How to check the Lido DAO onchain vote #181

# How to check the Lido DAO onchain vote #181 ## What the vote is about [The onchain vote #181](https://vote.lido.fi/vote/181) packs together execution of the three different motions: - Tweaking ATC and PML quarterly Easy Track stables transfer limits PML: 6M ->4M stables / quarter & ATC 1.5M -> 7M stables/quarter ([snapshot](https://snapshot.org/#/lido-snapshot.eth/proposal/0x44bc7db53129ab4048c7f6f5cdc03407ec73444cbb5976c9579cb19bd3b57f7e)) - Tweaking and resetting Stonks stETH transfer limits 9k stETH -> 12k stETH / 6 months ([TMC proposal](https://research.lido.fi/t/tmc-4-increase-stonks-execution-limits/8616/2)) - Simply Staking Node Operator Reward Address change ([forum request](https://research.lido.fi/t/node-operator-registry-name-reward-address-change/4170/36?u=kadmil)) ## Resources for the Proposal Validation The resources mentioned in this section are assumed to be trustworthy and reliable. - Lido contracts getting called in the vote: https://docs.lido.fi/deployed-contracts/ - Blockchain explorers to read the state of contracts: https://etherscan.io or any alternative (i.e. https://eth.blockscout.com) - Proposal details & previous Lido DAO votes: [posts on the research forum](https://research.lido.fi/) and [snapshot votes](https://snapshot.org/#/lido-snapshot.eth) If you're new to the blockchain tooling, check out the ["how to check things" section](https://hackmd.io/u6dYQ65eRa2eerBoUa-haA?view#How-to-Validate-Proposals) at the end of the how-to. ## Voting Script ### I. Change Easy Track Limits for PML and ATC 1. ATC: increase the limit from 1,5m to 7m USDC/USDT/DAI per quarter — set 7'000'000 limit on ATC registry [0xe07305F43B11F230EaA951002F6a55a16419B707](https://etherscan.io/address/0xe07305f43b11f230eaa951002f6a55a16419b707) for 3 months - ATC registry [0xe07305F43B11F230EaA951002F6a55a16419B707](https://etherscan.io/address/0xe07305f43b11f230eaa951002f6a55a16419b707) address can be checked against [the Easy Track factories for token transfers list](https://docs.lido.fi/deployed-contracts/#easy-track-factories-for-token-transfers) - Current limit can be checked by quering [`getLimitsParameters` method](https://etherscan.io/address/0xe07305F43B11F230EaA951002F6a55a16419B707#readContract#F9) — it should return the tuple {`1500000000000000000000000`, `3`}, where the first number is `1,500,000 * 10^18` (accounting for 18 decimals), the second value `3` is number of months the limit is set for - The vote calls the method *[setLimitParameters](https://etherscan.io/address/0xe07305f43b11f230eaa951002f6a55a16419b707#writeContract#F7)* with parameters `_limit` set to `7,000,000*10^18` and `_periodDurationMonths` set to `3` as requested in [the snapshot vote](https://snapshot.org/#/lido-snapshot.eth/proposal/0x44bc7db53129ab4048c7f6f5cdc03407ec73444cbb5976c9579cb19bd3b57f7e). ``` On ATC [registry] 0xe07305F43B11F230EaA951002F6a55a16419B707 function setLimitParameters( uint256 _limit, uint256 _periodDurationMonths ) Call data: [1] 7000000000000000000000000 [2] 3 ``` 2. PML: decrease the limit from 6m to 4m USDC/USDT/DAI per quarter — set 4'000'000 limit on PML registry [0xDFfCD3BF14796a62a804c1B16F877Cf7120379dB](https://etherscan.io/address/0xdffcd3bf14796a62a804c1b16f877cf7120379db) for 3 months - PML registry: [0xDFfCD3BF14796a62a804c1B16F877Cf7120379dB](https://etherscan.io/address/0xdffcd3bf14796a62a804c1b16f877cf7120379db) address can be checked against [the Easy Track factories for token transfers list](https://docs.lido.fi/deployed-contracts/#easy-track-factories-for-token-transfers) - Current limit can be checked by quering [`getLimitParameters` method](https://etherscan.io/address/0xDFfCD3BF14796a62a804c1B16F877Cf7120379dB#readContract#F9) — it should return the tuple {`6000000000000000000000000`, `3`}, where the first number is `6,000,000 * 10^18` (accounting for 18 decimals), the second value `3` is number of months the limit is set for - The vote calls the method *[setLimitParameters](https://etherscan.io/address/0xDFfCD3BF14796a62a804c1B16F877Cf7120379dB#writeContract#F7)* with parameters `_limit` set to `4,000,000*10^18` and `_periodDurationMonths` set to `3` as requested in [the snapshot vote](https://snapshot.org/#/lido-snapshot.eth/proposal/0x44bc7db53129ab4048c7f6f5cdc03407ec73444cbb5976c9579cb19bd3b57f7e). ``` On PML [registry] 0xDFfCD3BF14796a62a804c1B16F877Cf7120379dB function setLimitParameters( uint256 _limit, uint256 _periodDurationMonths ) Call data: [1] 4000000000000000000000000 [2] 3 ``` ### II. Stonks stETH Limits Update 1. Update limit from 9,000 to 12,000 stETH per 6 months on Stonks stETH registry [0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0](https://etherscan.io/address/0x1a7cfa9efb4d5bffde87b0faeb1fc65d653868c0) - Stonks stETH AllowedRecepients registry [0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0](https://etherscan.io/address/0x1a7cfa9efb4d5bffde87b0faeb1fc65d653868c0) address can be checked against [the Easy Track factories for token transfers list](https://docs.lido.fi/deployed-contracts/#easy-track-factories-for-token-transfers) - Current limit can be checked by quering [`getLimitParameters` method](https://etherscan.io/address/0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0#readContract#F9) — it should return the tuple {`9000000000000000000000`, `6`}, where the first number is `9,000 * 10^18` (accounting for 18 decimals), the second value `6` is number of months the limit is set for - The vote calls the method *[setLimitParameters](https://etherscan.io/address/0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0#writeContract#F7)* with parameters `_limit` set to `12,000*10^18` and `_periodDurationMonths` set to `6` as [requested in TMC proposal](https://research.lido.fi/t/tmc-4-increase-stonks-execution-limits/8616). ``` On stETH registry [registry] 0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0 function setLimitParameters( uint256 _limit, uint256 _periodDurationMonths ) Call data: [1] 12000000000000000000000 [2] 6 ``` 2. Reset the amount spent on Stonks stETH registry [0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0](https://etherscan.io/address/0x1a7cfa9efb4d5bffde87b0faeb1fc65d653868c0) - stETH registry address is the same as in previous call — [0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0](https://etherscan.io/address/0x1a7cfa9efb4d5bffde87b0faeb1fc65d653868c0) - The current spendable balance can be checked by calling [`spendableBalance` method on the registry](https://etherscan.io/address/0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0#readContract#F15), which should return `0` — meaning no more spendable stETH available for TMC - The vote calls the method *[unsafeSetSpentAmount](https://etherscan.io/address/0x1a7cfa9efb4d5bffde87b0faeb1fc65d653868c0#writeContract#F8)* with a parameter `_newSpentAmount` set to `0`. It sets the amount of tokens spent in the current period to `0` as [requested in TMC proposal](https://research.lido.fi/t/tmc-4-increase-stonks-execution-limits/8616). ``` On stETH [registry] 0x1a7cFA9EFB4D5BfFDE87B0FaEb1fC65d653868C0 function unsafeSetSpentAmount( uint256 _newSpentAmount ) Call data: [1] 0 ``` ### III. Simply Staking Reward Address Change 1. Change staking reward address to [0x1EC3Cbe8fb1D8019092500CcA2111C158a35bC82](https://etherscan.io/address/0x1ec3cbe8fb1d8019092500cca2111c158a35bc82) for node operator with id = `16` (Simply Staking) - Node Operator Registry [0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5](https://etherscan.io/address/0x55032650b14df07b85bf18a3a3ec8e0af2e028d5) (proxy) address can be checked against [the Curated Module section](https://docs.lido.fi/deployed-contracts/#curated-module) in docs - To check the Node Operator data, query the [`getNodeOperator` method on `read as proxy` tab](https://etherscan.io/address/0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5#readProxyContract#F20) with parameters `16` (NO id) and `true` (param to show the NO name). Query should return the tuple with `name` set to `Simply Staking` and `rewardAddress` set to `0xFEf3C7aa6956D03dbad8959c59155c4A465DCacd` - The vote calls the method *[setNodeOperatorRewardAddress](https://etherscan.io/address/0x55032650b14df07b85bf18a3a3ec8e0af2e028d5#writeProxyContract#F19)* with parameters `_nodeOperatorId` set to `16` and `_rewardAddress` set to [`0x1EC3Cbe8fb1D8019092500CcA2111C158a35bC82`](https://etherscan.io/address/0x1ec3cbe8fb1d8019092500cca2111c158a35bc82) as [requested by the Node Operator](https://research.lido.fi/t/node-operator-registry-name-reward-address-change/4170/36?u=kadmil) on the forum ``` On Node Operator Registry [registry] 0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5 function setNodeOperatorRewardAddress( uint256 _nodeOperatorId, address _rewardAddress ) Call data: [1] 16 [2] 0x1EC3Cbe8fb1D8019092500CcA2111C158a35bC82 ``` ## How to Validate Proposals Using the how-to, one can verify all addresses and details of the instruction. Let's check one address as an example to ensure it is not malicious. Imagine the following situation: *the limits need to be changed for ET on ATC. The instruction states that increasing the limit from 1,5m to 7m USDC/USDT/DAI per quarter is necessary. In other words, to set 7'000'000 limit on ATC registry `0xe07305F43B11F230EaA951002F6a55a16419B707` for 3 months* In this case, we need to verify the address `0xe07305F43B11F230EaA951002F6a55a16419B707`. To do that, we go through several steps: 1. At first, we're going to work with [https://docs.lido.fi](https://docs.lido.fi/) to make sure that the contract belongs to Lido: - In the search bar in the upper-right corner, paste the address and click on the result: ![1](https://hackmd.io/_uploads/SJWHymoMke.png) - Using Cmd + F (on Mac) or Control + F (on Windows), find the address on the page and check that it belongs to the registry: ![2](https://hackmd.io/_uploads/BJVIkmozJe.png) 2. Next, we want to make sure that the method mentioned in the instruction does what it says it does: - Go to the contract page (press the button "**Contract**"): ![5](https://hackmd.io/_uploads/rkgRk7sGyx.png) - Press the “**Write contract**” button: ![6](https://hackmd.io/_uploads/r151lXifye.png) - Find the method mentioned in the instruction and click on its name: ![7](https://hackmd.io/_uploads/BJNxeQoMke.png) 3. We need to check the params: - Ensure that the names of the params for the method setLimitParameters on https://etherscan.io and in the instruction match: ![Screenshot 2024-11-21 at 20.23.59](https://hackmd.io/_uploads/ryPp003zke.png) 4. Now, let's verify the values of the params: - Ensure that the values mentioned in the description and in the code match (all limits in this vote are multiplied by 10^18 to follow the requirements of the contract -- read about [decimals](https://etherscan.io/token/0x6b175474e89094c44da98b954eedeac495271d0f#readContract#F5) in DAI): ![Screenshot 2024-11-20 at 12.39.16](https://hackmd.io/_uploads/SyCol7iGkg.png) 5. At last, it's necessary to verify that the description of the proposal on https://research.lido.fi (+ https://snapshot.org/#/lido-snapshot.eth if there's a snapshot) and in the instruction match. Don't forget to check the author of the proposal and comments (to ensure there are no objections): ![Screenshot 2024-11-21 at 20.26.13](https://hackmd.io/_uploads/rJiEJ1aGyg.png) We've verified one address, the params for its method, and the description of the proposal by using https://etherscan.io/, https://docs.lido.fi, https://snapshot.org/#/lido-snapshot.eth, and https://research.lido.fi/. By following these steps, you can verify the rest of the information provided in this instruction to ensure that it is not malicious.