Proposal: Additional security layer for Opium DAO

alirun · 24 2021 13:52

Summary

I propose to introduce an additional security layer for Opium DAO for faster and easier prevention of malicious and spam proposals.

Rationale

Off-chain votes are settled in Opium DAO using a Realitio escalation game (proof of stake) system. Effectively it is an optimistic Layer 2 solution for voting. This system verifies whether off-chain proposals and votes were made according to DAO requirements by the Proof-of-Stake mechanism.

However, there is a standard additional security measure called Arbitrator, which allows anyone to put potentially malicious proposals on hold and to pass the right to provide the final decision to a particular 3rd party in case of disputes between stakers.

I suggest that setting normal on-chain voting as an Arbitrator is the best solution as it always allows switching any proposal to strict on-chain voting and can prevent spam, malicious attacks on the optimistic layer. Of course, that switching should cost a symbolic amount of Ethereum to protect from spam here as well. We see that governance in DeFi is developing very fast and dozens of large and small protocols are using off-chain optimistic or even delegated voting as a best practice. On the other hand, many protocols are governed by on-chain votes that are expensive and decrease participation. This hybrid solution is innovative as it allows to implement proposals based on off-chain efficient voting but allows to block any vote and bring it to on-chain arbitration at any point of time by anyone.

This system is similar to real-world situations where agreements are executed on the optimistic assumption, but there is always a possibility to bring them to an arbitration/court to get a last resort call.

Therefore, I suggest setting Opium Aragon DAO as an arbitrator, which will allow $OPIUM holders to decide the outcomes of the proposals using on-chain voting in case of disputes or attacks.

The Realitio arbitration should be performed using Arbitrator smart-contract developed by contributors of Realitio

github.com

RealityETH/monorepo/blob/main/packages/contracts/development/contracts/Arbitrator.sol

pragma solidity ^0.4.25;

import './Owned.sol';
import './IArbitrator.sol';
import './IRealitio.sol';
import './IERC20.sol';

contract Arbitrator is Owned, IArbitrator {

    IRealitio public realitio;

    mapping(bytes32 => uint256) public arbitration_bounties;

    uint256 dispute_fee;
    mapping(bytes32 => uint256) custom_dispute_fees;

    string public metadata;

    event LogRequestArbitration(
        bytes32 indexed question_id,

This file has been truncated. show original

Usage of this smart-contract will allow the setting up of an arbitration fee, which will be paid by the arbitration requester to the Arbitrator to freeze the proposal for further dispute resolution. And it will also allow the owner of that smart-contract (Opium Aragon DAO) to provide the correct answer. Answer provision, in this case, will be done via on-chain voting.

Implementation

Required steps to introduce new Opium DAO security level

Deploy Arbitrator smart-contract
Tune Arbitrator smart-contract with required params
Transfer the ownership of Arbitrator smart-contract to Opium Aragon DAO Agent
Change Arbitrator address to newly deployed Arbitrator smart-contract in Opium DAO Module (call to action of this proposal)

UPD: Voting

@riccardo Proposed additional feature on Arbitrator and created a voting to finalise the current proposal

https://signal.opium.network/#/opiumprotocol.eth/proposal/QmRBXMWHYyktQdPfLexnLUTHwQGKjzi1n6igST9LfxWpRp

sergelove · 24 2021 23:14

hmm…
Lets test it first?
Where we can test it ? Lets create simulation of malicious voting and forward it through this proposed mechanism.
Lets see how it going and how it complicated.
Sounds interesting

riccardo · 25 2021 15:08

I would suggest adding an additional entity that we can call “Guardian”. It will be able to perform one and only one action: request arbitration (freeze proposals) without the need to pay any arbitration fees. The Guardians will be assignable by the owner of the Arbitration contract (Opium Aragon DAO).

The rationale of Guardian is to allow a trusted entity (multisig of appointed guardians) to quickly react to the malicious or spam proposals without the need to waste money on arbitration fees. Since the Guardian’s actions are restricted and the Guardian could be easily changed by the Opium Aragon DAO, it will not introduce any single point of failure and will serve solely for DAO security purposes.

Guardians can not affect anything, their only responsibility is to call the arbitration for free in case of “DDoS” attacks on DAO.

Here’s the github repository of a proof-of-concept based off Reality.eth.
Specifically here: added guardian logic · RiccardoBiosas/monorepo@6c9a9c3 · GitHub

andrey · 25 2021 18:53

so basically it is a “switch to on-chain voting” for every proposal that is being brought from optimistic on-chain layer to implementation?

if guardian can not do anything else it makes a perfect sense that governance appoint a trusted party for this role, can not affect anything, only putting red flag when something wrong is going on. On-chain voting will decide than… makes sence

alirun · 26 2021 11:29

This is awesome

riccardo · 26 2021 11:37

Yes, the idea is that the guardian should not interfere with the governance process: on the opposite, it should only guarantee its integrity and shield it from malicious actors

riccardo · 13 2021 16:02

the proposal related to the new arbitrator setup is live on snapshot, feel free to express your view on the subject!

https://signal.opium.network/#/opiumprotocol.eth/proposal/QmRBXMWHYyktQdPfLexnLUTHwQGKjzi1n6igST9LfxWpRp