Calldata security verification
The simulation and tests of EP 5.22 can be found here . Calldata matched as expected in the approval operation and the assertion after simulating the proposal, passing it, and executing it.
This can be checked by cloning the repo and running:
forge test --match-path src/ens/proposals/ep-5-22/* -vvvv
Some considerations
The executable code gives an infinite* USDC approval of spending from the ENS DAO to the streaming contract. Therefore, we needed to analyze the streaming contract to understand logic and parameters.
Streaming contract parameters checked
- Streaming rate is $0.174483, which matches the proposed increase of streaming.
- Streaming start is 1735689600 (in UNIX timestamp), which means 1 Jan 2025 00:00 UTC.
- The end time is set to infinite and can only be set by the DAO,
How can the steam be canceled?
- DAO change USDC approval
- DAO can change end time
For the streaming to run smoothly, the DAO need to make sure that there is USDC in the treasury.
nick.eth is the admin of the streaming contract and the claim function can only be called by the owner, which can also provide the wallet to receive the claimed USDC.
The streaming contract has a minimal risk surface and it’s really simple, presenting a low risk by itself.