SharkDAO

Authors: @dropnerd, @forager

Purpose

When SharkDAO started, we selected 3 initial Gnosis Safe signers. Through many votes, we have increased that count to 6. However, it is difficult to get 3 signers together to bid, especially as Noun O’Clock times shift. This has caused SharkDAO to not bid when we otherwise might have, and it has also caused SharkDAO to bid in larger increments than necessary due to the difficult of executing multiple smaller bids.

@forager wrote a smart contract that allows any individual Safe signer to submit a bid. The contract is deployed on Ethereum mainnet at the link below. We encourage members to look at the contract code and attempt to find any issues prior to voting.

Our goal is to balance bidding capability with security. Introducing this contract may cause total fund loss. Please read the risk disclosure.

Contract: https://etherscan.io/address/0xD1977351532fE19C43d8B3E209570c3dF02D2241#code

Summary

• Authorizes the use of this smart contract before a formal code audit
• This smart contract allows any individual elected Gnosis Safe signer to submit bids on the Auction Nerds’ behalf
• Requires the auction committee to schedule a formal code audit by the end of October. Requires this audit to happen before the end of the year.
• Creation of a 10 ETH DAO bug bounty for anyone who can break the contract to gain access to ETH or Nouns (~5% of what could be hacked during normal operation)

Details

Details on the smart contract can be found at:

• Overview of methods and access design:
  • https://github.com/theforager/sharkdao-bid-management
• GitHub code:
  • https://github.com/theforager/sharkdao-bid-management/blob/main/contracts/SharkDaoBidder.sol
• Deployed code:
  • https://etherscan.io/address/0xD1977351532fE19C43d8B3E209570c3dF02D2241#code

Several Shark volunteers have tested this code without finding any issues. However, we may have missed an issue. Here is the checklist of pre-launch testing:

• Unit tests of the contract (code here)
• Live testing on Rinkeby test network (testing plan here)
• Unit testing of Mainnet contract using a fork (code here)
• Live testing on Mainnet (transactions here, invalid access showed reverts in Metamask)

There is an opportunity cost of missing out on bidding for many Nouns. Thus, this proposal authorizes the use of this smart contract before the formal code audit.

This proposal requires the auction committee to find a company to audit the smart contract. The following timeline applies:

• The formal code audit should be scheduled by the end of October, unless extended by a future proposal
• The formal code audit should happen by the end of the year, unless extended by a future proposal
• Any changes recommended by the code audit should happen within one month of the audit completion, unless extended by a future proposal

If any of these deadlines are not met or extended, SharkDAO should withdraw all funds back to our Gnosis Safe as soon as possible and stop using this contract.

Risks

With any smart contract, there is a risk of bugs or other security issues. This could cause us to lose all the ETH and Nouns in the smart contract. In the worst case, this could be the entire treasury. The DAO accepts this risk by passing this proposal and using the contract.

A rogue Gnosis signer could cause us to overbid beyond the Auction Nerd consensus. (Auction Nerds are a group introduced in SIP-00022 consensus). While the rogue signer would not be able to withdraw funds to their own wallet, they could overpay for a Noun if they feel like it. This proposal recommends that SharkDAO removes any such rogue signer.

A hacker may exploit a signer to cause us to overbid beyond the Auction Nerd consensus. This proposal recommends that signers use a hardware wallet for their signing activities.