🌱

DAO Weekly Meeting #47

Date
November 25, 2022
Timestamps

WIP

Type
DAO Meeting

Recording

Meeting Notes

Bean Sprout Update

  • Chicken Bonds should be coming out very soon, hoping to propose by 12/1

Operations Update

  • There are a couple of upcoming BIPs including adding the Depot facet and implementing Seraph
  • A lot of projects are being worked on
  • Technical documentation is being worked on
  • There is a plan to work on other types of bug bounty programs, Guy is thinking about shorter community-based audits

Marketing Updates

  • FarmerDan will be joining the team full time
  • The first educational video is done and will be going live soon

Engineering Update

  • Working on the Pod Market v1 interface, fixing bugs on the UI from BIP-29
  • SiloChad is thinking about how Beanstalk Farms can best set up Halborn for success with audits

Design Update

  • Focusing on the Pod Market v2 UX, focusing on what happens when you hover/ click around

Publius Update

  • The DAO is responsible for the security of Beanstalk
  • Onibi Finance launched this past week and Publius had nothing to do with it which is very cool for them. The question is, what should the DAO be doing around security with a protocol like this? The result of the April Exploit, everything Publius and Beanstalk Farms have pushed has been audited. How can we as a DAO give access to security resources in a permissionless way?
  • Another point Publius thinks is interesting is should Beanstalk Farms be promoting protocols like Onibi. On the one hand, they think it is an amazing development for the ecosystem, but it is hard to support/ put our name on something that is unaudited
  • Audits are no guarantee of safety, but Publius thinks we should be promoting audited protocols
  • It is super exciting to see people using Roots on Paradox
  • There should be some process for an individual project to request access for audit resources
  • Publius encourages everyone building on and around Beanstalk to apply for an audit
  • Publius does not feel inclined to Tweet or write about an unaudited protocol
  • There is nothing Publius can/ will do to prevent an unaudited protocol from launching
  • It is up to the BFC on how Beanstalk Farms wants to work on this
  • Publius thinks the more audits the better
  • Mod323 thinks 3rd parties should be able to request an audit on a certain protocol
  • Publius thinks there can be real economic activity within loans, based on credit between businesses. The technology is not there yet and this is just how Publius thinks it will play out

Transcript

okay I think I think we can get started uh thank you everyone for joining us and Happy Thanksgiving um we'll we'll make this uh maybe meeting a short one or actually we can we can take as much time as we want uh as others also uh feel red him so how are you Mr manifold hey mod I'm doing well how are you all is all is well here can you maybe briefly uh give us an update on on what bean sprout is up to yes I can uh well so real quick just starting with uh the the chicken bombs uh I think we should you know it got delayed a week we're gonna try to get it out this week um hopefully coordinate with Breen get out a proposal that is um so hopefully by like mid next week or this upcoming week uh or Thursday I'm just looking at the calendar here we can have that up so I think that's the most significant update on the bean sprout on is just um we want to get that out we think it's a really a really positive thing uh to start get started on yeah and that's a proposal Mr manifold if I understand that correctly right yeah sorry when I say get it out I mean get out the proposal yes yes got it um and and you said sometime next week yeah yeah I'm gonna coordinate with Breen but hopefully by by Thursday at the latest great all right um thank you thank you manifold for the update how are you guys am I doing well uh happy to have a quick update on what's going on in my world um yeah a couple upcoming bips namely uh the adding the depot facet and the other uh function call architecture upgrades that integrate with Pipeline and then another one for for Seraph which uh the Dow had some Converse started some conversations about a couple months ago so hopefully in the in the next coming weeks uh those can go up for voting uh otherwise there's a there's a lot of projects to make progress on in the meantime um for example you know after receiving probably 20 plus bug reports through immunify I think we have a lot better idea about uh sort of language to tweak on that program to make the process a little bit smoother for both the Beanstalk community and the white hats reporting bugs uh some technical documentation to get out that I think I'd mentioned the last couple weeks or so and uh yeah I think I'll leave it at that otherwise you know grateful to uh have the chance to get to spend my life and career working on Beanstalk and with the awesome group of people that uh you know also decided to do so so happy to be here thank you Austin and and same same here and everyone uh I guess was was in this meeting now um Austin you mentioned maybe the immunify bucket of course is the plan as well to maybe get other let's say Bounty programs or similar Bounty programs to immunify uh definitely so there are a couple um sort of what I would describe as uh shorter community Bounty type audits uh that I think uh it's called code Arena I believe there's an I think there's another one called hacker one and so I think that's something we definitely want to get started with potentially uh you know pre-voting on bips we can have some sort of intermediate period between you know the Dao discussing a draft proposal and voting on it such that uh you know white hats have the opportunity to earn bounties on coid uh code code code excuse me code that hasn't been deployed yet uh so definitely uh that's uh on my list to get up you know I mean I think the immunified bug Bounty program has been you know in my opinion a huge success and so it seems like the more more eyes we can get on Beanstalk from a white hat perspective you know the better and it's uh Thyme and beans well spent agreed and as a reminder to everyone the nature of decentralized applications that the security you know lays down on on the towers or it's all all the responsibility of all of us uh basically so anyone you know who can think of things that can be improved or ways that can you know help secure beams like better please reach out and you know share it share it with others I can maybe go quickly over marketing updates I have two main updates the first is uh farmer Dan his snapshot went out this week and um he'll be joining us full time and uh we'll start on Monday or next week and then um the second update is we have the first educational video let's say is ready I'm going to share the link to it it's a private link so you can you can see it now but we will announce it sometime next week otherwise side of Chad how's it going at your end good mod uh continuing to make progress on a bunch of fronts um notably the Pod Market the user interface fixing some bugs with uh the transition to uh the code that went out in bib29 on the current UI and then continuing to work on the new version as well as lots of updates on the SDK side kind of really getting things rounded out uh as more folks in the ecosystem start to to use that product uh and then you know kind of a little bit higher level thinking about how from an engineering perspective we can continue to set how born up uh for Success when they're doing audits I think we'll spend some time thinking about what the right process looks like for Beanstalk farms and for the community in terms of reviewing code before it goes out uh as well as how that relates to programs like immuneify and other bug Bounty programs and halborn so we'll be spending some time just thinking through how we can best uh make that happen thank you Chad sweet red beans hey mod uh my focus has been just sort of still on the Pod Marketplace this is the kind of major thing that that I've been working on but after some feedback last week making a few more tweaks to some of the micro interactions with the chart so specifically you know what happens when you hover and when you click around and so uh getting pretty close to being finished with this um and that's hoping to sort of wrap that up in the next week or so thank you thank you for that okay um I'll give it a minute see of those who are with us if they want to share anything before maybe going to Publius and having an overall update on what they're up to Publius how are things at your end doing quite well mad so a couple things to touch on briefly first to the point Silo Chad was making about uh the Audits and putting the Auditors in a position to succeed and to your point mod about we as a dow collectively are responsible for security uh one thing that I want to shout out but also just kind of raise a question which I don't know the answer to is uh onibi Finance launched uh this week kind of out of the blue and there's been a little bit of chatter about it in advance but uh this is to our knowledge the first project that has been deployed on or around Beanstalk that we Publius have had absolutely nothing to do with and on the one hand this is really really exciting time and obviously one of our main metrics of success if you will as pseudonymous Founders that ultimately don't want to continuously be serving the role as the founder the fact that there are people that are just on their own independently building protocols that they feel are needed on top of Beanstalk that is it's really amazing uh now the question to be asked is what what should the Dow be doing in terms of security around a protocol like this so Beanstalk obviously has had uh a major issue back in April around security and the result is that now everything that we publicly put out and Beanstalk Farms has put out and some of the other code in the Beanstalk ecosystem that has gone out since April like the root token uh even the Paradox markets those have all been audited uh by halborn and I think with the exception of the Paradox contracts are now included in the immunify boundary program uh and so I I guess the question becomes with the goal being to have as much of a permissionless open free in terms of thought uh and censorship development process on and around Beanstalk where people going and building their own stuff on their own it's highly encouraged what can we do as a dow collectively to both offer all of the resources in terms of security to all of these independent developers they can take it or leave it and then separately if they if they leave it and and the code is unaudited what is the right relationship for Beanstalk Farms to have with these developers or for publics to have with these developers and what's the right way to even talk about some of this development and saw in one of the Discord channels someone was Raising well shouldn't we and I think they were referring to Beanstalk Farms there but to our conversation in the last dominating not exactly her sure who who the Wii refers to but should we be promoting something like maybe and on the one hand I think it's very clearly an amazing development in in the ecosystem and something we should all be proud of and trying to support but it is it it must be said that at least from our perspective it's really hard to support and put put our our our name on and I guess it's not our name on it because we're working on it but even just talking about it uh something that is unaudited at this point and I do just want to dig into the minutia here even though it may not be the most helpful audits are no guarantee of security or safety as we've we've talked about many times and therefore there's this weird concept of setting a precedent that the only stuff that will be supported is audited code given that the audited code the fact that it's audited doesn't mean that it's secure but do feel like this is a discussion that should be had and perhaps there should be a a thread opened up in the Discord or something for us to collectively start to talk about this but that that's maybe the main open question on RM that we've been really thinking about uh over the past couple days because the sonibu launch is so exciting but it also really does pose some very important questions to to us as a collective on how to how we should how we should offer resources to to Independent developers and what is the Comfort level on promoting or supporting or sharing information about whatever you want to call it uh these these unaudited pieces of code so that's that's one thing on the mind uh otherwise feel like it it's been pretty exciting seeing the some of the betting uh on Paradox take place in Roots and a little bit of organic demand from uh people betting to actually buy beans and mint Roots that's very cool to us and given that to date the vast majority or perhaps all of the demand for beans have been speculative in nature uh the fact that people now buying beans to use them immediately that's that's very neat uh so that's that's a one thing that has certainly put a smile on our face uh over the past week or so and otherwise uh probably not too much to report uh there's a there's a lot of great stuff that got pushed last week and so uh I feel like the next couple weeks will be more uh tweaking things and and ironing out details as opposed to pushing lots of uh new bits if you will so that's that's at least from our perspective what the next couple of weeks seem like they're shaping up to be as we head into the end of the year but uh lots of good stuff to work on and generally uh generally feeling pretty good Happy Thanksgiving everybody thank you Publius um with regards to the honorable launch and I agree with you the the initial thought that I uh um I had when I read that message from one of the farmers uh was like you know is it ready maybe to share or do we wait a little bit what what would you suggest um on Publius is is the you know the approach here do we do we maybe audit you know from now or do we wait a little bit see some usage and then you know propose an audit what what what do you think is is the is the way or the approach for and I know that you said you know you're unsure yourself but what would you recommend maybe you know to the Builders of honorable to do so I think there's there's two separate questions one is around the audit itself and two is around what Beanstalk Farms or what we Publius can do uh to to help support the protocol uh in the case where it's unaudited so and I I believe I'm correct when I say that the protocol is currently unaudited uh if that's incorrect then I guess this this discussion only applies from how to handle future situations but I I it is probably worth saying that for a protocol like this that has been developed independently there there should be some process or procedure around the allocation of audit resources such that people can't make some some defy protocol that has nothing to do with Beanstalk and say they're going to use beans as one of the erc20 tokens in the protocol and therefore the down has to pay for audits uh on the other hand it's probably too fine of a line to say that only projects that are directly exclusively related to Beanstalk uh are qualified for a an audit paid for uh by the Dow instead of capacity and don't necessarily think there's a right answer here but would certainly encourage everyone building Tech on and around Beanstalk to apply for an audit uh again I don't I don't think we really have a formal process for that yet and that may be something that in the very short term it may make sense to try to spin up but even informally uh believe that uh we reached out in one of the Discord channels to them and let them know if they wanted help getting the code audited we could facilitate that and to my knowledge they haven't reached out uh again it's it's a balance between between too much caution at the cost of uh Innovation and not taking unnecessary risks and so don't certainly don't want to come across as disincentivizing or discouraging people to just go build cool uh but think that if you're gonna go build it particularly if there's not going to be any cost to you uh it probably it probably is in the interest of everyone to have the code audited before it's published on chain or in the vast majority of cases that would seem to be the case and so with that in mind with the premise that this is unaudited don't really feel like it's appropriate for us for Publius uh maybe it is appropriate but we we are not inclined to do it uh to tweet about or write about uh such a protocol simply because at this point I think that the the lesson around uh using unaudited Code has been learned on this end and are not really interested in transgressing it but with that said there's nothing that we can do or will do to prevent even if we could we we wouldn't prevent someone from pushing unaudited code that people can use or someone else can have audited uh but the point is I think when it comes to to promotion even in the loosest sense of the work just tweeting about something that's probably just from a practical perspective not something we're going to be able to do uh now what's the what's appropriate for Beanstalk Farms to do uh it's unclear to us and frankly feel like that's something that the BFC should probably figure out uh how how they as a collective wanna treat certain projects like this but at least From publius's perspective it's very hard to to to talk about it in a public context other than some Forum like this where it's much easier to be nuanced uh just because of uh the risks Associated I I can't even say from a from a monetary perspective but I think more from a reputation perspective which is unfortunate because in general hate to Hate to be optimizing around reputation that's generally a losing game but things that that in this case there is some some really high asymmetric risk associated with using particularly in high volume or dollar amounts unaudited code so uh yeah tough to know exactly right what the right thing to do is but in general certainly considering that for the moment it seems like there are more than enough audit resources to go around that we as a collective should should certainly err on the side of more audits versus the last thank you Publius and I and I guess also one more thing maybe is that also farmers can request to audit maybe code that they didn't write so let's say you don't want to be on a on a b is out and uh you know people people or Farmers want to use it so you know you can also uh come forward and say hey we would like to you know deposit beans or use beans on that protocol we would like like it to be audited and and that that could also be a start yeah not sure if this is the right time to try to figure out what a formal application process would be like or a way for the Dow to to vote on such proposals but feel like that's something we should we should try to get ironed out immediately pretty cool that pushers come to shove here we've got just people building stuff on top of Beanstalk I mean holy cow I agree especially with someone that we're like unsure as well you know what is uh this is really as decentralized as it gets I guess this is the name of the game so I think we we as a collective need to figure out how to best play these types of situations but this is a very good problem to have great and look forward to more more similar ones let's say okay a question from Messer Tony um they ask are there any plans to implement in the future a collateral free credit creation system or incentivize this creation so they think that in their opinion scanning Supply organically with loans you know to create goods and services outside the use case of mere financial leverage like bands Banks do in the euro dollar system would be a qualitatively in real economy I think Mr Stoney maybe you're bringing in a topic that we briefly discussed earlier which is you know the Beanstalk Dao is showing loans Publius do you have thoughts uh there or uh you know maybe opinion on this question sure so we'll we'll maybe go about this a little bit differently than you had suggested mod which is that in an in a in the current state of the economy the way that credit most typically exists between businesses doing Commerce is in the form of Bill discounted where some some business owes another business some dollar value at a future date and there's some time mismatch associated with this company's uh income and when they're going to receive it and what their their their payable obligations are and credit is really the primary way that the the time difference in in in when you're going to be paid and when you have to pay things as a business is alleviated and in short I think this is maybe getting way ahead of ourselves from an economy perspective or being economy perspective but one can imagine that if a significant amount of Commerce or even not a significant but a non-zero amount of Commerce is happening in beans that the obligation to pay beans at some point in the future serves as the basis for larger credit Creation denominated in beings between businesses or the fundamental underlying cause of the credit creation is real economic activity so if anything you have to buy for Kate the credit creation at the level of the protocol where demand for the unit of account let's call it results in an increase in the demand for the credit of Beanstalk and separately uh you have entity keys and businesses and consumers that are transacting in beans that there's a second layer of credit creation happening on top of beans as the currency uh but but but feel like a lot of the the tech and infrastructure and and real economic activity that will be required to facilitate such a credit creation system is at least a little a little ways away uh but that's at least on this end that's how we're thinking this will probably evolve at the time being but still very much uh unclear and practice foreign okay let's uh give it a minute uh see if others have other questions maybe or topics to discuss and once again this is an open Forum so you can just unmute yourself and join the conversation or drop it in the bar in your chat okay thank you all for joining us today Happy Thanksgiving and we'll see you next week