Skip to content

All Core Devs Meeting #10

Meeting Date/Time: 2018/11/19 at 16:00 UTC

Agenda

  • Appoint note takers (Griff)
  • Introduce team members who haven’t already met each other (~0-10min)
  • Aragon One updates from last call and current priorities (~5-10min)
  • Aragon DAC updates from last call and current priorities (~5-10min)
  • Technical freeform discussion

Notes

Updates from A1

DAC Updates:

  • Codify internal practices
    • Will become external facing soon
  • Tutorials
    • We have a doc that can be shared (LINK)
    • Moving into a more narrative based approach, covering the entire stack
    • Integrating things like the actor app into the tutorials
  • General efforts pushing on the CLI and JS
  • Jeremy is working on the provider

Payroll

  • Protofire has made it thru the payroll app’s second milestone
    • Under review, but it looks really good!
    • Q is reviewing tues or wed
      • Technical pass and milestone completion
  • Jorge wants to do a security review
  • Rollout for payroll app
    • Will use it for A1’s payroll
    • Won’t endorse it but it will be there if people want to use it.
    • External security review will have to happen before we endorse it as usable by anybody

Ongoing security audits for contracts (Jorge)

  • Security audits is a pain, cost and time wise
  • Aragon Association / Network would like to figure out a way to do ongoing security audits
  • AGP should be created by auditors by Jan (next set of votes) to provide security services for the Association / Network
  • Any contract changes throughout the project should fall under the umbrella
  • Similar to Trail of Bits & Parity?
  • Stake: reputation

Automated Deployment Testing (Adria)

  • Look into checking the deployments in an automated way
    • Both options: manual testing and automated
    • This allows to check the tool that’s checking the code instead of the code
      • Allows for more re-use as deployments will have similar elements that need testing
    • Manual testing should still be done for more complicated issues
  • All companies that manage value on this scale should use a monitoring process like this to ensure everything is okay
  • Right now everyone is responsible as there is no ‘central’ checking point
  • If we can generate some automatic checking mechanism that ensures everything is okay in the DAO is a tool that could be added to DAppNode and run by users regularly.
  • People who create new apps could create a model to ensure invariants are consistent
  • Checking the deployments manually feels uncomfortable, it’s not ensured that things are being checking in the proper way
  • This is not currently on Aragon One’s roadmap
  • Jorge is not worried about the current deployment
    • Params are set as they should be
    • There is a very narrow attack space
    • Checking invariants would be super useful
    • Currently there’s only ~3k in value held in Mainnet DAOs
  • The tools that exist may not be sufficient
    • There is no standard for tools to check contracts of this type
    • Aragon could spearhead creating tools that could be used by a larger community
  • This sounds like mythril
    • When something happens ensure that storage bases fit a given set of invariants
    • Could use a trustless killswitch to lock contracts if there’s a provable way to break an invariant
  • There’s two sides; monitoring metrics and monitoring health
    • Normally things are looked into when something breaks
    • Tools could be developed to predict when something is about to break

Aragon.js migration to rxjs 6

  • Now would be a really good time to handle these changes
  • Freeze code and then make the migration
  • Daniel has fixed merge conflicts, need to merge open PRs
  • Testing needs to be done to ensure these changes won’t break anything major

Different Git Branches for Contract Repos

  • There’s the mainnet versions that need to be maintained
  • Future contracts should be in a separate branch (dev, next)
  • Mostly for aragon apps
  • A branch for frontend upgrades?
    • Naaaaaaaaaaaa keep them on the default branch
  • Master is deployable now
  • Dev branch is the place for contract changes and other breaking changes… its the next big release branch
    • This should happen in CLI and other branches as well
    • There is value in this being standardized across
  • An AGP?
  • Gitcoin integration
    • Planning app does it ;-)
  • Hackathon by status after Aracon
    • Would love if the DAC could support the hackathon
    • Will there be an aragon all devs meeting
      • Maybe?
      • Daniel, Quazia, and Jeremy will probably be able to make it

Last topics

Having 2 branches, Master/Develop might not be the best thing?

  • We will have versions on their own branch
    • Cool sounds great!
    • 0.5 is a protected branch so people can spin up a front end for 0.5
      • We will follow this pattern

DOUBLE DIGITS!!!! 10th all devs meeting ever! #Domination #winning #10morecoming

Attendance

A1: Luis, Jorge, Bingen, Luke, Brett

DAC: Daniel, Quazia, Jeremy, Griff

License

This template is borrowed from the Ethereum All Core Devs call notes template and inherits the same CC-BY-SA 3.0 License.