Skip to content
This repository has been archived by the owner on Oct 8, 2024. It is now read-only.

MKR transferred directly to the proxy can only be withdrawn back to the "cold" wallet, not locked straight into the voting contract #6

Open
MicahZoltu opened this issue Mar 26, 2019 · 6 comments
Open

MKR transferred directly to the proxy can only be withdrawn back to the "cold" wallet, not locked straight into the voting contract #6

MicahZoltu opened this issue Mar 26, 2019 · 6 comments

Comments

@MicahZoltu
Copy link

If you transfer MKR directly to the VoteProxy, it will get "stuck" and be unusable for voting until you call proxy.freeAll, at which point it'll be refunded to the cold wallet.

This could be fixed by changing:

vote-proxy/src/VoteProxy.sol

Lines 30 to 33 in ebd7b2f

function lock(uint256 wad) public auth {
gov.pull(cold, wad); // mkr from cold
chief.lock(wad); // mkr out, ious in
}

to:

function lock(uint256 wad) public auth {
    gov.pull(cold, wad);
    chief.lock(gov.balanceOf(this));
}

Such a change will make it so the next time someone calls lock(0), it will include any MKR held by the proxy contract directly.

Note: It should be verified that gov.pull(cold, 0); will not error. If it does, a different solution would be called for.
@nmushegian
Copy link

It should be verified that gov.pull(cold, 0); will not error. If it does, a different solution would be called for.

Hmm, I think it does.

Seems like using balanceOf(this) and pushing to the owner on free is the right approach after all

@nmushegian
Copy link

Another approach is a function like clear or top-up which does only chief.lock(gov.balanceOf(this));

@MicahZoltu
Copy link
Author

For reasons outside of the specific issue of "accidentally inaccessible funds", I would like to see a solution that makes sending MKR directly to VoteProxy a viable strategy.

Imagine you use paper wallets for cold storage. Currently, you cannot use VoteProxy because you cannot call gov.approve(vote_proxy, ...) from the paper wallet without burning it, at which point your funds are no longer secure. If there was a function that allowed you to chief.lock(gov.balanceOf(this)) then you could do something like:

  1. Create new_paper_wallet.
  2. Create vote_proxy pointing at hot_wallet and new_paper_wallet.
  3. Transfer MKR from old_paper_wallet to vote_proxy (burning old_paper_wallet in the process).
  4. Use hot_wallet to trigger locking of the MKR that is in vote_proxy.

You would end up with an un-burned paper wallet (new_paper_wallet) being the indirect owner of the assets.

@nmushegian
Copy link

Latest consensus is

lock uses gov.balanceOf(this)

add rake:

    function rake(uint256 wad) public auth {
        chief.lock(wad);       // mkr out, ious in
    }

Will put a PR in the morning.

@jparklev jparklev changed the title Transferring MKR directly to the proxy will result in it getting "stuck". MKR transferred directly to the proxy can only be withdrawn back to the "cold" wallet, not locked straight into the voting contract Mar 27, 2019
@MicahZoltu
Copy link
Author

What is the reasoning behind rake taking a parameter? Why not have it just lock everything in the contract? What is the scenario where you would not want rake to lock everything?

@nmushegian
Copy link

What is the scenario where you would not want rake to lock everything?

Same discussion as explicit lock/free in #8

Hopefully that PR supersedes this whole issue

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MicahZoltu @nmushegian