OpenLaw, and Moloch in conjunction with ConsenSys Diligence, have worked through ConsenSys Diligence’s audit report and made the major changes recommended by Diligence.
The LAO is poised to be a game-changer in financing emerging Ethereum ventures. With The LAO, there will be a cohesive legal structure to enable members to not just give grants, but to invest in blockchain-based projects in exchange for tokenized stock or utility tokens. Using the tooling provided by OpenLaw, the LAO will be set up as a limited liability entity, organized in Delaware, using curated Moloch v2 smart contracts to handle mechanics related to voting, funding, and allocation of collected funds.
Our thesis is that the Moloch v2 smart contracts will look like the ERC-20 token standard developed today, but for venture capital financing. Moloch’s blockchain-based governance model has narrowly focused its technical and game theory design choices to coordinate charity grants for Ethereum projects, pushing its core governance to a vote-weighted multi-signature smart contract with a “ragequit” mechanism that allows its membership to opt-out and receive a proportion of the custodied funds equal to their voting weight at any time.
Over the past several weeks, OpenLaw, Moloch and ConsenSys Diligence have been working together to audit the Moloch v2 smart contract code — rigorously looking for any potential security vulnerabilities in the code and making appropriate changes.
Security Audit Report
The LAO takes security very seriously. We chose Moloch smart contracts early on, since, as a rule of thumb, the simpler the smart contracts, the better — and the Moloch is ruthless in removing unnecessary code. As we gear up for this to be a massive success, we have been aggressively making sure that the code is bugless and reviewed by the best.
A strong and thorough smart contract audit report should be detailed and include the following key information such as the background of the audit, issues of the audit based on the severity, description and recommendations.
The ConsenSys Diligence audit report can be found here. We’ve made changes based on the Diligence report and have outlined some key pieces of the code that we feel are important to emphasize and highlight. The trust model section is a basic overview of how the proposal process works at a high level to prevent unwanted proposals. The pull-pattern, limit on whitelisted tokens, and token overflow section are the major fixes made in conjunction with Diligence to improve security and simplify the codebase.
Trust Model
The trust model has been the beating heart of the original Moloch code and continues in the same vein for MolochDAOv.2/LAO. The LAO/MolochDAOv2 uses a social approach to avoid malicious/spam proposals. Proposals can be submitted by anyone, but for a proposal to move forward, it must be sponsored by a current member, to be voted on. This is similar to admitting a new member to a country club, where the potential member has to be sponsored/vouched for by a current member. Off-chain, it is expected proposals will be vetted by at least one Member before they decide to sponsor a proposal.
Continuing as a Member is permission-based and community policed by other Members, where a Member can “ragequit” if they find a proposal too outrageous and receive their capital back. Members can also be subject to a “ragekick” vote where they can be removed upon a vote by the other Members.
Moving the Distribution of tokens to a “Pull Pattern”
Instead of airdropping ERC20 token distributions directly into a Member or Project’s wallet, the Moloch has moved to the more secure “Pull Pattern.” During the audit process most of the vulnerabilities found by Diligence were solvable by instituting a pull pattern. The pull pattern works as follow’s — A User’s balance is credited in the GuildBank address with any ERC20 tokens they are entitled to, and then when the User is ready they can withdraw from their token balance.
Limit on Whitelisted Tokens
Due to concerns about running out of gas on when iterating over a high number of tokens and locking out access to funds forever, the “uint256 constant MAX_TOKEN_WHITELIST_COUNT = 400” and “uint256 constant MAX_TOKEN_GUILDBANK_COUNT = 200” have been hardcoded into the Moloch code. A successful LAO with 200 projects funded and tokenized, would justify the launch of another LAO. There is also a function for withdrawing tokens called “withdrawBalance” where a User can withdraw each individual token by its contract address. A single address withdrawal creates a layer of robustness that can serve as a safeguard in the event one of the other tokens attempting to be withdrawn is broken and prevents the use of “withdrawTokens” (which iterates over the entire list of tokens).
Token Overflow
If a token overflows — for example if an ERC20 token was subject to an extreme hyperinflation event, then some functionality such as processProposal, cancelProposal will break due to safeMath reverts. To account for a bad actor — hyperinflating their tokens, a fix was implemented to create a function “unsafeInternalTransfer()” that does not use SafeMath. Another safeguard in the Moloch code worth noting is that in order for a token to be used within the Moloch it must pass a whitelisting proposal process via a Member vote. Also, the LAO is considering setting up a token factory contract for projects, to ensure that the creation of ERC20’s is standardized and provide an added layer of due diligence for a project’s ERC20s.
Next Steps
The LAO is targeted to launch for the members public sale in the next few weeks. We have recently opened up for pre-registration of members so they can easily get their accredited investor and KYC checks prior to the date of sale, see here. If you’re a project that would like to apply for funding prior to the date of sale, please do so here.
If you’re interested in learning more about The LAO, please reach out to us at hello@thelao.io. If you have any questions, check out our docs, which cover questions about The LAO’s structure and operation, or hit us up via email or telegram.
