We are happy to announce that we have completed the process of moving the Harmony Mochiswap community treasury under the control of a 3 party multisig wallet with the cooperation of the Harmony team and two of its known and trusted multisig participants.
The multisig wallet address is:
one1u28mcctj672rrwvhjl0wmkdudxfzygdam7nart
The multisig signer/participant addresses are:
- Multisig #1: one18mf0mrrer7wg92psysxclaat8jtquakrl2tqck
- Multisig #2: one10k7fptpq9tuvwfy06hm27xd6ds0952efm7lzxg
- Multisig #3: one1cekx6t6mkz9z570ne5gxeyrgxhyt0vclhe0wm8
This enables the next era of security for Mochiswap as now it will require 3 of 3 signers to move the treasury fund.
The multisig is an implementation of Gnosis Safe, enabling developers and users to practice stronger security standards through multisig transactions.
With Gnosis Safe on Harmony, developers and users can:
- Set up a multisig wallet, called a safe
- Create and manage the multiple wallet addresses that participate in multisig
- Set the threshold number of signers for a multisig transaction to go through
- Track and manage all multisig transaction activity
- Track and receive assets on the multisig wallet account
- Set spending limits for the owner accounts
This is a big step towards full decentralization and making Mochiswap function as a proper DAO!
Going forward, any transaction involving the community treasury fund requires unanimous approval from all 3 entities and will be considered only after an accepted governance proposal has been approved by the stakeholders using their hMOCHI governance token voting power here: https://gov.mochiswap.io
The current multisig holders are:
Jeff Liu
Co-Founder at PeckShield Inc.
Wallet: one18mf0mrrer7wg92psysxclaat8jtquakrl2tqck
Jack Chan @ KysenPool
An experienced Proof-of-Stake operator running Harmony, Cardano, Cosmos and Terra validators.
Wallet: one10k7fptpq9tuvwfy06hm27xd6ds0952efm7lzxg
Mochiswap team
Wallet: one1cekx6t6mkz9z570ne5gxeyrgxhyt0vclhe0wm8
Jack Chan and Jeff Liu are long-term partners of Harmony in various aspects and are known and respected members of the larger blockchain development community.
You can learn more about Harmony multisig here: https://docs.harmony.one/home/network/governance/multi-sig
Security overview
There was never any migrator code in the DEX and the LPs cannot be tampered with by anyone. This will be provable using explorer-based contract verification in the near future.
Currently verifiable steps we have taken to secure the token and farms:
hMOCHI token: one1pht5pkufh8768w4d7uukmkkhq2mw34h4yrrvh2
There is no owner of, or ownership code in, the hMOCHI contract. Using governance the community can elect to allow a new contract to manage emission of hMOCHI but it can ONLY be enacted using unanimous signing by the multisig wallet.
Token Minter admin role transferred to multisig: 0xf17d2475f1ce317fdf5be64d98a00824f4e5b6d3645bda4c2ea224322c461dfc
Minter role renounced by deployer/dev wallet: 0xb528311e9f0db55e373501bd80848bcf477659c94562723eb3f125bd13571ea5
Farm/chef contract: one14drxkpjkwfd7tv8aj5rx3zzwd2ynhkzezyccga
Dev (treasury destination) address assigned to multisig wallet: 0xca3a29d18c393a8d6535619c3f3a20ebd1c5bee681174a3e0694eb7e38da59fc
Treasury tokens all transferred from temp dev wallet to multisig: 0xb2ac286e83bb6e564696589ee1f78be8d3448d006ce057ea30f88417b336c5d9
Signer Duties
First of all, the multisig does NOT have decision making power. Its role is to simply enact on-chain the decisions hMOCHI holders make via off-chain voting.
All signers are expected to create a Harmony ONE transaction ratifying each decision made by hMOCHI holders through snapshot votes. This signature is expected to be done within the two weeks after the snapshot vote was concluded. Even after quorum is reached (by n signers), the remaining signers are also required to sign before a multisig action is executed. This procedure aims to regularly confirm each signer’s conformity to the off-chain votes and also to serve as recent proof of their ability to sign.
A signer shall lose their role (by action of the remaining multisig signers excluding them) in case a signer:
- Acts against hMOCHI token holders’ off-chain voting;
- Goes through 3 months or 2 votes (whichever takes longer) without performing any of their signer duties
What’s next?
In addition to multisig, the community will be having discussions and will be conducting governance activity on Mochiswap’s snapshot page: https://gov.mochiswap.io
We hope this will make users of the DEX and farms more comfortable knowing that security of the contracts has been tightened and there is a growing, safely managed, and community-governed fund to evolve, improve, and grow the Mochiswap ecosystem on Harmony ONE!!!
Keep farming Mochi gangs!
-Mochiswap community dev team
