function call which is promised to be executed in case the proposal is executed.
Second, we prove that the proposal, which is engraved in the blockchain for eternity, itself contains exactly this bytecode.
Step 1: Read the Proposals description.
In the proposals description, which is engraved in the blockchain for eternity, you can read:
"This Proposal will raise the deposit required to make a Proposal to The DAO from 2 ETH to 11 ETH."
The description does not mention how this will be accomplished, but looking at the DAOs code we have a function which will provide just that:
function changeProposalDeposit(uint _proposalDeposit) noEther external {
if (msg.sender != address(this) || _proposalDeposit > (actualBalance() + rewardToken[address(this)])
/ maxDepositDivisor) {
throw;
}
proposalDeposit = _proposalDeposit;
}
So we assume that description promises to just call changeProposalDeposit(11 ETH). We will now try to prove this.
Step 2: Generate Bytecode of the function call.
We now have to generate the Bytecode for this function call. The tool we need is Mist, because it lets you generate bytecode for function calls directly.
There could be a problem if you try to verify a function call which used a different version of the Solicity compiler; but for simplicity we will assume that it fits.
You don't need a fully synchronized node. Just start Mist, click "Skip Peer search" and start the application. If you have not already done it, watch "The DAO"s contract.
Please read How to add and watch the DAO contract for instructions.
Open the "contracts" tab in Mist:
Next, click on the DAO contract (the name may vary, as you can set this as you like):
Scroll down until you see the dropdownbox "Pick a function":
Select "Change Proposal Deposit":
Next, we have to enter the new proposal deposit in wei. To calculate, use http://ether.fund/tool/converter for example. 11 ETH = 11000000000000000000 Wei. Therefore enter:
Click "Execute". You can execute it from any account with a little Ether on it (a balance of 0 will not work), but we do not send the transaction either. You will see something like this:
Copy the text which is marked RED in a texteditor of your choice. It should be 0xe33734fd00000000000000000000000000000000000000000000000098a7d9b8314c0000. This is the bytecode to be executed to change the proposal deposit to 11 ETH. You can cancel the transaction now.
Step 3: Generate Bytecode of newProposal()
We will now check if the Proposal contains this bytecode.A first, simple check can be performed for example using https://etherscan.io (some other blockchain explorers will do it, too):
- Open https://etherscan.io/
- In the menu, select Token / The DAO:
- Click on the "Proposals" Tab:
- Scroll down to proposal #17 and click on the transaction link:
- Scroll down and copy the complete content of the "Input Data" to a texteditor of your choice:
- Now search for the string you determined in Step 1 (
e33734fd00000000000000000000000000000000000000000000000098a7d9b8314c0000) but without the "0x" at the beginning!.
You should find it at the end of the copied input data:
- This is a first indication that the bytecode contains the correct function call. But we are still unsure regarding the rest of the "Input Data" of the Transaction. Therefore, we have to replay the process of sending the proposal to The DAO.
Step 4: Replaying newProposal()
To replay newProposal(), we again use Mist.
- Open Mist and then the DAO contract as in Step 2.
- Pick the function "New Proposal".
- Fill in the fields as follows:
recipient → 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 (TheDAO)
amount → 0
description →Raising the Proposal Deposit to 11 ETH \n This Proposal will raise the deposit required to make a Proposal to The DAO from 2 ETH to 11 ETH. \n \n An increase of the Proposal Deposit to **11 ETH** is expected to:\n \n \n \n - decrease the number of poorly thought-out proposals. \n \n - help avoid the confusion and concern that could be caused by hundreds of proposals that cannot be adequately assessed by DAO Token Holders. \n \n - reduce the number of spam proposals and amount of proposal-graffiti on The DAO. \n \n \n Moreover, the time spent on reviewing proposals by DAO Token Holders should be valued. Therefore, additional value will accrue to The DAO because of this Proposal from the proposal deposits that stay with The DAO when proposals fail to reach quorum. \n \n While an increase is necessary, **11 ETH is still within reach for small start-ups and individuals** that will want to offer services to The DAO. \n \n [Join the conversation about this proposal on DAOhub.org](https://forum.daohub.org/t/raising-the-proposal-deposit-to-11-eth/4106) \n \n  \n \n - transaction data → copy the result of Step 1 from your text editor (should be 0xe
33734fd00000000000000000000000000000000000000000000000098a7d9b8314c0000) - debating period: → 1209600 (2 Weeks)
- uncheck the "New Curator" checkbox (default)
- Execute from any account with some Ether on it
- Copy the contents of the "Data" field:
- Compare the hexcode bytewise with the input data you obtained from etherscan. It should be equal.
Now we have proven that the proposal #17 contains exactly what it should - especially it contains the bytecode for a call of changeProposalDeposit to 11 ETH.
Q.E.D.