Fix reward distribution of split DAOs #69
+94
−57
2 participants
CJentzsch
commented
Apr 6, 2016
•
LefterisJP
changed the title from Fix reward distributionf or split DAOs to Fix reward distribution or split DAOs
LefterisJP
changed the title from Fix reward distribution or split DAOs to Fix reward distribution of split DAOs
CJentzsch and others
added
some commits
Apr 6, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This solves two things:
1) There was an attack vector, where somone could get much more rewards than he should. Thats how it would worked (without the PR):
Lets say 100 Ether are in the rewardAccount, so everybody can get his share by calling getMyReward . Lets say the attacker owns 20%, so he gets his 20 Ether. Now the bug was, the DAO itself can call getMyReward through a proposal to itself (thats allowed), so they would send the 80 remaining ether to it. They are owned by everybody now, also the 20% attacker. So he would get additional 16 ether. Of course the other members could have voted against it, or retrieved there rewards, but it would not protect the apathetic voters, so its an attack. The DAO should not be able to retrieve money from the rewards account, thereby destroy the ownership information.
2) The reward issue as discussed above. Now every DAO get the rewards which it should. The mother DAO is not able to spend rewards which are owned or should go to a splitted DAO. This is done by having one general DAO reward account, for all rewards created by contracts this DAO has signed. From there a splitted DAO can get his rewards, as well as the original DAO. Once the original DAO has retrieved its rewards from there, it goes to specific DAO account (or is spend on on other projects) from where its members can get there rewards.