Financial Proposal: EVMcrispr, mutating DAOs' DNA 🧬

The charter requires we the ESD must assess deliverables before releasing funds, but due to the technical nature here, we are not in a position to do so. We would need the review posted here in the forum in advance of every payment, currently monthly - unless you change payment cadence.

The charter Sub DAO Agreements S 3 (a) i 3 also requires that the Tech Committe @nivida @voronchuk @p4u

  1. Approve technical proposals they believe would be beneficial to the Aragon project
    and DO NOT require a 3rd party technical security audit due to being low risk.

This proposal falls under this category and tech committee approval is required. To date only @voronchuk has expressed the product is useful.

Can the Tech Committee please provide an official statement to clarify your position that this project is/is not " beneficial to the Aragon Project" as it is currently framed to serve existing DAO on the Aragon Network and is not contingent on any commitments concerning Zaragoza.

Your approval is also required ongoing for the release of v0.4.x - v0.9.x

Can the Tech Committee coordinate with this team so that they can update the proposal or state in the forum here please for transparency cost for monthly review if you believe payment is required over and above the current monthly reward for tech committee members? Thank you


@nivida thoughts?

1 Like

I understand it now, thanks @lee0007.

I talked with Gaus, the founder of NFTX DAO, and he has offered himself to review every deliverable. If you think it is a good fit, I will proceed to modify the proposal so NFTX will receive a payment for their services (1,000 USDC per month).

To add more context to why I propose NFTX for an independent review:

For sure, the review of the Tech Committee will still be necessary to unlock the funds each month. We hope our report after releasing each deliverable and the independent review from NFTX will help to clarify how well are we doing, so they have all the information at hand.

1 Like

This sounds like an excellent option

@nvida can we please get the tech committee sign off as we currently have only minrority suppprt from tech committee, and despite unanimous support from ESD for funding it is the tech committee that ultimately must approve technical proposals

Hi all and sorry for the late reply here!

I can second @vorunchuk’s view on things. I was also already in contact with Sem about and forwarded him weiroll (an already working “VM inside the VM”). In Aragon App/V2/Zaragoza we have at the core of the architecture an Agent like executor that is capable of sequentially executing different actions. This means this proposal wouldn’t actually improve the new tech stack (if the UI part is done) of Aragon App but of course the “legacy” AragonOS.

However, if the product team decides to support AragonOS in the mid and long term until full feature parity is achieved (shouldn’t take 1y+) can we discuss using weiroll as the base and build a user-friendly “contract actions composer” as envisioned already by the tech and product team of AA. This would speed up the UX improvement for AragonOS this proposal has as the core goal and could be aligned with the overall Aragon Network roadmap. This is because if implemented well can it be used in V2 as well.

My conclusion: If we can achieve a win-win situation here would it be perfect. Also, I can envision a long-term collaborative relationship with the peeps of 1Hive (there are also ideas around as for example an AragonOS <> Aragon App bridge to leverage all the existing apps).

@sembrestels Let us chat about on the 20th of April here in Amsterdam.


@lee0007 @daniel-ospina, to be perfectly honest, I got a bit lost now. We have two members of the Technical Committee “endorsing” the proposal. It remains unclear to me do we fund it in its current form, or should it be adjusted to include an independent review?

We were on what seemed a great path and got somewhat sidetracked by the Charter.
Let’s figure it out on the call tonight and move forward

This looks good indeed, @fartunov, I think we almost have the support from everyone.

I modified the proposal to include a payment of 6,000 USDC to NFTX for the independent review and rolled out all the deliverables one month, so we start on May 1st, so you can discuss it again tonight @lee0007.

About @nivida’s proposal of including support to weiroll, for sure is an interesting technology we will follow up, and make EVMcrispr more modular so it can support multiple action encoders in the future. We can not use it as the base of EVMcrispr because we are unfamiliar with it, but we can make sure that when we rewrite significant parts of EVMcrispr in 0.5.x and 0.7.x we will make an extra effort to make it easy to include weiroll or other DAO frameworks as modules to the library. As I was saying in a previous post, we are predisposed to keep track of the developments of Zaragoza or any other technology Aragon proposes and earn experience with it, although it is still early for us to commit to an integration.

1 Like

ESD General Meeting Monday 18 April UTC 1900: Given majority support from Tech Committee and unanimous support from ESD. This proposal has approved ESD funding on the basis of

  1. independent review to be posted as a comment to this proposal in advance of the release of ESD payments
  2. approval of ESD Discretionary funding Season 2 for remaining months (2).
  3. Upon securing S2 funding the remaining payments are automatically approved for funding, based on the approval of this proposal and the terms provided

cc @daniel-ospina @fartunov


These are excellent news; thanks for your confidence. We are thrilled for the opportunity to continue with the development of EVMcrispr, and we hope it will provide the tools to create more complex DAOs and do more complex interactions with the already established ones.


I find the proposal very interesting and quite useful. I am happy that this is already approved and the team can start working on it.

As a side comment I do see important to make it compatible with the new Aragon developments. I know this is not in the current roadmap and I understand the reasons, however I just want to point it out so the team can take this into account, if possible.

Adding multicall support to EVMcrispr would be quite an important feature for being agnostic to the use case. This way we can probably integrate it in the coming Aragon APP and the current offchain governance solutions we are working on (Vocdoni and zkMultisig).

Congrats @sembrestels !


i want to highlight this thread because it shows stakeholder driven development done with evm-crispr

when stakeholders are able to learn and contribute to the community the value of their contributions can’t be overstated - thanks to the team building this & the Aragon team for reviewing and approving


This sounds like a great tool. I really like the CRISPR reference. We should chat sometime. It’d be cool to get to know all of you.

We are about to release the 0.4.x version of EVMcrispr, focused on introducing two fundamental building blocks for any programming language: variables and “get” functions (we call them helpers).

The current 0.3.x branch has the codename “emerging good” as it was the name chosen by the Giveth community, which sponsored EVMcrispr at the beginning.

We would like ask the Aragon community how we call the v0.4.x branch. The chosen name will appear in different places, including in the subtitle of the EVMcrispr Terminal.

  • “vivid memories” - because of the introduction of variables
  • “helpful discovery” - because of the introduction of helpers
  • “semantic conciseness” - because the language is more concise

0 voters

1 Like

May 2022 EOM Report

@daniel-ospina @lee0007 @fartunov


We released the EVMcrispr v0.4.0 with the following features:

  1. We introduced the environment variables feature. - Completed
    • We introduced the new command called “set”, which stores in memory a specified value that can be used later in the script.
  2. We introduced @me (formerly @sender) , @token and @token.balance helpers. - Completed
    • We introduced the @me helper that allows using the transaction sender address in the script.
    • We also introduced the @token(SYM) helper. We can use it to retrieve the address of a token from its symbol, fetching it from the uniswap default tokenlist. We can define a different tokenlist by changing the $token.tokenlist variable.
    • The @token helper has a sub-helper: @token.balance(SYM,account). We can use it to retrieve the token balance of a particular account.
  3. We started a EVMcrispr documentation website. - Ongoing

We can combine the new features in this example that requests all the funds of the vault of a DAO:

connect <your-dao> token-manager voting
set $token.tokenlist
exec vault transfer @token(HNY) @me @token.balance(HNY,vault)
exec vault transfer @token(WXDAI) @me @token.balance(WXDAI,vault)
exec vault transfer @token(ANTv2) @me @token.balance(ANTv2,vault)

Additional deliverables

  1. We reduced the test suite execution time from more than 2 minutes to only 50 seconds. - Completed
  2. We reduced the package bundle size from ~148 kB in v0.3.8 to only ~14.8 kB in v0.4.0. - Completed
  3. We introduced the “new token” command, which creates a MiniMe token, and we can use it when installing a new token manager. - Completed
  4. We added support to Wallet Connect. - Completed
  5. We added a new footer on the terminal website, with the text “Sponsored by Aragon” and the other organizations that support or previously supported us. - Completed
  6. We started to refactor the typescript library to decouple the EVM scripting and AragonOS logic. - Ongoing
  7. We now expose ethers.js contracts for each AragonOS app in a DAO. - Completed
    • They can be accessed from the EVMcrispr instance using the method “”.
  8. We put together the evmcrispr library and the terminal frontend in just one repo. This move makes forking and modifying evmcrispr much easier for external developers. - Completed
  9. We started using more modern technologies that make the website very fast: pnpm and vite. - Completed
  10. We registered evmcrispr.eth ENS, and EVMcrispr frontend is now available under - Completed

Funding Request

  • USDC (90%): $15,000
  • ANT (10%): $1,667

We request a relation of 90% USDC / 10% ANT instead of 70% USDC / 30% ANT because of the Financial Guild Proposal to reduce the spending in ANT.

Next steps

Aragon will host an Ask Me Anything (AMA) session with us on the 10th of June , and we would love to answer as many questions as we can on how to use EVMcrispr. We will monitor the posts asking questions about DAO architecture on and will do our best to bring some example scripts to explain what is possible to do today.

We also are going to start working on the next version (v0.5.0), which will include the following:

  • EVMcrispr library API refactoring.
  • Introduction of , @id , and @now helpers.
  • And everything else we can do during the next month!

Thanks to everyone who has shown interest during these months in our product. We can only hope to live up to expectations and make a tool that serves all your DAO-ops needs.


Thank you, look forward the NFTX review


Amazing work Sem! So many additional deliverables. Snagging evmcrispr.eth domain FTW.

Always enjoy scrolling through the frequent commits. I wish I could be equally productive as a dev each day.

Happy to sign off on this report on behalf of NFTX :white_check_mark:

EVMcrispr has been a big help for us and will continue to be even more so in the future I expect, considering all the ongoing improvements being made. Appreciate the work and concise writing as always!


ESD General Meeting Monday 18 April UTC 1900: Thank you @gausman for you review, which is the basis upon which the ESD are unanimously agreed to release the next round of funding, provided ultimate signoff from the Tech Committee @voronchuk @nivida @p4u

Scout rewards: @brent @alibama you are nominated by the authors and eligible to receive Scout Funding for your support in the development of this proposals. Please submit your fee notification as per the process here
@fartunov @daniel-ospina
cc Finance @Ricktik6


@lee0007 I don’t have any major remarks. Making a full-scope security audit of the 3rd party developed code is out of the mandate of the technical committee. While most of the code is a frontend, it’s potentially possible to inject maliciously intended injections into produced scripts. Validation that there are no such injections should be done by a professional auditor. From a user perspective, I like the product and the first milestone seems to be delivered in time.

1 Like

Thanks for your reviews @gausman, @lee0007, and @voronchuk! It feels fantastic to have unlocked this first milestone together.

The following two dates to take into account for EVMcrispr are:

  • We will have our first AMA on the 10th of June .
  • We plan to release the v0.5.0 on the 25th of June .

In regards to the security concerns, thanks for the heads up @voronchuk. It is imperative to be well-advised when using EVMcrispr, although you can have a little bit of peace of mind knowing that we manually publish every stable version of the app and DAO voters have tools to decode the vote scripts at their disposition.

Securitized frontend:

Each version of the EVMcrispr frontend is cryptographically signed and published to ENS. This means that when accessed through the ENS domain, it sends back a trustworthy and untampered version of the frontend.

The major problem we still face is that browsers do not properly manage ENS domains, so users need to attach the .link or .limo to them, making the sites vulnerable again to domain hijack attacks. Being hacked this way is unlikely, but not impossible.

And remember, we can always download the repo from Github or the site from IPFS and run it locally.

Decoding scripts:

Even if there was injected code within the script, the vote created still needs to be ratified by the DAO token holders. This process is done using the Aragon Client, an independent dApp that shows a description for each action that the execution of the vote is going to perform.

It is still obviously problematic that sometimes the Aragon Client does not detect the proper description and shows a “No description” field, but the vote calldata can still be decoded to see if it does what it says it should. We will release better tooling for doing that in the next version.

In conclusion, we must take security very seriously in a tool that interacts with DAOs that hold millions of dollars worth in assets in their vaults. Therefore, we use best practices to reduce the attack surface when using EVMcrispr. However, users must actively check what they are signing and/or voting, know what they do, or be advised appropriately.


@Ricktik6 let’s do this optimistically, please include the respective payment in the current payment cycle unless someone from the tech sub-DAO specifically objects.

cc: @lee0007 @daniel-ospina