Proposal #1 — DAO Security, Redux
I’m really excited to announce we are making available not one, but two Proposals to the DAO. Both have their code finalized the first one was already submitted to the Curators for addition to the whitelist following the formal procedure.
The first Proposal is a completely revised Proposal for DAO.Security. Initially, we had in mind for DAO.Security to include all aspects of what constituted the ‘security’ of the DAO, including the establishment and management of a Bug Bounty Program and several 3rd party audits of the DAO code itself.
However, the response of the community was loud and clear: you didn’t feel there was a need for such complex (and costly) set of mechanisms, and would probably prefer to eventually see a community-based security working group established rather than a crack team on call 24/7 outright.
We agree.
We also still feel that with over 14% of all ether now held in The DAO’s smart contract, it is important to take things one step at a time, correct the minor governance issues and give The DAO a nimble yet formal, established form of security from the get go. For this reason we still recommend the deployment of a single, full time expert at it’s helm.
This person will act as the first point of contact for security disclosures, and continually monitor, preempt and avert any potential attack vectors The DAO may face, including social, technical and economic attacks. They will also help the community with analyzing major Proposals for attacks. This will include highlighting 51% attacks, mismatched bytecode, and social engineering/collusion attacks.
We also want the DAO to start on the right foot, and before pushing the USN/EC Proposal, we’d like to address specific issues — the technical list of these changes is detailed in the GitHub issue repository for the DAO Framework and is limited to issue 165, 164, 163 and 148.
We decided to waive the fee for this development as we understand that while these issues are not critical, the community rightfully expects these to be promptly addressed by the people who have created the Framework in the first place.
Of course, remember this is purely a Proposal, and it does not have to be accepted.
The full text of the Proposal can be found at:
https://download.slock.it/public/DAO/proposals/daosecurity.pdf
SHA256 Hash is: 7c700cc79418d7578a9fe35e43b0b79830c645b122489113ab93658f3df57188
The code for the Proposal can be found at:
https://github.com/slockit/smart-contract/blob/master/DAOSecurity.sol
The address of the deployed Proposal is: f8c35f1cf2dc4dbeaeeb2ecb298a80b506a5781d
Talking about voting, this leads to my next post, the much awaited Universal Sharing Network proposal, which I will post within 24h.
About the Author
Stephan Tual is the Founder and COO of Slock.it.
Previously CCO for the Ethereum project, Stephan has three startups under his belt and brings 20 years of enterprise IT experience to the Slock.it project. Before discovering the Blockchain, Stephan held CTO positions at leading data analytics companies in London with clients including VISA Europe and BP.
His current focus is on the intersection of blockchain technology and embedded hardware, where autonomous agents can transact as part of an optimal “Economy of Things”.
Twitter: @stephantual
Contact: stephan@slock.it
If you enjoyed reading this, please log in and click “Recommend” below.
This will help to share the story with others.
