The legal possession of this CRED
token is [recordat]
An outline of the current workflow to deploy a simple custom ERC 721 NFT Token
The plan frameowork and concept were last updated 2023-03-08
- Create a json seed file for the NFT
- Create an image seed file for the NFT
- Create a script to duplicate and increment the json seed file
- Create a script to increment the Token ID inside the json seed file
- can this be done with a smart application using a smart contract or offline process?
- ideal is for this to generate the file metadata at mint by interacting with an off-chain application
- Create a script to convert the NFT seed file to base-64
- Pull a template open-zepplin minting contract
- Edit parameters of the open-zepplin minting contract to include
- Enumeratability
- Burn Function
- Non-Transferrability
- Time expiration
- Considerations for the ERC-4907
- Remember that in this standard the token remains the property of the origin rather than the "renter"
- Second Consideration is to embed the token with a time value in the contract itself using a store variable in solidity. Would like this to be an explicit value updateable by the admin minting wallet.
- Considerations for the ERC-4907
- Transfer ownership of the contract to the DAO Gnosis Safe for minting
- This may be a sub-wallet with approvals or might be a full self-mint
- Make sure to include conditions for one mint one wallet
- Should we consider ERC-712 authentication?
- Test Mint the token
- Submit the code for membership review
- Formally mint the token
- Connect the token to snapshot
- Audit the current 2022 membership token for expiration
- Grandfather in relevant members per Operating System Document
In order to help begin the process of trying to minimize risk factors, the following are some checks that we will be trying to build into the contract mint protocol
- OFAC Sanction List checks
- Flash Loan vulnerabilities
- Don't measure governance power in the current block
- Check arbitrary data calls in governance
- Check success conditions
- Re-entrance issues
- Return Data
- EOA vs. Account with Code
- Ensure that if you need a payer function there is a payer function
- Beware of msg.values in batched actions
- Build the use of delays and guardians
- Perform security assessments (especially with upgrades)
Membership Flow Mockup - Excalidraw link
! Open Zepplin Presentation on Security Considerations
- Considerations around Administrative Transfer of Powers
- Ensuring a contract can be upgraded
- Restrictions around Flash Loans of Governance Tokens
- Delegation of Voting Power
- Ensure that the membership can delegate its powers to allow others to continue to govern if they do not want to participate
- Governance Bypass Functions
- Whitelisting of Proposers
- Allow users to propose things even if the proposer does not have governance tokens/power
- Documentation on process for attack vectors the way that Uniswap - Proposals to exploit vulnerabilities - Collecting enough tokens to force malicious proposals through - Flashloans or spam governance - Bad Faith Proposals
- Improvement Proposals
- Change a core function
- Configuration Changes
- Change a variable
- Mini DAOs can utilize different governance functions in a DAO
- Guardian Multisig
- A group that can cancel a transaction that is not in the best interest of the DAO
- minting guidance: Avalanche Minting Instructions
- open-zepplin contract: Open-Zepplin-721-Contract
- duplicate file script: File Duplication Script
- open-zepplin contract wizard: Contract Wizard
- ERC-721 Token Documents: Open Zepplin 721 Official Contract Documentation
- Non-Transferrable Contract Edit (not audited): Non-Transferrable Contract Edits
- Non-Transferrable Tutorial (needs review): Soulbound ERC 721 Token Tutorial
- JSON Beautifier credit @bestape: JSON Beautifier
- Deploying a Multisig Minter: Multisig Minter and Defender
- IPFS File Storage (free): NFT.Storage
- Open Zeppelin Contract Security Discussion: Strategies for Secure Governance with Smart Contracts
- Ethereum DAO: Ethereum DAO Page
- WithTally: WithTally Wikipage