I went ahead and made a normal one with ‘addmultisig’, wasn’t too hard
Aren’t there considerable advantages to creating a separate, independent store of value on Ethereum to maximize decentralization?
We aren’t proposing a bank account, we are trying to establish a DAO, similar in structure to ZF with the option of true pseudonymity and participation from members outside of the community to fund projects to advance Zcash and offer an added layer of protection and decentralization. This only makes sense if a few active members of the community participate in the direction of the DAOs spending.
What is the right tool to make a private smart contract on Ethereum? And would anyone make one?
You could use Ethereum to add more rules and make the structure more complicated for sure, if you shout out more policy ideas we can brainstorm how to implement them. In particular “TheDAO” had smart contract rules that basically let anyone get more voting rights automatically by buying in, and had some escape mechanism where you could back out and leave the group with your share. It’s hard to make a good DAO, and IMO the structure isn’t everything, just some scaffolding for the talent and effort of the ppl contributing. Maybe others here have more ideas? Or seek out input from @owocki gitcoin or shapeshift like zooko suggested on how/why to make a dao
Can someone provide a risk assessment of ETH hosted smart contract DAO?
We wouldn’t really want to risk ZEC funds due to no fault of Zcash network.
And don’t forget paying ETH’s high/unpredictable gas fees.
If we are to pursue creating a DAO, I would suggest keeping it simple and Zcash based; and maybe use Gitcoin, to provide an easy to use UX for hosting grants & a T-addrs multi-sig approval framework. Gitcoin have already added basic T-addrs ZEC support from the last Zcash Grants Round.
I support ZOMG elected members to be the ones that draft and post bounties on Gitcoin platform, and kickstart the funding mechanism where pseudonymous contributors can claim grants on Gitcoin platform.
Then, following the learnings of operating the DAO, Zcash Community can discuss and decide to start allocating more ZEC funds to the multi-sig T-address, and after a couple ZOMG rotations, maybe then move to 100% DAO run MGRC?
I’m all for this, and thanks for your thoughtfulness. One issue, and maybe I’m misreading your response—I believe @stickyplot was looking for an inroad to pseudonymously contribute resources rather than be awarded them. I don’t see a solution for him, & others in that position, here.
What if the members of ZOMG handled their DAO forming task “voluntarily,” and separate from their roles in ZOMG? To be remunerated by the futureDAO and not the ZF. This way, members of a community nowDAO ( immediate, multisig? & inclusive of pseudonymous ids) could contribute to the formation, funding, and participation of futureDAO.
Just a small precision, they are sapling compatible but not shielded (in case someone assumed they would be).
thank you for clarifying. this makes sense. ZF distributes funds to ZOMG to begin with. cool.
I’m not familiar with what ShapeShift did. feel free to explain how this relates to the topic.
Id rather not get into forking zcash for these purposes… that doesn’t add to the value of zcash or the ability to create a DAO. Using ethereum(where DAO is governed with smart contract) is the way, using renZEC… my question was more about the ability to fund a DAO on ethereum with a grant from ZOMG. it can only be done with the DAO revealing members receiving the funds from ZOMG if that were to happen. got it. otherwise we have to self fund.
i do wonder how all of these anon groups operate on ethereum. i imagine they dont bother with the IRS.
Here’s my quick risk assessment of an Ethereum DAO using RenZEC. A few important points before I dive in:
- Here I’m only describing risks, but there are plenty of opportunities and benefits. In my personal opinion, those opportunities and benefits far outweigh the risks for “reasonably sized experiments”. For example, I’d want to see a functioning DAO before I’d personally support allocating Dev Funds to it, but I’d also support allocating a small DF portion to a system even with some of the risks below.
- I’m doing a lot of guesswork, especially on Ethereum DAO contracts and RenVM. I don’t know much about these, and I’m kind of just generalizing or guessing worst-case downsides.
- I have no idea of probabilities, so I’m just describing risk magnitudes. A good risk estimate combines magnitudes with probabilities.
- If this post were written by someone else, I totally wouldn’t rely on it when deciding if I should use a Zcash DAO on Ethereum experiment. I’d want to see other signs like many developers participating, using standard contracts, public audits or reviews from Ethereum DAPP experts, etc… I would probably participate with a small amount even without a lot of that verification, though!
So here’s my brainstorm on risk magnitudes at different layers:
Risks in Ethereum protocol:
- MEV developments may increase risk of rollbacks. In the worst downside case, MEV may literally destroy Ethereum consensus guarantees, although it doesn’t seem like many reasonable folks see this as too likely.
- PoS transition may have systemic technical flaws, causing the whole thing to crash.
- Expensive rollback / chain-splitting attacks may have larger pay-offs than the basic analysis of ETH, because of all of the smart contract value. This kind of issue may mean a Zcash DAO would be fine unless the value of Zcash grew immensely, and we may not notice that transition.
- Standard security bugs in the protocol layer.
- No notable on-chain privacy. Some privacy maybe in DAPP layer (though I’m skeptical). Note that getting from shielded ZEC into the DAO at least has the potential to unlink the controller’s DAO position/history from their overall ZEC history, which is already a big advantage over standard Ethereum DAO usage.
Risks in Ethereum DAPP layer - DAO contracts:
- DAO contracts may have critical vulnerabilities that destroy the treasury, grant attackers unilateral control over funds, or the ability to manipulate votes.
- DAO structure may be attackable or gameable without technical security bugs, such as financial tricks (borrowing funds to vote, etc…) or just bad dynamics in the DAO rule design.
- DAO likely wouldn’t provide privacy. Votes are likely to be tied directly to wallet addresses.
- Because DAO voting is unlikely to have good privacy, any vote will probably have visual real-time updates, and that might change participant voting behavior in odd ways. (Example: creating “fake-out” votes, or waiting to vote until right before a deadline.)
- Voting near deadlines may be manipulable by miners, stakers, or MEV-organized reorg attacks.
- Fees may be excessive and unpredictable. What if, for example, you plan to vote on a poll that’s open for one month, but you decide to wait to see early results first, but in the intervening time, fees skyrocket x10? Or what if fees are so large that it’s not even worth participating with a given amount of ZEC.
- Usability of DAO contracts may be clunky.
- Zcash users may not be familiar with Ethereum apps/tools so the transition may be difficult.
Risks in Ethereum DAPP layer - RenVM contracts:
- Bugs or vulns could lead to theft/destruction of the entire bridge funds, such as completely nuking the ERC20 contract state. (I’m totally guessing worst case here, not sure about RenVM contracts specifically.)
- Bugs or vulns could lead to the ZEC<->RenZEC supply peg breaking, in which case any RenZEC involvement in DAOs would be uncertain.
Risks in RenVM protocl layer:
- bugs/vulns break the bridge or allow confiscating mainnet ZEC or breaking the supply peg.
Risks in ZEC protocol layer:
- Rollback attacks or chain splits may break RenVM bridge assumptions.
- If Zcash community adopts various less conservative economic policies (example: charging fees on t-addr accounts or retiring t-addrs) or something down the road, this may violate RenVM bridge assumptions and corrode the supply peg guarantees (especially if any funds have long lock-up time periods).
- UX: It would probably be initially hard to use the Zcash DAO on ethereum for native Zcash users: they may need to use multiple wallets / services, etc…
Thank you for the comprehensive challenges surrounding an ETH dependent framework.
We really need to define the requirements first before building solutions.
Some reqs. being:
- allocating 5 members the access to release funds with a 3 of 5 multi-sig T-addrs account.
- ability to rotate accounts when a new members need to take control of the Treasury.
- work the direct funding in via updates to zcashd
(these are just a few I could think of atm)
Even if we did go forward with an experimental outpost on Ethereum, is it out of the question that we could eventually develop similar contractual capabilities on the ZCash chain, including all the privacy and low fees we currently enjoy? At that point we could reseed a second “decentralized contractual community” back home with the funds and experience we’ve been gathering abroad?
Also: Could we maintain the privacy of the pseudonymous contributors by having their intent enter Ethereum as a one weighted vote by a representative?
This is a superb analysis, thank you @nathan-at-least for preparing and sharing it!
Some of these risks are, of course, “a cost of doing business” that people are already used to it in Ethereum (and especially DeFi). But it’s still important to recognize that we would be importing them into Zcash-land.
This would be especially significant if the DAO comes to control a non-negligible fraction of the ZEC supply (e.g., a significant Dev Fund slice). Beyond the individuals involved, this would also be systemic risk to Zcash, in case the DAO’s treasury is stolen through some vulnerability in the complex Ren+Ethereum+DAO system and becomes adversarially-controlled or dumped.
Imo, we could aim to set up an outpost on every block. A chicken in each pot. But never too many eggs in one basket.
I love the idea of decentralized, bottom up organization, and it’s very possible. We just need to get this contract right at the heart of each outpost.
Throwing in my 10 cents here:
I really agree with the sentiment of the OP. I think it is really important to have a “governance” or “advisory” model that can accommodate anonymity as well as the coin does.
Let me tell you a little story:
About a month ago I was looking into the ZOMG grant process. (In fact, I created this forum account at around that time.) I was putting the finishing touches on a proposal to fund my research labor for examining BCH’s CashFusion CoinJoin protocol for privacy issues – a proposal that was later funded for 18 BCH within 48 hours of going live through BCH’s decentralized Flipstarter crowdfunding system.
I thought to myself, “Golly, I wonder if I could eventually get funding to examine Zcash’s resistance to statistical attack as well. As an empirical microeconomist with very extensive training and experience in statistical analysis, I could probably make some contributions.” So I started looking through the ZOMG materials, the funded proposals, the chatter on this forum, and finally the process. As I was doing this, visions floated in my head of all the possibilities. And then I saw it: KYC required for funding. Record scratch. KYC? For a purported privacy coin?!
I don’t do KYC. I work pseudonymously. Governments are bulls in china shops when it comes to cryptocurrency regulations. The half-baked EU regulations coming down the pipeline, the draconian yet borderline unenforceable rules in the proposed USA infrastructure bill, the USA SEC threatening to sue Coinbase for no clear reason, El Salvador arresting a critic of the BItcoin Law without a warrant, and on and on. And do not forget that the USA government outlawed export of certain encryption software in the 1990’s. I don’t intend to halt research or work if and when governments engage in a general crackdown on cryptocurrency. Therefore, I don’t do KYC.
Is it so puzzling now why ZOMG has had difficulty encouraging quality proposals? People working on privacy tools may, you know, want to shield themselves from their government’s monopoly on violence. Often, the best way to do that is to remain pseudonymous. I would strongly support a proposal to figure out a way to fund proposals by individuals working pseudonymously, as BCH and XMR already do quite successfully.
I totally hear you, and so do most people here.
Unfortunately, the very regulations you enumerate make it well nigh infeasible to have coins controlled by a well-defined legal entity and disbursed without KYC.
I wonder how XMR and BCH avoided that, and can make grants that are not subject to financial regulation in any jurisdiction.
BTW, I see that Roger Ver funded you with 10.06 BCH. I was about to quip that he is a “U.S. Person” and thus must comply with OFAC sanctions, which requires him to check your identity. But turns out Roger Ver has renounced his United States citizenship and became a citizen of Saint Kitts and Nevis, so maybe it’s all good!
The Flipstarter system is quite innovative. It may be possible to do something like it with Zcash since at a protocol level BCH and Zcash share a common ancestor in BTC.
Flipstarter is permissionless, self-hosted, and non-custodial. It uses a special kind of transaction called AnyoneCanPay, described here. It has funded 80 projects for over 9,000 BCH total. As far as I know, it is the main way that development for BCH’s full node implementations are funded, in addition to many tools and promotional activities across the BCH ecosystem. A community-hosted list of known Flippstarter campaigns are available here.
As far as KYC: Well, it’s no guarantee that it was actually Roger Ver. Anyone can write whatever they want as their “name”, as well as leaving it blank for an anonymous contribution. Monero’s CCS, while more centralized, also does not required KYC and is the main way that Monero development and research is funded. Within the next few weeks I will be submitting a CCS proposal to fund a re-write of the Monero mixin selection algorithm, along the lines described here.
Also, on a completely separate level:
It sounds funny, but actually… it’s not absurd.
We built the Zerocash protocol, and the Zcash cryptocurrency, to protect people who are transacting from eavesdropping by the rest of the world. No one but the counterparties can “decrypt” the transaction or link it to others. The rest of the world only knows that, whatever happened in there, it did not mint new coins.
That doesn’t mean the counterparties don’t, or can’t, or aren’t supposed to, know each other. It’s perfectly legit to say “you want my money, tell me who you are”. What Zcash does is ensure that even if you do, no one else can learn that info or link it to other transactions, unless the counterparties reveal it.
Hear me out: What if Zcash takes a page out of Roger Ver’s book and re-incorporates the relevant legal entities in Saint Kitts and Nevis (or similar)? To make a clean break, maybe force a switch of the necessary multi-sig wallets in an upcoming hard fork. Then bada-bing bada-boom, no more KYC regulations preventing capital from combining with labor to create great things.
@Rucknium, before celebrating the pristine beauty of this island’s financial regulation, you may want to review the FATF’s evaluation of Saint Kitts and Nevis - Anti-Money Laundering and Combating the Financing of Terrorism.
Seems that the reports stopped being issued in 2014. The penultimate one says
St. Kitts and Nevis received ratings of PC [Partially compliant] or NC [Not Compliant] on thirteen (13) of the sixteen (16) Core and Key Recommendations
Looks like the government won’t interfere much. Great.