Boötes

We created a simple and transparent bounty board that is integrated with Regulus, our payments platform.

As an existing or prospective DAO contributor, it can be challenging to be aware of a given DAO's workflow, and needs. From the perspective of a core DAO member or founder, it is similarly challenging to construct a task board from scratch to make this information more public -- existing solutions like github issues, or notion can be annoying to keep updated, and are not Web3-integrated with any payment functionality.

Boötes both enables contributors to be kept up-to-date with the DAO, and organizers to easily track and reward them in a single interface.

Our hackathon project was built with maximal frontend and backend technology separation in mind to allow our team to develop asynchronously. We used a variety of best practices and modern technologies to create our hack.

One particular critical aspect of our hack is securing the data: malicious users can spam bounties or claim bounties without intending to complete them. As a result, we paid close attention to securing the backend. We used a Postgres database for persistent storage. Unfortunately, it can be challenging to expose database access to the frontend: we would have to go through a great deal of effort to sanitize query, ensure access control, etc. Furthermore, since the same individual can contribute and have different roles between many DAOs, access control is especially challenging: standard tools assume an individual is in a single organization.

To ensure security we prevented access to the Postgres database. All access to the database was done through Hasura, an open-source GraphQL middleware. Hasura has many benefits, including automatically sanitizing query inputs. Critically, Hasura allows for fine-grained access control beyond what Postgres offers by default. We carefully constructed roles for users across DAOs to control access to both columns and rows to the database. By integrating our own login system with Hasura roles, we can manage access seamlessly.

On the frontend, we used React to build out the UI components. To talk to the backend, we used Apollo Client, a GraphQL API. We used web3 to interface with Ethereum. The web3 API automatically can talk to a variety of wallets, including Metamask. The payments transactions workflow used in this hack is reused from Regulus. Finally, we used IPFS (via Fleek) to host our website. By using IPFS, we gain instant access to worldwide distribution and censorship resistance.