Whitelist of addresses for SAIL DAO deployments

Based on passing of prop 708: Sail DAO, this proposal grants permission to the following addresses for the ability to upload CosmWasm contracts to Osmosis without seeking further governance approval for each upload.

osmo1pscy6u25wq7r8dmpepny5r0xk095xfzduvzf29epradu8dr68fvs8mv2vn : this dao is administered by members of the SAIL program, including members from White Whale, Eris Protocol, BackBone Labs and Racoon. Will be used to deploy White Whale contracts.

osmo1s7vag2t8pg40qj73lhnfg08ylvc33w0r27pyvy : this address is administered by the Racoon team. Will be used to deploy the Racoon protocol.

osmo1ezgx7dhm2zag0lplje68j47cx9e8nft44k9f07r7qp7m7uc5u8ysn482ps : this dao is administered by BackBone Labs. Will be used to deploy the BackBone Labs related contract.

Yes, following the approval of 702 & 708 this is also the best route to take to whitelist these addresses and reap the full benefits of the swap

I think that contracts uploaded should need approval as an extra security measure. I mean we live in an age that cyber attacks flourish.
Wouldn’t it be a good security measure to approve contracts in case of a breach?

Hi @FlyingCircus , I understand your concern. White Whale contracts are open source, anyone can find and validate them here, have been audited multiple times, they are live in 8 chains and securing over $10M in TVL.

BackBone Labs contracts have also been audited as far as I know, can’t speak for Racoon protocol though.

Also, consider that whitelisting allows the teams to deploy time-sensitive patches rapidly in case of an exploit.

In addition to what @kerber0x posts; the whitelisting of addresses gives the approved teams the luxury of deploying permissionlessly, while the community still have a gatekeepers function who is allowed to have that perk.

This is the closest thing Osmosis has come to being permissionless for smartcontracts, while still preserving some level of safety in terms of not allowing everyone to upload everything.

Hey @kerber0x and @LeonoorsCryptoman , i get it and i am all in, I mean i did vote yes, but still trying to voice a concern that isn’t an unlikely scenario. We do have to keep in mind before allowing others free pass on contracts not especially these daos.
The concern was never for the daos, was actually for malicious attacks on the Dao by a third party, as the daos are vetted before being allowed to do upload any contract.

You mean more the risk where a malicious actor gets control of the DAO / multi-sig / address which is whitelisted?

Exactly my good man, not easy at all but not impossible either.

Hence the multisigs. It’s harder for a malicious actor to get access to multiple keys than a single one.

That is quite true, not unheard of though, thus my question in the theoretical scenario that it happens.

Olá caros amigos, proposta válida. Com grande escalabilidade. Votei sim!

We voted yes, but do we really need that many addresses to deploy?

I am a bit wondering how big the chance is… because that is quite important to take into account as well.

The chances aren’t that big for something like this to happen IF people are careful. But i really needed to address the matter to make everyone think.
As i said above it’s not likely but it isn’t unheard of. Multi sig wallets help with security as more than one people need to sign but still coordinated attacks may occur so people do need to keep on their toes. Especially if one’s wallet is whitelisted and can upload anything.

1 address per team,
If you mean the action proposal data, every team with access currently needs to be resubmitted along with the additions.

The SAIL prop entails bringing multiple projects on board. One address is for White Whale, the one for BackBone Labs and the third for Racoon. Check it out Sail With the Whale V2: SAIL DAO (Updated)