Smart Treasury - Update 2

TL:DR Snapshot vote for code review Snapshot Link

Hi Everyone,

Over the past week I’ve been finishing up the development of the tests for the smart contract for the smart treasury, and drafting the proposal which will be required for the on-chain vote. There is a limit of 10 actions which a single proposal can make, so therefore the deployment of the smart treasury will need to span over two proposals, which I will give an overview of below.

Proposal 1 - Bootstrap the smart treasury

This proposal will pull funds from the Fee Treasury and the Ecosystem Fund to the bootstrap contract. This consumes a total of 8 actions if all fee tokens were to be withdraw. After the funds are withdrawn, the multisig will initialise the pool with these funds.

Proposal 2 - Update Fee Address

This proposal will update the idle strategy tokens [Here] to the feeCollector. This will enable the buy back mechanism with fees generated from the protocol being redirected into the smart pool. This proposal will consume 9 actions, and the final action will be to pay the development costs, so the total will be 10 actions.

Code Review

However before we decide to take this proposal on chain, it is recommended that a code review be organised. There are two steps which governance can take for initialising a code review.

1. Professional code review/audit
2. Peer review

There are pro’s and con’s to each; the audit being the more expensive, but more exhausting option. And the peer review being the cheaper but less thorough approach. However, it is important to point out that the majority of the interfaces which I connect to (balancer, uniswap, openzeppelin) have been thoroughly audited, and therefore pose a lesser risk. That is to say, IMO a peer review is a right choice.
Any funding that would be required for this task can be paid out in proposal 1.

I would need support from the community on this decision, so please voice your opinion in this snapshot vote: Snapshot Link

If there are any prospective reviewers from the community who would like to volunteer it would be great if you could flag your interest on this post (bump @Fernando )

Once the code review has passed I will formalise the smart treasury as an IIP so we can proceed to the next steps .

Thanks for this update.
I think the Snapshot vote should have included a separate option for the security review (separate from the ‘Code audit’) but we can then make another Snapshot vote eventually to define if a security review or a full audit is needed in case the ‘Code audit’ option wins.

The split of the proposal makes sense to me and I think it’s needed for now.
I will for sure continue with the review and now also with the help of @gravityblast, new dev of the Idle team! If we can have also the support from Balancer and also other community members I think it would help a lot! Great work so far

Edit: started the review of the migrations here, will follow up today / tomorrow

Good job Asaf!

In relation to the 2-of-2 multisig, I’d like to increase the level of resiliency & security and I suggest to add a third key, changing the wallet in a 2-of-3.
I think that a trusted, high-profile and committed name could be @Fernando, Founder at Balancer Labs. Idle protocol would be honored to have him as external signer, in case of need.

In this reply @William already talked about risks and concerns related to possible issues during the deployment of the contracts.

I’d like to clear out the pro’s and con’s of the options we have, in order to help the community to decide which one can be a good fit for this implementation. As suggested by @William, a further Snapshot poll might clarify on security review or full audit.

Professional full audit:

• estimated cost: $ 15-20k
• estimated time: about 1-2 weeks to book a slot with an auditing firm and approximately 1 week for code review
• security: high

Code review by auditing firm:

• estimated cost: $ 3-5k
• estimated time: about 1 week to book a slot with an auditing firm and a couple of days for code review
• security: medium

Peer review:

• estimated cost: $0-1.5k. The upcoming Committee might reward those volunteers with bounties (e.g. expecting 5 reviewers, $300/each)
• estimated time: about 3-4 days to get in touch with trusted and skilled developers and 2-3 days to let them complete the job
• security: medium

Happy voting!

If Idle is building its brand on being a more reputable and secure than average DeFI protocol, why not “All of the above” option? For instance, start with community review and then do paid review on top.

Peer review from our side will happen in any case, but incentivized peer review involves more people so should add more value in terms of security.

Regarding the code review vs full audit (both from an auditing firm) one exclude the others in my opinion or at least if you follow the full audit path then you don’t need the ‘Code review’ from the auditing firm.

Great to see the Idle community interested in joining the Balancer one =)

I think we can have our smart pool Magician @endymionjkb (Jeff is his name, he’s on our discord) take a look at the code.

Also, I’d be happy to hold a third spare key of the multisig just to make sure you can recover the funds in case one of the other two gets lost somehow. But I would not like to sign anything with it unless in such emergency case when we would replace the lost key.

I would also ask you to seed the address I will use with some tiny bit of Eth just so I don’t need to connect any of my wallets to this.

Cheers and looking forward to this!

That’s great, thanks for your support @Fernando !

Yes that’s the perfect use case, as a backup signer you could potentially help us in emergency situations, in normal circumstances the other 2 signer will perform all the work.

No problem on this side, I think the best thing would be if you post here a fresh new address and @8bitporkchop and the Idle deployer key then proceede to add this address to the multi-sig and we can fund it with some ETH

Sounds good!

This is the address: 0x8DC7A0a40422B98e0b1cE2edbcD132c5c8F12bCd

I would also like to send it through another medium to 2fa it: any email/TG I can send it to?

Please before adding it to the multisig wait for me to make a test transaction to prove I have access to it. I’ll do it after you seed it with some ETH.

Cheers,
Fernando

Thanks, you can send it also on our tg Telegram: Contact @idlefinance (you can ping me or any other admin or @8bitporkchop) or in our discord https://discord.gg/wbhCWfEn . I have preemptively sent 0.05 ETH Ethereum Transaction Hash (Txhash) Details | Etherscan to that address so you can test if everything works as expected

Sounds good. Just sent a txn to myself proving I control the account. You can now add it to the multisig as a backup.

Cheers and count on me,
Fernando

Welcome @gravityblast !!

I am up to hire more than 1 dev and rise the grant if this peer review is used to bring more talent to the project.
It’s also a good promotion opportunity for idle since most good devs in the space already have huge social media following so hiring more than one would not only increase the security but also get idle some new eyes on what we are doing.

@Fernando really happy to see talent and heart building DeFi. That’s awesome and inspirational.

Hello again everyone!

I’m extremely sorry but my lawyer just told me I’m crazy for accepting being one of the signers for a multisig of a third party project =/

He said that I’m opening myself up for unlimited liability especially for being a public person. And that’s even if I’m just a backup signer.

I was really not expecting this reaction, but I cannot disobey him. It’s also about Balancer in a way as I represent Balancer before the public. So I’m extremely sorry but I’ll have to revoke my key =/

Sorry to put you in this situation, it’s just that I like your project and community and wanted to help, but turns out I was too hasty.

My apologies again and keep counting on me for anything else I may be able to help with!

Cheers,
Fernando

Hi @Fernando , thanks for the update. This raises a very interesting situation.
I am leaning forward for a solution where maybe a committee (?) signs the multisig.
Again, your contributions remain crucial. Good to have good ppl shaping the conversations.
Thanks again.

Thanks @8bitporkchop for this update and everyone for participating in the conversation.

This Temperature Check witnessed an impressive participation from $IDLE holders! More than 200k tokens have been used to cast a preference for this poll, resulting in a +680% increase compared to the previous one. Congrats guys!

To move forward with this peer-review, we will release a new post where we’ll point out all the resources to review the code and the requirements for the review. Developers that will contribute to this peer-review will be rewarded.

@william and @gravityblast will independently review the code, and we are glad to collaborate with @endymionjkb from Balancer (thanks @Fernando for your contribution, it’s a pity to hear re multisig signer but I understand the legal implication).

The ideal path would be to have a couple of developers from the DeFi community to enrich the peer-review’s quality.

@unicorn I like your idea of having a committee being the 3rd signer for the multisig as it would be in line with the committee model we proposed. How about if the perspective Treasury Committee will be the signer? Sounds like a natural application for it, but I’m wondering if we have too much “control concentration” in that committee in this way.

@Teo i think it’s worth it to give the Treasury Committee the opportunity to be the signer.
Imo “control concentration” is not an issue at the moment…

Happy to be one of the peer reviewers.

I have experience building integrations with Balancer which are used in production.

I would like to support the candidature of @MickdeGraaf (friend of Idle, he is at PieDAO, they already worked extensively with Balancer pools) and also propose @EmilianoBonassi , if interested, as fifth reviewer

@EmilianoBonassi @MickdeGraaf welcome to the IDLE family guys!!