Audit of the Governance tools and procedures of BanklessDAO: Emergency Protocol

Knowing that records have been compromised and that there is a vote to change the multisig signers doesn’t count as an emergency, based on this protocol?

What records have been compromised?

Also a vote to change the multisig is not bad, it indicates a maturing governance at the DAO.
This is good!


They are in the doc. However the picture needs the words prior as context. “Numbers are a weighted average of the results from the previous vote.”

I am not saying that it isn’t a good thing. I am saying that the combination along with the clear consolidation of permissions is not a good thing.

I’m not going to go line-by-line, but what’s presented doesn’t rise to an emergency imo. The recently passed bDIP on multisig signers will just enable the DAO to hold elections for new signers; it doesn’t actually elect new signers. We need new signers, as 5 of the 7 are no longer active in the DAO, and only @Icedcool moves proposals to Snapshot, which is something else that falls within the sphere of our DAO multisig signers. We need active, mission-aligned members on the DAO MS - that bDIP was the first step in that process.

Our funds are SAFU and our governance is a work in progress. In fact, there are many who think we do a pretty darn good job of governating this sprawling beauty of a DAO. Is it messy, inconsistent, and subject to human error. :100: But as far as I can tell there is no crisis, no emergency, and nothing presented, when combined, rises to the level of something that, as @links said, basically shuts down the DAO.


Permissions for Notion were simultaneously consolidated and disbursed as per that proposal you posted @Sprinklesforwinners. In essence Notion permissions were decentralized to each DAO org unit to manage themselves. The alternative was the chaos of everyone being able to edit everything (including a hacker who changed the multisig addy). It was pretty brutal.

Personally I think the Notion works decently for the whole DAO now, but if you want to change it, can’t you write a proposal for that rather than shut down the DAO?


So I think you are flagging a high level challenge which is that decentralized organization and management is HARD.

That said, I don’t think we have on ongoing compromised system, and governance is moving forward.

  • Forum pages can be deleted by the user or admin, and there are only 4 of us admins.
    • AAJ, Lucas, Paulapivat, and I. (We are hosted by discourse, so secured by them. Although we should include someone from infosec…)
  • Notion has been secured down to a few contributors at the global level, and more granular at the Page levels. (This is still the case!)
  • Collabland is upgrading some of their infrastructure, so it looks like that may have caused an issue, but admin team is on it.
  • In terms of the liquidity pools, we are on top of all the DAO owned liquidity.
    • You can see a summary of all of it here: LINK

What we are not able to see now are the tremendous amounts of deleted pages and who the pages were deleted by.

Such as the (L2): 35,000 BANK + Nomination/Vote process.

This was the DAOisms Notion page which was archived when the information was included in the Constitution instead. The Notion team has restored it and added a new section on the DAO Notion home page for Archived / Outdated pages. The link included in this post now works again.


I noticed @0xbaer edited one of my forum posts yesterday, are edit permissions given to more people?


Only admin have edit permissions.

Could you share the post?
You should be able to see the edit log on your post as well and see changes.

1 Like

‘regular’ can edit titles

1 Like

Huh… today I learned…

1 Like

But ‘regular’ can’t edit or take down posts.

1 Like

@Sprinklesforwinners WDYT of hosting docs on ipfs. You can use ipfs with Skiff. And generally has the same UX as Google docs. So no more docs will be lost on snapshot.

Not sure what you mean shut down the DAO. Could you explain please

I mean I think it depends. if it is stored off chain, it could just result in the same issue

They can archive them though

The change to the season 5 timeline was 9/10 months ago. I am sure that I could find more information, I am not sure why you would need anything else. Our governing documents are able to be and have been edited .

It depends on your definition of integrity I guess.

Well, although that sounds good and as decentralized as it could be, you are omitting a layer. Each Guild/Dept and project got a budget for the Notion admin role. So it does almost feel like each Guild and department and project has control of their own notion, but when the notion admin is from one specific workgroup, and they are the ones with the admin control for each group, that probably looks similar to a botnet attack

You also mentioned the multisig got hacked? What multisig? Is there documentation on this?

I am sorry, could you provide more context here please. What did you learn? I will save the rest of my WH questions.

Thanks. What about the other one shown here, can that page be restored? What about the pages that have “no access” links.
I also wonder if there is an archival process?