Security News
Bun 1.2 Released with 90% Node.js Compatibility and Built-in S3 Object Support
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
@1hive/apps-time-lock
Advanced tools
[![CircleCI](https://circleci.com/gh/1Hive/time-lock-app.svg?style=svg)](https://circleci.com/gh/1Hive/time-lock-app) [![Coverage Status](https://coveralls.io/repos/github/1Hive/lock-app/badge.svg?branch=master&service=github)](https://coveralls.io/github
1Hive's Time Lock app allows an Aragon organization to require users to lock tokens by sending them to the Time Lock app for a configurable period of time in order to forward an intent. For example the organization may require users to lock 100 tokens for 1 month before creating a new vote. The user would be able to come back in a month and claim their locked tokens.
The Time Lock app is still in development, a first implementation was published to time-lock.open.aragonpm.eth
. If you are interested in contributing please see our open issues.
The code in this repo has not been audited.
The Time Lock app is a forwarder. By granting the Time Lock app a permission like Create Votes
the user will be prompted and required to lock tokens before the user's intent can be forwarded.
We keep track of when locks are made and by whom so that users are only able to re-claim locks that they have made after the duration has elapsed.
We recommend (but do not require) that the lock function is used with the Token Balance Oracle to restrict use of the application to members of the organization. This is how permissions are set up in our demo template. This allows the Oracle to check if the msg.sender
of a proposal has tokens (and thus is a member of the DAO who's qualified to create proposals) before granting the canForward()
functionality. This means that in order to submit a proposal one must lock tokens, and in order to lock tokens one must be a member of the DAO.
The Time Lock app is initialized with a _token
, _lockDuration
, _lockAmount
and _spamPenaltyFactor
parameters which determines the token to be locked, how long tokens are locked, the amount of tokens to lock and a penalty percentage for spamming proposals.
At initialization the _token
parameter can be set to an ERC20 token. It cannot be changed. If a change is necessary the user can install a new instance and change permissions in the organization to reflect the change.
The Time Lock app implements the following roles:
Any Entity
and paramaterized using the ACL Token Oracle or similar contract.The Time Lock app provides an interface for a user to see any locks they have made, and how much time until they can re-claim the lock. It also shows the total unlocked balance they currently have for re-claim.
The Time Lock app does not provide an interface for changing the duration or lock amount. This can be done via the aragonCLI or directly interacting with the contract.
First make sure that you have node, npm, and the aragonCLI installed and working. Instructions on how to set that up can be found here. You'll also need to have Metamask or some kind of web wallet enabled to sign transactions in the browser.
Git clone this repo.
git clone https://github.com/1Hive/time-lock-app.git
Navigate into the time-lock-app
directory.
cd time-lock-app
Install npm dependencies.
npm i
Deploy a dao with Time Lock app installed on your local environment.
npm run start:template
If everything is working correctly, your new DAO will be deployed and your browser will open http://localhost:3000/#/YOUR-DAO-ADDRESS. It should look something like this:
You will also see the configuration for your local deployment in the terminal. It should look something like this:
Ethereum Node: ws://localhost:8545
ENS registry: 0x5f6f7e8cc7346a11ca2def8f827b7a0b612c56a1
APM registry: aragonpm.eth
DAO address: YOUR-DAO-ADDRESS
The Time Lock app is initialized with a _lockDuration
of 1:30 minutes, a _lockAmount
of 20 LKT tokens and a _spamPenaltyFactor
of 100%.
The app has the permission to create votes, so if you try to mint yourself some tokens from the tokens
app it will first prompt you to approve the Time Lock app to transfer 20 LKT tokens to the contract on your behalf.
Once the forwarding is performed you should be able to see the current lock and a timer indicating how much time until you can re-claim your 20 LKT tokens.
Once your balance is unlocked you will be able to re-claim your tokens via the withdraw button. You will have to input how many locks you'll re-claim and they'll be withdrawn on a FIFO basis (first in first out)
TODO: Deploy Time Lock to rinkeby
To deploy to an organization you can use the aragonCLI.
aragon dao install <dao-address> time-lock.open.aragonpm.eth --app-init-args <token-address> <lock-duration> <lock-amount>
You have to set up permissions depending on your requirements for users to lock tokens before forwarding an intent. So for example if you want to require users to lock tokens before creating votes you should grant the Time Lock app the role to create votes on the Voting app.
:warning: Currently the Time Lock app has to be the first forwarder in the transaction pathing in order to properly prompt you to perform an approve for the required amount of tokens
We welcome community contributions!
Please check out our open Issues to get started.
If you discover something that could potentially impact security, please notify us immediately. The quickest way to reach us is via the #dev channel in our team Keybase chat. Just say hi and that you discovered a potential security vulnerability and we'll DM you to discuss details.
FAQs
[![CircleCI](https://circleci.com/gh/1Hive/time-lock-app.svg?style=svg)](https://circleci.com/gh/1Hive/time-lock-app) [![Coverage Status](https://coveralls.io/repos/github/1Hive/lock-app/badge.svg?branch=master&service=github)](https://coveralls.io/github
We found that @1hive/apps-time-lock demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.