Challenge 5 — Segregated Funds Usability
In Challenge 4, I began experimenting with a different architecture, where user funds are stored in segregated contracts. Unfortunately, this made the contracts difficult to use, at least with existing wallet software.
In this new version, the user no longer has to worry about their DaoAccount contract. It’s created automatically the first time they buy tokens, and all communication is relayed through DaoChallenge.
You can import this contract into, for example, the Mist Ethereum Wallet:
The wrapper functions find the DaoAccount for msg.sender, call the correct function there, and send a notification when done. They don’t perform any checks, except to see if a DaoAccount exists:
accountFor(owner, createNew) checks if the user (msg.sender) already has a DaoAccount and creates one if needed.
Most of the sanity checking / security occurs at the DaoAccount level:
getTokenBalance() doesn’t create an account and instead returns zero. This allows me to mark the function as constant, which means it doesn’t change the blockchain and can be called for free. The getTokenBalance() function on DaoAccount is also a constant:
refund() has been renamed to withdraw(tokens), and users can now withdraw part of their tokens:
I also restored notifications:
Please Rob It!
The DaoChallenge contract published at 0xae068…b5d67 and the DaoAccount at 0x5e17…5249 are funded with about €100 worth of ether in total. Please rob them!
The usual rules apply. Most importantly: don’t go after me and my private keys. Even if you manage to rob only one of the two contracts, I’ll send you the rest. The full source is on GitHub.
The contract exists on both the ETH and ETC chain. Feel free to use cross-chain replay attacks if you think they’re useful.