Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DAO: Need to be able to determine a compensation request came from the actual contributor #2114

Closed
devinbileck opened this issue Dec 11, 2018 · 5 comments
Closed

DAO: Need to be able to determine a compensation request came from the actual contributor #2114

devinbileck opened this issue Dec 11, 2018 · 5 comments
Assignees
@ManfredKarrer
Labels
a:discussion in:dao

Comments

@devinbileck
Copy link
Member

I am able to create a compensation request for work that I did not contribute:
image

There should be some way to determine which compensation request came from the actual contributor.
@ManfredKarrer ManfredKarrer self-assigned this Dec 12, 2018
@ManfredKarrer
Copy link
Contributor

That is an interesting topic. I was thinking to add some additional proce (e.g. signature). But I am not sure if it is really required at least at the current state. Any contribuor should do due dilligence to report any suspicious proposal and sepcially of they detect a proposal using their own one. E.g. in the example if the DAO voting process would not detect that a scammer has abused Christophs request, neither Christoph nor the other DAO stakeholder had cared enough to avoid that. So that would signal that the DAO as a social body is in a pretty bad shape.

The fees are in place to make trolling/abusing the DAO infrastructure expensive. If we would get trolls we can increase the fee to a level where only contributors who really care will partizipate.

Or do you have any scenario in mind where this still can become problematic?

@devinbileck
Copy link
Member Author

Yes, true. It is highly likely this would be detected and hopefully before anyone has cast a vote without first realizing it is a fraudulent request.

If this situation is encountered, I guess both the valid and fraudulent requests would have to be rejected by stakeholders as there is no way to tell which one is which. Meaning that the real contributor would have to wait for the following voting period to submit their compensation request again.

And with the current proposal fee at only 2 BSQ (est. $2 USD), there is a potential for abuse if a bad actor wants to prevent any contributor from receiving compensation.

@ManfredKarrer
Copy link
Contributor

There are data available to detect the real one (txId) but it is not displayed yet (open TODO to show all the detail data in a popup).
I don't see a high risk for kind of sabotage attacks like that at the current state and if it would really happen we can fix it quickly with an update. So I agree it should be solved but has lower prio for me (highest prio is stability and security - not being able to create a tx which is not correctly interpreted).

@ManfredKarrer
Copy link
Contributor

If anyone wants to work on that (e.g. popup with all detail info) would be great though!

@devinbileck devinbileck mentioned this issue Dec 29, 2018
Closed
@ManfredKarrer ManfredKarrer mentioned this issue Jan 29, 2019
Closed
@ManfredKarrer
Copy link
Contributor

I added a issue for the details popup (#2334) and will close that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ManfredKarrer ManfredKarrer

Labels
a:discussion in:dao
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ripcurlx @devinbileck @ManfredKarrer