Progress of development from the second quarter of 2018 and first round of audit results
Release of the Survey app on the Ethereum Mainnet was a major milestone that was reached during the second quarter of the year.
Today we are releasing an entirely new step for community members to signal their sentiment on the project and igniting the next level of participation in the project for all ANT holders.
Survey is the first Aragon app launched on the #Ethereum #mainnet!https://t.co/30PS8YDWfb
— Aragon (@AragonProject) May 31, 2018
With aragonOS 3.0 alpha, we announced that audit of our codebase with the White Hat Group had started. We were very happy with the results, and today we are publishing the report of that audit!
Executive summary of the code review:
In February, Aragon asked us to do a code review for the aragonOS framework as well as the Finance, Vault, Voting and Token Manager applications. We were very impressed with the quality of the code. It is without question one of the most advanced smart contract systems in the space and makes extensive use of many new functionalities within Solidity and at the EVM level. Especially notable is the secure way to deploy a core controller that adds upgradability, the access control pattern (ACL) and its flexible execution engines.
We spent 3 weeks in March reviewing the code and found 1 critical issue, 3 high severity issues, 4 medium severity issues and 27 low severity issues. We also made 39 comments to the code about things that could be improved or at least things that we believe require a clarification or a deeper look. The critical issue, if exploited, could stop all Aragon DApps deployed if it was not corrected.
After our deep dive into the code, we discussed the issues with the Aragon team and they worked to fix all the issues throughout April. We reviewed these fixes and can say that the Aragon team has corrected all of the important security issues that we found.
The biggest worry we have with this framework is the possible misunderstanding of this framework by the developers that decide to use it to deploy their DApps. We strongly recommend that all Aragon DApp developers, especially those that are early pioneers, review the code, try to understand how it works, and do not treat it as a black box. We recommend that the Aragon core team and community contributors make a special effort to add useful clarifications in the code. Better documentation will greatly contribute to the high level of security that this framework is designed to provide.
From the architectural perspective, we believe that this code base is an incredibly well designed first iteration. However, after the first set of DApps are developed on top of this framework, it is likely that more improvements and refactors will need to be done to accommodate the desired usage of the DApp developers.
Among the big news for developers was the release of the Aragon Developer Portal. It helped meet some comments from the audit regarding documentation and introduced our new command line tool for building Aragon apps, a straightforward tutorial, and reference documentation for all the building blocks of Aragons complete stack to run decentralized organizations.
You can create Aragon apps that interact with each other to bring delightful experiences to life and strengthen how people organize. Instead of reinventing the wheel, Aragon embraces the open source philosophy, by being a light horizontal layer that you can build upon, and by making all Aragon apps interoperable with each other.
The Aragon Developer Portal is ready for prime time!
Featuring our new command line tool for building Aragon apps, a straightforward tutorial, and reference documentation for all the building blocks.
Come #buidl the decentralized future with us!https://t.co/KTNDH6MOYU
— Aragon (@AragonProject) 21. toukokuuta 2018
In Q2 we also started to document all our deployments and the governance over different repos in our Aragon Package Manager registry. This gives total transparency over who can deploy new code and also a full audit trail of the changes that were pushed, which can be reproduced locally in order to verify their integrity. The next step on this front is to have these reports be automatically generated and with better visualization of the information.
The release of the Survey app commemorated the release of v0.5.1 Beta after the Aragon Core v0.5 — ”The Architect” release.
After that, we also pushed out v0.5.2 Beta during Q1 2018.
The Aragon One team Product Manager Chris Remus wrote a summary of our first new development cycle in a blog post titled Aragon Core v0.5.1 Post Mortem — Part 1
Aragon dapp to create and manage decentralized organizations on Ethereum
Solidity framework for governance
Easily interact with your dapp's state
CLI for creating and publishing Aragon apps
Create a beautiful UI for your dapp
We always appreciate community contributions, so a big thank you to all the community members who contributed during Q2!
cleans up a number of visibility warnings by verdverm
https://github.com/aragon/aragonOS/pull/235
updates some pragma versions by verdverm
https://github.com/aragon/aragonOS/pull/236
Fix typo in cliff comment diagram. by Kyrrui
https://github.com/aragon/aragon-apps/pull/316
Change vote function comment to 'yea' from 'yay' by Kyrrui
https://github.com/aragon/aragon-apps/pull/328
Updating coveralls in root project, removing hoek dependency by Kyrrui
https://github.com/aragon/aragon-apps/pull/326
Fixing links in payroll readme by Kyrrui
https://github.com/aragon/aragon-apps/pull/331
Fix ESLint error (failed Travis CI) by decodedbrain
https://github.com/aragon/aragon/pull/235
Use ProxyAddress instead of AppId for identifying apps by jvluso
https://github.com/aragon/aragon/pull/222
To incentivize more community contributions, we also have some bounties posted that are free for anyone to submit a claim to! We will also be posting more in the next quarter, so make sure to check back!
Node and token location information in radspec
Tokens: ANT: 10.00
Support calling methods on own contract in radspec
Tokens: ANT: 20.00
Create tutorial for using the Survey app with ANT in cold storage in aragon-wiki
Tokens: ANT: 20.00