<--![TOC] # Ask Warcamp Expert Notes ## Ceresbzns, June 1, 2022 ### Crypto Wallets [Slide Show](https://hackmd.io/@srs-bzns/crypto-self-defense#/) Security is generally about trade offs attackers are looking for lowest lift for highest payoff Private Key is just a string of text - the words that are easy for humans is made by MetaMask MetaMask - stores the private key on your computer Hardware Wallet - stores the private key on a tiny tiny computer - transactions are signed on the hardware wallet - Ceres prefers Tesor, cuz it's open source and open source has more longevity Only physically write down to save your seed phrase - no screen shot - not online - not on your computer The interent is deeply insecure. - don't just click on links - bookmark the ones you want to be sure you can trust - don't download files if you can avoid it - cloud based files, like hackmd and google sheets are safer than sending files - keep your machine up to date - constant security patches Common attack vectors - phishing - email - too good to be true - if you ask for help, someone will try to send you a link to steal your crypto - malware - remote access tools, key loggers - scrape your computer Have a separate computer for your crypto Don't give aprovals to your erc20s to any contract that you don't 99% trust. **revoke.cash** You can always move your funds to another address - the hardware can make more addresses ### Obfuscate your crypto - spread out your crypto accross many addresses - tornado.cash protocol - you take a pile of eth, put it into the contract, you get a key - at some point you bring the key back to tornado and ask to withdraw and move to another address - tornado will send the eth to a fresh address - because so much eth is moving in and out of tornado, its so much work to break the obfuscation - tornado got a MolochDAO grant - the relayer gets paid to move crypto for you #### ENS names - domain names but with crypto - can look up someone's address and see how much crypto that address has - can hook up ens name with tornado Combo: Hardware Wallet and a safe? - you can put large amounts of funds in a Gnosis safe - the three signers can be three separate wallets that are your own - if one of your keys get's compromised, you will hopefully have some more that will work ### Beneficiary - nothing really great yet - arrainge with someone to own the keys - trezor - shared secret system - splits the seed phrase into 5 - can give the pieces to people you trust - the trusted people can come together and get in your wallet - keep your seed phrase in a physical safe (maybe include instructions) - give the code of your safe to someone you trust ***If your seed phrase has been compromised, don't expect that only one person has it. Assume, instead, that the whole world has it.*** ## Jord May 24, 2022 ### Boosts way to add fuctionality to your DAO if you have DAO and you're doing something repeatedly and are tired of doing that discord transactions mapping how one thing leads to another Moloch DAOs can only do certain things kinda limited fuctionality DAOs can interact with other smart contracts minion is the adapter - calls other contracts tell the minion what to do with instructions packaged the instructions as boosts minion wraps a proposal - once the proposal passes it can go ahead and act - tied to the proposal flow Shaman - more like an admin - kinda overwrights governance - way of adding a smart contract into the DAO so you can change the way governance happens - customize inner workings of the DAO - set the shamans to have different admin powers - outside of the proposal flow - given powers that it has rights to do - onboarding like the Yeeter - if treasury balance is to low then kick out everyone - want to tie the shamans interaction to proposal flow? like a minion - limitless possibilities - contract fuctionality added into the DAO ### Bolt ons ways of building specialized DAO applications accessing DAO data through DAO APIs Dework has a gnosis safe thats connected to a minion safe - boost #### Boost vs Bolt On boosts live mainly in DAOhaus app UI Bolt On has their own application and uses DAOhaus back end Can deploy something using a boost and then can build a new app Often starts with boosts and then to bolt on Windows :) right now they're building developer tools so that the bolt ons and boosts are much easier and faster to build - encouraging developers to build Gnosis safe is more general but also encourages development Poster posts directly on chain subgraph challenges - use IPFS the hash on chain directs you to the content on chain subgraph is then used for querying IPFS is a massive blob of data - hashes are keys to finding the exact data you're calling for or asking for btw, Jord likes italian food and wears running shoes with the laces tied tight :) ## Goblinbzns, May 11, 2022 Down 98% in the last 7 days. - terra is a cosmos blockchain and offered a 20% yield from people buying in, but if people are selling it's a death spiral - stablecoins are a huge deal and not all are made equal - few stablecoins in the ecosystem - Dune - gets high quality data on chain - popular, allow relatively stable value and transfer How are stablecoins structured? - 3 stablecoins worth - Custodial and Non-Custodial - USDT (tether, offshore) power over the erc20 contract - Custodial - have dollars and things like dollars to back - 35% of stables on ethereum are tether - fraud - don't really have enough dollars to back - can blocklist addresses, like hackers - ether can't do that - USDC - backed by Circle (Powerful!), consortion (US based) including Coinbase - fungible - not audit, but austitations show enough decent cash and real collectable debt back (collatorized) - Circle can censor addresses and smart contracts - could kill Maker by blacklisting DAI - DAI - bring collatoral to borrow against - like eth for dai - if the price of eth drops then theres an imbalance - you get liquidated and your dai is brought out of the system - can only produce enough dai as much as people who are willing to borrow and risk being liquidated - more demand than supply - Maker solved by accepting stablecoins - Peg Stability Model - smart contract - interest rates are trivial in the vaults - cost to borrow is almost irrelevant - ratio subjective to liquidation - oracles - smart contract checking the price - if your eth in the vault is worth less than what it was when you borrowed then you eth goes up for auction on discount - UST - Terra coin collapsed - produced by staking Luna - USDT - in the process of collapsing - UST was a new blockchain spin up by a grifter - algorithmic stablecoin - ponzi scheme - "bank run" - If you hold crypto assests, the fuction of the economic system interplays. - certain protocols are at existential risk if USDT is less than a dollar - the value of Ethereum is driven by trust and ability to engage in ecosystem - where do the protocols interect? - if UST should be avoided, than anything that touches UST should also be avoided - High Market Cap - if a protocol is on top of ethereum than it's gonna be related - historical cycles of eth - where do we bottom out to? - eth merge is very close - good econimic structuring - regulatory risk - what if Coinbase gets shut down? - notible events get regulator attention - Run on Tether - attracts regulators - Eth is ~250B - adding all the other protocols adds another ~200B #### How can we plan, individually and as a DAO? The general impact on us, our funds in CCO3 is in Eth, so our runway is directly connected to the dollar value of eth. How do we want to structure our treasury to protect with this volatility? Resources in stables that we trust as LPs, to make some hedging with hopefuly some upside. If the market is going down: - create a model - what happens to the value over time? - holding resources in DAI/USDC LP and DAI/xDAI LP and the rest in Eth - flat market, vs eth going up or down - not trying to predict - instead trying to prepare for anything Coordinate burn lowering - contributors all agree to lower burn What's the mechanism destroying USDT? - in the wake of UST collapsing, there's been a flight from USDT to USDC and DAI - general flight to safety happening - scared of Tether UST crashing, largely left Curve unscathed? - UST and USDT aren't directly related - Curve has three pools - UST created four pool - doesn't explicity effect three pools **Information asymentry** - insiders know info that's materially relevant - education and understanding of how crypto and markets work - example: bitcoin sv - been restructured multiple times by attackers, but is still a billion dollar market cap - malicious insiders out to steel - acting in good faith but don't have understanding *There's so much information asymetry and there's lots of conversation just out there to learn.* *Being curious and reading can make information asymentry work in your favor.* ### Recomendations 1. get a strong understanding of the principles of how this works - Bankless - Finematics - economics basics 2. how to assess something specific - sources analysis - Maker DAO forum risk analysis - 1000% apy - don't touch it, probably ponzi - Karpatkey reports - Hedgefund treasury management - Cryptoskeptics - don't always read the feel good cyrpto is gonna eat the world #### [Tokenomic Traffic and Weather](https://discord.com/channels/709210493549674598/740299170589704364/974044628049362985) AMM patterns: Uniswap v3 Uniswap v2 Balancer v2 Curve https://dune.com/hagaetc/dex-metrics Sources // News (roughly in order of quality): Week in Ethereum newsletter Bankless weekly rollup (podcast) Gnosis Chain weekly newsletter Paradigm biweekly dao report Discord crypto twitter "CT" (cobie, dystopiabreaker, degenspartan, timbeiko, superphiz, &c.) reddit Sources // Data: Dune.com dashboards David Mihal dashboards (https://cryptofees.info/) Defi Llama Sources // Analysis: MakerDAO forums (collateral / risk reports) cryptoskeptics (crypto critics corner, web3 is going great, rekt) Karpatkey reports Finematics Existential risks in crypto today: unbacked USDT (Tether) centralized stablecoins as regulatory attack / capture vector (USDC) centralized exchanges & banking on/off ramps as regulatory attack / capture vector PoW as failure in survivability onion ### Spontaneous Q&A in Discord, May 16, 2022 Could you say that staking HAUS in this pool gives the token another value aspect besides exchanging it for eth or whatever and this encourages holding it? *Broadly, yes* Potentially, can any token be used as collateral and staking? *Collateral is maybe not the most accurate word here, but generally, yes. Any liquidity pool on Balancer can become eligible for a veBAL gauge and therefore liquidity providers (LPs) can receive BAL rewards for staking their LP tokens to the gauge (assuming veBAL holders vote to send emissions to that pool / gauge)* *If there isn't a gauge already for a pool, it needs to pass a Balancer governance vote to create one.* So I'm relating to owning real estate, where unless you're flipping the value is in the the potential credit??? *The thing is that lending protocols only allow certain tokens to be used as collateral, and they allow different % of borrowing depending on the quality of the asset* *Most lending protocols will let you borrow against ETH, WBTC, DAI, USDC, etc. Some protocols let you borrow against riskier assets, but also those lending platforms are riskier (e.g., CREAM)* *At present, there are no protocols that accept HAUS as collateral* *This was something I was thinking about trying to pursue (getting HAUs as collateral on something like Agave, Kashi or Rari) but the past six months has taught us that lending protocols carry a LOT of smart contract risk, so I've shelved the idea for now* like security risk or market volatility risk? *both, actually Right now, the value proposition of holding HAUS is* 1) you can exchange it for ETH 2) price may go up (it may go down) 3) you get gov rights in Uberhaus (soon ™️ ) 4) you believe in DAOhaus and want to support 5) at some big number, you get a backstage pass to war camp channels (citadel role) 6) you can LP it on Swapr or Balancer to get the liquidity mining rewards *We need more / more compelling value props tho, and that's a major priority for Alchemists* ## Spencer April 28, 2022 Suggestion: DAOhaus Glossary Update - what is a signal tool - what is a social token - what is a multisig - what's the difference between ICO, CCO,... - web search brings web2 results Scalably accessability can come out of these conversations. What is relevant to us? What can we clarify in our docs? ### Shamans (Yeeter and DAOgroni) It's possible to have a minion shaman. A shaman is any Ethereum address, typically a smart contract, that's been approved by the DAO as a shaman. That address gets power to edit balances of shares and loot in the DAO. It can mint or burn new shares and loot for people in and out of the DAO. Can have many types of shamans that use different powers and logic. Yeeter contract says: if I'm the contract, then if I recieve tokens from an address, then I mint new loot to that address in proportion to the amount I recieve and then send the tokens to the DAO treasury. Can be loot, shares or a combination of both DAOgroni: NFT contract, with shaman capabilities added on to it. If someone buys an NFT from me, then I'm gonna mint the NFT for them, changing the balance to 1, and I'm also gonna mint some loot in the DAO. The drink action does the loot minting. Logic is encoded into a smart contract. Minion can be a shaman when the minion address is approved as a shaman. Via a minion, a DAO can burn any number of loot or shares for anyone. Moloch V2.5 - adds shaman capability Only one set of permissions for shamans, and that's full access to minting and burning loot and shares Moloch V3 - shamans has more variations ### Minions Moloch V2 Proposals have access to ability to give people new shares or loot and transfer tokens out of the DAO. anything, like dispersing tokens or hedgyNFT or token swaps, requires a minion minions: wrapper around a DAO Minion proposal: hi minion contract, record this action that I want you to take, like transactions. encode the information and eventually execute. Only do the action when a certain proposal passes. Minion proposal: creates a proposal that doesn't actually do anything. minion reads status of a proposal and if it passes then it executes instructions. Minion is called a minion cuz it's a helper Transaction = go minion = if this then go minion as a shaman = if this then mint or burn shares or loot all of our minions are vaults, in practice, although, theoretically, minions don't need a minion Minions have two parts 1 vault (gnosis safe) 2 contract (go between DAO and safe) Contract relys on the vault. it speaks through the vault. A proposal on the DAO that has instructions for the minion to do something. those instructions can only touch the vault attached to the minion. Minion hands the thing to the vault DAO = brain minion = nerves vault = mouth Moloch V2 is a DAO smart contract Moloch V3, the DAO uses a gnosis safe as a treasury and no longer requires minions. Minions are integrated into the DAO contract and shamans are a separate contract. Lets talk about Boosts...another time. **Let's also talk about network and flywheel and the token and open a can of worms.** ## Spencer April 4, 2022 ### Bitcoin creates a pubic database that's hosted and controled by distributed nodes. Only a database about money. Only tracks balances. ### Ethereum can store anything in the database. Devs can write custom rules about how their portion of the database gets updated. ### Ether is tracked natively, kinda like bitcoin. Tokens are using the same database. ERC20 tokens have found a standard way of defining parts of the database that includes the list of addresses and balances. The rules to update are token transfers. Token transfers tell the smart contract to add from one account and subtract from another. ### MolochDAO (V2.1) shares and loot is the same thing as a token. Just transactions and balances. Doesn't allow direct back and forth between users, has to go through DAO proposal. The contract includes all the rules of a proposal process. ### Shaman (Molochv2.5 - DAOgroni) separate contract - DAO approves this separate contract to make changes to data that's part of the DAO. It gets direct access to data without going through the proposal process. Dev makes the logic in the shaman contract. ### DAOgroni DAOgroni NFT contract is the shaman. NFTs are similar to ERC20, but adds more identification. If someone mints a cocktail NFT, and then they drink it, using the shaman to change the number of shares that person has inside the MolochDAO, instantaneously, because it avoids the proposal process. First you buy the NFT, xDAI gets forwarded to DAO treasury, then you drink it, which gives you DAO shares. ### Wrapping On Etherum blockchain, eth is the native token with some special properties. MolochDAOs use the ERC20 logic which has additional properties that regular eth does not. Wrapping: deposit eth in a smart contract that wraps the eth and gives it additional properties. Unwrapping: withdrawing weth from the smart contract, unwraps the weth and removes the additional properties