Authors: @dropnerd, @forager
When SharkDAO started, we selected 3 initial Gnosis Safe signers. Through many votes, we have increased that count to 6. However, it is difficult to get 3 signers together to bid, especially as Noun O'Clock times shift. This has caused SharkDAO to not bid when we otherwise might have, and it has also caused SharkDAO to bid in larger increments than necessary due to the difficult of executing multiple smaller bids.
@forager wrote a smart contract that allows any individual Safe signer to submit a bid. The contract is deployed on Ethereum mainnet at the link below. We encourage members to look at the contract code and attempt to find any issues prior to voting.
Our goal is to balance bidding capability with security. Introducing this contract may cause total fund loss. Please read the risk disclosure.
Contract: https://etherscan.io/address/0xD1977351532fE19C43d8B3E209570c3dF02D2241#code
Details on the smart contract can be found at:
Several Shark volunteers have tested this code without finding any issues. However, we may have missed an issue. Here is the checklist of pre-launch testing:
There is an opportunity cost of missing out on bidding for many Nouns. Thus, this proposal authorizes the use of this smart contract before the formal code audit.
This proposal requires the auction committee to find a company to audit the smart contract. The following timeline applies:
If any of these deadlines are not met or extended, SharkDAO should withdraw all funds back to our Gnosis Safe as soon as possible and stop using this contract.
With any smart contract, there is a risk of bugs or other security issues. This could cause us to lose all the ETH and Nouns in the smart contract. In the worst case, this could be the entire treasury. The DAO accepts this risk by passing this proposal and using the contract.
A rogue Gnosis signer could cause us to overbid beyond the Auction Nerd consensus. (Auction Nerds are a group introduced in SIP-00022 consensus). While the rogue signer would not be able to withdraw funds to their own wallet, they could overpay for a Noun if they feel like it. This proposal recommends that SharkDAO removes any such rogue signer.
A hacker may exploit a signer to cause us to overbid beyond the Auction Nerd consensus. This proposal recommends that signers use a hardware wallet for their signing activities.