Author: Nicholas
Date: 2022-03-10
Synopsis
Extend the multisig’s permission to set the TokenUriResolver till theend of April 2023.
Motivation
The TokenUriResolver gives metadata to JB Projects. After significant review and improvement from the contract crew, the v1 token resolver is finally working on testnet and ready to ship. This proposal will extend the permission the DAO gave the multisig to set and change the TokenUriResolver in JBP-321.
Specification
Grant the multisig permission to set and change the tokenUriResolver. Nicholas, Jango, DrGorilla, Ba5ed, and Viraz will communicate with the multisig to update the tokenUriResolver until the end of the specified term as they deem necessary.
Transfer ownership of the TokenUriResolver contract to a 3/5 multisig (eth:0xcDC51dBC9bF8Dac4A6882a937B1BDbB25cF04E1C) composed of Nicholas, Jango, DrGorilla, Ba5ed, and Viraz, to deploy iterative upgrades to the DefaultTokenUriResolver – which provides the default metadata to projects that do not set custom resolvers – until the end of June 2023. As owner of this contract, the multisig will only be able to update the default resolver with richer visuals, metadata, and theme customization.
Rationale
Finalizing the v1 of the token resolver has taken longer than anticipated and was deprioritized several times as it does not directly generate revenue or adoption of JB. Nevertheless, in the past few weeks a flurry of dev activity has led to 1) a version of the contracts that we are ready to launch, and 2) several ancilliary contracts that will support further onchain token metadata development.
This proposal extends the multisigs permission to set the TokenUriResolver – a permission which has not been used thus far – so that this element of the protocol can be brought to fruition. It also grants a new multisig composed of the contract crew an extended time limit to update the default renderer, because there are several improvements that can be made to the default metadata without changing the core TokenUriResolver contract.
Risks
The tokenUriResolver could be used to deploy bad metadata that is deceptive or underwhelming. In the extreme worst case, the tokenUriResolver could enable malicious wallet interaction in unsafe NFT metadata browsers — though OpenSea and other major marketplaces have protections in place to remove this threat vector.
The default resolver could be changed to something unanticipated. This risk is mitigated by the fact thath the main token resolver can always be changed by the primary JBDAO multisig.
Note: The tokenUriResolver is a low stakes parameter of the protocol. Granting open ended permission to the multisig to update it poses no major threat to the security or usability of the protocol, and gives JBDAO’s devs the opportunity to improve the tokenUriResolver contract iteratively.
Timeline
Grant open ended permission to the multisig to update the tokenUriResolver, as directed by the above devs, until the end of April 2023.
Give ownership of the token resolver to the multisig eth:0xcDC51dBC9bF8Dac4A6882a937B1BDbB25cF04E1C for them to update the default resolver until the end of June 2023. Ownership may then be passed back to the JBDAO multisig, or the owner may be set to 0x0000 as the contract crew sees fit.
'