DAO Weekly Meeting #28

July 14, 2022
00:00 Intro/Agenda • 00:15 Marketing Updates • 01:36 Bean Sprout Updates • 02:17 Copy Updates • 03:38 Web Site Updates • 04:21 Design Updates • 05:18 Misc. Updates • 06:05 Audits & Testing Updates • 13:53 Open Floor
DAO Meeting




  • Lined up Bean Pod guests from Liquity, Tellor, and Halborn
  • Mark Jeffrey will have us on his podcast after replant

Bean Sprout

  • Busy with fundraising and building with Root
  • An announcement will be coming with a story from a media outlet


  • BFP-79 passed with terminology changes. Corresponding changes have been merged to a development branch of the UI.
  • BFP-80 for establishing the Beanstalk Farms Committee was proposed yesterday
  • Gitbook is in the final stages of review
  • Disclosure statement is also in final stages of review

Web Site

  • Have a working version of the replanted Beanstalk under testing
  • Still a lot of work to do on migration related things


  • Been working on styling of the forms
  • Working on finishing up details, with most of the structure complete

Audits & Testing

  • Halborn update is done and published
  • Trail of Bits report should be out in the coming days
  • Now that the audits are done, we’ve open sourced the code on the main Beanstalk repo. There is a pull request called BIP-21.
  • Migration script is almost ready. Still ironing out a few things and testing everything.
  • We might want to engage Halborn for audits on future BIPs or have them on retainer for continuous audits.
  • Want to see how people feel about using a Halborn service called Seraph, which acts as a last line of defense against malicious activity


okay um a lot going on on the farm a few uh members aren't able to make it so um there's some updates left but I think some others will be able to give updates on their behalf um so that being said let's just uh kick it right off uh mod do you want to give an update on what you're talking about marketing sure thing hello everyone um okay so marketing um so for the podcast for the bean pod we've been active lately inviting some guests so we have lined up uh guys from liquidy and then teller and halborn will be um you know coming to the coming to the podcast after we planned uh uh Mark Jeffrey will have us in his podcast so we're thinking in general uh when it comes to be in stock itself is that we will want to have a pianists and so on post C plant and not and not before that uh that's why we think it would have its most or highest Effectiveness uh blog post with us we have the third piece we're still working on that is going to be a bit of a long one so it might take us some time uh to get it you know the way that we wanted to be uh to be returned out uh the root announcement uh we initially planned it this week but we might have an opportunity to have a story with some media Outlet so we're looking at next week now um and then lastly the hardware audit which I believe everyone was already aware of is already out on the report the report is out you can also read it that's it from marketing side great um and then mod I actually um I don't know if you have anything else to add but Mr manifold's not able to make it today um but the quick update from him is that he's uh um busy working on on fundraising and working through building with root itself um I don't know if you have anything else to add on on the root front end or anything that Mr manifold was tackling yeah so the only thing for now is we might have an opportunity for the story with amidia outlet and this is why we're pushing it uh later but you know as as that happens we'll we'll share updates but we might have a story with with an outlet and we're looking at next week perfect thank you um Stella do you want to give an update I think um there's a quite a few things in terms of um what you're working on and what else in second and two yeah sure and I'll start with Austin's uh since he can't make it today um so to read off his items here so bfp 79 has passed which proposed a handful of updates to the Beanstalk verbage uh We've merged corresponding changes to a development branch of the UI and are updating the terminology and the contracts um over time we'll largely put that on hold until there are subsequent audits um bfp 80 was proposed yesterday on Snapshot uh you can read the suggested guidelines for proposers of the initial set of bfcps on Commonwealth uh the link is in the town hall chat uh get book is fully drafted and in the final stages of review after launch going to work on one embedding link get book links in the website where appropriate and two making a full pass at all the dynobot commands to include um include those links disclosure statement is also in final review and the current plan is to have the Dow ratify the statement given the Dow is one of uh is the one that ultimately dictates the design of Beanstalk and the disclosures is about the implications of design this will probably be another bfp and then finally getting started on the replant bit proposal so uh feel free to reach out to Austin if you have any questions on that front on on my front uh with with cool bean and sweet red beans just continuing working hard on the website we've got a working version of the replanted Beanstalk that we're testing against um along with Publius so have been kind of working our way through all the different pieces of functionality to test and finalize still a decent bit of work to do with respect to migration specific things so things like allowing uh ripening of unripe beans and chopping and all these different things so we're working on that this week and hopefully I should have some of that ready to go by the end of the week or early next week great thank you um sweet bread do you uh can you give an update as well in terms of design yeah happy too um yeah so this last week has been uh basically have spent a bunch of time kind of affecting The Styling on the forms uh they're kind of all ready to go we have all of the flows uh styled so uh yeah a lot of detailing at this point I think the site is is the bones are there and um I think we're getting very close to being finished with with all of the details kind of things like spacing and padding and stuff like that so um yeah like Silo Chad said we're pretty close I think at this point we're we're uh mostly trying to finish all of the copy and um applying all the Styles sites so um yeah great thanks um and really quickly on a couple other fronts uh so we are progressing conversations in terms of uh 101 with the education so now that the get book is very close to being finalized and be at p79 is out there's a lot of really good content that we can use to create um one-on-one courses so uh mod kicked those off previously we were trying to integrate that into some zero to bean stock stuff but it'll be focused on the education piece where we're trying to tie into poapp so we'll have a conversation today with the one-on-one team on that um and give an updates as we know more and then on the uh being nft front we're gonna have a design review uh today and those are progressing along uh well uh we'll be you know ready shortly after replant um Publius do you want to give an update on your end can you hear me okay hello yes we can yep awesome um so as you guys know I can't hear you anymore as you guys all know the uh the halborn final report is done and that's published which is super exciting we should have trail of bits you know coming out in you know the next few days to a week um we've sent them the you know the changes in accordance with their report earlier this week and they've started their fix review which is really exciting um kind of I guess it's a it might be helpful to talk about what's next kind of beyond the Audits and what's required for replant um so now we have the audits done we've open sourced the code on the main Beanstalk repo you can go ahead and look at it there's a pull request open called bit 21 on the bip 21 branch which is super exciting we're very excited about um the full replant migration script which is you know fairly Hefty is you know pretty much finished at this point as well still ironing out a couple few edges here and there um through you know full regression testing you know just making sure you know all state variables are what they should be post-migration and you know the replant occurs as expected um so kind of what's what's next um given that the code is you know 99 done open source and audited um we still have a fair amount of testing to do and you know we we you know we are confident in the quality of the Audits and you know the testing that we've done so far but you can you can never be too sure and you know security is still the priority um and for us what this looks like is you know spending another week or two first off you know wrapping up on the unit testing front testing every single line of code with individual you know hard-coded tests ensuring that the results are as expected then moving on to regression testing which what that means is full-scale system testing you know applying the replant over and over again simulating you know a series of kind of pseudo-random transactions and verifying that they're all behaving as expected and then finally you know once once that's done and the UI is in a good place you know do a full-scale kind of QA testing manually through the website apply the replant a couple times and you know manually through the website transact a bunch of times um so you know personally feel like we're in a great place and really excited for you know kind of these audits to be done and this code to be open source and you know would love to get all the eyes on it that we possibly can and you know hopefully get a bug Bounty up or something um but you know we still have uh you know a couple weeks of testing left just to ensure that these contracts are as secure as we need them to be great thank you Publius um it's really exciting to hear overall I think we're all really excited about the audit progress um publicity um 696 are you able to give an update sure thing so in addition to what Publius was just talking about uh the the only other thing to mention with regards to the audits is that halborn uh now that they're complete they've completed their initial audit there's two separate items for the Dow to consider with regards to halborn one is uh they offer some sort of continuous audit Services where there's in theory someone on call to review bips or other proposed changes to the code and I I think we have another call with halborn in the next couple days to get additional information in that front uh but it's probably going to be pretty expensive to have them on retainer uh not sure exactly what it'll what it'll cost or how many uh reviews or what that looks like yeah but we'll try to get more information from the Dow for the Dow excuse me and then the second item with halborn which this is something honestly we're not really sure how people will feel about it so just want to present it is halborn offers uh a new service called Seraph which is a basically a protocol that they have implemented that facilitates smart contracts to add like a last check or a last line of defense that in practice would be halborn to prevent anything malicious from happening to the code so in the instance that there was the flash loan attack that be in stock uh was victim to in April uh the execution of that bip uh assuming that the sirath rules prevented the withdrawal of all assets from the contract that's an example of a rule that Seraph would enforce that in theory uh adaptive wouldn't have been allowed to be executed so frankly the the the toughest part on this one is around permissionlessness and decentralization where now there's certain actions that are by definition permissioned or uh not permission lists because there's a last line of defense and we when when halborn presented this to us maybe a month or two ago uh we asked them about well what happens if for example a government sends them a seats and desist that says you can't continue to audit uh being stalker offer the Seraph services or something like that how would you know if there's this last line of defense how can how can Beanstalk continue to be permissionless in that instance and they last time we spoke to them they said that they updated the the protocol to facilitate uh Behavior where if they were received a cease and the sister couldn't do anything they could just turn off the surround services on their end whereby uh then the last line of defense would just be removed so they would they they claim uh that they would never stand in the way of of the protocol but obviously there's no way to know so this is when it comes to risk management and trade-offs associated with risk management this is a particularly unique one and don't really have a good a good sense of what is appropriate to do uh but wanted to present this to the Dow and on this front if people are interested and want to learn more uh halborn are some of the representatives have said that they're willing to come to a down meeting maybe next week's down meeting and discuss and answer any questions about all this so this is uh I mean it's tough to know what the right thing to do is with regards to this but it's certainly an interesting service that the Dow should consider um that's that's really it on the audit front uh as Publius was saying we're still waiting for trail of bids to send publish their final report uh and which I think is next week and then also uh the fix review for the fixes that have been sent uh in response to the audit report so that we're still waiting on and then otherwise uh on this end working on the white paper and trying to get it ready to ready to go for replant so not too much otherwise uh but the the halborn serafting is a conversation we should certainly collectively engage in great uh yeah publicity I think it'd be really interesting to have them uh join in the down meeting next week if if they're able to make it okay um so I think that's largely it uh if anyone has any hands raised which it doesn't look like anyone does uh or has any questions drop it in the town hall chat um Sophocles I saw you typing something so if you do feel free to drop it otherwise we are going to call it there while we're here maybe I can kick off a few questions probably about about Seraph what's the difference here between this option and maybe having another Dao you know do that as well so we would look for another another organization and have them to be you know the last the last check I guess well there's a lot of different things one is that the the Seraph protocol which has been implemented to facilitate these checks is largely not autonomous code uh I mean halborn has developed a whole internal process for uh the approval or denial of various transactions and it's I mean given the sensitive nature of these types of approvals it's hard to imagine that today you know I mean right now at the current state and time that there is the sufficient decentralized toolings available for das it's kind of uh if if Dows could could self-govern in this fashion in a safe way then this probably wouldn't be necessary at all so it's tough to know what's technically possible in Fury uh but in terms of what's technically possible in reality today uh there is no good decentralized solution for this so this is if anything a semi-centralized compromise uh that gets around some of the the problems associated with decentralized governance so I mean I think I think we're all aligned here that the goal is to get Beanstalk back to on-chained governance sooner rather than later and permissionless on-chain governance and so the question becomes is that transition back to permissionless on-chain governance all at once maybe Seraph is like a nice guard rail to have for a year or something uh before removing it and then moving back to truly permissionless on-chain governance so it's just another tool that everyone should have in mind to consider but it's unclear whether it's the the right thing to do given the fact that it it does by definition need to need to happen at a centralized organization foreign this might be a different uh topic or discussion but another thought of it if we go back to on-chain governance with the same model that we had before and the same idea as well again is that it needs a minimum of 24 hours before something can pass but we introduced that at any point we can cancel a proposal so a proposal for it to be committed it needs 24 hours but at any point within those 24 hours anyone can cancel whatever you know bits or or proposals out there does does that give us any sort of security or well who can cancel it is the problem so if anyone can cancel it then in theory you never get to the 24 hour limit because no you know anyone can just cancel it so the the goal is to have permissionless governance where anyone can participate in in proposing changes now I think it's worth noting that the 24-hour freeze was introduced to allow people to uh have the opportunity to consider a bip uh join The Silo and participate in in the vote uh which was in if you think about how Beanstalk was exploited the fact that the attacker had to wait 24 hours to deploy the actual attack and contract after proposing the bip that's only so substantive when it comes to designing whatever governance should look like in the future I mean the 24-hour freeze that wasn't the the problem and that wasn't the you know something that prevented the attack from happening for 24 hours although I guess in in practice it did to some extent the concept is the 24-hour freeze is or delay between when a bimt has proposed and when it can be passed was more to allow ecosystem participants to to consider the bip and and vote join The Silo and vote so not not exactly sure not exactly sure how to answer your question mark maybe I'll follow up with that quickly so for for and and when I say someone to cancel it means the doubt so the whole dial has to vote to cancel but right now or what we had before is that even of the whole uh Dao votes for it it still needs 24 hours before it commits but if the whole uh Dow votes to cancel something then you know canceling doesn't need a 24-hour damage so the idea is that when I when a bip is proposed we have 24 hours to check it and if we're uncomfortable with it then we can immediately cancel it but nothing can be committed yeah that's not sustainable because Beanstalk should be resilient to malicious bits meaning anyone can propose a bit that is horrible for whatever reason the goal is to have Beanstalk be resistant to those types of attempted changes so to me it seems like a pretty crappy solution to make it such that anytime someone proposes something malicious uh that the whole down needs to vote it down within 24 hours that just seems like you know very very impractical to you so the reality is the decentralized governance or on-chain governance needs to be implemented in a way where it is resistant to flash loans resistant to malicious attackers and generally resistant to changes of the protocol as a whole so I I think one of the after replant one of the main topics of discussion will hopefully shift to decentralized governance or online governance and what that should look like but I think as a starting point we can't get overly bogged down in in the The Experience from April whereby the the concept is now like we're we're chasing our own tail like this solution of oh well within 24 hours you can always vote down a bit like that's very much chasing your own tail the goal is to have a system that is totally resilient to malicious malicious proposals and malicious action I agree I see how impractical this is and I guess yes we'll have the Unchained governance conversations later and I look forward to that okay uh well unless there is anything else we can we can call it there um thanks everyone for joining uh be sure to come to class next week and um we will see you in Discord thanks everyone