Audit of the Governance tools and procedures of BanklessDAO: Emergency Protocol

Not sure what you mean shut down the DAO. Could you explain please

I mean I think it depends. if it is stored off chain, it could just result in the same issue

They can archive them though

The change to the season 5 timeline was 9/10 months ago. I am sure that I could find more information, I am not sure why you would need anything else. Our governing documents are able to be and have been edited .

It depends on your definition of integrity I guess.

Well, although that sounds good and as decentralized as it could be, you are omitting a layer. Each Guild/Dept and project got a budget for the Notion admin role. So it does almost feel like each Guild and department and project has control of their own notion, but when the notion admin is from one specific workgroup, and they are the ones with the admin control for each group, that probably looks similar to a botnet attack

image1340×890 184 KB

You also mentioned the multisig got hacked? What multisig? Is there documentation on this?

I am sorry, could you provide more context here please. What did you learn? I will save the rest of my WH questions.

Thanks. What about the other one shown here, can that page be restored? What about the pages that have “no access” links.
I also wonder if there is an archival process?

This is for the multisig. I don’t see the sushiswap position on here though …

What about the the holdings in the Treasury Department’s multisig?

Also something to worth noting is the marketing/gitcoin/Bankless Academy/MEV
I kinda find it strange that I being such less knowledgeable than all of you, has put that all together.
I guess I will have to do a better job mapping this out

Hi Sprinkles.
What are you trying to demonstrate with this diagram?

Should I interpret the ‘cybercriminal botnet attack’ comparison you have made as an accusation against me and/or the other Notion Workspace Owners of criminal behaviour, or at the very least some kind of misappropriation of the responsibilities we’ve taken on?

I could choose to be offended that you have singled out me and other long-term, trusted bDAO contributors for scrutiny based on the fact that you think important documents are missing or have been altered to subvert our governance. I’m not offended though, because I’m aware from previous experience that you tend to equate any lack of technological understanding with evidence of suspicious activity.

• As per my separate reply, the DAOisms Notion page had been archived following a group discussion and agreement that the page was no longer needed. It’s been restored now.

• I’m not sure about the member page; I’m not familiar with why it exists.

• Further down you refer to a deleted page about L2 Discord privileges - it’s simply a duplicate copy of the Discord roles page, likely created by mistake, and discarded because it was not needed.
  

  

  image1020×530 26.3 KB

• If you think the Season 5 spec Google doc was changed, why not ask Rowan to show you the version history?

• If you think a Forum post has been edited - check the pencil icon and it will display the changes.

Returning to the Cross Work-Group diagram you’ve produced:

• What does ‘Google Drive admin’ mean? I have control of any documents I create in Google Drive but I don’t know of any other Google Drive admin access I have.
• Likewise, what is the Maker Bot and why do you think I’m an admin?
• Why do you think I ‘own in server bots’? I don’t.
• If I’m a Tally Bot admin or a Vault Warden admin, it’s the first I’ve heard of it.
• I am actually working quite hard on bDAO governance docs right now, but I guess you overlooked that part.

What this diagram illustrates to me is that we don’t have any single points of failure and that even in a bear market we have consistent and reliable contributors willing to take responsibility for DAO systems and processes.

Also something to worth noting is the marketing/gitcoin/Bankless Academy/MEV
I kinda find it strange that I being such less knowledgeable than all of you, has put that all together.
I guess I will have to do a better job mapping this out

Put all what together? I have no idea what you are implying with regard to the above, but if you have accusations to make, please just state them clearly.

Sprinkles, like you, I’m in favour of transparency and clear record-keeping - and on that point I agree that bDAO lacks strong processes, but for you to continually assume and imply that this is the result of malicious intent is just plain wrong.

So,

Could we take the funds (some of the funds, all of the funds, 1 bank, whatever) from the DAO wide coordinape that we no longer use,

And just audit processes?

We know that @Trewkat @ernest_of_gaia @hirokennelly are tightening up the constitution (with random guest appearances from yours truly) that can be step 1!

Step 2:

Take a look at Notion. I don’t think Notion is terrible, the Notion peoples are doing good peoples work, but admittedly bdao is a LARGE organization, and Notion isn’t built to withhold large organizations without a bit of elbow grease.

Just do a periodic “audit” once every 2 seasons to make sure things aren’t glaringly bad. You can probably clear up any rogue pages that have been changed, blown up, stolen by the Hamburglar, or whatever. Can put @Trewkat to work again here but what that would be @0xZFi.eth , trew, @links and friends. I am moderately Notion knowledgeable. I could help also.

I noticed a ton of guilds (research guild included) did not follow directions with respect to the Notion admin, but I suspect that falls in line with the clarity issue we keep running into with grants committee……

Step 3:

Maybe use infosec + treasury (bonus point’s because it’s a collab!) to audit whatever on earth you said abt that LP pool. You can take the very precious resources, and do a true audit of the contracts in order to make sure all BANK is going in the right direction.

Step 4:

@brianl is the discord admin (along with AAJ and friends) I’ve seen you in discord with a fair amount of requests. Let’s go through and make a list of bots that have questions, and then Brian, AAJ, and whoever else wants to play can go through them, check them out, and decide if they look good or not.

There are always ways to solve things.

There are also other pressing issues that are not being solved when we start trying to go down these rabbitholes.

I have had the same questions about the integrity of banklessDAO and I’ve started my own firestorms over the course of my tenure here. I’m sure anyone can find them, post them, whatever. Right now, I am happy. bDAO is far from perfect, but it’s also a nice place to be.

However. I am curious if taking the approach of splitting this proposal into 4 smaller proposals, asking for a temp check for these proposals, and then deriving the answers that you seek (is bDAO amazing? Is it garbage?) from the Temp checks could be more beneficial for you.

And also, work on your onboarding project

I think the vault warden admin is the password manager.

Yes, I know what it is
I have never used it.

Haha.

My bad. I was geeked when I learned about it so I wanted to be helpful

Perhaps what can be done here is a remix on what she is saying and what you are saying about processes and work on shoring up bDAO (so like really what you are currently doing).

So in the past I’ve wondered if there were some moments (grants committee elections, some decisions about governance) that have been rigged towards a small group of people. Specifically token weighted voting.

I’ve probably called out every person I can think of because of these thoughts.

I realize however that what I thought was “rigging” may not have been the case. More so just a different way of interacting than what I am used to. It’s been a fascinating journey for me.

We will have moments where we may not see eye to eye, and that’s okay, but perhaps we can derive underlying points from each others arguments and come up with a plan from that solution.

That’s why I say perhaps we can split this into 4 proposal ideas (because I’m notoriously bad at creating proposals) and see if something can actually be done, productively from this.

Hang on didn’t @0xZFi.eth just tell the people about a Notion wiki? Isn’t this going to solve a lot of this?

You’re asking that we pause all snapshot and forum votes. That sounds like pausing the DAO to me.

This is one of the reasons we moved governance to the constitution in Github, in which every edit is trackable. You can see all changes here: Pull requests · BanklessDAO/bankless-dao-constitution · GitHub

The docs you are talking about are older, and we have moved to Github, so I don’t really see a reason to pause our governance over a superceded governance doc having been edited, especially you haven’t told me what the edit was. It could be that someone opened the doc and accidentally added a space or something.

It sounds like you’re saying by your definition of integrity, I don’t have integrity. Is that what you’re saying?

Notion admins are chosen BY THE GROUP FOR WHOM THEY ARE ADMINISTRATING, not by the Ops Department Notion admins. i.e. Each Guild chooses their own Notion admin. If you have an issue with the way a Guild is administrating their Notion pages, take it up with them.

I’m going to guess that you don’t know what a botnet is, because your comparison makes very little sense. Basically you are implying that the Ops Department Notion Administration team is running a bunch of servers which imitate humans, join guilds, administrate their notion pages, etc.

Is that what you are saying? That the Notion Administration Team has been defrauding the DAO with a botnet?

I never said the multisig got hacked. It has never been hacked AFAIK. In the Notion decentralization proposal, I mentioned that someone changed the multisig address in our Notion page, so you could say Notion was hacked (although it was a trivial hack, since everyone had access to everything).

The Notion decentralization proposal worked to fix this by compartmentalizing Notion access to each DAO group. Instead of everyone having access to everything, each DAO group gets to choose who has access to what.

I learned that ‘Regular’ can edit titles.
In response to Baer.

Yea, sushi is owned by someone else.
Defi is permissionless, and anyone can create liquidity pools for anything, as long as they are willing to take on the risk (impermanent loss).

This covers quite a few topics, and some are of higher concern than others. I agree we shouldn’t reference editable docs in a snapshot. Anything voted on should be immutable and permanent. Surely there’s a system we can implement for that.

I disagree that we need to start over. We need to stay the track and correct course in the least damaging way possible. Our community is lucky to have strongly aligned contributors, so let’s use that to keep moving in the right direction.

I am simply showing how admin. access (throughout all channels) is consolidated - which leaves us open to a sybil attack. Let’s just take Notion for instance. If the admins were
1.) L2’s
2.) Trained and credentialed (Notion ninja did do this - but isn’t ongoing)
3) had to re-certify every so often

That could prevent a admin power in the hands of only a few.