How to check the Lido DAO onchain vote #183

# How to check the Lido DAO onchain vote #183 ## What the vote is about It packs together the execution of the two different motions: - CSM: Enable Permissionless Phase, Increase the Share Limit and Increase the Priority Exit Threshold - Node Operator (NO) Acquisitions: Change the name of Bridgetower to Solstice ## Resources for the Proposal Validation The resources mentioned in this section are assumed to be trustworthy and reliable. - Lido contracts getting called in the vote: https://docs.lido.fi/deployed-contracts/ - Blockchain explorers to read the state of contracts: https://etherscan.io or any alternative (i.e. https://eth.blockscout.com) - Proposal details & previous Lido DAO votes: [posts on the research forum](https://research.lido.fi/) and [snapshot votes](https://snapshot.org/#/lido-snapshot.eth) ## Voting Script ### I. **CSM: Enable Permissionless Phase**, **Increase the Share Limit** and **Increase the Priority Exit Threshold** 1. Grant `MODULE_MANAGER_ROLE` on CS Module to Aragon Agent - The CSModule address can be checked via [Lido docs](https://docs.lido.fi/deployed-contracts/#community-staking-module) - The vote calls the [method `grantRole`](https://etherscan.io/address/0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F#writeProxyContract#F21) with the parameters `role` set to `0x79dfcec784e591aafcf60db7db7b029a5c8b12aac4afd4e8c4eb740430405fa6` (that's the keccak of "MODULE_MANAGER_ROLE" that can be verified by calling [this method](https://etherscan.io/address/0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F#readProxyContract#F7)) and `account` set to `0x3e40D73EB977Dc6a537aF587D48316feE66E9C8c` (that's the address of the AragonAgent that can be verified via [Lido docs](https://docs.lido.fi/deployed-contracts/)) ``` On [CSModule] 0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F function grantRole( bytes32 role, address account ) Call data: [1] 0x79dfcec784e591aafcf60db7db7b029a5c8b12aac4afd4e8c4eb740430405fa6 [2] [AragonAgent] 0x3e40D73EB977Dc6a537aF587D48316feE66E9C8c ``` 2. Activate **public release mode** on CS Module - The CSModule address can be checked via [Lido docs](https://docs.lido.fi/deployed-contracts/#community-staking-module) - The current state can be checked by querying [the `publicRelease` method](https://etherscan.io/address/0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F#readProxyContract#F42) -- it should return `false` - The vote calls the [method `activatePublicRelease`](https://etherscan.io/address/0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F#writeProxyContract#F1) as requested in [the research forum post](https://research.lido.fi/t/community-staking-module/5917/75) and supported during [the snapshot](https://snapshot.box/#/s:lido-snapshot.eth/proposal/0x7cbd5e9cb95bda9581831daf8b0e72d1ad0b068d2cbd3bda2a2f6ae378464f26) ``` On [CSModule] 0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F function activatePublicRelease() Call data: [empty] ``` 3. Increase **stake share limit** from `1%` to `2%` on CS Module and increase the **priority exit threshold** from `1.25%` to `2.5%` - The StakingRouter address can be checked via [Lido docs](https://docs.lido.fi/deployed-contracts/#curated-module) - The current data can be checked by querying [the `getStakingModule` method](https://etherscan.io/address/0xFdDf38947aFB03C621C71b06C9C70bce73f12999#readProxyContract#F26) with `id` set to `3` (the id given to the CSM when [it was created](https://etherscan.io/tx/0x0078b3e0cecb3b50c78a22e0b1a985e6cde3bf431e9cb3b2ba4e50260122d542#eventlog#594)) -- it should return the structure with the current data - The vote calls the [method `updateStakingModule`](https://etherscan.io/address/0xFdDf38947aFB03C621C71b06C9C70bce73f12999#writeProxyContract#F18) with a couple of new parameters -- new `_stakeShareLimit` set to `200`, `_priorityExitShareThreshold` set to `250`, and the rest of the parameters are the same as they were ``` On [StakingRouter] 0xFdDf38947aFB03C621C71b06C9C70bce73f12999 function updateStakingModule( uint256 _stakingModuleId, uint256 _stakeShareLimit, uint256 _priorityExitShareThreshold, uint256 _stakingModuleFee, uint256 _treasuryFee, uint256 _maxDepositsPerBlock, uint256 _minDepositBlockDistance ) Call data: [1] 3 [2] 200 [3] 250 [4] 600 [5] 400 [6] 30 [7] 25 ``` 4. Revoke `MODULE_MANAGER_ROLE` on CS Module from Aragon Agent - The CSModule address can be checked via [Lido docs](https://docs.lido.fi/deployed-contracts/#community-staking-module) - The vote calls the [method `revokeRole`](https://etherscan.io/address/0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F#writeProxyContract#F40) with the parameters `role` set to `0x79dfcec784e591aafcf60db7db7b029a5c8b12aac4afd4e8c4eb740430405fa6` (that's keccak of "MODULE_MANAGER_ROLE" that can be verified by calling [this method](https://etherscan.io/address/0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F#readProxyContract#F7)) and `account` set to `0x3e40D73EB977Dc6a537aF587D48316feE66E9C8c` (that's the address of the AragonAgent that can be verified via [Lido docs](https://docs.lido.fi/deployed-contracts/)) ``` On [CSModule] 0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F function revokeRole( bytes32 role, address account ) Call data: [1] 0x79dfcec784e591aafcf60db7db7b029a5c8b12aac4afd4e8c4eb740430405fa6 [2] [AragonAgent] 0x3e40D73EB977Dc6a537aF587D48316feE66E9C8c ``` II. **NO Acquisitions: Bridgetower is now part of Solstice Staking** 5. Rename Node Operator ID `17` from BridgeTower to `Solstice` - NodeOperatorsRegistry address can be checked via [Lido docs](https://docs.lido.fi/contracts/node-operators-registry) - The current name can be checked by querying [`getNodeOperator` method](https://etherscan.io/address/0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5#readProxyContract#F20) with `_nodeOperatorId` set to `17` and `_fullInfo` set to `true` -- it should return a structure with the field `name` equal to `BridgeTower` - The vote calls the [method `setNodeOperatorName`](https://etherscan.io/address/0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5#writeProxyContract#F5) with the parameters `_nodeOperatorId` set to `17` and `_name` set to `Solstice` as requested in [the research forum post](https://research.lido.fi/t/node-operator-registry-name-reward-address-change/4170/41) ``` On [NodeOperatorsRegistry] 0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5 function setNodeOperatorName( uint256 _nodeOperatorId, string _name ) Call data: [1] 17 [2] Solstice ``` ## How to Validate the Proposals Using the how-to, one can verify all addresses and details of the instruction. Let's check one address as an example to ensure it is not malicious. Imagine the following situation: there was a merger of two different node operators (NOs) that resulted in a request to change the name of a NO. To do that, we go through several steps: 1. At first, we're going to work with [https://docs.lido.fi](https://docs.lido.fi/) to make sure that the contract belongs to Lido: - In the search bar in the upper-right corner, paste the address and click on the result ![Screenshot 2025-01-24 at 17.55.22](https://hackmd.io/_uploads/ByYNIrbOJl.png) - Using Cmd + F (on Mac) or Control + F (on Windows), find the address on the page and check that it belongs to the registry: ![Screenshot 2025-01-24 at 17.56.48](https://hackmd.io/_uploads/H1AvUB-d1g.png) 2. Next, we want to make sure that the method mentioned in the instruction does what it says it does: - Go to the contract page (click on the address); - Press the "**Contract**" button: ![Screenshot 2025-01-24 at 17.58.36](https://hackmd.io/_uploads/BJhRIHb_1g.png) - Press the “**Write as Proxy**” button: ![Screenshot 2025-01-24 at 17.59.53](https://hackmd.io/_uploads/BJi7vBbuyg.png) - Find the method mentioned in the instruction and click on its name, then check the description: ![Screenshot 2025-01-24 at 18.00.55](https://hackmd.io/_uploads/B1HdDSZOkx.png) 3. We need to check the params: - Ensure that the names of the params for the method setNodeOperatorName on https://etherscan.io and in the instruction match: ![Screenshot 2025-01-24 at 18.02.03](https://hackmd.io/_uploads/SyRivBWuJg.png) 4. Now, let's verify the values of the params: - Ensure that the values mentioned in the description and in the code match: ![Screenshot 2025-01-24 at 18.09.12](https://hackmd.io/_uploads/r1w_YHbOyl.png) 5. At last, it's necessary to verify that the description of the proposal on https://research.lido.fi (+ https://snapshot.org/#/lido-snapshot.eth if there's a snapshot) and in the instruction match. Don't forget to check the author of the proposal and comments (to ensure there are no objections) We've verified one address, the params for its method, and the description of the proposal by using https://etherscan.io/, https://docs.lido.fi, https://snapshot.org/#/lido-snapshot.eth, and https://research.lido.fi/. By following these steps, you can verify the rest of the information provided in this instruction to ensure that it is not malicious.