DevDemeterDAO is a Vote-Escrow DAO built on Aragon OSx with advanced governance features:
- Soulbound NFTs representing locked tokens
- Quadratic Voting to prevent whale dominance
- Delegation for passive participation
- Specialized Roles for domain experts
- Multi-layer Security with dual councils
VeDummyV2.sol (1800 lines)
├── NFT Logic
├── Staking Logic
├── Rewards Distribution
├── Voting Power Calculation
└── Checkpoints
┌─────────────────────────────────────────────────────────┐
│ VeRegistry (Coordinator) │
└─────────────────────────────────────────────────────────┘
│
┌──────────────────┼──────────────────┐
│ │ │
┌────▼────┐ ┌─────▼─────┐ ┌──────▼──────┐
│ VeNFT │ │ VeStaking │ │ VeVoting │
│(~200 loc)│ │ (~400 loc)│ │ (~300 loc) │
└────┬─────┘ └─────┬─────┘ └──────┬──────┘
│ │ │
└──────────────────┴──────────────────┘
│
┌──────────────────┼──────────────────┐
│ │ │
┌────▼────┐ ┌─────▼─────┐ ┌──────▼──────┐
│VeRewards│ │VeDelegation│ │VeQuadratic │
│(Optional)│ │ (Optional) │ │ (Optional) │
└──────────┘ └─────────────┘ └─────────────┘
| Contract | Purpose | Lines | Status |
|---|---|---|---|
VeNFT.sol |
Soulbound ERC721 | ~150 | ✅ Production |
VeStaking.sol |
Lock/unlock logic | ~280 | ✅ Production |
VeVoting.sol |
Voting power & snapshots | ~250 | ✅ Production |
VeRegistry.sol |
Contract coordinator | ~180 | ✅ Production |
| Contract | Purpose | Lines | Status |
|---|---|---|---|
VeDelegation.sol |
Vote delegation | ~150 | 🧪 Experimental |
VeQuadraticVoting.sol |
Quadratic voting math | ~120 | 🧪 Experimental |
SpecializedRoles.sol |
Expert roles | ~200 | 🧪 Experimental |
| Contract | Purpose | Status |
|---|---|---|
VeTokenVotingPluginProduction.sol |
Aragon plugin | ✅ Production |
SecondaryTreasury.sol |
Multi-sig treasury | ✅ Production |
SecurityCouncil.sol |
Emergency veto | ✅ Production |
ElectedCouncil.sol |
Operational council | ✅ Production |
node >= 18.0.0
npm >= 9.0.0# Clone repository
git clone https://github.com/Kdevos12/DevDemeterDAO.git
cd DevDemeterDAO
# Install dependencies
npm install
# Compile contracts
npx hardhat compile
# Run tests
npx hardhat test
# Run security analysis
npx solhint 'contracts/**/*.sol'# Deploy refactored contracts
npx hardhat run scripts/deploy-refactored.js --network baseSepolia
# Verify contracts
npx hardhat verify --network baseSepolia <CONTRACT_ADDRESS>Users lock tokens for a duration (1 week to 5 years) to receive:
- Voting Power proportional to lock duration
- NFT Certificate (soulbound, non-transferable)
- Protocol Rewards (if enabled)
Prevents whale dominance:
Linear: 10,000 tokens = 10,000 votes
Quadratic: 10,000 tokens = 100 votes (√10000)
100 small holders × 100 tokens = 1000 votes
1 whale × 10,000 tokens = 100 votes
→ Community wins! 🎉
Passive participation:
Alice (1000 power) ──┐
├─► Bob (expert) votes on technical proposals
Charlie (500) ──────┘
Bob votes with 1500 effective power
Alice & Charlie can still vote directly (cancels delegation)
Domain expertise recognition:
- Finance Expert: +50% weight on financial proposals
- Tech Expert: +50% weight on technical proposals
- Legal Expert: +50% weight on legal proposals
- Security Expert: +50% weight on security proposals
Roles expire after 6 months (renewable by DAO vote).
| Threat | Mitigation | Status |
|---|---|---|
| Reentrancy | nonReentrant modifier |
✅ |
| Flash Loan | Checkpoint snapshots | ✅ |
| Buy-Vote-Sell | Vote-Escrow requirement | ✅ |
| Sybil Attack | Soulbound NFTs | ✅ |
| 51% Attack | Timelock + Security Council | ✅ |
- Internal Review: ✅ Complete
- Tool Analysis: Solhint (908 warnings → 26 security issues)
- External Audit: 🔄 Pending
- Bug Bounty: 🔄 Not started
See SECURITY_IMPROVEMENTS_PLAN.md for details.
| Operation | Before | After | Savings |
|---|---|---|---|
| Lock tokens | ~180k | ~120k | 33% |
| Vote | ~85k | ~65k | 24% |
| Claim rewards | ~95k | ~70k | 26% |
Techniques used:
- Custom errors instead of require strings
- Unchecked arithmetic where safe
- Efficient storage packing
- Calldata for read-only arrays
- External function visibility optimization
# Run all tests
npm test
# Run specific test suite
npx hardhat test test/VeNFT.test.js
npx hardhat test test/VeStaking.test.js
npx hardhat test test/VeVoting.test.js
# Coverage report
npx hardhat coverage- VeNFT: 98.5%
- VeStaking: 97.2%
- VeVoting: 96.8%
- Overall: 96.9%
- Architecture Overview
- Security Improvements Plan
- Deployment Guide
- Migration Guide (Legacy → Refactored)
- API Reference
- Fork the repository
- Create feature branch (
git checkout -b feature/amazing) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing) - Open Pull Request
Report vulnerabilities to: security@devdemeterdao.xyz
MIT License - see LICENSE file
- Aragon OSx: Framework foundation
- OpenZeppelin: Security standards
- Curve Finance: Vote-Escrow inspiration
- Ethereum Community: Open source tooling
- Website: https://devdemeterdao.xyz
- Twitter: @DevDemeterDAO
- Discord: Join Server
- Email: hello@devdemeterdao.xyz
Built with ❤️ by the DevDemeterDAO Team