Aragon Token Sale Technical Overview
TL;DR: ANT is a MiniMe Token with built-in vesting functionality. Two security audits are currently being performed and a bug bounty will begin soon. ANT contract code is live on Github.
This post will discuss the ANT base token and its functionality, the ANT sale contract, and the current state of ANT security and future efforts to ensure a successful token sale.
Aragon Network Token
1. ANT is a MiniMe Token
We decided to use MiniMe as the base token for ANT because it offers flexibility, security, and a clear upgrade path. The MiniMe Token is an ERC20 token created by the Giveth team that maintains a history of balances and is easily cloned to create independent tokens with unique functionality (shout out to the Giveth team, definitely one of the best Solidity development teams out there).
In addition, MiniMe is a great token standard for governance because it keeps track of balances at the time of starting a proposal vote. This removes the need to lock balances after voting to prevent double voting. With all of its benefits, we're considering making MiniMe the default token for all Aragon organizations.
contracts/MiniMeToken.sol
aragon-network-tokengithub.com
2. ANT has built-in vesting functionality
ANT distributed to founders, early contributors, presale partners, and advisers have built in vesting schedules to align incentives and prevent market dumps from individuals who got special terms because of their involvement. To accommodate holders with little cryptocurrency experience, we've kept our vesting schedule relatively simple (see our sale terms post for details).
The vesting function effectively locks ANT from transfers and transactions until the ANT is held for a set amount of time. So if a holder attempts to transfer more ANT tokens than vested (or matured), the transaction will fail and not execute.
For security we have kept the ability to grant vested tokens only available to a bunch of manually whitelisted addresses (at this time, only our multisig and the future sale contract).
If you are an exchange or plan to automate purchasing/holding ANT, we recommend you read A note for exchanges or holders interacting with ANT in an automated manner for technical considerations with the built-in vesting functionality.
contracts/MiniMeIrrevocableVestedToken.sol
aragon-network-tokengithub.com
Token Sale
3. The sale contract is a MiniMe Token Controller during the sale period
The sale contract will act as the Token Controller with the power to mint, destroy, and transfer ANT during the initial sale according to explicit rules in the sale contract. This ensures a fair token sale because the rules are transparent, enforced through code, and immutable.
contracts/AragonTokenSale.sol
aragon-network-tokengithub.com
When the ANT sale is finalized, controller power will be released to a placeholder contract until the Aragon Network is deployed, when it will forward controller power to the Network. This contract cannot take any action towards ANT, it just allows transactions.
contracts/ANPlaceholder.sol
aragon-network-tokengithub.com
4. Sale cannot be finalized until the hidden cap is revealed
The sale contract will set a hidden soft cap commitment (SHA-3 hash of the actual hidden cap amount and a secret number), inspired by the Ethereum Name Service secret bidding mechanism.
In addition, the sale contract will set a considerably higher hard cap. This puts an explicit limit on the amount raised, regardless of what happens to the hidden cap.
If the sale raises an amount equal to or higher than the hidden cap, the cap will be revealed and the sale finalized. Note that since we're implementing a soft cap, the sale could raise an amount higher than the hidden cap amount but not higher than the hard cap.
We will have the ability to reveal the cap before reaching it, in which case it will be considered the hard cap of the sale. This could be done to prevent a very high value surpassing the hidden cap. We don't believe the cap will be reached, but we included this measure in case the sale goes crazy.
If the hidden cap amount is not reached, the cap will need to be revealed to finalize the sale.
*Finalizing the sale means enabling ANT token transfers and minting Aragon's share of ANT
5. Funds are locked in a special proxy wallet until the sale is over
The sale contract is the most complex one involved in the sale, and we wanted to avoid holding funds in the sale contract. Instead of being held in the sale contract, the funds from an ANT sale will be immediately redirected to a simply proxy wallet in the same buy transaction, and then redirected to a multisig wallet once the final block of sale is complete.
We first proposed directing funds to the multisig wallet in the same buy transaction. However, we soon discovered that this opens a potential 'attack vector.' If the funds are transferred to the multisig in the same transaction, the multisig is free to mint infinite tokens (below the cap). To ensure security and instill confidence in potential buyers, all funds will first go to a very simple proxy wallet whose sole function is to hold until the final block and then transfer funds.
contracts/SaleWallet.sol
aragon-network-tokengithub.com
6. Sale can be emergency stopped at any time
For security, the Aragon multisig can stop and restart the ANT sale if there is an emergency and security is compromised. Unless a real threat is discovered, this function will not be used.
7. Aragon Network is deployed by a different multisig
A community members multisig will deploy the Aragon Network, and transfer token controller power. This community member multisig is composed of the Aragon multisig and 4 other respected individuals capable of ensuring deployment is successful for the community.
We believe all projects should release their multisig structure to identify the decision makers behind the 40 digit address. Thus, all members of our multisigs are required to publish a proof to the blockchain (linked in the document below).
multisig.md
aragon-network-tokengithub.com
Security
8. Sale contracts have 100% unit testing coverage
Code has been kept simple and documented. All of the sale code paths have updated unit tests that are all passing.
There are 17 tests related to ensuring token correct behavior (ERC20 compatibility), 13 tests to ensure the deployment and setup of the sale is solid, and 19 tests to ensure correct sale and post-sale functionality.
tests
aragon-network-tokengithub.com
9. Two independent security audits are currently being performed
Two top smart contract auditors are currently reviewing the token sale code and ensuring its security. This includes:
- Jordi Baylina, main developer of the MiniMe Token. Audited MainStreet token.
- Piper Merriam, Ethereum Alarm Clock developer. Audited the ENS and Maker DAO. Current ENS multisig key holder.
Results of the security audits will be published prior to the sale.
10. A bug bounty program is starting next week
There will be a bug bounty program covering all contracts involved in the Aragon Network Token sale to ensure thorough testing. Details about the bug bounty will be published next week.
Conclusion
Designing software is hard, and designing software that's responsible for securely moving other people's money is incredibly stressful. There were a lot of comprises -- and git commits -- made to arrive at these current state contracts. Developing a token sale seemed like an easy task achievable over a weekend, but ensuring it has all the wanted properties without making too many compromises is difficult.
For more details about the Aragon token sale, you can check the sale terms or read the whitepaper.