✅Quiz
Last updated
Last updated
**Note: All 8 questions in this quiz are based on the InSecureumDAO contract snippet shown below. This is the same contract snippet you will see for all the 8 questions in this quiz. **
The InSecureumDAO contract snippet illustrates some basic functionality of a Decentralized Autonomous Organization (DAO) which includes the opening of the DAO for memberships, allowing users to join as members by depositing a membership fee, creating proposals for voting, casting votes, etc. Assume that all other functionality (that is not shown or represented by ...) is implemented correctly.
Comment:
While the payable openDAO()
function is protected by the correctly implemented onlyAdmin
modifier, it is always possible to force send Ether into a contract via selfdestruct()
. The onlyWhenOpen()
modifier only checks for the contracts own balance which can be bypassed by doing that. The payable join()
function indeed checks for the msg.value
to exactly match membershipFee
.
Q1 Based on the comments and code shown in the InSecureumDAO snippet
Q2 Based on the code shown in the InSecureumDAO snippet
Q3 Reentrancy protection only on join() (assume it’s correctly specified) indicates that
Q4 Access control on msg.sender for DAO membership is required in
Q5 A commit/reveal scheme (a cryptographic primitive that allows one to commit to a chosen value while keeping it hidden from others, with the ability to reveal the committed value later) is relevant for
Q6 Security concern(s) from missing input validation(s) is/are present in
Q7 removeAllMembers() function
Q8 InSecureumDAO will not be susceptible to something like the 2016 “DAO exploit”