@wings.ai
In the WINGS Specification Series #1 post it states:
WINGS is going to leverage this consensus technology in order to create a last resort recovery for funds that are kept in the Rootstock side-chain. In the case the side-chain is breached, and funds are being transacted to a non-authorized address, a request will be submitted to the federation to cancel the transaction and restore the funds back.
How is this different from the way Bitgo and Bitfinex were setup? Surely the federated members holding the keys in Rootstock are not going to manually go through every withdraw request for moving the transactions to the bitcoin main chain? They would likely have an automated system that approves legitimate transaction regardless if a person had come over these funds in a non-legitimate manner? If so, then this last line of resort doesn't really help Wings, this would be the equivalent as theDAO attacker making a withdraw request, and it would go through without any problems as the attacker had the control of the funds.
I understand that it makes a good marketing point, but in reality, how much help is this last line of defence for stopping an attacker withdrawing funds from the Wings platform?
Looking forward to the coming white paper specifications, they make for good reading!
While this functionality is still under a design and discussion between us and RSK, the current approach is to withhold the transactions for a predefined amount of time, notifying the DAO owner and giving a chance to request it's cancellation (essentially rolling it back), then lock down the contract to prevent further funds draining. The vulnerability then could be resolved via contract upgrade, and distributed to other DAOs as well via the Wings platform mechanisms.
Thank you wings.ai for the reply!
I was thinking for this a bit more and was wondering who has the ultimate control of a DAO? Is it the DAO owner or will there be a meta-layer, so to say, that allows the wings platform to force said DAO contracts to wait in line before cashing out in terms of the DAO owner not being able to lock down the DAO?
Say that there are 1 million DAOs working on the Wings network. In the case of a major hack like the slock.it-theDAO collapse, will it be required for each DAO creator to lock down their own DAOs and then cancel the contracts or can, or maybe should, the Wings platform assist in doing this for all DAOs?
This would also mean that every DAO creator has the final saying for how the funds are used for every DAO contract? eg, the curator stands above the legality of the DAO contract? Would this be putting the DAO creator in a liable situation if the creator has the means of preventing theft but fails to do so?
