UkrainianDAO.eth pass the Vidma test as trustworthy in connection to their use with charity platforms.

March 2, 2022
3 min read

Vidma’s security team continues to monitor Ukrainian Relief Donation Platforms raising money for relief efforts to separate the credible from the scams.

After the research and our report of the $UKE charity token (which did not pass our test to be trustworthy; we requested more information from them), our security team decided to investigate the UkraineDAO project as it was mentioned in our previous report.

The link to the previous report about $UKE project can be found by this link — https://medium.com/@vidma_security/uke-does-not-pass-the-vidma-test-as-a-trustworthy-charity-project-more-information-is-required-e5d73e00e2f7

(The UKE project intended to hardcode the address from UkraineDAO to which the charity funds will be transferred).

The investigation of UkraineDAO started from their website — https://www.ukrainedao.love/

The project offers a couple of ways of contributing:

  1. Send directly to UkraineDAO.eth
    As the first offered option, a user can send cryptocurrency directly to UkraineDAO.eth address. (0x633b7218644b83D57d90e7299039ebAb19698e9C)

    Our Summary:
    This address is multisig, created after the invasion of Ukraine. On the mentioned address, there are some invested amounts of money and none was withdrawn yet. The absence of any transfers is a state that money is still on the contract and was not transferred to any private or unknown address. Hence, Vidma security team supports the idea of the project and will monitor the movement of funds to check where they will be transferred to the charity address indeed in the nearest future.
  2. Participate in auction
    As the second option, a user can participate in the auction.
    Auction is made via ZORA platform with an incentive offer to win an NFT of the Ukraine flag.
    A new user should make a bid bigger than the existing one that was set by another user. When the bid is made and the countdown timer hits zero, an owner of the NFT will receive the funds (bid) and the NFT will be transferred to the user who set the highest bid.
    The owner of the auction is UkraineDAO.eth address.

    Our Summary:
    Auction is made by a popular and known company, so we assess it as trustworthy based on this. The receiver is UkraineDAO.eth address.
  3. Participate in party bid
    Since new bid should be bigger than already existing ones, they create party bid which will accumulate money.
    Owner has access to:
    - Call bid method which will create new bid to hardcoded auction.
    - Call emergencyCall which theoretically can call transfer of any token to any address.

    Our Summary:
    The owner of a party bid is a multisig created before the invasion. The address does not have any domain, unlike UkraineDAO.eth. Owners have the ability to withdraw money to any address.

In the screenshot below, the project team described the options and the reasons for each of them.

Overview of ZORA platform

The offered NFT can be found on ZORA. That’s the project to create auctions for selling NFT tokens.

Link — https://zora.co/collections/0x715132af755D9D3d81eE0AcF11e60692719bc415/1

The description of the given NFT is set as follow:
“This is the Ukrainian flag 🇺🇦 1/1. Funds raised from this sale will be directed to helping the Ukrainian civilians suffering from the war initiated by Putin. “Come Back Alive,” one of the most effective and transparent Ukrainian charitable and volunteer initiatives can be found at: https://savelife.in.ua.
This project has been organized by Pussy Riot, Trippy Labs, PleasrDAO, CXIP, and many Ukrainian humanitarian activists working tirelessly on the ground and generously consulting with us to assure we have a safe place to direct our donations that will help those who need it the most.”

Our Summary:
From our standpoint, ZORA is a trustworthy platform. It has an extensive history of projects built on it, serving as proof of that.

We want to describe the main features of ZORA should be described as the UkraineDAO project is directly related to this platform.

Main features:

  1. Provide contract to create an auction
  2. Allow anyone to create a bid for a specific auction
  3. Transferring price of a winner when the auction is finished


Lorem ipsum dolor sit amet

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vel sapien turpis scelerisque est. Netus gravida urna, amet, interdum egestas nunc, interdum. Pellentesque blandit lobortis massa nulla id est. Facilisi cras nibh donec vitae. Congue fermentum, viverra tortor placerat. Pharetra id quisque massa diam vulputate in nullam orci at. Cursus mus senectus natoque urna, augue ligula nam felis. Sem facilisis cursus volutpat purus odio nulla facilisis. Fermentum cursus purus vitae posuere luctus vitae congue.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
Link text

Lorem ipsum dolor sit amet

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vel sapien turpis scelerisque est. Netus gravida urna, amet, interdum egestas nunc, interdum. Pellentesque blandit lobortis massa nulla id est. Facilisi cras nibh donec vitae. Congue fermentum, viverra tortor placerat. Pharetra id quisque massa diam vulputate in nullam orci at. Cursus mus senectus natoque urna, augue ligula nam felis. Sem facilisis cursus volutpat purus odio nulla facilisis. Fermentum cursus purus vitae posuere luctus vitae congue.
Tags:
#Security-Review #Research #Ukraine #Donations #Trustworthy