Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Alt36 Proposal Issue & Resolution

Discussion in 'Official Announcements' started by Ryan Taylor, Oct 1, 2017.

  1. Ryan Taylor

    Ryan Taylor Well-known Member
    Dash Core Team Foundation Member

    Joined:
    Jul 3, 2014
    Messages:
    498
    Likes Received:
    1,561
    Trophy Points:
    263
    During the finalization process for the October 3rd budget cycle, we discovered that the two proposals submitted by AltThirtySix will not be paid, despite garnering a net 21% and 18% of the masternode votes. The cause of the issue is that coinbase transactions (which pay the proposals) cannot support multi-signature addresses, and the payment address specified by the proposal owner was a multi-signature address.

    How will this affect the superblock on October 3rd?

    The only proposals that will be affected are the two proposals submitted by AltThirtySix.
    https://www.dashcentral.org/p/Proposal-36DashSponsorships
    https://www.dashcentral.org/p/Proposal-36-DashATM

    All other proposals, including the proposal from AltThirtySix's partner CannTrade, are unaffected. Sentinel checks each proposal is valid at the time the superblock is created, so the only effect will be the superblock will exclude the invalid proposals.

    How was an invalid proposal submitted?

    No indication is provided to the user on either DashCental or the Dash website proposal tools that multi-signature addresses are not supported. In addition, there is no validation check on either website, nor in the Dash Core software preventing a user from submitting an invalid proposal with a multi-signature address. Dash Core is actually designed to treat governance objects neutrally (e.g., no filtering or "judgement" of the objects, which is handled by the Sentinel layer). AltThirtySix had no way of knowing that the proposals would be treated as invalid by the system.

    The issue was first discovered this morning, when our software engineers were checking the superblock voting and discovered the two proposals were missing from the list and began diagnosing the cause.

    Proposed resolution

    We have communicated the issue to AltThirtySix, and they are aware that the proposals will not pay out as expected. We would like to propose the following resolution to AltThirtySix and the masternode owners that voted for the proposal.

    First, we would like AltThirtySix to submit a proposal for the November budget for the same sum as the two invalid proposals, with the Dash Core Group's business development address as the payout address. As soon as the proposal is passing, Dash Core Group will release the requested funding to AltThirtySix. Dash Core Group will recuperate its funds at the time of the November superblock.

    This solution ensures minimal delay for AltThirtySix obtaining the counted-on funding to host their launch event on October 14th. I assume the high support level these proposals received will lead to them passing swiftly, so it should not have a dramatic impact on executing their plans.

    In terms of preventing this issue from happening in the future, we are taking several steps.
    1) We will update the proposal creating website to recognize multi-signature addresses and prevent their use
    2) We will incorporate fix in the Dash Core wallet starting with version 12.3 (a ticket has already been submitted for this fix), which could be either enabling multi-signature addresses, or preventing proposals attempting to use them from being created
    3) We are notifying DashCentral of the issue as well, to see if they can include warnings to users submitting a ticket

    Also, in Evolution, masternode quorums validate the public user data, then core validates the header, so this issue will be avoided altogether in the future.

    If you have questions, please post them here and we will reply periodically.
     
    #1 Ryan Taylor, Oct 1, 2017
    Last edited: Oct 1, 2017
    • Informative Informative x 9
    • Like Like x 4
    • Agree Agree x 2
    • Useful Useful x 1
  2. TroyDASH

    TroyDASH Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 31, 2015
    Messages:
    1,200
    Likes Received:
    754
    Trophy Points:
    183
    This sounds like a reasonable solution. It would behoove MNOs to vote on the new proposals as soon as they are submitted, so that there is minimal delay. Unfortunately this means we will have significantly less budget available to work with next month, but we'll just have to deal with it. (Maybe the price can make up for it ;))

    @rango @dashdisciple would you be able to include this multisig checking/address validation on dashcentral and dashtreasury as well?
     
    • Like Like x 1
    • Informative Informative x 1
  3. joemoraca

    joemoraca Member

    Joined:
    Mar 3, 2017
    Messages:
    161
    Likes Received:
    59
    Trophy Points:
    88
    That seems as fair as possible with the limitations of having to follow the rules in code.
     
    • Like Like x 1
    • Agree Agree x 1
    • Winner Winner x 1
  4. dashdisciple

    dashdisciple Member

    Joined:
    May 21, 2017
    Messages:
    109
    Likes Received:
    87
    Trophy Points:
    78
    • Like Like x 3
  5. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    3,046
    Likes Received:
    214
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Preventing proposals attempting to use multisig from being created????? :eek::eek::eek:

     
    demo
    This message by demo has been hidden due to negative ratings. (Show message)
    • Trolling Trolling x 4
  6. ampp

    ampp Member

    Joined:
    Feb 12, 2017
    Messages:
    181
    Likes Received:
    74
    Trophy Points:
    88
    The biggest issue is the budget deficit of 1968 dash removed from the next cycle. It's possible to have full budgets for the foreseeable future. It might be better to split this core refund payout into a multi-month proposal, assuming core can arrange that.

    We will likely see good proposals not passing because of the size of this mistake. Those proposal fees should be refunded at minimum.
     
    • Agree Agree x 2
    • Like Like x 1
    • Dislike Dislike x 1
    • Useful Useful x 1
  7. MizzyMax

    MizzyMax Member

    Joined:
    Feb 14, 2017
    Messages:
    168
    Likes Received:
    31
    Trophy Points:
    88
    If multisig wallets do end up being disabled for payouts would you have any plans on working on enabling them in the future? It could play a big part in decentralized organizations that submit budget proposals to the Dash network.
     
    • Agree Agree x 2
  8. ampp

    ampp Member

    Joined:
    Feb 12, 2017
    Messages:
    181
    Likes Received:
    74
    Trophy Points:
    88
    From my understanding allowing multi-sig has been on the roadmap. It's just going to get disabled for the time being unless the fix is ready.

    Looks like they already posted the new proposal here:
    https://www.dashcentral.org/p/Proposal-36-Dash-ATM-Sponsorships
     
    • Informative Informative x 1
  9. ThirtySix

    ThirtySix Member

    Joined:
    Mar 6, 2017
    Messages:
    63
    Likes Received:
    95
    Trophy Points:
    58
    Alt Thirty Six Official Statement


    Last month, Alt Thirty Six submitted two proposals to the Dash Network that successfully passed. Our 36 + Dash ATM proposal garnered a voting ratio of 908 Yes / 64 No / 1 Abstain and can be found here: https://www.dashcentral.org/p/Proposal-36-DashATM

    In addition, our 36 + Dash Sponsorships proposal garnered a voting ratio of 1017 Yes / 38 No / 3 Abstain and can be found here: https://www.dashcentral.org/p/Proposal-36DashSponsorships

    Unfortunately, both of these proposals will not be paid out due to the addresses associated with the proposals being multi-signature addresses. We were not aware of this restriction and Ryan Taylor, CEO of Dash Core Group, has made an official statement regarding this issue: https://www.dash.org/forum/threads/alt36-proposal-issue-resolution.17131/ (this link is for the post above)

    This current proposal is a concatenation of last month’s 36 + Dash ATM and 36 + Dash Sponsorships proposals. The payout address is Dash Core Group’s business development address. As soon as the proposal is passing, Dash Core Group will release the requested funding to Alt Thirty Six and Dash Core Group will recuperate the funds from this current proposal.

    This solution ensures minimal delay for obtaining the funding for the two proposals and allows us to move forward with our launch event on October 14th, the Dash Sponsorship Packages, and the Dash ATM Network.

    We have included both proposals below for those who are not already familiar with them. If you are already familiar with the proposals, here is the requested funding:

    Total Requested Funding from Dash Network

    1) 36 + Dash ATM Proposal 1,625.49 Dash

    2) 36 + Dash Sponsorships Proposal 343.39 Dash

    3) Proposal Fee 5 Dash

    Total Dash Contribution for Combined Proposals: 1,973.88 Dash*


    *Although Dash's value has decreased since the time of our original proposals, we are not adjusting the conversion rate on this proposal. The only addition to the amount of Dash is the proposal fee.

    The team @ Alt Thirty Six thanks you for your understanding and apologizes for the inconvenience.

    ----
    Please visit Dash Central to vote on the proposal: https://www.dashcentral.org/p/Proposal-36-Dash-ATM-Sponsorships (Thank you for your support!)

    To view complete formatted proposal document in dropbox please visit: https://www.dropbox.com/s/3lzhhoxr7z4tnte/36 Dash ATM Dash Sponsorship.pdf?dl=0

    Manual voting (DashCore - Tools - Debugconsole):
    gobject vote-many 345abe783995c5be350d1a5ab7cac8b56b58fcfbf7bf174aa4344cdbb30bcc62 funding yes
     
    • Funny Funny x 1
    • Winner Winner x 1
    • Informative Informative x 1
  10. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,447
    Likes Received:
    6,547
    Trophy Points:
    1,283
    pinged rango direct
     
  11. thedesertlynx

    thedesertlynx Active Member

    Joined:
    Sep 6, 2016
    Messages:
    133
    Likes Received:
    123
    Trophy Points:
    93
    What are the chances that multisig will be enabled for treasury payouts with 12.3? Personally this is one of the features I'm most excited about, as it enables true sub-DAO organizations to be run semi-trustlessly, rather than relying on a single actor to distribute the treasury funds.
     
    • Agree Agree x 6
  12. AndyDark

    AndyDark Well-known Member
    Dash Core Team

    Joined:
    Sep 10, 2014
    Messages:
    340
    Likes Received:
    676
    Trophy Points:
    163
    hi there - yes this is currently an item in the 12.3 milestone in Trac (the Core dev PM system) to investigate the issue of paying multisig from Coinbase tx (which is currently disabled in the protocol)
     
    • Like Like x 1
    • Informative Informative x 1
  13. thedesertlynx

    thedesertlynx Active Member

    Joined:
    Sep 6, 2016
    Messages:
    133
    Likes Received:
    123
    Trophy Points:
    93
    Excellent, thank you for your promptness and professionalism. This will be a very exciting thing to see come to fruition.
     
    • Like Like x 2
  14. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,919
    Likes Received:
    1,082
    Trophy Points:
    183
    Combine this problem with the known zero-day IX problem that coincidentally was used to stonewall a retail-use project that was ready to go live...

    Setting aside how much it pisses me of to see this corruption, lets deal with it in simple statements.

    1) IX is down because of potential exploit/bug (
    https://www.dash.org/forum/threads/...due-to-potential-quorum-exploit-method.16492/).
    2) Budget has multisig submission bug.


    Both of these seem easily fixable.

    1) Budget short-term fix; reject multisig addresses. Very easy. Add functional multisig support later.
    2) In the IX-disabled post, it was mentioned that a hotfix/patch could be done, but that waiting for 12.2 made more sense.

    I submit that, given the delays in 12.2 patching of IX, the likelihood that 12.3 will be delayed much worse, and the budget's multisig problem; waiting for 12.2 is no longer the appropriate course of action. These molehills are becoming mountains and you need to deal with it.

    "It" always take longer than you think it will. I know hindsight is 20/20, but you should always keep in mind that the problem is worse than you think it is at the point of making decisions like this. Put more weight on the short-term solution. Always.

    I understand that re-starting is a disincentive, but since the network update process takes a few weeks, and the payment queue is ~8 days; this disincentive is irrelevant. Th process takes longer than the payment queue. MNOs can simply issue an update/restart immediately after receiving a payment, and there is no disruption. With a handful of brain cells and good timing, this becomes a non-issue.
     
    #14 camosoul, Oct 4, 2017
    Last edited: Oct 4, 2017
    • Winner Winner x 1
  15. rango

    rango Active Member

    Joined:
    Jun 19, 2014
    Messages:
    159
    Likes Received:
    221
    Trophy Points:
    103
    I'll add a frontend check to reject multisig address proposal submissions via DashCentral.

    Edit: Check implementation done!
     
    #15 rango, Oct 4, 2017
    Last edited: Oct 8, 2017
    • Like Like x 6
    • Winner Winner x 2
  16. TigerZEN

    TigerZEN New Member

    Joined:
    Aug 16, 2017
    Messages:
    19
    Likes Received:
    17
    Trophy Points:
    13
    Good job for this solution.
     
  17. nmarley

    nmarley Administrator
    Dash Core Team Moderator

    Joined:
    Jun 28, 2014
    Messages:
    324
    Likes Received:
    378
    Trophy Points:
    133
    Dash Address:
    XdBKajV4g2wnpnAvvnV9dxwypQMfFHYWtp
    As of ~30 minutes ago, https://proposal.dash.org/ has been updated to disallow multisig addresses in proposals.

    Thanks to @Obusco and @Pierre for working to get this fix released in a timely manner!
     
    • Like Like x 7
    • Winner Winner x 3
  18. thedesertlynx

    thedesertlynx Active Member

    Joined:
    Sep 6, 2016
    Messages:
    133
    Likes Received:
    123
    Trophy Points:
    93
    Very nice Nathan! Glad to see such a quick fix, I'm sure this will open up a lot of interesting things!
     

Share This Page