5 Steps Plan: Removing all Smart contract custody risk by end of the month
Step 0: Ensuring the Damage Caused is Minimized.
We’ve been working all weekend to minimize the effect of the four hacked claim bridges (Ternoa, DeRace, Showcase, and CoinsPaid). During the night we have worked with projects Market Makers to manage liquidity on and off-chain to mitigate the total damage caused to the community of the projects. The price of most assets recovered due to this as well with various buy-backs and operations.
Further, we secured 7M USD worth of tokens of other clients that have been returned to cold storage. We have managed to ensure that all our clients will be offered discounted service offerings from Copper, one of the most reputable custody providers in the industry.
Step 1: Closing All Unaffected Claim Bridges
Within 24 hours after the hack, our team collaborated with 95% of all projects that were running our claim bridges to shutdown all contracts in a secure and structured manner. As of now, all but 2 projects have sent tokens from the claim bridges to their own secure multisig wallets. We have provided all clients the Data required to distribute these tokens on the respective networks as well as a comprehensive tutorial on how to do so.
DAO Maker does not have the keys to these contracts and therefore cannot force clients to withdraw tokens if they choose not to; in the rare case that a client will not agree, we will notify all participants via email.
Step 2: Moving Client Farms to New Providers
Over the weekend, we have contacted the current companies that utilize DAO Farms (DinoX, Derace & Gamestarter) and informed them that we will be shutting down all smart contracts that are holding funds.
We have together investigated alternative service providers of whitelabel farms and will have calls with each provider to ensure that their contracts have been audited and secured by reputable companies. DAO Maker will assist in the process, but will not make any recommendations. Once a service provider is selected, DAO Maker and the respective clients will announce the exact time and date when migration will begin. Rewards will be set to 0% and moved to the new provider and the lock period and 10% burn fee will be removed so that users can migrate to the new contract.
Step 3: Non-Custodial Staking System for DAO, DAO LP & DAO Power
Some of the older community members might still be familiar with our SAAS Staking solution Social Mining. A tool that helped coins to introduce non-custodial governance and staking system.
Using our chain analysis system, we are able to provide users with DAO Power without having the need to lock them into any specific contracts. We will scan all DAO Token holders and keep these updated via active snapshot cycles. This means that users will receive DAO Power by holding tokens in their personal wallet, be it MetaMask or any other non-custodial wallet format.
Important notes:
- Wallets that have been staking prior to the 1st of September and hold less than 2000 DAO + unstaked from vaults after 17th September will be marked as Early Adopters and will be able to participate in SHOs in their own Tranche.
- New wallets that have never participated in SHOs have to hold a minimum of 2000 DAO.
- Only users with more than 2000 DAO will receive Venture Yield rewards.
- All wallets will need to hold DAO for a minimum of 15 days in order to obtain DAO Power.
- If a user has been staking DAO in the vault for more than 5 days already, then he/she can withdraw now and the holding period will continue as if it would have been held in the wallet. If the user moves these to a new wallet the 5 days will reset.
- Moving DAO from one wallet to another will reset the holding period back to 0 (this is the equivalent of unstaking from the Vault). This is also the case for wallets that received tokens from the vault and then move them.
- Wallets that have never participated in previous SHOs will be able to participate without waiting 5 days for 1 SHO. After that, they will have to wait 10 days before receiving more DAO Power (this is similar to the Vault process, where new users can begin participating the moment they staked).
- DAO Power required to join SHOs might be updated within the month based on the internal discussion on how to move forward. The same is true for minimum holding requirements for Venture Yield rewards.
The above rules in combination with our non-custodial staking technology will ensure that DAO tokens are safe from any attacks on the Vault system while also mitigating any potential dumping caused by our removal of the 10-day lock and burn feature.
Throughout the weekend, we have been working on the first MVP of the model with all parameters above, including the priority system as mentioned last week. We will add the 5 day waiting period and 1st-time joiners incentive to the simulation, and then will be ready to start running SHOs in a non-custodial manner.
The updated version and guide will be shared in the coming days.
Step 4: Removing the Lock from DAO Vaults
To ensure that we are setting the smart contract risk to 0%, we are closing the DAO Vaults. In the coming days, we will publish the article on Step 4 together with the exact date and time when we will close the DAO Vault and DAO Staking LP Vault. The lock and burn fee will be removed and the non-custodial staking system will take over as per the rules above.
To incentivize the moving of the contracts, we will stop providing DAO Power to stakers in the Vaults. Venture Yield rewards will not be paid to holders of tokens in the vaults. Finally, we will remove the frontend support for the Vault system in 2 weeks. This steep move is taken only to ensure a rapid transition out of the vaults.
The 5-day waiting period and burn fee will be replaced with the 5-day holding period in order to receive DAO Power and Venture Yield rewards.
Even though we are terminating the contracts, we have worked with Smartstate and several other blockchain developers since Saturday to provide us with the 5th audit of the Vault contract.
Step 5: Replacing Pre-Funding Contract with a New Design
We are primarily using the pre-funding contract to prevent gas wars. Currently, the system works as follows:
1. Users deposit funds
2. Offchain lottery
3. We port winners to the blockchain
4. Sc pulls money from the prefund wallet
The new contract will work as follows:
1. Offchain lottery
2. Admin signs data with winners addresses + allocations
3. Signed data is saved in the backend for every winner.
4. Winners use DAO Pad to send a transaction to claim their allocation and deposit USDC.
With the new system, every user of the platform will no longer have to prefund USDC. We will still be able to remove gas wars. The winners’ wallets (DAO and DAO LP holders) will be publicly whitelisted and then their wallets will be able to send funds. Participants have 12 hours to send funds. Allocations of users that do not send the funds within 12 hours will be added to Venture Yield rewards and distributed to everybody.
Summary & Final notes
Using this 5 step plan, we will terminate all smart contract custodial risk from DAO Maker. We have been in contact with several custody providers and are negotiating discounted offerings for DAO Maker and all our clients. Additionally, to terminate all smart contract risk, we will also discuss with several security advisors and custodial companies the optimal manner to secure all vesting DAO Tokens as well as all of our clients’ vested tokens for both participants and the teams.
After all of the problems in the recent weeks, our CTO has stepped down and has given up any rights to his team tokens. The 5 steps explained above are all blockchain parts of the DAO Maker tech team, and while they cease to continue, we will focus with greater concentration on improving traffic, usability, and data analysis of our platform.
