Patka Metagov
Metagovernance Seminar Archive | 2025-10-21 | Unknown
Speaker 1: Okay. Well, hi. Hello, everybody. Welcome to the MediGov seminar. Today, we're gonna be joined by Isaac Padke, who's gonna be doing a session on DAO Roasts. I'm gonna pass it over to Isaac who will introduce himself and what the seminar will be about today.
Top Keywords
- nouns 0.014
- daos 0.007
- etherscan 0.007
- contract 0.007
- noun 0.005
- code 0.005
- gnosis 0.005
- veto 0.005
- proposals 0.005
- isaac 0.005
- money 0.005
- roast 0.005
Transcript
Speaker 1
0:00 – 0:00
Okay. Well, hi. Hello, everybody. Welcome to the MediGov seminar. Today, we're gonna be joined by Isaac Padke, who's gonna be doing a session on DAO Roasts. I'm gonna pass it over to Isaac who will introduce himself and what the seminar will be about today.
Speaker 2
0:15 – 0:15
Hey. Thanks for having me. So I'm Isaac. I've been a dev in the Ethereum ecosystem for four or five years now. Kind of got my start doing, like, solidity bug bounties and then kinda work my way into just contributing to various parts of the ecosystem. Spent a good chunk of time working on decentralized identity and then kinda transitioned from that about a year and a half ago into thinking about DAOs more generally. I my primary project is something called, Logos DAO, which is, a, way for people to kinda contribute to, like, signal amplification and noise reduction in the DAO space, just kinda filtering information and, helping get the right info to the right people at the right time. I also work on the Molok DAO framework. So I worked on Molok v some of v two and v three. V two, I mean, like, extensions that integrated with Gnosis and and Zodiac and all sorts of stuff. So contribute to a lot of stuff throughout the ecosystem in MetaCartel, in in Raid Guild, in a lot of, like, those DAOs. And about earlier in the year, I I joined the DAO star group, which is how I met Josh and all the Medeco folks, and I helped coauthor that spec on, like, how DAOs can publish information about themselves, which is now we have some live implementations of that. But today, I wanted to talk about DAO roasts, which is a which I'll I'll I'll start sharing my screen in a moment. But, basically, I wanted to look into how DAOs, can actually operate with their code versus what they say they do publicly. Like, if they say, hey. We're like, these token builders have control to do this. Like, okay. Well, like, dive deep into that. How do things actually get executed? Like, what are what are potential, like, random multisigs that actually have veto power over things? So I have this so I I set up this framework that we can use to compare what a DAO says they do to what what they can actually do.
Speaker 3
0:30 – 0:30
So let's see. I'll I'll share
Speaker 2
0:45 – 0:45
these slides after. Here's, like, just a good meme start where we've we actually have already completed a couple of rows on nouns and colds and cold DAO, which I'll I'll be talking about the nouns one specifically today as a refer as a reference. But I'm hoping to do a bunch more of these in the future. So we'll just kinda cover what I mean by a DAO roast, which I which I've already started, talking about a bit, and then, some recommended structure, what we learned from roasting nouns, as and then finally, some tips on how you can explore DAOs, like, the different governance services of DAOs. And, Seth, how much time do I have?
Speaker 1
1:00 – 1:00
Normally, around twenty minutes, and then, we leave the rest for discussion.
Speaker 2
1:15 – 1:15
Okay. Cool. And feel free to stop me if at any point I I'm saying things that I assume people know, but people actually need some more context about. So, again, what is a DAO roast? So it's a format that we can use to compare what a DAO says they do versus what they actually do. You can also think of it like a configuration audit, because, in the DAO space, like, we've, a lot of times, things like bridge hacks and various things that cause large amounts of funds to be lost in crypto, it's not necessarily a smart contract bug like the original DAO where, like, you could just drain money because of a a a programming flaw. It's actually like a configuration flaw. So the code might pass an audit. It might look fine if it's configured properly. But, like, the Nomad bridge hack, for example, that code was fine. They just misconfigured it on deployment to make it so that, like, like, invalid or any messages were marked as valid withdrawals from the from the bridge. So, like, code can be fine. You can audit the code. It's not like none of the linters or the static analysis tools are gonna tell you that your code is bad. But if you configure these things wrong, it's just as bad, and there's just as much chances to, like, lose money and as there is with, like, smart contract bugs. So when you're doing a
Speaker 4
1:30 – 1:30
I say, can I ask a quick question? Do do you think that generally this is on this is made accidentally, or do you think that they also might have made it on purpose, just configure it so that they have more power?
Speaker 2
1:45 – 1:45
I think, typically, I see things that are either accidental or lazy. But in some cases, I like, what we've looked for within nouns is, like, trying to find places where they've, like, given themselves more power than they said. It doesn't tend to be malicious, but I think that often like, sometimes you'll come across something where it's like, oh, this was set up early on, and then they just, like, never fix it. But that doesn't make it that doesn't make it better or worse. It's just, like, it's still a flaw. But the intent is, I I think, not usually to, like, centralize power. It's just out of convenience. In fact, I'll give a couple examples of things I've come across. So when you're doing a DAO roast, it's good to be proficient with Etherscan, understanding the Gnosis UI, understanding snapshot, being able to navigate, like, the settings pages of these tools is also is also is also useful because, like, a lot of the stuff you can see without being a member of these communities. Like, this stuff is all all out in the public. So the questions that you wanna ask when you're doing a a DAO roast are are are the first thing I like to prepare is just like, I like to grab all the relevant links. So are there any analytics dashboards that help can help us understand this DAO? What's their home page? What's their blog? What's their Twitter? Like, kinda gather some information about what they, about what they claim, and then understand the proposal process. Are things on Snapshot? Are the is it, like, a MolokDAO proposal? Is it a, like, compound style governance proposal? The main thing that I'm looking for there is, like, are proposals, when passed, are they executed automatically, or do proposals then have to be, like, enacted by a council? Those are kinda like two buckets. And an example of that is, like, if it's a snapshot vote, then the DAO could vote to to do something, which is, like, I don't know, change the emission rate of a token. But then when they pass that, does the does code actually get executed to update something, or does the multisig then have to, like, respect the wishes of the community? Like, those are kinda two ways to bucket proposal execution. You can also look at where their treasury is. Like, do they have multiple treasuries? Do they have hot wallets that they use to, like, pay contributors who are the hot are, like, the is a cold storage, which is, like, a a safe for, like, long term money and then, like, different like, smaller notes of safes for, like, short term money. It doesn't seem like there's a member of the community that just has, like, a a $100,000 in their wallet at all times that, like, is kind of like a, you know, discretionary spending budget. Like, you can try to, like, look through Etherscan and see how they're spending their money. There's actually other, like, open source tools instead of a chain analysis, like, it's called breadcrumbs, which I'll show you guys later, which is actually quite handy and it's free. And then what's the distribution of governance power? Like, if you understand how proposals get executed and how voting happens, how are how is the power actually distributed among among people? And then I like to think of, like, okay, what are things that this DAO is doing well? So we can put that in the kudos box, and then what are some things that the DAO could be doing better? So given that framework, let's roast the nouns DAO. So we actually carried this out at an event a couple weeks ago in Germany called the the DAO Palace where we kinda all got together for a couple weeks, and we're just working on topics of, like, DAO problems and DAO innovations. And it was a it's in, like, a fancy German Castle. We all just kinda live together. Sleep we actually we were sleeping on cots and sleeping bags, so that part wasn't fancy. But we carried out the first one of these in this, like, beautiful in this beautiful room, which we called the the formal Verification Room while we were there. So this is the result of the nouns roast. So and I'll just take you guys through this. Again, feel free to stop me if if anything is specifically interesting. So Nouns is main like, I had heard of NounsDA, but I actually didn't really know what they do. And so if we just go and start on their website, it looks like like an auction platform where someone is where people are, like, bidding on an NFT. It says that they issue a noun every day forever. And then they talk about, like, what the DAO actually does, which is that the NFTs that they sell every day on auction become governance over the proceeds of all the auctions. And so we can see that they actually have, like, 27,000 ETH in their treasury, which is a lot of money. It's like, what, like, 30,000,000 or or I don't know. It's a lot of money. 50,000,000. So they've got a ton of money, and they get that all from auctioning an NFT every day. And every NFT that they auction is one governance share in the DAO. And the and they say that the the NFTs are direct voting over the treasury. And then if you, like, dig through if you, like, dig through the docs a bit more, it says, like, okay. You need to have two nouns, minimum to make a proposal. And then but, like, anybody can just kinda see what the proposals are. And so we can kinda look through history and see that this looks like a thing where they wanted to add some new attributes to the NFTs. They wanted to sometimes they want to, like, okay. We're gonna create a clothing brand related to nouns. Like, they made, like, a noun's vision. They, like, funded a project to make real life glasses. And, basically, everything that they're doing seems to be to for the proliferation of their own brand.
Speaker 4
2:00 – 2:00
So
Speaker 2
2:15 – 2:15
yeah. So that's what the DAO says they do. How are proposals made? We we could see, we could see that, you have to have two nouns to submit a proposal. You can delegate your voting to somebody else, and one noun is one vote. This is all stuff that we can then go on and verify by looking at the code on Etherscan. And then how are accepted pro proposals executed? So proposals are are executed if if they're passed, and that happens automatically because we can actually dig I'll I'll pull up the Etherscan in a moment. But we can see that the the version of a DAO contract that they're using, when you make a proposal, it actually includes it includes the execution data. Let's see. So proposed transactions. So here we can actually see that they're not just proposing they're not just, like, getting a sentiment vote where they're like, hey, everyone. We should, like, we should, we should do this thing, and then a multisig has to go out and do it. We can see that the proposals actually include these different transaction calls, which are, like, adding glasses, adding heads, and adding accessories and stuff to to the DAO contract. So we can see that they're they're actually proposing on chain executions, through this process.
Speaker 5
2:30 – 2:30
How does that apply for, like sorry. How does that apply to the like, starting a fashion brand? Does did they say, like, oh, we're gonna put up funding for the fashion brand as one of the executables?
Speaker 2
2:45 – 2:45
Yeah. So when it's something that's more like, hey. We wanna see the project, like creating a fashion brand or creating glasses or they bought, like, a Super Bowl ad this year. In those cases, the execution would just be sending some funding to a person to carry that out, or it might be, like, sending it to a separate, like, NOSIS say for multi like, a separate multisig. So in those cases, like, the the like, you can't actually execute stuff on chain, but you can act but you can, like, send the money. And in this case, what did they do? They wanted to sell a noun to the little nouns DAO. And so I I get this is all ridiculous, but, like, it's kinda it's a good use case. It's a pretty simple DAO, so it's kind of nice for the purpose of hosting. So we can see that their their transactions were that they were going to approve a contract and then create a ask. They were so they were gonna list they were gonna list an NFT number 253 for 69.42 ETH. It looks like the recipient of that is let's see. I think this is the recipient, yeah, which is the the other DAO. So with that in mind, what else can we learn about them? Where is their treasury? So it says on their website that there's 26,731 ETH. But if I go to the contract on Etherscan, I see 22,000 ETH. And so I was wondering, like, okay. Where, like, where's the where's the difference in that? And it looks like they have swapped about 4,500 ETH for staked ETH, which is just ETH that earns earns about 5% interest through I think this is through, like, Lido. So it looks like their treasury has the amount of money that they say they have in it. What else? What's the distribution of the governance power? So at the time that we did this, there was 371 total votes. But now there it looks like there's 403 because Noun four zero four is the one being auctioned off today. So we can look at the we can look at the tokens. If we look at, like, the holders inventory alright. Let's see. Here's the noun. I wanna find the actual holders. So Etherscan has this nice chart of of who holds the nouns. And so, like, you can kind of learn some stuff from here, but what you what you can't learn is is, like, if people are controlling multiple accounts. Because, like, one of the criticisms of down south is, like, a lot of the early folks have a bunch of the tokens, and they have them in a bunch of different wallets where it's hard to it's hard to, like, know exactly who has what. Like, I think Poap dot ETH is, like, Patricio from Poap, but I think he also has, like, some other ones too. Let's see. Yeah. And here's, like, another ETH, which is, like, which is, like, 2. So it's just kinda hard to understand who has what voting distribution. Oh, another interesting thing is that they actually have veto power. So there's, like, a multisig that it's it's not anywhere on their main website, but it's not like they try to hide it. It's like they have the ability to veto any any proposal, but who's they? And so, like, something that we can look into when we look at the smart contracts is who actually has the ability to veto. So we did we did this over the course of, like, an hour and a half or so to understand just the general structure of nouns. And the things that we learned were generally that, like, they generally do what they say they do. They send one of every 10 votes back to the original founders. They the contracts are upgradable, which they don't really
Speaker 6
3:00 – 3:00
advertise, but they can only be changed by
Speaker 2
3:15 – 3:15
the advertise, but they can only be changed by the DAO. So it's not like they they can't be changed without the the actual, like, voting and consent of the DAO. Some things that we found that we wanted to suggest to them was that minting cadence can technically be changed through a DAO vote because they could upgrade the they could upgrade the minting contract. So they say one noun every day forever, but there's actually nothing stopping the DAO from changing that. Just an interesting thing that maybe people might wanna be aware of. They say that they were gonna remove veto power after supply was not was, like, sufficiently large, but, like, their definition is not at all defined. So we don't really know when they're gonna remove their veto power. We also don't know, like, when they would plan when they might use their veto power. Like, if they could perhaps give some specific circumstances where that they felt that they would use its veto power, maybe people who feel more comfortable. Or maybe veto power should just be transferred to a community elected board rather than, like, six anonymous rather than, like, six anonymous people on a multisig. So, generally, they do what they say they do, but there are some, like, things that I think could be better. This is a map of their all of the different smart contracts in the Noun's ecosystem, that I was able to piece together on Etherscan. So we have the original founders. The original founders control this Gnosis Safe. So this is the Gnosis UI, and I'm not a member of this DAO, but just it's good useful to know that even if you're not a member, you can just, like, type in the the address of the Gnosis Safe on the UI. You can go to settings, owners, and you can see who everyone is. They won't have names. Like, I could actually probably name these. This is only for when you're using the Gnosis UI. When you name things, it's just for you. It's it doesn't change it for anyone else. So if you're you are doing, like, Gnosis Safe analysis, you can go in and, like, tag things.
Speaker 6
3:30 – 3:30
And I
Speaker 2
3:45 – 3:45
think that might even persist if you go to another Gnosis safe. I'm curious if my naming persists. Yeah. So then you can, like, tag this is, like, an undocumented feature of the Gnosis UI that you can, like, tag addresses. And then if you, like, go and look at different settings pages, I can see that this person eighty three f is the same person on the other one. And how that the reason that might be handy is maybe you spent a bunch of time trying to figure out who this person is. Like, what I like to do is I first just go to their OpenSea and see if they own any E and S names. So this person's clearly a whale. They've got a bunch of CryptoPunks, but no ENS names, and their and their account is not named. So I don't know who they are. But maybe I can look at this one. Who's this? Nope. They they have two nouns, but they're they're anonymous also. So, like, I think that I did kinda go through and find some ENS name for some of these folks. So what you can do is, like, go to the notes of safe, grab an address, go to OpenSea, and then, like, type in their ENS name on Twitter, and you might be able to find them and DM them, like, just some kind of DAO OSINT tips there. So the Nouns ecosystem consists of all these contracts. There's the Nouns contract that the Nouns token itself, which can only be minted by the auction house contract. But that auction house contract is upgradable. The DAO controls this executor contract, which is also upgradable. And then the nouns' images are controlled by this descriptor contract, which is also which also has the ability to have new traits added. So, generally, everything that can be upgraded or actually everything that can be upgraded is controllable by the DAO itself. That's, like, a huge bonus. I was expecting to find that, like, they kept some upgrade power in their founders safe, but they actually have transferred power entirely over to the DAO. The only thing that they maintain is this, like, foundation.nouns.eth multisig, which is a three of six, which has the ability to veto any proposal. So I think that's pretty risky, especially the fact that, like, the signers on this notice of safe are quite anonymous. I tried going through and figuring out who they are. I found, like, a couple whales and two ENS names, but also a bunch of, like, anons and backup addresses. Who knows where they have this? Who knows where they have the keys to those? So this is good that the DAO is the thing that can control all upgrades. This is not so good. So this is generally what we learned from roasting nouns. I you saw me briefly kinda go through Etherscan and NOSSAFE. I can also, if there's time, show you the breadcrumbs tool and snapshot, but kinda wanted to pause there and see if there's any, questions.
Speaker 7
4:00 – 4:00
Yeah. We should love to know how you, built that how you would just crawl through the the contracts.
Speaker 2
4:15 – 4:15
It's pretty manual. So I started I started here with the nouns token. And on Etherscan, I was able to read well, first, I read the code just to look for things like what are the public interfaces. And then I saw that there were some state variables like Minter. And so I clicked Minter, and that brought me here, which is a the an auction house contract. So I was like, okay. Cool. Looks like the auction house is the thing that can mint, but Etherscan is telling me that this is a proxy contract, so that means it's upgradable. And so I was able to kinda click over to here and find the actual auction house code. And over here, you can kinda see what the parameters are that they can update. Like, you can go to right contract, and you can see that, they have the ability to, set, like, a reserve price, like so you can kinda see the different settings that are inside of this. And then if I read if I read the proxy contract, I can find, like, the owner. And, like, here's where I'm like, oh, crap. Like, who's the owner gonna be? Is this gonna be, like, a person that deploy the contract? Because that's sometimes a lazy thing you can find is, like, they never change ownership over to the DAO. But you click it and you realize they're not lazy. They actually did change it over to the DAO. So you just kinda have to crawl through this stuff and build up a map. And then there it'd be cool if there was a automated tool that does this. Maybe maybe there is one, but I tend to just do this on, like, Miro or something. If you're ever, like, tracing funds, Breadcrumbs is a cool app where let's see. Let's grab the executor.
Speaker 7
4:30 – 4:30
Yeah. Maybe just Oh, yeah. Go ahead. Oh, actually, I would love this to receive what's going on here. But how can we make this, like, DAO roasting process a little bit more scalable?
Speaker 2
4:45 – 4:45
Let's see. I think that
Speaker 7
5:00 – 5:00
maybe Yeah. As as Dee said, it's like it's a lot of work, but it feels really important to do.
Speaker 2
5:15 – 5:15
Yeah. I think that I'd like to just do I've only done, like, two of these now. But perhaps if we could kinda get into a cadence of, like, I mean, it's like I don't know. Like, you're a CIA officer or something. Like, you you do your, like, OSINT analysis or maybe, like, NSA or something. You do your, like, open source intelligence gathering, and then you, like, troll through everything that's available publicly and then write up your report. So maybe we just need to bring in some, like, OSINT pros and, like, show them how they can do how they can, like, have a new career in in, like, DApp configuration audits. Because I really think that these are things, like, maybe that the community might even pay for. Like, the community could like, people pay 20 to $200,000 for a smart contract audit. Like, I I would expect that a community would pay for, like, configuration audit from, like, an OSINT pro. So that would be cool.
Speaker 7
5:30 – 5:30
I love that you're implicitly talking about starting a DAO CIA.
Speaker 2
5:45 – 5:45
Alright. One last thing before because I know I'm close on time. I just typed in the nouns treasury on breadcrumbs. So this is like Chainalysis Lite. It's completely free, I think. And so you can just generally see ETH flowing in and out of an address, and you can even, like, tag stuff. So I could, like, see so it looks like they they this was them. They were using, like, the staked e token. Breadcrumbs does some tagging for you, but I think you have to pay them to get compliance features. But you can, like, monitor addresses. I can tag this as, like, a, like, a scammer. And then, like, any but anywhere else that I see it on a breadcrumbs thing, I can be like, woah. What's going on there? So I this is a cool tool that just makes it slightly easier for understanding, like, value flows of like, imagine if we saw some weird circular thing here, be like, oh, some somebody's, like, manipulating and pumping this market. So yeah.
Speaker 1
6:00 – 6:00
Yeah. I definitely think having some, like, open science, open source intelligence folks come in and kind of systematize to some degree this flow would be interesting. Because I'd be interested to sort of see how they actually deal with the fact that so many of these setups are actually very bespoke because in some because you're dealing with code. And so you can sort of set up as many proxies as you want and make it as complicated as you want. It doesn't seem like it's it's not designed to be standardized in some senses. Yeah. So I'm curious, like, b, you had sort of mentioned here that the like, I'm curious if there's, like, the way that you talk about the ethos perhaps. I mean, it seems like this is something that's just being asked to to be done. But b is saying that maybe some people might feel uncomfortable. B, did you wanna elaborate on that at all?
Speaker 2
6:15 – 6:15
Yeah. I think that my my motivation and ethos around this is, like, yes, all this stuff is technically, like, open source and and and transparent, but it's, like, it's opaque and that people don't know how to navigate it. So there's not really any way for people engaging with a DAO to understand what's, like, legit and what's a potential huge risk of things to interact with. And so I think, like, this is just a responsible thing that communities should do so that this is kinda like the early days of smart contract development or early ish. Like, I remember around 2017 or so, the e ETH security Telegram group was, like, getting off the grounds, and people were like, how are people gonna trust and know to like, what they can interact with? We need to come up with, like, a badging system for smart contracts that have been audited. And to some degree, that kind of exists. But I'd like there to be some system some way some decentralized way for people to know, like, if I'm interacting with a DAO, what are the what are the potential weak points and, like, just maybe if there's, like, a risk score. Like, I I saw I did this, like, exploit on WhiteHat exploit on on this, like, honeypot and noticed that a bunch of DAOs were actually using the same module that this honeypot was using. And I found this, like, shape shift DAO had, like, a treasure of 20,000,000 in it that was actually just controlled by a two of two multisig, which is insanely risky. And that and they were also using this, like, very easy to exploit Oracle that could execute transactions on their safe. And, like, as a member of that community, I would wanna know that. So yeah.
Speaker 5
6:30 – 6:30
Yeah. 100%. I mean, I I there is so much obfuscation, and there has been so much scammy behavior that it does feel like as a community member, you you you want you want to be able to trust that the mechanisms that are written on the web page are actually the mechanisms that are, being executed. And so I think that there's a lot of, benefit and value in this sort of investigation. It also is you know, as I put in the chat, it's also something that, like, is doable with, appropriate time and effort. Like, people it can be done, and therefore, people should probably know it can be done and not, expect otherwise. I also think, you know, one of the I think there are some DAOs that are, like, incredibly real name policy esque where, like, some where where people are very, like, upfront about their participation. There are also cases where people aren't, and I think that something that is sort of a overall governance question around how people interface with crypto and how people think about, blockchains broadly is sort of, like, you know, the pseudonymity of wallets and and, you know, the the idea of, like, oh, you know, we can we can be anonymous participants in these processes is still something that I think is very subject to debate. And I, like, I think that a lot of people are drawn to the space because of the belief that it's somehow anonymized. And so people might be freaked out when you talk about, like, an NSA of of DAOs, like, that not not great branding, gotta say. But I do
Speaker 2
6:45 – 6:45
think that NSA proficient people, people that do
Speaker 5
7:00 – 7:00
NSA well. I hear you. I hear you. Just saying. But I do think that, you know, there is this kind of and I don't know enough about the way that these systems and votes are governed, but at least in the example that you showed, votes were very public. And, like, a thing that's really popular in a lot of the capital g governments, is anonymous voting. And if this sort of, like, tracking down does happen, people might feel like, there there might be there might be need for new levels of kind of ambiguity in vote processes where not all votes are out in the open. And I don't think that I don't think that that means that doing this work is wrong, but I do think that it means that some of the fundamental things that people may have been relying on, in these processes might come into question. So I think it's, like, I think it's valuable work to do for sure, but I just wanna name that, like, I think that these roasts, especially accompanied by means, can be, like, really good awakening moments for community members and for people who are founding DAOs to reflect and think about whether or not they're actually fulfilling the promise of what they think or say that they're doing, especially with the laziness factors. I also think that it's the case that some people will feel, like, threatened and that this type of work is, like, antagonistic to the ethos. So, like, that that's just what I was naming in the chat. I'm not saying that it's stuff that shouldn't happen, but but framing it in a way that people feel like is truly for the, like, growth and benefit of the community rather than something that's gonna out them for unpopular behavior or whatever. It could be could be important. Mhmm.
Speaker 2
7:15 – 7:15
Yeah. Agreed. Hey, Fotis. Scared.
Speaker 3
7:30 – 7:30
Yeah. Wow. I'd say, like, the this seeing you go through the presentation, I have the breakthrough moment. This seems and following everybody's comments, I think that this is this seems to be a bit antithetical to the ethos. But if we're into the especially now with the tornado gas situation, and it is a a little bit safer to be talking about, like, NSA and those things even in a talking way. But I don't think so. Like, because knowing the ins and outs and how to do an exploit is, like, useful for both protection and hacking. It's so so it it is a double edged sword. And it's good for this sword to swing towards the direction of better tooling to secure better anonymity in terms of this process. Because they're for some reason, especially in Ethereum, transparency prevailed and it wasn't that close to the original Cypherpunk ethos. And now people are like, oh, no. I can it seems like there's a lot of that vectors in that that have been there by design, maybe because of lazy be lazy more than the accidental aspect. And I think that various doubts would probably see this as a blessing more than a, like, a sort of attack as a as a as a good feedback mechanism. And I was also wondering if there is if you can see some sort of rating or metric that could be a that could accompany this whole process so as to have a good feedback mechanism for Dallas, either internally to see their own governance operations and how well they operate in a more immediate way, or even externally for people to know if it's good to join this DAO in the long term and be committed.
Speaker 2
7:45 – 7:45
Yeah. I think that I I I hope that it will be perceived as a as a helpful to DAOs to understand, like, where they could improve, where they can where they can avoid potential exploits and issues because, the the proof of inattention is is real in DAOs where things can just kinda sneak through under the radar, and, it's like there's a lot of things that could be made just just more public, and I think that both contributors and the DAOs themselves would appreciate that tooling. I'll share a link to a HackMD of a of a write up on that, like, white hat exploit that I did a month or two ago, which is gonna be a talk later.
Speaker 1
8:00 – 8:00
I have a I have a two questions. One is, do you know of any DAOs that are specifically, like, galvanized around OSINT?
Speaker 2
8:15 – 8:15
I don't know a specific one. I was actually just gonna, like, message a few different Telegram groups after this to see if anyone wants to, like, create a new group on, like, DAO OSINT work. Yeah. So I'm not sure.
Speaker 1
8:30 – 8:30
Yeah. It just seems like but I'd be really curious to see how they kind of go about that because they already have such, like, interesting practices within their community for how they source and and verify the data that they collect. So it'd be really interesting to see what their dynamics are in a in a DAO and what would incentivize them. The other question is, you know, like, a roast tends to be quite a a playful activity. And I I wonder if you've, like, if you've ever, like, presented this, like, to a DAO, like, in more of a kind of, like, playfully antagonistic manner? Like, have you actually, like, roasted the members of Noun rather than just doing basically a kind of report?
Speaker 2
8:45 – 8:45
No. But that that'd be fun. I think that I have a group with a couple of them.
Speaker 3
9:00 – 9:00
I'll I'll I'll share with them
Speaker 2
9:15 – 9:15
and see if they would be if maybe there's a community call I could go and and present it to them on. That'd be fun.
Speaker 1
9:30 – 9:30
Because I think that starts to bridge kind of the discussion that we've been having of, like, how do you, like, almost turn this into, like, a a good for them? Like like, how do you, like because I think yeah. There there's there's definitely a lot of, like, discussion about, like, what the place of critique is. But I think, like, critique that's also grounded in a lot of, like, analysis can be really useful and kind of bridge the gap between, like, what we Otis were talking about.
Speaker 7
9:45 – 9:45
I'll mention that one way of maybe scaling this is like, we're we're actually proposing something similar for the validator commons where it's effectively a kind of roast or examination or audit of the governance practices of these validators. And what we're doing there to sort of support that is actually set up a peer review system. So we, like, have an easy chair installation, and I'm essentially the editor and, you know, this evaluator is sending me, like, a bunch of responses to questions. And then I'm sort of sending that off to a couple others for peer review. Right? The and this is I think if, you know, if we want this for a systematize, systematize this, whether through down star or just, like, sort of independently. I think, actually, it could be quite an interesting project, to try to sort of say, hey. Here's a here's a basic sort of, like, step by step where we're gonna do this governance audit and then say, hey. We're gonna run through a few of these. But then eventually, I would like, you know, different DAOs, participating in, like, this body, to do it to each other. Right? I think that'd be quite a cool, kinda exercise to say, like, I've gone through this. What do you think about doing that to Gonstar? Run that as a working group. Sounds fun. Could be good. Accidental path. Yeah.
Speaker 1
10:00 – 10:00
I wanna I wanna make sure some of the people get a chance to jump in in the chat or with their their voice, maybe while you're formulating your thoughts. I am curious if you could speak a little more to the kind of, mutant or, like, more, like, Darkfy. Like, these attempts are, like, the secret network. Like, these attempts to kind of obfuscate some of the the transparency of the other blockchain networks, like, Ethereum or Bitcoin. I was just curious to hear, like, how that fits into this matrix. So, like, what how you would approach, like, analyzing or roasting those organizations where the data was more obfuscated?
Speaker 2
10:15 – 10:15
I think that the same basic principle applies is does what they say they can do match what they can do? So, like, if they say things are anonymous and they say you can contribute anonymously and things are hidden, are they? Like, that to me is all that like, that's the core of this. It's just, like, validating or invalidating what decentralized organizations are saying.
Speaker 1
10:30 – 10:30
Amazing. Anyone else on the on the call who wants to contribute, ask questions, things that maybe experiences from your own DAO encounters that you think are kind of ironic or worth mentioning here?
Speaker 5
10:45 – 10:45
Or anyone who is part of a DAO that is seeing yourselves in some of the in some of the messages we've heard.
Speaker 1
11:00 – 11:00
Let's go with
Speaker 2
11:15 – 11:15
let's go with
Speaker 1
11:30 – 11:30
Martin first, and then we'll go to Fotis.
Speaker 6
11:45 – 11:45
Yeah. Thanks. Just just curious. Have you come across a situation where there where there was a debate about what was what was supreme, what's written on the website or the code, so uncertainty about what was actually intended.
Speaker 2
12:00 – 12:00
Yeah. I think that there's this debate of, like, code is law versus community is law. And a specific one does not does not immediately come to mind, but I think that that is attention of, like, what is the actual source of truth? Like, what should you what should you believe? And I think that it seems like the general vibe of the space is that things that code is law is kinda and it's more like community is law, where, like, the community should be able to upgrade and and and change things, and that's where the and that's where the power lies rather than, like, just blindly being, like, well, the code allowed me to do it. So that's totally legit. Like, we we talked about this with MEV, like minor extractable value too, where it's like, yes. Technically, you can sandwich you can sandwich people's transactions and and make a little bit of money by swinging prices on exchanges slightly or or arbitraging things and, like but when is that actually legitimate is one word for it, but when is it actually, like, beneficial to the ecosystem versus versus when is it not? And to me, I can, like, kinda think of those as, like, double vectors where it's, like, is the is the behavior that people are doing, which is, like, technically allowed, is that actually aligned with is that actually aligned with the community's overall intentions? In that case, that's good. And and if it's something where people are just like, yes. I I can do it. I can do it because the code allows me to do it, but it's actually, like, antagonistic to the community's values, and that's then that's bad. So I try to, like, think of, like, those behaviors and stuff as, like like, whether those things are pointing in the same direction.
Speaker 1
12:15 – 12:15
Fotis?
Speaker 3
12:30 – 12:30
Yeah. Let me just rewind a bit. Let I just forgot what I wanted to ask. So if anybody else that wants to go first, Antille, I
Speaker 7
12:45 – 12:45
I can share something really quick. Memory works. Yeah. This is, from a different actually, Isaac, were you there for when we had, this initial kind of conversation about DAO proposals?
Speaker 2
13:00 – 13:00
I was in the room, but I don't I don't think I was involved.
Speaker 7
13:15 – 13:15
Anyways, we've been kind of building out the dataset, and I'll just mention, we have a very fun distinction between a common, uncommon, rare, all the way up to legendary style proposals in terms of rarity, for those who are familiar with World of Warcraft. But I would actually kinda, like, really love to maybe tie in the kind of, like, the DAO row structure and some of the materials you presented sort of went through in, like, that kinda, like, that grid structure. Maybe it could be, like, adapted and also thinking about or auditing some of these, like, proposals. Right? Or understanding, like, how the proposal because, basically, these proposals are going through that system. Right? So it'd be nice to have, like here's a sort of, like, the institutional perspective on how the DAO kind of operates, how it could be gained. And then sort of for each any one of these proposals, sort of see, like like, these would be the the unit tests for that thing.
Speaker 2
13:30 – 13:30
Yeah. One of my best one of kinda, like, my kinda, like, best practices for a complex DAO proposal is that I, like, run a 10 release simulation to actually show what's going to happen if you if people vote on it. But I don't think that happens very frequently. Like, Nusa has just added transaction simulation. I don't know if many people are clicking on it. But, something that is in these proposals, like, what's the difference between the text of the proposal and the actual executional the actual execution code? Because, like, I think it would be really easy to sneak through a bunch of malicious stuff in most DAOs.
Speaker 7
13:45 – 13:45
Yeah. Yeah. Like, the the protection is not really, like, auditing the code. It's mainly just about trust. Effectively, like, you know who these addresses are. You trust that they're the ones kinda writing it.
Speaker 3
14:00 – 14:00
Alright. I think I remember. So, Isaac, I want to ask you, how different were the governance processes in each of these Darrows that you've done? And what's what would be the yardstick for organizations using reputation systems more than traditional coin voting. Or even going, like, one person, one vote with various like, maybe with Humana or Bright ID or something like that.
Speaker 2
14:15 – 14:15
Yeah. That just adds a ton of layers. Right? Like, I think, so far, we've really only done, like, these basic, like, compound style ones or maybe malloc style ones. But if you do something like Gitcoin with, you know, quadratic voting and civil resistance and passports and all sorts of stuff like that, then it's like, there's many more rabbit holes that you could kinda go down, which would get, I think, challenging as the surface grows.
Speaker 1
14:30 – 14:30
One question that I have I'm not sure exactly how to formulate it, but it is sort of, like, a question about the temporality. Are these meant to be snapshots of the kind of state of a DAO? Or is there a way in which you're able to kind of incorporate the transformation of a DAO over time to sort of show how its model has changed in terms of, like, whether it's doing what it says it's doing?
Speaker 2
14:45 – 14:45
Let's see. I mean, a lot of it is is kinda based on a based on, like, the current moment in time, like, what is the actual current configuration of this thing? Because that's where I think that we can uncover, like, quick wins of things that could be made slightly better or slightly more secure. But, like, an ongoing audit would also be really interesting if, like, we just had things which were constantly, like, detecting, hey. Bunch of funds were sent here. Like I mean, this stuff exists for network traffic analysis that you could, like, install these things on your network and look for, like, why are all these packets going over here? Someday, we will have those same tools for DAOs, and somebody will, I don't know, somebody will make a company that does that and make a bunch of money.
Speaker 1
15:00 – 15:00
Great. Thanks. Anyone else? Or, Isaac, anything else you wanted to share? I see we have, someone coming off right
Speaker 4
15:15 – 15:15
now. Yeah. Hi, Isaac. So we know the crypto transfer, but at the end of the day, the DAO, in order to do stuff, they will have to spend fiat money. Are any treasury that's transparent and open where they are spending the money and who's getting paid how much?
Speaker 2
15:30 – 15:30
Yes. So you can look at unless things move entirely off off chain, in which case you can't really trace them without getting actual law enforcement involved. As long as things are on chain, like, you can look at a, like, LlamaPay, like a streaming salary tool. You can see who's who's earning what. The breadcrumbs tool is probably pretty useful for seeing, like, who's getting paid. There are as long as things are on stay on chain, it's pretty easy to to trace. But, you know well, except unless you see things end up in, like, tornado, but I guess that'll maybe be happening more or less these days. I'm not sure.
Speaker 4
15:45 – 15:45
So I can see who's being paid, but what I can see is what's the reason they're getting paid. So does the DAO report on that? Do they do they transfer
Speaker 2
16:00 – 16:00
That's not super public. Like, tools like Utopia will keep those, but they generally keep those logs for you, not for everyone. But maybe DAOs could also kinda publish their books. Maybe that could become a best practice someday where they, like, say this is who we paid and why. I actually just thought of, like, a funny way or not funny. The government is listening way to use, like, tornado for payroll where you can just, like, tornado a 100 ETH into tour and then, like, the same way that they were dusting people's wallets with ETH, you could kind of, like, withdraw from that for your payroll every month. Like, that would be a very, you know, sanction y way to run your payroll.
Speaker 4
16:15 – 16:15
Okay. Thanks.
Speaker 1
16:30 – 16:30
Okay. We have about
Speaker 4
16:45 – 16:45
ten minutes of Yeah. Well, okay. Sorry. Just it seems I was looking at a lot of doubts, and it seems to me the founders or the people that set it up that probably have most of the benefits from it. They don't seem to be very public in many of them. It seems that sometimes I see contributors being public, but I don't really know who are the founders and most DAOs seem to hide that. Do you why what would be the reason for that that most people wanna be anonymous?
Speaker 2
17:00 – 17:00
I think some people just wanna have the the, you know, privacy like, think of privacy as a way of, like, presenting different versions of themselves to different groups. So I think that that, like, should be a core concept of decentralized identity. So, like, the re a reason to say anonymous might not be that you're being sketchy. It's just, like, you want to have that maintain that control over how you're perceived and how you're presented, which is not possible if you're like me and just made your full first and last name your ENS name for a while.
Speaker 4
17:15 – 17:15
Okay.
Speaker 1
17:30 – 17:30
I I was curious, you know, I don't know, like, the exact details, but I know that for instance, like, Toucan protocol, when they swapped over from I think it was the BCT pool to the n NCT pool or the NTC pool, there is, like, some sort of inherent exploit in their system that meant that a lot of people could redeem in order to then have their tokens ready for the new pool creation, which was gonna be at a higher market value. And so they ended up I might be getting some of the details here wrong, so, you know, double checking everything. But I think they ended up collecting and redeeming a bunch of those so that they could then secure it so that people didn't then, like, basically do an arbitrage. And then what they did is they retroactively set up a governance set up a disc discourse forum to figure out with the governance mechanisms, what they should actually do with the with those funds. And so there was a way in which these kinds of, like, like, internal potential exploits that are, like, already in the system kind of cause or produce this tension that then results in some sort of governance process. And so I'm curious if you've seen examples in your analysis where the the kind of failure states have resulted in a more democratic outcome.
Speaker 2
17:45 – 17:45
Let's see. Most of the failure state? Sorry.
Speaker 1
18:00 – 18:00
Well, the failure state is like some like, I I think the the the in this case, the it's been a little while since I've looked into this. But I think the failure state was that there was a way of redeeming or transferring your tokens from the the BCT pool into the base Toucan token, the TOC. And then you could then, like, have it ready to go for the new pool that was going to be deployed within a week or two. And you could basically arbitrage the the price so that your token could be worth more in that new pool. But it wasn't really clear in the documentation how to actually do that transfer except for people who had, like, the technical knowledge to actually go in and read the contracts and see how to actually execute that. So it's not even necessarily a technical failure, but it's more of a kind of documentation failure. And, again, people should go and check this out. I mean, I I'm getting some of
Speaker 2
18:15 – 18:15
the data generated. It's funny. There are a lot of, like, tables where just money is left on the table because people are confused. Like, this is literally happening right now in the Reflexor ecosystem. I'll share a because, like, you can all okay. Not financial advice. This is a very easy way to make money right now. Like, the rye is a rye is a a stable coin which is pegged to itself. It's like Dai, but original Dai, which is only ETH, and it has a feedback loop. The system is doing one of few things. It can either it can I like, if the market price is wrong, which it's it is right now, it's off by 10%? It's going to push the price of ride down, so you should mint it and flood the market and short it. And if that if people too many people do that, the price of ride increases, and you should hold ride. Like, you only have to do two things. It's really simple. But, like, people aren't doing this, and it's been like this for months. And this is a very easy way for people in DeFi you'd think to be making, like, 20% on their money, but people aren't doing the rational thing. And it just keeps falling. So, like, even if this is pretty well documented, and I've even, like, tried creating memes of, like, do this thing to make money, and still people don't do it. So, like, I don't know I don't know how to solve the problem of people not doing the rational thing of making of making money when even if you did document it. But if you made this a simple, like, button click, maybe more people would. But, honestly, it's, like, three button clicks right now and people still aren't doing it. So I don't know.
Speaker 1
18:30 – 18:30
Yeah. That's interesting. I guess the thing I was curious about is just, like, we're also at times, and we should probably end it. But maybe at some other point, we can talk about, like, where like, what are the examples where failure some sort of failure document documentation failure, governance failure, treasury failure has led to a more, like, it's an expansion of governance practices, more actual democracy or decision making as a result of experiencing that failure. But we should end it there and maybe pick that up another time. Yeah. Except
Speaker 2
18:45 – 18:45
everyone's DM
Speaker 6
19:00 – 19:00
me if
Speaker 2
19:15 – 19:15
you wanna learn how to use RY because, like, everyone should be doing this.
Speaker 1
19:30 – 19:30
Again, not financial advice. Thanks everyone for attending the Medigov seminar. Really interesting research, Isaac. Thanks so much.
Speaker 7
19:45 – 19:45
Should we go?
Speaker 1
20:00 – 20:00
Yes. We should all unmute. Feel free to turn off your turn on your video if you like, and we can all clap for we can all give Isaac a round of applause.
Speaker 2
20:15 – 20:15
Thank you. It was a nice routine. See you, guys.
Speaker 1
20:30 – 20:30
Yeah. Okay. Thank you all. Goodbye. Thanks, guys.
Speaker 6
20:45 – 20:45
Bye.