Based on passing of prop 708: Sail DAO, this proposal grants permission to the following addresses for the ability to upload CosmWasm contracts to Osmosis without seeking further governance approval for each upload.
osmo1pscy6u25wq7r8dmpepny5r0xk095xfzduvzf29epradu8dr68fvs8mv2vn : this dao is administered by members of the SAIL program, including members from White Whale, Eris Protocol, BackBone Labs and Racoon. Will be used to deploy White Whale contracts.
osmo1s7vag2t8pg40qj73lhnfg08ylvc33w0r27pyvy : this address is administered by the Racoon team. Will be used to deploy the Racoon protocol.
osmo1ezgx7dhm2zag0lplje68j47cx9e8nft44k9f07r7qp7m7uc5u8ysn482ps : this dao is administered by BackBone Labs. Will be used to deploy the BackBone Labs related contract.
I think that contracts uploaded should need approval as an extra security measure. I mean we live in an age that cyber attacks flourish.
Wouldn’t it be a good security measure to approve contracts in case of a breach?
Hi @FlyingCircus , I understand your concern. White Whale contracts are open source, anyone can find and validate them here, have been audited multiple times, they are live in 8 chains and securing over $10M in TVL.
BackBone Labs contracts have also been audited as far as I know, can’t speak for Racoon protocol though.
Also, consider that whitelisting allows the teams to deploy time-sensitive patches rapidly in case of an exploit.
In addition to what @kerber0x posts; the whitelisting of addresses gives the approved teams the luxury of deploying permissionlessly, while the community still have a gatekeepers function who is allowed to have that perk.
This is the closest thing Osmosis has come to being permissionless for smartcontracts, while still preserving some level of safety in terms of not allowing everyone to upload everything.
Hey @kerber0x and @LeonoorsCryptoman , i get it and i am all in, I mean i did vote yes, but still trying to voice a concern that isn’t an unlikely scenario. We do have to keep in mind before allowing others free pass on contracts not especially these daos.
The concern was never for the daos, was actually for malicious attacks on the Dao by a third party, as the daos are vetted before being allowed to do upload any contract.
The chances aren’t that big for something like this to happen IF people are careful. But i really needed to address the matter to make everyone think.
As i said above it’s not likely but it isn’t unheard of. Multi sig wallets help with security as more than one people need to sign but still coordinated attacks may occur so people do need to keep on their toes. Especially if one’s wallet is whitelisted and can upload anything.
The SAIL prop entails bringing multiple projects on board. One address is for White Whale, the one for BackBone Labs and the third for Racoon. Check it out Sail With the Whale V2: SAIL DAO (Updated)