There’s no anticipated reason for the DAO to hold funds in the registrar, so a permissionless withdraw() shouldn’t pose any practical risk.
Under the proposed structure, this could only be triggered through a social vote, so it wouldn’t bypass governance.
We’ve reached out to a few auditors and got an estimate of around $12k. We’ll share more details on the selected auditor once that’s confirmed.
Great catch, we’ll update the naming accordingly. Thanks!
Correct, this serves as an extra safeguard to make sure only contracts can be added.
The calldata is already available via the link at the bottom alongside the tests, but we’ll also include it directly in the proposal for easier verification.
Yes, you can find the full breakdown here.