All the signs point to them rugging the community and I am not surprised at all. They obviously bought all the tokens themselves using hundreds of different wallets to meet the requirements. The IC community and Dfinity need to reflect on how to improve the SNS and protect the neuron funds from people like Seers. Good lesson learned but an expensive one.
SNS dao should learn from this theft incident and find ways to control it to prevent similar incidents from occurring in other projects. Until a better way is found, SNS DAO projects must be put to a vote by SNS DAO management before ballot proposals can be put to vote. Proposals that pass the SNS DAO vote must be put to the vote as the project’s voting proposal.
Create proposal to ask ICX developers to return back ICP they drain to the treasury, if they listen to the community’s concern, they will return it back. If not, you know it is not good signal for the future of the project.
Is this attack really happening? We can learn a lot from this if it is true. I’m sure the foundation will say what needs to be done to improve the security of SNS.
I will wait to comment further until this is verified to be true.
Developers of any other SNS DAO can do the same. They are limited only by good intentions. But people only have themselves to blame for trusting developers and following their “dev neurons”, thus giving control to one entity. So we have nothing to complain about DFINITY. Each DAO and their members are responsible for themselves and their treasury funds.
Fwiw, I saw I was tagged, so wanted to say that I did pass along to folks at DFINITY to make sure folks read this thread (since this is outside my expertise).
Recently we proposed to the community to raise the acceptance thresholds for some proposals, treasury transfers being one of these - see the forum thread here. It’s been under development but unfortunately it’s taking longer than expected. My current estimate for creating the upgrade proposals that implement these changes is Nov 2023.
In parallel, we’ve discussed internally some other measures that we can take to make SNS DAOs more rug pull resistant. Some of these are:
Disabling following for treasury proposals
Limiting the amounts that can be withdrawn for a period of time
Our plan is to do some more investigation on the topic in the upcoming weeks, come up with more ideas, and then have a community discussion before implementing anything. I’d like to thank IC_Maximillion for starting the thread that captures ideas. I’d love to hear more ideas on the subject.
So far I’ve talked about technical solutions which are the building blocks of the SNS DAOs. However, as important as they are, they can’t solve all problems. Ultimately, the SNS DAOs are a type of social construct and as such rely on the interactions of individuals. For an SNS DAO to be healthy and successful, it should have an engaged community that is in constant contact with the DAO contributors (aka the dev team) and which applies social pressure to them.
Great to hear you are already working on it, Nov 2023 is not that late.
The measures you named above will be very helpful to raise trust to investors and the community, and give them a sense of comfort. Like CZ Binance did, when he came up with (Proof of Reserves) after the FTX crash.
With the above mentioned measure alone:
Disabling following for treasury proposals
E.g. if the majority mainstream users of a SNS game would hardly come through to check for voting, there still could be a orchistrated team (a hand full of voters with large ammounts of voting power) that could have a plan to drain the treasury or something in that direction.
Lets make sure they can do anything but drain the treasury.
Im sure DFINITY and the community will come up with a Double Secure Solution,
that cant be found on any other platform.
Having easy access to tokens, worth millions of dollars, laying around in the treasury, can make the most honest devs fantasize.
This is the correct answer. SNS is and never will be a magic bullet to prevent fraud and scams. It’s just a tool developers can use to raise funds and eventually decentralize a project. People are asking more from the protocol then it can ever provide.
People always need to do their due diligence and take accountability. There were plenty of red flags on BoomDAO and ICX. I will say it was a terrible look though for dfinity employees to endorse BoomDAO publicly however