An attacker submitted a List with a single transaction that would transfer the 46.484525046413216988 WETH held by the Proof of Humanity Kleros Governor. In response, a List of valid transactions, that execute pending proposals voted by the Proof of Humanity DAO, is submitted, and defended with this explanatory piece of Evidence.
HIP-5 is a baseline bureaucratic standard to make DAO governance more predictable. In practice, small details in every single proposal, tacitly approved or explicitly approved through submission in this Governor, have broke the guidelines of this legislation. This submitted List understands this bureaucratic text as a series of guidelines, that enforces the process of passing Proposals through Phases, but is not taken as strictly impeding Proposals that infringe on sparse details. This is not whismical, but can be defended by a simple interpretation of the Kleros Governor Policy, how it has been interpreted for years, and how it has, in practice, been interpreted for Proposals that did not require being executed by the Kleros Governor, commonly and almost universally accepted by the DAO members.
HIP-63 changed how the votes were counted. Phase 2 was not a new dedicated thread, and Phase 3 vote in Snapshot was not preceeded by [Binding]. However, it was respected ever since, and the Snapshot space updated the voting scheme. This is just one example out of many. A dedicate examination of every single DAO proposal shows no proposal ever respected this bureaucratic standard completely. It can be concluded that it is not a hard requirement, unless it was made explicit.
Taking a look at the Kleros Governor Policy is recommended. It can be observed it makes no mention on respecting a DAO bureaucracy, instead assuming that the proposals were created in good faith within the Snapshot page. It only mentions looking at accepted, closed proposals in an Snapshot page. It could, and will be assumed within the proposed List of Transactions, and within this Evidence defending it, that the Snapshot Page administration, plugins, etc, are responsible of filtering out illegal proposals before they are put out to vote.
However, even if that was not the case and there could be arguments forcing the jurors to dig into the legislation specific to this DAO, even though the DAO bureaucracy was not completely and absolutely respected, the substance of the bureaucracy was still respected:
HIP-45 is a proposal that created a new bureaucratic standard to state how the Policy was to be updated from that point onwards. It also set the new format of Policy, that is, markdown. After it, three policy updates went through, but only one fulfilled the bureaucratic process perfectly. Two of those policy updates drifted away from the process, but still mostly met the requirements.
HIP-79 is a proposal that attempted to de-bureaucratize the DAO, and also explicitly ratified HIP-58 and HIP-78, enhancing the claim that they must be considered valid. Again, this proposal was voted and accepted in the Snapshot page, which is the main resource the jurors are requested to scrutinize.
A list and a table with the accepted list of proposals with transactions pending execution.
| Accepted | H-5 Legal | H-45 Legal | Name and Link | Bureaucratic Infractions | |
|---|---|---|---|---|---|
| ✅ | ❌ | - | [Phase-3][Binding] HIP-22: Creation of the UBI DAO | UBI Category instead of DAO. P-2 not new dedicated thread. P-2 post not containing link to Snapshot. | |
| ✅ | ❌ | - | [Phase-3][Binding] HIP-29: Deposit funds of the DAO to the UBI Burning Vaults | P-2 not being a new dedicated thread. P-2 thread not linking to P-2 Snapshot. P-2 Snapshot not linking back to thread. P-3 Snapshot not linking back to thread. | |
| ✅ | ❌ | - | [Phase 3] [Binding] HIP 45: PDF → Markdown | P-2 -> P-3 was not an edit. P-2 not containing link to Snapshot. P-3 Snapshot not containing link to thread. | |
| ✅ | ❌ | - | [Phase 3] HIP-28: Update submissionBaseDeposit | P-2 -> P-3 was not an edit. P-2 not containing link to Snapshot. P-2 not [Signalling], P-3 not [Binding]. | |
| ✅ | ❌ | ✅ | [Phase 3] HIP 61: 15 Word Verbal Confirmation | P-2 -> P-3 was not an edit. P-3 in PoH Category instead of DAO. P-2 not containing link to Snapshot. P-2 not [Signalling], P-3 not [Binding]. | |
| ✅ | ❌ | ❌ | [Phase-3][Binding] HIP-58 - Removal of vouchallengers | P-2 not containing link to Snapshot. Policy edit, but skipping and mixing H-45 PR steps. | |
| ✅ | ❌ | ❌ | [Phase-3][Binding] HIP 78 - Clarify mirrored images during registration | P-2 not containing link to Snapshot. P-2 -> P-3 was not an edit. Policy edit, but creating PR after P-2 passes, skipping feedback phase mandated in H-45 process. |
In order to execute the voted proposals listed above, 7 transactions are necessary:
governor stored in the Upgradable Proxy of the
UBI token (as per the current UBI implementation), and one to send 2M UBI to the UBI Kleros Governor.
submissionBaseDeposit of the PoH contract.MetaEvidence update. The four of them can be executed
within the same transaction.
ProxyAdmin.transferOwnership(newOwner: 0x7510c77163683448b8Dc8fe9e019d9482Be1ed2b)UBI.changeGovernor(_governor: 0x7510c77163683448b8Dc8fe9e019d9482Be1ed2b) *UBI.transfer(guy: 0x7510c77163683448b8Dc8fe9e019d9482Be1ed2b, wad: 2000000000000000000000000) *
ProofOfHumanity.changeSubmissionBaseDeposit(_submissionBaseDeposit: 55000000000000000)WETH.approve(guy: 0x2147935D9739da4E691b8Ae2e1437492A394eBf5, wad: 46484525046413216988)WETHUbiVault.deposit(_amount : 46484525046413216988) *ProofOfHumanity.changeMetaEvidence(_registrationMetaEvidence:
/ipfs/Qmd9YoVK7Mu5PgmwBF2BM7kS922kN4VhvSnadvVTsR1zSE/registration.json, _clearingMetaEvidence:
/ipfs/QmUjvJnXGHnNbha13hMVWHrQqQNwDDazbDbX38shY5kPss/clearing.json)
Items marked with a * character are methods called in Proxy contracts, which means the Governor frontend will be unable to decode the contract methods and parameters, and will resort to showing the raw transaction data. UBI is an Upgradable Proxy, and WETHUbiVault is a Minimal Proxy. The transaction data should be decoded taking into account the ABI of the implementation contracts.
A malfunction in the Kleros Governor frontend resulted in disorder of the transactions within the list. The original order is under the section Readable list. The Policy does not prohibit bad ordering. The aftermath of chance concluded in an ordering that could also be executed sequentially without issues. It can be read here in CSV format.
| Fully Executed | Partially Executed |
|---|---|
| 22, 45, 28, 61, 58, 78 | 29 |
The reason transactions are being spent on executing HIP-29, is that Partially Executing Proposals is required to craft a perfect List. The Absence of this Partially Executed Proposal could threaten the election of this List in the Step 3, if an apt investigator submitted the same transactions, adding the two transactions that would ensure the Partial Execution of HIP-29.
Upon reading HIP-79, the following clause can be found:
Kleros jurors (in the case of a challenge) are required by the force of this HIP to refuse to arbitrate in case of such a challenge appears.
It was ammended into the following:
Kleros jurors (in the case of a challenge) are required by the force of this HIP to Accept the list in case of such a challenge appears.
Jurors must ignore this clause. The Governor has no absolute allegiance to the internal bureaucracy of the DAO. The Governor Policy specifies the terms in which Refuse to Arbitrate has to be invoked, or which List is accepted. Those, along with the General Court, are the only terms. The Governor Policy does not contemplate a delegation of this power to the Proof of Humanity DAO.