- What are ‘bad’ proposals?
- How can we automatically detect proposals that are ‘bad’?
Implementation details below
My Proposed Answers
Bad proposals are ones that don’t uphold the DAOs norms. For example:
a. A proposal requests >10ETH and the proposer doesn’t have a linked social media account.
b. The proposal document doesn’t follow a standard template.
c. The proposal was upvoted & boosted by the proposer.
All of these norms could be established via proposals. We’re familiar w/ some of these that’ve passed within the Genesis DAO. Now for the fun question…
In order to support all of the cases above, bad proposal detection must be implemented client side and not within the protocol layer for technical reasons (gas costs, no outboud/inbound traffic, etc). While some norms could be done within the protocol layer (see 1.c above), I argue that this introduces complexity which increases vulnerability.
Instead, imagine this. You open up Alchemy, view your DAOs proposals, there’s a little spinner in the bottom right that says “scanning proposals”. A few seconds later, a few proposals are annotated w/ red warning signs that show you why this proposal is deemed a “bad” proposal (ex: This proposer is asking for too much reputation).
The moving parts are:
- Client Library: A client side library that could be used w/ any DAOstack DAO dApp. Let’s call this “DAOscan”?
- DAO Norms: An on-chain list of norms that the DAO has chosen. For more detail see NOTE below.
- DAO Norms Proposal: A new proposal type that, if passed, will add or remove a norm from the DAOs list.
With these parts in place, and a lot of details glossed over to save space , we now can have access to a client side library that can scan for vulnerabilities that may exist within a proposal based on the DAOs established norms.
NOTE: Each “norm” is really some detection algorithm that DAOscan uses to find vulnerabilities. DAOscan could support a plugin model, which would allow it to dynamically download these algorithms from some on-chain registry. This way, new “norms” could be made available for DAOs to use, and client applications wouldn’t have to update themselves to support this.