Hey everyone! Chatted with Clement at Berlin Blockchain Week and we made some advancements. It was nice meeting in person rather than talking through text or calls. I will write up my summary at the end of the post, but before jumping into that, I want to set the record straight on multiple points.
Replies to existing comments
I take the blame on this – we should have submitted feedback before, and were very slow on circling back (these past months have been hectic at A1). We had someone had the lead on this, but this person was extremely swamped with work during the last few months and it wasn’t a priority for him.
I don’t follow this rationale. What’s the issue with anyone taking open source software and using it, if they follow the software license? Which by the way we didn’t, we ended up writing it all from scratch for reasons that I’ll mention later in the post.
As @Aaron said, this was on the very first Aragon whitepaper back in the day. We always wanted to build a court.
Totally second this – we admire your work and the A1 dev team has taken it very seriously.
I’d argue small stuff like this matters – if the Aragon Network absorbed Kleros, I’m pretty sure it’d want to rename PNK to ANJ.
I definitely don’t follow this rationale, and I don’t take anyone telling us that we are infringing the Aragon Manifesto lightly. Could you expand?
I can confirm this wasn’t what happened at all. I couldn’t care less about announcing that we can fork a codebase and add ANT utility to it, as I don’t see it immoral at all, but rather a nice property of open source software. Please don’t speculate on what A1 does, you can just ask!
Summary of the in-person conversation
My conversation with Clement went around two main topics that I’ll detail here.
Our dev team at A1 wasn’t happy about the quality of the Kleros smart contracts. I’m not a Solidity dev and so I cannot comment, but @jorge will provide more direct feedback. We are all here to improve, and we have been asked for feedback, so @jorge will send some.
Without the code quality being on par with the Aragon standards, it’s hard to adopt a codebase that will end up having tremendous power over Aragon DAOs.
The main point here is whether Kleros wants to merge, or to become a Flock team.
The Aragon way so far has been to collaborate via Flock, and we have created a blooming ecosystem thanks to this approach.
I discussed with Clement that becoming a Flock team has tradeoffs: teams need to commit their soul to the Aragon Manifesto and the project’s vision. It’s not a merger, it’s joining something bigger than the team itself. Of course in exchange teams get access to network effects in terms of the knowledge of the whole Aragon Network and its reach. But teams need to give up some of their liberty, identity and roadmap to join the Flock. For example, Kleros would need to totally focus on DAOs and making them successful, and not on other broader use cases of the court.
I asked Clement whether that’s something desirable for him and the broader Kleros management and team. Clement talked a lot about the ANT<>PNK bonding curve, which I consider interesting. But as I mentioned to him, I’m much more interested in the cultural part, which can be summarized this way: does Kleros want to commit their identity, soul and roadmap to Aragon?.
It’s a hard question, and only Kleros can answer it. In that case, I could see that PNK’s entire supply could be bought by the Aragon Network in exchanged for some vested ANT or ANJ, and the Kleros team could entirely adopt the Aragon brand and values to join the Flock. I don’t think I’d support anything in the middle, since we want committed warriors in our fight for freedom. I left Clement with that question, and there is no rush to answer it. I know Kleros is running low on funds, but that shouldn’t make a difference. For example, Aragon Black was in a similar situation, and applied to become a Flock team only after working for almost a year on different parts of the Aragon ecosystem and being active players on it.
So the first question is how should KIeros approach this proposal. In my opinion the only way forward is to join the Flock and work out an acquisition of the Network of all PNK’s supply (either direct or by a bonding curve that dilutes PNK holders in favor of ANT), so ANT holders totally govern both the team and the token.
If Kleros was to apply as a Flock team, then the next step starts. That is the process of getting to know the team better and working with already established Flock teams to see if there is a cultural match. Historically this has been done via Nest grants. Then the team can apply to Flock, and if there is affinity and cultural match, ANT holders would vote it in and approve its funding.
From my personal perspective, I haven’t worked so much with the Kleros team, so I don’t know whether there is a cultural match or not. I’d like to see @clesaege expand on his comment about A1 infringing the Aragon Manifesto (again, don’t consider that lightly!) to further analyze their potential cultural fit.
I think there should be nuance in this. If Aragon went to implement the court described in their paper (or any court based on a system different than Kleros for that matter), I would not consider this kind of competition to be problematic.
Reimplementing a solution a user made with a new token, while you could just have used it is a different matter.
The exact curve needs to be discussed, I think the guys at Aragon black working on those would be able to help to determine the exact curve shape. I agree with Luke that this does not seem to be a problem.
Allowing true DAOs is definitely a killer usecase (one reason “the DAO” was not easily relaunched after the hack is that it needed some curators to function, and they would have taken way too much liability).
Proposal agreements are a particular form of list curation. Once you unlock list curation, you unlock truly autonomous DAOs, but also a plenty of other useful usecases. By building general tools, you avoid doing the work multiple times and are able to reuse what is working.
That’s how the court will scale.
A decentralized court is itself a DAO. If DAOs want to be autonomous and not subject to the issues of legacy systems, they need arbitration by decentralized systems:
Escrows to pay people working for them.
Anti-sybil mechanisms (avoid humans registering more than once) which are a curated list of unique humans and need dispute resolution about member existence / duplicate members to allow:
– DAOs where 1 human = 1 vote.
– Liberal radicalism resource allocations
Curated Lists of verified applications in the app center which is critical to avoid DAOs to install malicious ones hacking them.
Most Dapps which are to be controlled by DAOs need dispute resolution in them. And most dapps which need dispute resolutions need DAOs to control them to be true Dapps.
Kleros is focused on dispute resolution, no matter the usecase and can easily adapt to what is the most needed for the ecosystem. Due to economies of scale and specialization in dispute resolution, I think the Kleros team can deliver dispute resolution systems for all Aragon usecases and still be able to support other usecases at the same time.
The quantity of funding in this proposal is open to discussion. It could be as low as just funding for developing the proposal agreement (but obviously the amount of PNK to be emitted by the curve should be linked to this funding).
The first announcement had this plan, it’s only later where it changed to a re-implementation. But anyways, there is no problem on reusing code or inventions. The problem is about forking cryptonetworks only to change the token.
Note that it was first announced that the same code would be reused, which shows that the cryptonetwork fork decision is not motivated by a desire of re-implementation.
There is no problem in building a court, if this was the court of the original paper or non-Kleros based one, I would have nothing to say. It’s building a Kleros based one just to change the token despite being perfectly able to use the original one and having the creators of the original one open to work with Aragon teams.
If you intend to only focus on arbitration for DAOs and not general purpose one, there is no problem either, but that would be good to be said as many outsiders would consider Aragon and Kleros to be competitors.
Thanks, we also enjoy using Aragon for governance .
If Kleros was not live that could be discussed, but Kleros is already deployed, the token is known and trading while ANJ is not live nor known. So it would not make sense.
In the post you quote, I provided details about parts of the manifesto and on how I don’t think it’s in agreement with them. If you can answer to them we can discuss more about it.
I don’t know what happened, that is why I used “I think”.
I started working on Ethereum as a bounty hunter, then smart contract auditor. I did not write the contract of the current Kleros version, but I did handle the security procedure to them.
As a smart contract security professional, I did 23 audits :
11 Paid audits for external projects. This includes mostly blockchain projects but also classic companies (this includes multinationals, the largest having a capitalization far greater than Ethereum).
12 Internal audits of smart contracts made by the Kleros team, used by the Kleros team or of users of the Kleros team.
After the security procedures, none of those smart contracts have suffered vulnerabilities in production (I’m not saying none would, as you can’t catch everything, but I’d say that’s pretty good indication I’m not doing reckless security procedures).
Kleros contracts follow a security centered development process, with numerous back and forth between the developer and the reviewers (the full Kleros dev team reviewing, myself included). They are then put through a bug bounty process, advertised on various channels (solidified, Kleros github, ethdev reddit, emails to auditors and solidity developers that I consider top and who have found vulnerabilities before).
Kleros contracts follow a specific set of guidelines aimed at maximizing security and reviews are about bugs, but also respect of those guidelines.
As always code reviews are appreciated.
If Aragon One were to find bugs in it, we’d reward them with up to 50 ETH (the maximum being 50ETH for critical vulnerabilities).
If we were to work with Aragon, we would also help in auditing Aragon components which were to interact with Kleros or even more.
I personally fully support the Aragon manifesto (and from the discussions we had there, it even seems I have quite strict interpretation of it). I never saw Kleros community members opposing it.
Well, that seems pretty antinomic. I think people work best when they are not over-managed. I though it was the whole purpose of flock teams and grants to let high autonomy to teams.
Well, there is 6 months of runaway just in cooperative treasury. I admit there were some scary times in the low of the bear market and before Athena (current) release, but that is not the case nowadays. The network is running well (>350k$ of value passed through it in a few months).
Only a small part of PNK were sold, letting enough for further sales, in the bear market, it was not a good time to do one, but the market is now going better and next sale can be done.
And in case of emergency there is some support of early backers (myself included).
Even if Aragon were to go the ANJ way, it would not make sense from a cryptoeconomic perspective to give full control of the system to ANT holders, as it would add an additional failure mode: It would open the system to a 51% attacks by ANT holders, which do not have the same economic incentives as ANJ (or PNK) holders to protect the system.
However, it could make sense for ANT holders to be able to vote to make the curve one way (preventing PNK to be exchanged back to ANT, which could be an additional threat to malicious actors which would want to sell their PNK after succefully doing a 51% attack).
There are two possibilities, either:
Aragon does not plan to provide general dispute resolution services, but only services for DAOs. In this case, this should be made clear from a communication perspective in order to avoid Aragon placing itself as a competitor with Kleros. Currently, even if it may not be intended, lot of people consider Aragon had plans to compete with Kleros (looking at the developments it does not seem to be the case, but it’s the communication which seems ambiguous).
Aragon plans to provide general dispute resolution services, or thinks it could be a good idea if a team were to work on that. In this case, there is no reasons for the collaboration to only be possible if Kleros were to focus exclusively on DAOs.
Look, if we could have used your codebase, we would. I was a huge proponent of it, but the dev team had concerns! Not having to re-invent the wheel and having more free dev resources to work on other things is music to my ears.
Well that’s the issue right there – joining the Flock means that ANT holders would be the ones making that call.
Commitment != management. This is commitment as in the same way you commit to marriage, and not in the way you are hired as a contractor. Flock teams are akin to marriage with the Network, as opposed to being contractors. Is that desirable for Kleros, thinking about all the trade-offs and decisions you’d need to offload to ANT holders?
I just don’t see how that’s the case, can you expand?
As it was originally envisioned, the Aragon Network will provide a generic dispute resolution system, as it is set to become the world’s first digital jurisdiction. However in the beginning we want to focus on the main paint point we can solve for DAOs, as the Aragon Court was conceived to make life easier for DAOs and help them become widespread.
The point this quote was not argue for reusing the code, but to show that the decision to fork the Kleros cryptonetwork is not motivated by the codebase.
Since we take reports of issues in our codebase really seriously (all the reports are answered and do back and forth until we either fix the issue, convince the reporter that there is not bug or it is made clear that the reporter is not able to exhibit the attack on a testnet).
At this point this not a proposal to join a flock team, but the Aragon network to get a stake in Kleros. Note that by being an Aragon DAO, Kleros is already in the network even if token incentives are not aligned (and this proposal would align them). If this were to go to a large one (and it seems this would be the version you prefer), you could have more PNK given to ANT holders than by other means and they could eventually chose to rename the ticker. We could have something like “Kleros, court of Aragon” which could show relation without losing previous branding effort.
However I don’t think they would as Kleros-PNK are more known than ANJ.
If by commitment you mean commitment to the vision and manifesto, definitely. I completely approve the manifesto and it is well written (that’s in my top crypto manifesto list on par with Mike’s Cryptosystem Manifesto).
In the case of a milestone deal which would encompass all the remaining PNK supply, this would let funding decisions to ANT holders.
However, giving control of the court to ANT holders is not desirable from a cryptoeconomic perspective and I don’t think the ANJ plan had planed to give ultimate control of the court to ANT holders.
I’ve already wrote about this, but I’ll auto-quote:
Then I don’t see a misalignment. It’s just that working with Kleros, the Aragon network would have this generic dispute resolution system way faster than expected (without delaying on DAOs usecases, due to economies of scale and specialization Kleros has).
I don’t understand this. ANT holders OWN the court. It is their funds spend on its development and maintenance, they approve the roadmaps of the teams developing it. ultimately they are the beneficiaries of its success.
As I understand it, ANJ holders are just ANT holders with extra skin the game (related to their performance as jurors)
The cryptoeconomics of Kleros are based on the fact that the court is controlled by PNK token holders (or ANJ in Aragon One planed fork).
In case of 51% attack on PNK-ANJ, the value of the token would drop to near 0, destroying the stake of the attackers.
However, if you now allow ANT (which should be valuable for other purpose) to have full control on the court, thus be able to make it misbehave. You also open to a 51% attack by ANT holders which would suffer far less from the result of their attack. Moreover, the 51% attack on ANT would be way easier to pull off as ANT holders generally have a low voting turnout compared to drawn jurors in Kleros systems (turnouts of around 60-100% compared to ~10% AGP).
I let the Aragon One team answer on this, but I don’t believe they had planned to give full control to ANT holders instead of ANJ ones.
I highly appreciate Aragon values, fight for freedom. It’s one of the most revolutionary, groundbreaking and forward thinking projects out there. I can imagine that in 10 years 20% of global GDP will operate on Aragon.
(currently United States has around 15% and China 10% of global GDP)
At the same time being controlled by ANT holders at this stage feels limiting, oppressive. Kleros has a strong vision and might be better off operating independently as a pluggable service to Aragon court.
“Kleros is focused on dispute resolution, no matter the usecase and can easily adapt to what is the most needed for the ecosystem. Due to economies of scale and specialization in dispute resolution, I think the Kleros team can deliver dispute resolution systems for all Aragon usecases and still be able to support other usecases at the same time.”
Personally I do not agree with some of the design choices.
Just because there are a few apps already in existence (all build by Kleros) it does not mean it is set in store forever.
Avoid fallacy of sunken cost. Same remark towards Aragon Court PoC implementation. Just because there is some code out there, using plugin architecture with RNG as default and Kleros as opt-in is perfectly feasible.
We are in year 11 of blockchain, year 5 of Ethereum, Aragon is young, Kleros is young…
As it has been pointed out in the thread before, developing a decentralized court protocol has always been a part of the roadmap. In the original whitepaper, the Aragon Court is highlighted as a network service that would be really beneficial for sovereign DAOs, as they cannot use the traditional legal system should a dispute arise.
After Aragon 0.6 was released on mainnet, we were able to direct more focus into the research and development needed to launch the Aragon Network v1 as a sovereign DAO. The issue was that DAOs that can execute fund transfers on simple majority votes, are vulnerable to 51% attacks, in which an attacker could convince a majority of token holders to vote for a proposal to transfer all the funds out of the DAO and split it among those who vote for it.
To solve this problem, we came up with the idea of Proposal Agreements, in which a subjective oracle is used to resolve disputes on whether proposals are valid or not according to the rules of the organization. Minority stakeholders can be sure that only proposals that adhere to these rules can pass and be executed, regardless of how much support a malicious proposal could have. Proposal Agreements are useful not only for the Aragon Network DAO itself, but for other Aragon organizations that decide to use it.
Given that we had this clear need for dispute resolution, and we wanted the Aragon Network to be live as soon as possible, we heavily considered using Kleros for an initial version of the Aragon Court rather than implementing it from scratch. We were impressed by some of their research and we were pretty aligned on protocol economics.
Since the initial conversations we had with the Kleros team at the beginning of the year, we told them that our intention was to reuse as much as possible from what they had already implemented, but we clearly communicated that we wouldn’t be using the canonical Kleros version, but another instance with a different token derived from ANT.
While performing some technical due diligence before starting with the integration process, we detected multiple things that triggered us to start thinking about performing a substantial fork of the protocol.
One of the first things that we were worried about is that Kleros’ implementation had a lot of additional complexity in order to support a hierarchical court structure with different sub-courts that would resolve different types of disputes. The Aragon Network v1 only needed one court type to resolve disputes over Proposal Agreements, so all this added complexity was not worth the added attack surface.
In Kleros’ implementation, there is a special role for a ‘governor’ entity, which has complete and absolute power over the contract (being able to perform any arbitrary call from the Court contract). We thought that the governor has too much power, being able to resolve any dispute as they please, having the ability to mint an unlimited amount of juror tokens, removing the ETH deposited in the contract to pay for fees. Even though the team wants the governor to eventually be a DAO, at the moment the address that governs the live protocol is an externally-owned account, which means that if one private key were to be stolen, the protocol would be completely compromised. Relying on Kleros today requires not only trusting that the dispute resolution protocol works properly, but also that the owner of this account doesn’t intervene in the dispute.
The subjective oracle that is used to resolve disputes around Proposal Agreements is paramount to the security of the Network and of all the organizations that decide to use it as well. During our review, we were quite concerned about how few tests had been implemented (very little testing outside of the ‘happy path’) and how the team didn’t plan to do a security audit (and actually advocated against them).
After our review and few weeks before Kleros’ release, bounty hunters found two criticalissues in Kleros’ implementation that would have completely undermined the mechanism. This further confirmed our decision of continuing with our own implementation.
Apart from some of the above concerns about Kleros’ implementation, there were some features that we felt were important that Kleros didn’t have at the moment nor had plans to implement:
Lack of incentivization for executing gas heavy functions like drafting jurors for a dispute or slashing jurors that voted for a losing ruling. In most cases execution requires someone altruistically calling them (or at the very least an interested party paying for the computation for a larger group). In the case of drafting, until someone executed all pending drafts, the court will not accept jurors staking or unstaking.
Kleros lacked a way to require users to pay a subscription fee in order to have the right to use the court. Subscription fees allow jurors to expect a predictable income from being staked into the court even if they aren’t selected to adjudicate a dispute or the dispute volume of the court drops.
Kleros only supports paying fees with ETH, without support for ERC20s.
Aragon Court implementation
The Aragon Court has taken some ideas from Kleros and implemented them with a better architecture and cleaner code. We’ve never had a problem recognizing that Kleros has had a big influence in our work and implementation of the Aragon Court. But even though the Aragon Court project started as a fork of Kleros’ code, we haven’t been able to reuse any code.
Our plan is to continue improving the Aragon Court protocol with important changes such as using futarchy as the way to resolve disputes that are appealed all the way.
Even if we had used Kleros for the Aragon Network v1, we were planning on implementing future versions of the Aragon Court in-house to add those things. With the information that we had at the beginning of the year, we decided on starting our own implementation in a way that can be modified in the future, rather than using Kleros and starting to implement future versions of the Aragon Court from scratch further down the line. We were not confident in the state of the Kleros codebase in order for us to modify it to add these features, so we decided to start from scratch.
I am really happy and proud of the work the team has been doing on the Aragon Court and how it is shaping up.
There is less than 100 lines dedicated to handle the subcourt system (this, this, this, this, this, this and this).
If I’m very well in favor of simplicity, I think the risks of redoing an new implementation far exceed the risk of the subcourt systems. This also means the Aragon court will not be able to expend to usecases other than proposal agreement.
Moreover the current draft of the ANJ court is 3325 lines of code compared to the 1259 lines of code of Kleros. So even assuming finishing ANJ court draft takes no line of codes, Kleros would still be 2-3 times simpler.
The governor is the only point lacking to make Kleros a fully decentralized cryptosystem. It is there only because Aragon DAOs do not allow to make arbitrary calls to smart contracts which are required for the Kleros DAO to be able to act as the governor. We asked the Aragon team for a module to make arbitrary calls and was answered it was not currently supported and I was not given any estimate of when it would be.
Due to that we had to launch without the governor, leaving the Kleros Cooperative team to enforce decisions made on the Kleros DAO itself.
However, we did not stay waiting and are developing a governor (see smart contract code and Figma UI) to translate plain English decisions of the Kleros DAO into smart contract calls.
It is really unlikely for the ANJ court to be finished before the Kleros governor is finished (and Aragon One team could have implemented an arbitrary call module which would have allowed us to transfer the governor to the Aragon-based Kleros DAO).
If Aragon One team thought there were not enough tests, they could have collaborated to create more.
Tests are testing the ‘happy path’, as this is where they are good at. Tests are not good at finding vulnerabilities. This study by trail of bits notes that
we didn’t find any statistically significant correlation between our estimate of unit test quantity and quality and the presence of either findings in general or high-low findings
Finally, manually produced unit tests, even extensive ones, likely offer either weak or, at worst, no protection against the flaws an expert auditor can find.
This quantitative study confirms my qualitative experience as an auditor. Tests are really good to find out if something is not working on the normal path. But for finding (and fixing) vulnerabilities which can be exploited by malicious parties, audit/reviews are way more efficient.
The contract had back and forth security reviews with 4 Kleros team members (myself included). I did not write this contract and there is no reason that my skills would be good enough for external auditing and then suddenly not work for auditing Kleros related code. Note that it would not have been true if I did write the contract (as the set of mistakes I can make and vulnerabilities I can miss is likely to be highly overlapping) but I did not write this contract.
The contracts then undertook a 50 ETH per critical vulnerability bug bounty which was widely advertised:
Contacting security researcher who gave me feedback including one who found a vulnerability awarded 50ETH. He actually found a possibility of storage modification not caused by an underflow in depth. To the best of my knowledge, this had never been found on any real contracts.
Ethdev on reddit.
Solidified where another 50 ETH was paid (this one was a stupid mistake).
I had 18 confirmation of people who confirmed reviewing the contracts. The number is probably higher as most people would not bother to confirm their review or send a message is they haven’t found anything.
Obviously all issues were fixed and we then extended the bounty period with the fixed contracts.
I’m not saying that external security audits are useless (I’m an auditor), but team having internal auditors can achieve the same security result doing internal audits and putting extensive bug bounties (bug bounties are really important as otherwise there would be no reason to trust the team not to release insecure applications due to business logic).
Collaborating, we would have the resource to do the above security procedure and in addition have an external audit.
I really don’t get this argument. This is a pre-release bug bounty program, the goal is to have people finding vulnerabilities at this step, so hackers don’t find them when they are deployed. Having people finding vulnerabilities shows that it works and that people are actually reviewing it. Having people finding vulnerabilities which are fixed shows that security procedures are working, not that they are disfunctionning. Ethereum foundation itself pays a lot bounties.
Firms hiring private auditors may require them not to disclose there findings. They generally tend to have multiple vulnerabilities at the audit stage as well. Transparent firms (and Aragon One is doing a really great work being transparent) publish the findings. I’m definitively not gonna say Aragon code is insecure because auditors found vulnerabilities in their code (this report with critical vulnerability for example).
On this, you just need “1 actor” doing it. This doesn’t seem an important feature for now, but something with similar effect is planed for the next versions.
There is nothing which prevents implementing that in the Arbitrable smart contract. Making a fork is not required.
Due to legal concerns about security law, I would not be comfortable for subscription fees to be done at the court level.
ANJ court supports one unique fee token. I guess it will be wrapped ETH so the result would be the same (minus the extra wrapping step). Or if it is ANT, that would create friction.
I understand some of the points made above and appreciate the feedback but it should be pointed out that no vulnerability was found other than the bounties made as part of the security procedure (that’s what they are there for).
It should also be noted that no vulnerabilities were ever found in deployed Kleros contracts.
It should also be noted that our code is relatively short (1259) and reviewing it would not take a significant amount of time.
Overall when I see these arguments, this reminds me of all the Ethereum killers thinking they can do better than Ethereum but in reality, we’re all aiming to create a better, more collaborative and open mechanism rather than compete within small spheres.
I hope that the Aragon community can look at all the arguments placed above and the significant progress made by Kleros with far less resources than any of our competitors. The ecosystem is not a zero-sum game and collaboration generally bring more value to both parties.
Which is totally fine for an initial version with a clear objective. Supporting subcourt like functionality would be possible to add in the future without requiring a massive rewrite.
As you know, a system with half the lines of code is not 2 times simpler. You can cram a lot of stuff into one line making the code worse, and you can even give up new lines entirely and write everything in one line. You can also write ‘smart code’ in fewer lines and make the codebase more complex.
We don’t optimize for quantity of lines of code. Readability, modularity and proper inline documentation are far more important than a vanity metric such as having less lines of code.
The Agent app allows this and it was released as a beta in February. The Melon Council DAO is currently using it for parametrizing Melon protocol parameters and managing their ENS names.
Comprehensive testing and full coverage are not silver bullets, but they are definitely a really important part of the development process for a quality codebase. Security-wise, there are some vulnerabilities that are really hard to catch with tests, specially those that arise from edge cases that the developers don’t think are possible, but most mistakes can certainly be caught with a good test suite that tests all the possible interactions with the system.
Having bounty hunters find 2 critical vulnerabilities days before deploying the protocol seems really scary. The point that I was trying to make is that when we were reviewing the codebase we didn’t feel confident and 2 critical vulnerabilities were actually found before the release.
This is a perfect example of an issue that is close to impossible to discover with just testing. It was found months before releasing Aragon to mainnet. By the time that we started the bug bounty program, no critical bugs were found.
AFAIK, anyone would still be able to create disputes without paying the subscription fee. Requiring all jurors to check whether a contract is up to date with payments doesn’t seem like a useful use of juror’s attention.
It hasn’t been decided how it will be parametrized yet. ETH is a terrible unit of account to pay for services such as arbitration fees given how volatile it is.
We didn’t set out to build a Kleros killer, but to have the best dispute resolution protocol for the Aragon Network and other DAOs. When we looked at Kleros we did indeed think that we could do better, started with the intention of doing a small fork but we ended up having to rewrite the entire thing.
At the end of the day what it comes down to for me and what everyone in the community should be thinking about, is what is best for the Aragon Network. There are two different implementations with different technical merits and a proposal to acquire some tokens to use a particular instance of one implementation (and such instance is at the moment controlled by one address that could mint an arbitrary amount of tokens).
Given that the team has made clear that they don’t plan on focusing solely on Aragon, what the Aragon Network would be acquiring is just the ‘network effect’ of the current Kleros juror network. I do think that the Aragon Court implementation will be superior once completed, but simply using Kleros’ implementation with a different token would be totally free in any case.
Not entirely sure what is meant by an “arbitrary call contract” (unless you mean something like the Agent app), but isn’t the point of aragonOS that you can sort of do that yourself without having to wait for Aragon One et. al to do it?
what I don’t understand is why people here are doing what they are doing? is it for the money for the power or for progress? if its for progress then forking is the best what can happen. Its all about diversity which makes the overall systems more robust i think.
Obviously there are people in both camps. I like to think that the people in this thread are in the latter camp, however I disagree that this means forking is necessarily better.
Network effects are real and strong, and I do think there is some value in not forking unless you really need to. I also think people working on the Aragon Project share this same sentiment, but that they felt it was the best course of action this time around.
yes I understand that the community is very important but Kleros don’t lose their community only because aragon is forking them and if the community would move then kleros can copy their code. its a fair game i think. if you have more money you can move faster and perhaps then you can swallow other projects by being ahead of the game but then what do you loose you are still in the game and you are the one of the few who knows the system best to make it even better. but sure your ego can hurt yourself its a game against yourself. Forking is only bad if the community is ego driven and not progress driven. ego driven projects are doomed i think they are boring and they don’t progress. but if people loose money thats not nice. so perhaps its possible to somehow bond tokens together based on the influence a token has/had on the actual project (convection voting bonding curve or convection voting air drop )
Yeah for sure, lines of code is just a basic heuristic. But reading ANJ court code I had the feeling this heuristic produced pretty decent complexity estimate.
That’s really cool and congratulation on all the progress made since we talked about that ! We’ll definitely watch for its release.
From my auditor experience, less than 20% of vulnerabilities could have be caught up by testing (and the one which were, were really obvious and would have hardly be missed by other reviewers).
Because when you hack contracts, you generally use some path people did not thought about (including in tests).
But as I say in my security class:
So I won’t ever complain of people making too much tests.
Note that the commit issue was not directly affecting the release (as commit and reveal were not to be used at this point). There were still more than 1 week for people to hunt on the updated contract and it included all devteam internal auditing the contracts again (and I can tell you that spending more than 1 week on 1300 lines of code is not gonna lead to more bugs to be found). The release started with limited funds at stake as only the T2CR was connected. It has now been live for 6 months, had approximately 350k$ worth of value passed through it and no single bug were found in the live version.
No bugs were ever found in live version of contracts made by Kleros Cooperative or contracts I audited (which is quite an accomplishment and I don’t have knowledge of other people with this record, even if there is still is a risk for bugs to be found in the future, so we should never feel too confident).
And even if Aragon One team were still not convinced, they could review it again and pay for an audit.
Yeah, but unfortunately, there does not seem to be non custodian (or with equivalent security risks) stablecoins. DAI is going in this direction but there is still a bit of work.
And the other instance is still at the smart contract draft stage. It seems highly unlikely for Aragon One to release a court before the Kleros governor (which is required to make Kleros a fully decentralized cryptosystem) is released.
Having a live system with a centralized point, which will remove this centralized point (in due course and can show progress in this direction so it’s not just com) by the time you use it is equivalent to waiting for a fully decentralized system at launch (except that in the second case there, you wait longer).
So no matter which road Aragon goes, they will have a fully decentralized cryptosystem at launch of the Proposal Agreement dapp.
The arbitrable smart contract could verify that the subscriptions fees were paid. And even in the ANJ court scenario, DAOs would still be able to create disputes without paying subscriptions fees by using the original Kleros.
Kleros team doesn’t plan to focus “solely” on Aragon, but plan to support all the required DAO usecases as it is itself a DAO.
I don’t think network effects are to be undervalued, anyone can fork Bitcoin (and a lot of people did, even at early stage) but you can now see that the original network is by order of magnitude the most important and valuable.
The original Aragon One plan (as announced in Aracon) was to use Kleros code with another token. So the decision to fork the cryptonetwork (put a new token instead of PNK) was made before the decision to fork the code.
So the first decision is to fork the cryptonetwork. And unfortunately, beside ego, power and money (the Aragon One team has to find usecases to ANT to avoid its value decreasing too much) I don’t see any other reason.
Money may be a valid reason (depending of one’s morale) and that’s why this proposal proposes to fuse these cryptonetworks (live Kleros and draft ANJ court) with ANT holders getting some PNK so that the most monetary interesting way is to work together.
The decision to fork the code was only made after and thus cannot be the cause, but only made in support the decision to fork the cryptonetwork.
If Aragon were to go with another system, that would be good to have different systems competing and we would see some evolution theory giving more chance to the best ones to rise. But here there is just some planed cosmetic modification such that an user using the dapps would not be able to tell which is which (except thanks to branding).
The original reason of forking was to put an ANT derivative token. The Kleros team proposed a way to work together while still providing (greater in my opinion) financial benefits to ANT holders. Aragon One team discussed with us, with different team members having different opinion. Then they cancelled meetings and stopped responding.
I fully agree on that and that is exactly the point of the proposal. To find a progress driven way to collaborate contrary to an ego driven way with communities fighting each others.
At the end of the day, Kleros is an Aragon user and communities share almost exactly the same values.
I’m sorry, but this just doesn’t seem reasonable. Why would anyone ever pay for another project to be audited to figure out if they want to use said project? That sounds like a fast way to bleed funds.
I think this is a gross mischaracterisation of everything Jorge just told you.
I respect the difference in opinion here, but I wish this discussion could be discussed in a civil manner. There’s obviously a high degree of tension here, and the AGP seems to have sparked some outlash from the Kleros community as well. Calling people working on Aragon “ego-driven” and implying that they are money hungry is not fair.
I, of course, also agree that it’s not cool that Aragon One (or whoever you talked to) cancelled meetings/went dark without saying anything, if that is what happened.
We are speaking about 1300 lines of code there. And Kleros Cooperative does internal audits of projects we use (Uniswap, Realitio, Gnosis multisig and MiniMeToken to name a few) and even put bug bounties on them. You don’t pay for audit straight up, you first review and try break it. If you can’t and want to use it, then you can put more resources.
The decision to fork the code was made after the decision to fork the token. So nothing that Jorge told about the code could have been a reason to fork the cryptosystem (and I don’t think Jorge is claiming that the decision to fork the token is due to the code).
I did not call them “ego-driven” and I’m sorry if my words reflected that (I think we should try to be excellent to each others), but I said that at least one of the following must be true:
The original decision to fork the system was because of ego (A1 team had a plan to make a court, they then realized that Kleros system was better than their plan and chose to use it, but letting another project do what you had envisioned can be bad for ego and communication).
The original decision to fork the system was because of power (a desire to have more control on how the project would go).
The original decision to fork the system was because of money (finding utility to ANT which kept losing value compared to ETH hold in the treasury).
I’m not able to know which one (I can’t read people mind), so I can only hope this was because of money and/or power (wanting money and power is not something inherently evil, it’s normal to wish for the token you created to be valuable and it can also be normal to think that stuff would be better done within your network) that this proposal proposes to solve.
If I was convinced it was just about ego, I would not even have bothered to make a proposal as it could not be fixed with it.
as I understand when bitcoin forked there was bitcoin cash and all people who had BTC got the same amount of BCH. But because Aragon is more then Kleros the fair way i think would be to figure out how much value Kleros has brought to Aragon. For this both communities has to be asked through a process for example conviction voting. Because conviction voting only works for the present and not for the past community members could vote only how much % of Aragons value is based on Kleros today. Based on this % Kleros holder would receive ANTs not the other way round. If Kleros forks aragon then ANT holders get Kleros tokens based on the %.