ConstitutionDAO - Gnosis Safe Multisig
The @ConstituionDAO has now raised over 11,000 eth or ~$45 million in their fundraising to purchase the US Constitution. But how secure are the funds?
Today, let's see how multisig works and how your donation is stored.
The @ConstituionDAO has now raised over 11,000 eth or ~$45 million in their fundraising to purchase the US Constitution. But how secure are the funds?
Today, let's see how multisig works and how your donation is stored.
1/ @ConstitutionDAO showcases an unprecedented use case of crypto. It brought people together for one simple idea: "whether the people can purchase the US constitution if they all bind together."
The Constitution will be auctioned off by Sotheby's today.
The Constitution will be auctioned off by Sotheby's today.
https://twitter.com/m1guelpf/status/1459381261730914312
2/ For the past 4 days, the fundraising has happened at the fundraising platform juicebox.money. However, the funds have now moved. It is stored in a smart contract called the multisig, or multiple signatures.
This ensures that one individual doesn't control the funds.
This ensures that one individual doesn't control the funds.
3/ Usually, people stores cryptocurrency in a wallet and use their private key to access their funds. However, in the case of handling 10,900 eth crowdfunded funds, trusting one person might not cut it.
Therefore, a multisig is used to divide control to multiple people.
Therefore, a multisig is used to divide control to multiple people.
4/ The key mechanism of multisig is to register multiple wallet addresses as owners. The smart contract itself will hold the funds, not any individual wallet. The smart contract can make transactions but only if the required amount of owners approve of the transaction. 
5/ @ConstitutionDAO specifically uses gnosis-safe.io as their multisig provider. @gnosisSafe specializes in digital asset management and has a track record in keeping assets secure.
Today we'll peak a little into Gnosis Safe contract.
Today we'll peak a little into Gnosis Safe contract.
6/ If we open Juicebox, it says there are funds in Juicebox and in Wallet. This means that when you first make your donation, the funds are stored in Juicebox's contract. But the DAO has since withdrawn those funds, hence it shows that funds are in Wallet.
7/ The referred Wallet is the multisig contract. Juicebox has a link to the etherscan of the smart contract. There we can see all the funds being displayed. This is where the funds are stored.
But how are the funds stored?
etherscan.io/address/0xb1C9…
But how are the funds stored?
etherscan.io/address/0xb1C9…
8/ If we check the contract, it says GnosisSafeProxy. Meanwhile, within the code we don't see any implementation of the contract storing the funds. This is due to the implementation lives in another contract over here: etherscan.io/address/0xd9db…
This is called a proxy contract.
This is called a proxy contract.
9/ You can think of a Proxy Contract as a contract that borrows the functionality of another contract. It still stores the funds, owners' addresses, and functions triggered via the main contract. It's just the guts and logic lives in another contract.
10/ Let's look at some code. For the Proxy Contract there's not much to see. The available implementation allows the contract to refer to the function of another contract. So let's see the code in the implementation contract.
11/ The first thing to see is the setup function. This is where the owners of the multisig are registered. Here we can do several things but the main thing to note is:
1. Register the addresses of the owners
2. Set a threshold, the amount of approval we need to pass a transaction
1. Register the addresses of the owners
2. Set a threshold, the amount of approval we need to pass a transaction
12/ For @ConstitutionDAO, there are 13 owners registered and require 9 approval to pass a transaction.
This refers to June 21st, 1788, when the Constitution was ratified by 9 of the 13 original states.
This refers to June 21st, 1788, when the Constitution was ratified by 9 of the 13 original states.
13/ The process of approving a transaction is as follows. First, each registered owner will need to call the getTransactionHash() function from the contract. The hash is created using keccak256().
They will receive a transaction hash that they can use to approve a transaction.
They will receive a transaction hash that they can use to approve a transaction.
14/ The getTransactionHash() is interesting since it receives the transaction details as an argument, turning it into a hash. This means that multisig owners must all explicitly request the transaction hash for the same specific transaction.
15/ Next, owners who agree to pass a transaction will call the approveHash() function with the transaction hash they received. This is how owners agree upon passing a transaction.
In @ConstitutionDAO's case, we need at least 9 owners calling this function.
In @ConstitutionDAO's case, we need at least 9 owners calling this function.
16/ Finally, the DAO can call the execTransaction() function. Inside this function, there is the checkSignature() function. This will check for the transaction hash that the owners have approved and whether or not the number of approval meets the threshold criteria.
17/ Notice that the execTransaction() ask for the same arguments as getTransactionHash(). When executing the transaction, it will hash the transaction details and match them with the hash that the other owners have approved.
This ensures the correct transactions are executed.
This ensures the correct transactions are executed.
18/ This thread oversimplify the process and only highlight key points. The GnosisSafe contract itself is very complex and does more things like:
1. Handling gas
2. Signature validation algorithm
3. Details on executing the transaction
and more...
1. Handling gas
2. Signature validation algorithm
3. Details on executing the transaction
and more...
19/ Although GnosisSafe itself is secure, there is a risk where all 13 owners conspire to move the funds. However, @ConstitutionDAO has delegated individuals with influence in the crypto space to become a multisig signer. Hence, it's not controlled by the core team.
20/ So what we will witness later today if the DAO wins the auction is seeing the multisig owners sign the transaction's approval to purchase the US Constitution.
This will be exciting and monumental.
This will be exciting and monumental.
21/ We're seeing crypto being applied in ways that we couldn't have imagined before, and today we might see history being made as @ConstitutionDAO brings together people on the internet to purchase the US Constitution.
22/ There's no templates today, but you can check my other templates here:
github.com/marcelc63/popu…
For GnosisSafe specifically, learn more about them here: gnosis-safe.io
github.com/marcelc63/popu…
For GnosisSafe specifically, learn more about them here: gnosis-safe.io
23/ Also, check my previous breakdown on Corruption(s*)👇🏻
https://twitter.com/marcelc63/status/1459700388177727488
24/ I'm learning web3, and writing this breakdown is my learning method.
I'll break down interesting contracts and share templates every Tuesday 6PM PST.
If this interests you, follow me to get notified of the next breakdown!
I'll break down interesting contracts and share templates every Tuesday 6PM PST.
If this interests you, follow me to get notified of the next breakdown!
25/ Source:
1. ConstitutionDAO's Contract: etherscan.io/address/0xb1C9…
2. Gnosis Safe Contract: etherscan.io/address/0xd9db…
3. ConstitutionDAO website: constitutiondao.com
4. FAQ: docs.google.com/document/d/1oM…
5. How multisig works: medium.com/gauntlet-netwo…
1. ConstitutionDAO's Contract: etherscan.io/address/0xb1C9…
2. Gnosis Safe Contract: etherscan.io/address/0xd9db…
3. ConstitutionDAO website: constitutiondao.com
4. FAQ: docs.google.com/document/d/1oM…
5. How multisig works: medium.com/gauntlet-netwo…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
