Alt36 Proposal Issue & Resolution

Ryan Taylor

Well-known member
Foundation Member
During the finalization process for the October 3rd budget cycle, we discovered that the two proposals submitted by AltThirtySix will not be paid, despite garnering a net 21% and 18% of the masternode votes. The cause of the issue is that coinbase transactions (which pay the proposals) cannot support multi-signature addresses, and the payment address specified by the proposal owner was a multi-signature address.

How will this affect the superblock on October 3rd?

The only proposals that will be affected are the two proposals submitted by AltThirtySix.
https://www.dashcentral.org/p/Proposal-36DashSponsorships
https://www.dashcentral.org/p/Proposal-36-DashATM

All other proposals, including the proposal from AltThirtySix's partner CannTrade, are unaffected. Sentinel checks each proposal is valid at the time the superblock is created, so the only effect will be the superblock will exclude the invalid proposals.

How was an invalid proposal submitted?

No indication is provided to the user on either DashCental or the Dash website proposal tools that multi-signature addresses are not supported. In addition, there is no validation check on either website, nor in the Dash Core software preventing a user from submitting an invalid proposal with a multi-signature address. Dash Core is actually designed to treat governance objects neutrally (e.g., no filtering or "judgement" of the objects, which is handled by the Sentinel layer). AltThirtySix had no way of knowing that the proposals would be treated as invalid by the system.

The issue was first discovered this morning, when our software engineers were checking the superblock voting and discovered the two proposals were missing from the list and began diagnosing the cause.

Proposed resolution

We have communicated the issue to AltThirtySix, and they are aware that the proposals will not pay out as expected. We would like to propose the following resolution to AltThirtySix and the masternode owners that voted for the proposal.

First, we would like AltThirtySix to submit a proposal for the November budget for the same sum as the two invalid proposals, with the Dash Core Group's business development address as the payout address. As soon as the proposal is passing, Dash Core Group will release the requested funding to AltThirtySix. Dash Core Group will recuperate its funds at the time of the November superblock.

This solution ensures minimal delay for AltThirtySix obtaining the counted-on funding to host their launch event on October 14th. I assume the high support level these proposals received will lead to them passing swiftly, so it should not have a dramatic impact on executing their plans.

In terms of preventing this issue from happening in the future, we are taking several steps.
1) We will update the proposal creating website to recognize multi-signature addresses and prevent their use
2) We will incorporate fix in the Dash Core wallet starting with version 12.3 (a ticket has already been submitted for this fix), which could be either enabling multi-signature addresses, or preventing proposals attempting to use them from being created
3) We are notifying DashCentral of the issue as well, to see if they can include warnings to users submitting a ticket

Also, in Evolution, masternode quorums validate the public user data, then core validates the header, so this issue will be avoided altogether in the future.

If you have questions, please post them here and we will reply periodically.
 
Last edited:
This sounds like a reasonable solution. It would behoove MNOs to vote on the new proposals as soon as they are submitted, so that there is minimal delay. Unfortunately this means we will have significantly less budget available to work with next month, but we'll just have to deal with it. (Maybe the price can make up for it ;))

@rango @dashdisciple would you be able to include this multisig checking/address validation on dashcentral and dashtreasury as well?
 
2) We will incorporate fix in the Dash Core wallet starting with version 12.3 (a ticket has already been submitted for this fix), which could be either enabling multi-signature addresses, or preventing proposals attempting to use them from being created.

Preventing proposals attempting to use multisig from being created????? :eek::eek::eek:

 
The biggest issue is the budget deficit of 1968 dash removed from the next cycle. It's possible to have full budgets for the foreseeable future. It might be better to split this core refund payout into a multi-month proposal, assuming core can arrange that.

We will likely see good proposals not passing because of the size of this mistake. Those proposal fees should be refunded at minimum.
 
If multisig wallets do end up being disabled for payouts would you have any plans on working on enabling them in the future? It could play a big part in decentralized organizations that submit budget proposals to the Dash network.
 
If multisig wallets do end up being disabled for payouts would you have any plans on working on enabling them in the future? It could play a big part in decentralized organizations that submit budget proposals to the Dash network.
From my understanding allowing multi-sig has been on the roadmap. It's just going to get disabled for the time being unless the fix is ready.

Looks like they already posted the new proposal here:
https://www.dashcentral.org/p/Proposal-36-Dash-ATM-Sponsorships
 
Alt Thirty Six Official Statement


Last month, Alt Thirty Six submitted two proposals to the Dash Network that successfully passed. Our 36 + Dash ATM proposal garnered a voting ratio of 908 Yes / 64 No / 1 Abstain and can be found here: https://www.dashcentral.org/p/Proposal-36-DashATM

In addition, our 36 + Dash Sponsorships proposal garnered a voting ratio of 1017 Yes / 38 No / 3 Abstain and can be found here: https://www.dashcentral.org/p/Proposal-36DashSponsorships

Unfortunately, both of these proposals will not be paid out due to the addresses associated with the proposals being multi-signature addresses. We were not aware of this restriction and Ryan Taylor, CEO of Dash Core Group, has made an official statement regarding this issue: https://www.dash.org/forum/threads/alt36-proposal-issue-resolution.17131/ (this link is for the post above)

This current proposal is a concatenation of last month’s 36 + Dash ATM and 36 + Dash Sponsorships proposals. The payout address is Dash Core Group’s business development address. As soon as the proposal is passing, Dash Core Group will release the requested funding to Alt Thirty Six and Dash Core Group will recuperate the funds from this current proposal.

This solution ensures minimal delay for obtaining the funding for the two proposals and allows us to move forward with our launch event on October 14th, the Dash Sponsorship Packages, and the Dash ATM Network.

We have included both proposals below for those who are not already familiar with them. If you are already familiar with the proposals, here is the requested funding:

Total Requested Funding from Dash Network

1) 36 + Dash ATM Proposal 1,625.49 Dash

2) 36 + Dash Sponsorships Proposal 343.39 Dash

3) Proposal Fee 5 Dash

Total Dash Contribution for Combined Proposals: 1,973.88 Dash*


*Although Dash's value has decreased since the time of our original proposals, we are not adjusting the conversion rate on this proposal. The only addition to the amount of Dash is the proposal fee.

The team @ Alt Thirty Six thanks you for your understanding and apologizes for the inconvenience.

----
Please visit Dash Central to vote on the proposal: https://www.dashcentral.org/p/Proposal-36-Dash-ATM-Sponsorships (Thank you for your support!)

To view complete formatted proposal document in dropbox please visit: https://www.dropbox.com/s/3lzhhoxr7z4tnte/36 Dash ATM Dash Sponsorship.pdf?dl=0

Manual voting (DashCore - Tools - Debugconsole):
gobject vote-many 345abe783995c5be350d1a5ab7cac8b56b58fcfbf7bf174aa4344cdbb30bcc62 funding yes
 
This sounds like a reasonable solution. It would behoove MNOs to vote on the new proposals as soon as they are submitted, so that there is minimal delay. Unfortunately this means we will have significantly less budget available to work with next month, but we'll just have to deal with it. (Maybe the price can make up for it ;))

@rango @dashdisciple would you be able to include this multisig checking/address validation on dashcentral and dashtreasury as well?

pinged rango direct
 
2) We will incorporate fix in the Dash Core wallet starting with version 12.3 (a ticket has already been submitted for this fix), which could be either enabling multi-signature addresses, or preventing proposals attempting to use them from being created

What are the chances that multisig will be enabled for treasury payouts with 12.3? Personally this is one of the features I'm most excited about, as it enables true sub-DAO organizations to be run semi-trustlessly, rather than relying on a single actor to distribute the treasury funds.
 
What are the chances that multisig will be enabled for treasury payouts with 12.3? Personally this is one of the features I'm most excited about, as it enables true sub-DAO organizations to be run semi-trustlessly, rather than relying on a single actor to distribute the treasury funds.

hi there - yes this is currently an item in the 12.3 milestone in Trac (the Core dev PM system) to investigate the issue of paying multisig from Coinbase tx (which is currently disabled in the protocol)
 
We will incorporate fix in the Dash Core wallet starting with version 12.3 (a ticket has already been submitted for this fix), which could be either enabling multi-signature addresses, or preventing proposals attempting to use them from being created
Combine this problem with the known zero-day IX problem that coincidentally was used to stonewall a retail-use project that was ready to go live...

Setting aside how much it pisses me of to see this corruption, lets deal with it in simple statements.

1) IX is down because of potential exploit/bug (
https://www.dash.org/forum/threads/...due-to-potential-quorum-exploit-method.16492/).
2) Budget has multisig submission bug.


Both of these seem easily fixable.

1) Budget short-term fix; reject multisig addresses. Very easy. Add functional multisig support later.
2) In the IX-disabled post, it was mentioned that a hotfix/patch could be done, but that waiting for 12.2 made more sense.

I submit that, given the delays in 12.2 patching of IX, the likelihood that 12.3 will be delayed much worse, and the budget's multisig problem; waiting for 12.2 is no longer the appropriate course of action. These molehills are becoming mountains and you need to deal with it.

"It" always take longer than you think it will. I know hindsight is 20/20, but you should always keep in mind that the problem is worse than you think it is at the point of making decisions like this. Put more weight on the short-term solution. Always.

I understand that re-starting is a disincentive, but since the network update process takes a few weeks, and the payment queue is ~8 days; this disincentive is irrelevant. Th process takes longer than the payment queue. MNOs can simply issue an update/restart immediately after receiving a payment, and there is no disruption. With a handful of brain cells and good timing, this becomes a non-issue.
 
Last edited:
Back
Top