We have completed an audit of the DigixDao smart contracts. During the audit process, performed by three security experts over four weeks, a set of contracts were reviewed with respect to a specification elicited by the ChainSecurity Ltd and Digix teams together. The full list of contracts and considered properties can be found in our audit report.
Summary
The DAO voting system itself turned out to be well implemented and of high quality, in its functionality mostly following the previously published Governance whitepaper. A high degree of modularity was achieved in the code base introducing a clear overall structure.
Nonetheless, ChainSecurity Ltd managed to uncover several vulnerabilities and propose design improvements. Most notably, an unfortunately still common misuse of the EXTCODESIZE was originally present: Namely, using this opcode to detect that the message sender or transaction initiator is not a contract account, but an externally owned account. Given that such checks can be easily circumvented, this restriction cannot be relied upon to enforce proper access control even though there may be benign use cases. For more information of this,we are glad to point to the Smart Contract Best Practices to which ChainSecurity Ltd contributed for this issue.
As for the roles present in the DAO system, these distinguish mainly between the Digix administrative roles, initiators of proposals which are to be voted on by other users and finally the voters themselves. An overview of the roles and their conditional rights is provided in the
introductory section of the audit report.
Finally, ChainSecurity Ltd remarks that all vulnerabilities and issues were professionally and swiftly addressed by the Digix team and we are now curiously following further development and adoption of the project.