Rewards distribution and tracking platform for Decentralized Autonomous Organizations.
This project provides an interface for DAO members to reward each other for their contributions. Users can add new DAO members, issue rewards to specific DAO members, execute the transactions on chain, and view a record of all transactions. Our goal is to make the rewarding process simple, streamlined, and, secure. To make the platform simple, our entire workflow from tracking members to bookkeeping occurs entirely in the application. Users can add new members to the platform and issue transactions, which we automatically timestamp and record. To make the platform streamlined, we provide integrations with existing tooling (MetaMask, Uniswap), and plan to integrate with Gnosis in the future. Finally, to make the platform secure, we used a Postgres database accessible only though Hasura (see "How It's Made").
How it's made
Our hackathon project was built with maximal frontend and backend technology separation in mind to allow our team to develop asynchronously. We used a variety of best practices and modern technologies to create our hack. One particular critical aspect of our hack is securing the data: rewards to contributors can be sensitive. As a result, we paid close attention to securing the backend. We used a Postgres database for persistent storage. Unfortunately, it can be challenging to expose database access to the frontend: we would have to go through a great deal of effort to sanitize query, ensure access control, etc. Furthermore, since the same individual can contribute and have different roles between many DAOs, access control is especially challenging: standard tools assume an individual is in a single organization. To ensure security we prevented access to the Postgres database. All access to the database was done through Hasura, an open-source GraphQL middleware. Hasura has many benefits, including automatically sanitizing query inputs. Critically, Hasura allows for fine-grained access control beyond what Postgres offers by default. We carefully constructed roles for users across DAOs to control access to both columns _and_ rows to the database. By integrating our own login system with Hasura roles, we can manage access seamlessly. On the frontend, we used React to build out the UI components. To talk to the backend, we used Apollo Client, a GraphQL API. We used web3 to interface with Ethereum and Uniswap. The web3 API automatically can talk to a variety of wallets, including Metamask.