Mainnet Launch, Whitelist, and Review Scrutiny
Night Lantern (2026-03-15T18:26:01, Nervos Nation, edited 2026-03-15T18:47:10)
CKB DAO V1.1 Official Mainnet Launch
2026.03.16 7pm PDT, 2026.03.16 10pm EDT, 2026.03.16 7pm PST, 2026.03.17 3am CET
Hey Nervos Crew, 
What’s up, everyone? We’re super pumped to drop the news: the CKB Community Fund DAO V1.1 is officially going live on March 16! It’s a solid upgrade that’s all about transparency and Dao oversight, operations, and execution.
To kick things off without going overboard, we’ve got a chill launch event lined up. It’s the perfect spot to hang out, chat about what’s new, and get everyone on the same page for this next phase.
Oh, and as part of the fun, we’re rolling out some handy docs to help you dive right in:
DAO V1.1 Steward Operational Manual: Your go-to guide for stewards on handling the day-to-day, keeping everything fair and fun.
Community Guidance Doc: Easy tips for jumping in, throwing out proposals, and making the most of the DAO tools.
Community Bug Report Doc: Simple steps to spot glitches, report 'em, and help us squash 'em quick.
Milestone Tracking Doc: A straightforward way to keep tabs on wins, progress, and what’s coming up next.
Come join the party—your thoughts and energy are what make this community rock 
-–
哈咯,Nervos的小伙伴们!
CKB DAO V1.1 将于 3 月 16 日正式上线啦!
2026.03.17 10am GMT+8 AMA链接:
这次升级主打透明度和DAO 治理、运营、执行的全方位优化,让社区协作更高效!
为了庆祝这个重要时刻,我们准备了一场轻松又不失干货的线上活动。正好借这个机会,大家一起来唠唠新版本的变化,聊聊接下来的玩法!
我们还同步上线了几份实用文档,帮你快速上手:
DAO V1.1 物业团队操作手册:物业团队的详细操作指南,既方便未来团队进行治理,也让大家了解物业团队的权力边界,更放心的投票。
社区指南:手把手教你如何参与、提交提案、玩转 DAO 工具。
社区漏洞报告文档:遇到小 bug 别慌,按步骤反馈,我们火速修复!
里程碑追踪文档:清晰记录各提案团队提交的里程碑交付物,随时掌握社区项目动态!
快来加入我们吧——你的想法和热情,就是Nervos社区不断前进的动力!
Neon (if I DM I scam) (2026-03-15T18:38:57, Nervos Nation, edited 2026-03-15T18:40:41)
Replying to this message from Night Lantern:
CKB DAO V1.1 Official Mainnet Launch
2026.03.16 7pm PDT, 2026.03.16 10pm EDT, 2026.03.16 7pm PST, 2026.03.17 3am CET
…
Good news! By going live, do you mean testnet? Mainnet?
Night Lantern (2026-03-15T18:40:31, Nervos Nation)
Replying to this message from Neon (if I DM I scam):
Good news! By going live, do you mean testnet? Mainnet?
Hello Neon! Mainnet, thank you for clarifying (:
Neon (if I DM I scam) (2026-03-15T18:47:01, Nervos Nation)
When will it be suitable for use by projects? I know @phroi was testing it
Night Lantern (2026-03-15T18:50:18, Nervos Nation)
Replying to this message from Neon (if I DM I scam):
When will it be suitable for use by projects? I know @phroi was testing it
Telegram: Contact @haoyang94 Has more insight into this but, as i understand— right away!
Night Lantern (2026-03-15T18:52:28, Nervos Nation)
we essentially wanted to get this up and running ASAP so we could get pending projects integrated
Phroi (No DM) (2026-03-15T19:12:25, Nervos Nation)
Replying to this message from Neon (if I DM I scam):
When will it be suitable for use by projects? I know @phroi was testing it
Thank you for the question @Neonckb!! This is my latest comment on the thing: as you can see I was not able to test it properly (my did still display zero voting power)
Phroi (No DM) (2026-03-15T19:13:25, Nervos Nation)
Replying to this message from Night Lantern:
we essentially wanted to get this up and running ASAP so we could get pending projects integrated
Still waiting for a follow up on that comment
Night Lantern (2026-03-15T19:53:30, Nervos Nation)
Replying to this message from Phroi (No DM):
Still waiting for a follow up on that comment
ahh okay okay, from what i understand the platform has been rigorously tested now, and all known errors have been amended. Prob a response to your question was a slight overlook. they have been working quite late getting everything together for the launch and its about the middle of the night for the other stewards— I kindly ask you remain patient a little 
for them to wake up in the morning
Phroi (No DM) (2026-03-15T20:19:37, Nervos Nation)
Replying to this message from Night Lantern:
ahh okay okay, from what i understand the platform has been rigorously tested now, and all known errors have been amended. Prob a response to your question was a slight overlook. they have been working quite late get…
How was the whitelist issue solved?
Phroi (No DM) (2026-03-15T20:21:54, Nervos Nation)
Will the whitelist be removed for mainnet as agreed?
Phroi (No DM) (2026-03-15T20:23:31, Nervos Nation)
A simple yes is enough 
Night Lantern (2026-03-15T20:24:30, Nervos Nation)
i will have to defer to haoyang li as he’s been directly working with the team
Phroi (No DM) (2026-03-15T20:24:30, Nervos Nation)
Forwarded from haoyang li.
Hi Phroi, totally valid scenario, and I just asked the dev team, they said this feature is only there for testing purpose, and it will be removed after the mainnet launch.
Although one thing I think worth clarifying is that the current whitelist mechanism doesn’t ban anyone from voting, it’s not like only the whitelisted addresses can vote, anyone with staked CKB can, the whitelist only accelerate the speed for the current system to find the information about who has staked CKB, it doesn’t prevent any addresses from voting.
Night Lantern (2026-03-15T20:27:17, Nervos Nation)
Replying to this message from Phroi (No DM):
Will the whitelist be removed for mainnet as agreed?
I would think if you already agreed upon it, then it is so. however I’m not certain and is better answered by haoyang li
Night Lantern (2026-03-15T20:33:02, Nervos Nation)
Replying to this message from Phroi (No DM):
Hi Phroi, totally valid scenario, and I just asked the dev team, they said this feature is only there for testing purpose, and it will be removed after the mainnet launch.
Although one thing I think worth clarifying i…
I appreciate you expending your time to test and making sure everything is where it needs to be phroi 
Phroi (No DM) (2026-03-15T20:34:28, Nervos Nation)
Replying to this message from Night Lantern:
I appreciate you expending your time to test and making sure everything is where it needs to be phroi
My issue is that the docs are unchanged from 3 months ago, OFC with the whitelist:
Night Lantern (2026-03-15T20:53:31, Nervos Nation, edited 2026-03-15T20:53:54)
Replying to this message from Phroi (No DM):
My issue is that the docs are unchanged from 3 months ago, OFC with the whitelist:
In the post it shows the docs to be released with the launch, so maybe those aren’t the updated ones. Let’s be patient and wait for the other stewards to wake up— is there anything else i can try to answer for you?
Phroi (No DM) (2026-03-15T21:02:20, Nervos Nation)
Replying to this message from Night Lantern:
In the post it shows the docs to be released with the launch, so maybe those aren’t the updated ones. Let’s be patient and wait for the other stewards to wake up— is there anything else i can try to answer for you?
Where?
Phroi (No DM) (2026-03-15T21:02:24, Nervos Nation)
No such link
Night Lantern (2026-03-15T21:02:40, Nervos Nation)
yea it hasn’t launched yet
Phroi (No DM) (2026-03-15T21:03:23, Nervos Nation)
Replying to this message from Night Lantern:
yea it hasn’t launched yet
And that is the official documentation repo
Night Lantern (2026-03-15T21:04:32, Nervos Nation)
We are releasing the docs on the launch date
Night Lantern (2026-03-15T21:04:54, Nervos Nation)
Replying to this message from Phroi (No DM):
And that is the official documentation repo
im a bit confused what the issue is?
Phroi (No DM) (2026-03-15T21:06:26, Nervos Nation)
Forwarded from Phroi (No DM).
Replied Those CommunityDAO v1.1 Voter Whitelists sound quite scary!
Phroi (No DM) (2026-03-15T21:06:26, Nervos Nation)
Replying to this message from Phroi (No DM):
Replied
Forwarded from haoyang li.
Hey Phroi and @mattQuinn, thanks for the scrutiny! I’m haoyang, one of the DAO steward team member, yeah the name does sound scary 
, but I can assure you that this is just a naming issue, it works like this:
If you just staked your CKB, the DAO 1.1 platform needs a bit time to pull this information (currently set as once per day, UTC time); the “whitelist” is to speed up this process so testers (like me) can start testing without waiting. We just finished a meeting and agreed that the name is quite misleading, maybe “voter snapshot” would be better.
But rest assured, this does not mean only people in the whitelist can vote, everyone who staked CKB can, you can verify this once the platform is launched on testnet for community testing 
Phroi (No DM) (2026-03-15T21:06:26, Nervos Nation)
Replying to this message from Phroi (No DM):
Hey Phroi and @mattQuinn, thanks for the scrutiny! I’m haoyang, one of the DAO steward team member, yeah the name does sound scary
If you j…
Forwarded from Phroi (No DM).
Hey @haoyang94, nice to meet you and congratulations on the steward role Name change is welcomed. That said, I would try to explain more the:
Why do we even need a snapshot/whitelist of voters in the first place?
Issue: potential for long-term abuse and centralization is really high, so there must be an even better reason to introduce it in the first place (V1.0 indeed doesn’t have it)
Hypothetical Example:
- In 2 years Donald Trump is elected in the yearly election for Community DAO v1.1 Roles as Vote Administrator and the other roles are filled by his evil lackeys
- Now Trump is the one controlling both the Voter Snapshot tool and the on-chain cell representation.
- Trump decides to ban all voters except for voters he controls.
- Trump updates the on-chain representation of whitelist, cause he is the one who has the power to so and there is no rule saying that he cannot do that.
- Now Trump fully controls CommunityDAO v1.1 until the next Community DAO v1.1 election
- Trump wins all upcoming elections, cause they are gonna be based on Community DAO v1.1 votes he controls (right?)
…
Result: Trump owns Community DAO v1.1 treasury 
I’m sure that you have pretty good reason to introduce it, so please explain to the Community your reasoning and the rules that underpins its usage. Also, what happens if these rules are violated?
Love & Peace, Phroi
Phroi (No DM) (2026-03-15T21:06:27, Nervos Nation)
Replying to this message from Phroi (No DM):
Hey @haoyang94, nice to meet you and congratulations on the steward role
Why do we even need a snapshot/whitelist of voters in the first place?
…
Forwarded from haoyang li.
Hi Phroi, totally valid scenario, and I just asked the dev team, they said this feature is only there for testing purpose, and it will be removed after the mainnet launch.
Although one thing I think worth clarifying is that the current whitelist mechanism doesn’t ban anyone from voting, it’s not like only the whitelisted addresses can vote, anyone with staked CKB can, the whitelist only accelerate the speed for the current system to find the information about who has staked CKB, it doesn’t prevent any addresses from voting.
Phroi (No DM) (2026-03-15T21:06:27, Nervos Nation, edited 2026-03-16T12:00:30)
Replying to this message from Phroi (No DM):
Hi Phroi, totally valid scenario, and I just asked the dev team, they said this feature is only there for testing purpose, and it will be removed after the mainnet launch.
Although one thing I think worth clarifying i…
Forwarded from Phroi (No DM).
Hey @haoyang94 That’s very reassuring, thank you!! So glad to see this cleared up! Just to make sure that we are all on the same page, could your team update the Docs to reflect this change?
Feel free to update:
Documentation > Developer Docs > Architecture > Vote System:
- Vote Creation Workflow
- Casting Votes
- SMT Whitelist Tool
- Vote Data Models
Documentation > Developer Docs > Architecture > Technical Overview
Documentation > User Guide > Frequently Asked Questions:
- Voting Rights & Eligibility > Who can vote?
- Voting Rights & Eligibility > I just registered a Web5 DID. Why can’t I participate in the current vote?
Documentation > User Guide > Getting Started:
- Important Notes
May I additionally suggest that if something exists only for testing purpose and it will not be in production, clearly label it as non-production / testing-only in Docs. This way by reading the Docs all the Community can clearly understand how CommunityDAO v1.1 is gonna work.
Also please, remember to tag me on the progress made to clear up this misunderstanding, I’d like to keep an eye on this.
Love & Peace, Phroi
Phroi (No DM) (2026-03-15T21:09:04, Nervos Nation)
(First message forwarded is from 27 / 01 / 2026, two months ago)
Matt (2026-03-15T21:09:32, Nervos Nation, edited 2026-03-15T21:09:49)
It feels like there a miss in judging the importance of this
Matt (2026-03-15T21:12:15, Nervos Nation, edited 2026-03-15T21:13:36)
I’ll propose an assessment period for the community prior to switching over if this is still in there on launch
Matt (2026-03-15T21:13:07, Nervos Nation, edited 2026-03-15T21:14:30)
Metaforo has worked fine for the last couple votes, there’s no urgency
Night Lantern (2026-03-15T21:14:17, Nervos Nation)
no but there is some what of an accusatory tone here.. I’m not saying this isn’t important but @phroi was told this would be amended— so why would we think otherwise? why not just wait for the other stewards who have the information before jumping to any conclusions
Phroi (No DM) (2026-03-15T21:18:48, Nervos Nation)
Replying to this message from Night Lantern:
no but there is some what of an accusatory tone here.. I’m not saying this isn’t important but @phroi was told this would be amended— so why would we think otherwise? why not just wait for the other stewards who have…
The emdash… Issue is that this issue was raised 2 months ago, then in the last review too 8 days ago and still no response on factual actions take to address the issue
Matt (2026-03-15T21:19:39, Nervos Nation, edited 2026-03-15T21:19:53)
The reason why I say the importance was misjudged is that it hasn’t been addressed in comms prior to launch stuff
Phroi (No DM) (2026-03-15T21:19:50, Nervos Nation)
There is a real risk of hostile takeover of CommunityDAO funds
i.r.p (2026-03-15T21:22:39, Nervos Nation, edited 2026-03-15T21:22:47)
I support the pov that all the issues should be addressed/resolved and documented before the launch
Night Lantern (2026-03-15T21:31:38, Nervos Nation)
Replying to this message from Matt:
The reason why I say the importance was misjudged is that it hasn’t been addressed in comms prior to launch stuff
well I think lets wait to hear from haoyang li and tovarishch before we go on a tangent with potential false premises wouldn’t you agree? haoyang did directly tell phroi the whitelist wouldn’t be on main net. So I don’t see why we wouldn’t believe him? But hey if thats not the case, i totally agree we want a fair transparent dao— Nothing less!!!
Phroi (No DM) (2026-03-15T21:32:00, Nervos Nation)
Replying to this message from Night Lantern:
well I think lets wait to hear from haoyang li and tovarishch before we go on a tangent with potential false premises wouldn’t you agree? haoyang did directly tell phroi the whitelist wouldn’t be on main net. So I don…
Why the docs are out of date?
Phroi (No DM) (2026-03-15T21:32:42, Nervos Nation)
On something about to be launched
Matt (2026-03-15T21:33:04, Nervos Nation)
Replying to this message from Night Lantern:
well I think lets wait to hear from haoyang li and tovarishch before we go on a tangent with potential false premises wouldn’t you agree? haoyang did directly tell phroi the whitelist wouldn’t be on main net. So I don…
I think both sides are valid things to say right now
Matt (2026-03-15T21:33:32, Nervos Nation)
It is speculation until the questions are answered, however at this point the speculation is well-founded
Matt (2026-03-15T21:33:55, Nervos Nation)
The concern is justified
Night Lantern (2026-03-15T21:35:46, Nervos Nation, edited 2026-03-16T01:01:48)
look i think we all want the same thing… having the public docs fully update in hindsight would have been best but lets wait to get the facts instead of running on any false premises 
Matt (2026-03-15T21:37:17, Nervos Nation)
Replying to this message from Night Lantern:
look i think we all want the same thing… having the public docs fully update in hindsight would have been best but lets wait to get the facts instead of running on any false premises
People are just operating on the premise they have 
Matt (2026-03-15T21:37:47, Nervos Nation, edited 2026-03-15T21:38:04)
There’s not much to say beyond waiting for clarification
Phroi (No DM) (2026-03-15T21:37:48, Nervos Nation)
Replying to this message from Night Lantern:
look i think we all want the same thing… having the public docs fully update in hindsight would have been best but lets wait to get the facts instead of running on any false premises
Glad we agree, then just tell us: I look up this tomorrow with the team, if still not fixed, we will need to delay.
Aren’t you a steward?
Matt (2026-03-15T21:38:56, Nervos Nation)
To be fair he spent a lot of time testing this
Matt (2026-03-15T21:39:13, Nervos Nation)
And the chance that that was disregarded is not a great situation to be in
Matt (2026-03-15T21:39:28, Nervos Nation)
@phroi it does seem clear that Night was cut out of info here
Matt (2026-03-15T21:39:47, Nervos Nation)
That’s a problem but it seems like he’s starting to feel like you’re taking it out on him
Phroi (No DM) (2026-03-15T21:39:58, Nervos Nation)
Replying to this message from Matt:
@phroi it does seem clear that Night was cut out of info here
All comms are public on my side…
Matt (2026-03-15T21:40:13, Nervos Nation)
I mean info about 1.1
Matt (2026-03-15T21:40:28, Nervos Nation)
Nobody told him if this critical thing was there or not
Matt (2026-03-15T21:40:35, Nervos Nation)
Maybe I’m misreading what you said
Night Lantern (2026-03-15T21:42:47, Nervos Nation)
Replying to this message from Matt:
To be fair he spent a lot of time testing this
yeah but you know i also spent a ton of time prepping for this launch yall are kinda killin the vibe without being 100% certain on facts
Phroi (No DM) (2026-03-15T21:43:32, Nervos Nation)
Replying to this message from Night Lantern:
yeah but you know i also spent a ton of time prepping for this launch yall are kinda killin the vibe without being 100% certain on facts
I can verify the code, no trouble, is all the code public?
Phroi (No DM) (2026-03-15T21:45:20, Nervos Nation)
Replying to this message from Night Lantern:
yeah but you know i also spent a ton of time prepping for this launch yall are kinda killin the vibe without being 100% certain on facts
Considering all time I spent is about one month of unpaid work
Phroi (No DM) (2026-03-15T21:45:35, Nervos Nation)
From discussion until now
Night Lantern (2026-03-15T21:45:39, Nervos Nation, edited 2026-03-15T23:25:20)
Replying to this message from Phroi (No DM):
I can verify the code, no trouble, is all the code public?
phroi im just a devout community member bro. I believe in the unity of CKB and transparency of the community. I’m not a high level developer
Night Lantern (2026-03-15T21:46:08, Nervos Nation)
nor is it necessary that i am to be a steward
Night Lantern (2026-03-15T21:47:26, Nervos Nation)
just be a little patient wait for the members that have a higher expertise in these areas
Phroi (No DM) (2026-03-16T06:51:43, Nervos Nation)
舟舟 tovarishch (2026-03-16T07:19:13, Nervos Nation)
Replying to this message from Phroi (No DM):
Hi everyone, following up on today’s whitelist discussion and Phroi’s code review.
David (DAO 1.1 Platform dev lead) has posted a technical response on Nervos Talk addressing the voter whitelist questions.
Regarding the broader findings in Phroi’s audit report, the dev team is reviewing it now and will follow up once they’ve assessed the details.
David @rink1969 seems cannot join this Telegram group, so please bring technical questions to the Nervos Talk thread directly. 
Jan (2026-03-16T09:19:21, Nervos Nation, edited 2026-03-16T10:32:12)
The whitelist issue seems more like a mechanism design problem to me, not a technical issue, as it seems not to be an incorrect implementation, but designed to so. I’m curious how was the dao v1.1 mechanism design decisions formed?
Jan (2026-03-16T09:22:22, Nervos Nation)
also shared my concerns here
Jan (2026-03-16T09:24:32, Nervos Nation, edited 2026-03-16T10:32:28)
In short, I see a possible communication gap where design questions are being addressed by implementers rather than designers
Phroi (No DM) (2026-03-16T13:21:18, Nervos Nation, edited 2026-03-16T20:13:43)
Replying to this message from Jan:
The whitelist issue seems more like a mechanism design problem to me, not a technical issue, as it seems not to be an incorrect implementation, but designed to so. I’m curious how was the dao v1.1 mechanism design dec…
You got exactly my point: it’s all about design choices
Another one that I documented: Governance identity (private signing key of Web5 DID) are stored unencrypted in browser localStorage.
All this with no mandatory backup and no browser native way to store it in a password manager. A passkey could have been a nice touch. Instead we get the following:
- You clear cache? Lost access to Web5 account
- You lost device? Lost access to Web5 account
- Bad script read your local storage? Compromised Web5 account
Phroi (No DM) (2026-03-16T13:47:33, Nervos Nation, edited 2026-03-16T20:13:41)
Also there seems to be a way to double vote (similar to Mod exploit in V1.1 voting):
- Make a Web5 on UTXO Global and vote with it
- Bind UTXO Global address to another address and then vote with that
For example:
If Alice (100,000 CKB in DAO, DID 1) binds to Bob (50,000 CKB, DID 2) and both vote: Alice’s weight is 100,000 and Bob’s weight is 150,000 (own 50,000 + bound 100,000). Total counted: 250,000 from 150,000 real CKB
Phroi (No DM) (2026-03-16T16:06:15, Nervos Nation, edited 2026-03-16T16:16:22)
For anyone following this DAO v1.1 journey, @rink1969 has replied:
Phroi (No DM) (2026-03-16T16:12:49, Nervos Nation, edited 2026-03-16T17:01:16)
@rink1969 I’ll start preparing the next round of audit
Phroi (No DM) (2026-03-16T21:35:58, Nervos Nation, edited 2026-03-17T01:48:27)
Hey @rink1969, worked all day for this audit, so here you go! Additionally to the previous unsolved issues I also found by chance a SQL Injection attack:
Anyone can read the entire PostgreSQL database, freeze the service, or identify admin accounts (to later steal funds), all without logging in.
舟舟 tovarishch (2026-03-17T00:20:05, Nervos Nation, edited 2026-03-17T00:21:04)
Replying to this message from Night Lantern:
CKB DAO V1.1 Official Mainnet Launch
2026.03.16 7pm PDT, 2026.03.16 10pm EDT, 2026.03.16 7pm PST, 2026.03.17 3am CET
…
DAO V1.1 Platform Launch Sync
Following today’s community discussion on the V1.1 platform, here is a summary of developments:
1 Phroi published a code review of the V1.1 platform, covering the voter whitelist mechanism and additional findings across the codebase
2 David responded to the whitelist questions, clarifying the technical rationale and the earlier miscommunication involving two separate whitelist mechanisms
3 The Proposal & Steward team published a statement:
- March 16 launch is postponed; M2 delivery standard not yet met
- 4-week public testing period begins this week
- Independent chain-reading audit tool to be developed
The AMA will proceed as scheduled with an adjusted agenda focused on the audit findings.
舟舟 tovarishch (2026-03-17T13:19:47, Nervos Nation, edited 2026-03-17T16:40:24)
Replying to this message from 舟舟 tovarishch:
Following today’s community discussion on the V1.1 platform, here is a summary of developments:1 Phroi published a [code review](https://talk.nervos.org/t/dao-v1-1-whitelist-and-beyond…
DAO V1.1 AMA Summary & Next Steps
The team hosted an AMA today on the current V1.1 situation (transcript):
- The 4-week public testing period starts today on https://ccfdao.dev
- The dev team has addressed the bugs from Phroi’s code review, and will publish a detailed post on the design decisions behind the whitelist mechanism for community discussion
- Weekly text-based AMAs will replace live sessions during the testing period
All details, feedback, and issue tracking will be centralized in this Nervos Talk thread going forward:
Phroi (No DM) (2026-03-18T23:16:59, Nervos Nation, edited 2026-03-19T05:39:41)
Replying to this message from Phroi (No DM):
Hey @rink1969, worked all day for this audit, so here you go! Additionally to the previous unsolved issues I also found by chance a SQL Injection attack:
*Anyone can read the entire PostgreSQL database, freeze th…
Hey @rink1969, I wanted to tell you that I saw your comments on DAO V1.1, hopefully by tomorrow I’ll be able to reply properly
Phroi (No DM) (2026-03-20T15:10:02, Nervos Nation)
Replying to this message from Phroi (No DM):
Hey @rink1969!! Let me give you some informal feedback: I’m pleased to see that little by little you are fixing the issues I pointed out over time, more days more fixes, nice!! 
(with one catch)
Phroi (No DM) (2026-03-20T15:15:50, Nervos Nation)
Replying to this message from Phroi (No DM):
Hey @rink1969, worked all day for this audit, so here you go! Additionally to the previous unsolved issues I also found by chance a SQL Injection attack:
*Anyone can read the entire PostgreSQL database, freeze th…
SQL injection (N1) is fixed. All 5 Expr::cust(format!(...)) sites replaced with parameterized Expr::cust_with_values(...), and the error handler no longer leaks raw PostgreSQL messages.
Diff: Comparing 479ef1d...355f9dd · CCF-DAO1-1/app_view · GitHub
Phroi (No DM) (2026-03-20T15:20:30, Nervos Nation)
Replying to this message from Phroi (No DM):
Also there seems to be a way to double vote (similar to Mod…
There was an attempted fix to double vote Mod-alike exploit, but the fix itself seems broken.
The retain filter at check_vote_finished.rs:596-598 was meant to prevent the same deposit from counting twice across voters, but the condition voter_ckb_addr != weight_addr unconditionally removes every voter’s own weight. Any standalone voter (the common case) contributes zero to the tally. The UI still shows correct voting power, and the on-chain TX succeeds, so voters have no signal their vote counts for nothing.
Phroi (No DM) (2026-03-20T15:23:04, Nervos Nation)
Replying to this message from Phroi (No DM):
You got exactly my point: it’s all about design choices
Another one that I documented: Governance identity (private signin…
This is still an issue, I just lost access to my Web5 account (again)
Phroi (No DM) (2026-03-20T15:31:45, Nervos Nation)
Replying to this message from Jan:
The whitelist issue seems more like a mechanism design problem to me, not a technical issue, as it seems not to be an incorrect implementation, but designed to so. I’m curious how was the dao v1.1 mechanism design dec…
About voter whitelist (SMT-based, requiring Web5 DID registration + daily snapshot inclusion), it was not described in the governance rules voted on by the community. The proposal’s voting section states:
Voting power is based entirely on the user’s CKB deposits in the Nervos DAO, continuing the direct weighted voting model of v1.0.
The only mention of “whitelist” is a sub-item in the development cost table:
对提案投票 | 投票白名单收集、创建投票Cell、构造并发送投票交易、投票后的Cell处理、权重统计等 | 12000
(Voting on Proposals | Voting whitelist collection, create voting Cells, construct/send voting TXs, post-vote Cell processing, weight calculation, etc. | $12,000)
No description of what the whitelist is or how it restricts eligibility. This line was present unchanged since the original post on Sep 4, 2025 (verified across all 21 proposal revisions).
Under the DAO rules ( CKB Community Fund DAO Rules and Process ), changes to voting eligibility are meta-rule changes requiring 67% approval and 185M CKB quorum.
No such vote was held for this mechanism
Phroi (No DM) (2026-03-20T15:43:49, Nervos Nation, edited 2026-03-20T17:47:23)
@rink1969 All in all good progress on the fixes, appreciate the dialogue.
The whitelist governance question and browser key storage (5.1) are still open. The double-counting fix in 355f9dd regressed: standalone voters get zero weight in the tally.
I have a report ready, will share once that regression is sorted.
Keep it up
Phroi
Night Lantern (2026-03-21T01:06:29, Nervos Network, edited 2026-03-21T01:06:35)
Hello everyone! 
Join us in the CKB DAO V1.1 platform community testing period!
Your crucial insights and discussions on these pivotal design choices will help strengthen the DAO’s longevity—your feedback and participation are truly priceless.
Moving forward, we’d love to streamline most of the conversation right here:
Let’s build this together! 
Matt (2026-03-21T18:25:55, Nervos Nation, edited 2026-03-21T19:41:18)
@phroi I noticed you mentioned about alternative designs to whitelist for dao v1.1, I would like to make a proper post but in case you beat me to it, here are my ideas:
-take a DAO deposit cell as a reference cell
-verify exclusion proof for deposit cell in a SMT
-verify inclusion proof for deposit cell in SMT, update SMT root
-generate the vote UDTs
(Some logic is needed around deposit lock script verifying and binding)
In this way, vote UDT’s are optional. We never need to remove spent deposit cells from the SMT, however the proof size will grow as the number of deposits tracked by the SMT grows.
Maybe we could have a new SMT for every 100,000 blocks or something like that?
For instance, if we have a MMR of SMT’s, every 100,000 blocks a new SMT would be added to the MMR and users would do their proofs against the proper leaf of the MMR.
the MMR will add overhead to the proof, the right tradeoff between # of blocks per MMR leaf and additional overhead from MMR would have to be determined
(Vote sUDTs would be non-transferable and anyone can claim the underlying CKB with proof the referenced dao deposit was spent)
Phroi (No DM) (2026-03-21T20:35:24, Nervos Nation)
Replying to this message from Matt:
@phroi I noticed you mentioned about alternative designs to whitelist for dao v1.1, I would like to make a proper post but in case you beat me to it, here are my ideas:
-take a DAO deposit cell as a reference cell
-ve…
Just a question: what’s difference with using iCKB UDT directly?
Matt (2026-03-21T20:41:31, Nervos Nation)
Well the user keeps control of the ckb, not a contract
Matt (2026-03-21T20:41:50, Nervos Nation)
Also voting with iCKB directly could have problems with buying votes
Phroi (No DM) (2026-03-21T20:43:26, Nervos Nation)
Replying to this message from Matt:
Also voting with iCKB directly could have problems with buying votes
Not so different from buying CKB and staking it
Phroi (No DM) (2026-03-21T20:43:55, Nervos Nation)
If iCKB liquidity is an issue, they can be locked
Matt (2026-03-21T20:43:58, Nervos Nation)
The same iCKB could move around from vote to vote
Matt (2026-03-21T20:44:17, Nervos Nation, edited 2026-03-21T20:44:23)
Replying to this message from Phroi (No DM):
If iCKB liquidity is an issue, they can be locked
someone could lock iCKB using a similar process
Matt (2026-03-21T20:44:26, Nervos Nation)
Actually the right way to do it I think
Phroi (No DM) (2026-03-21T20:48:36, Nervos Nation)
Replying to this message from Matt:
Well the user keeps control of the ckb, not a contract
About this, iCKB main contract is rock solid AFAIK (maybe I’ll also audit those contracts once again with these new powerful tools, few days that I’m thinking about it), so using iCKB should be as safe as the underlying Nervos DAO deposits
Phroi (No DM) (2026-03-21T20:49:33, Nervos Nation)
TBH now that I think about it, one of the forecasted reasons for creating iCKB was indeed governance
Phroi (No DM) (2026-03-21T20:50:46, Nervos Nation, edited 2026-03-21T21:00:14)
Just missed the initial Community DAO v1.0 opportunity and v1.1 proposers were not receptive about iCKB
Matt (2026-03-21T21:01:09, Nervos Nation)
Ckb has to be in the DAO for governance, people don’t want the lock up
i.r.p (2026-03-21T21:26:13, Nervos Nation)
Replying to this message from Matt:
Well the user keeps control of the ckb, not a contract
Very important point
Phroi (No DM) (2026-03-21T21:28:08, Nervos Nation)
Replying to this message from i.r.p:
Very important point
You are still using a contract to control those Deposits
Phroi (No DM) (2026-03-21T21:28:24, Nervos Nation)
Or any cells, for what matters
Matt (2026-03-21T21:29:45, Nervos Nation)
Replying to this message from Phroi (No DM):
You are still using a contract to control those Deposits
It’s a protocol level contract though
Matt (2026-03-21T21:29:59, Nervos Nation)
Like any issues with it would be deviations from protocol spec
Phroi (No DM) (2026-03-21T21:30:32, Nervos Nation)
Replying to this message from Matt:
Like any issues with it would be deviations from protocol spec
Which RFC are we talking about here?
Matt (2026-03-21T21:30:59, Nervos Nation)
Replying to this message from Phroi (No DM):
Which RFC are we talking about here?
The dao one
Phroi (No DM) (2026-03-21T21:32:20, Nervos Nation)
Replying to this message from Matt:
The dao one
Yes, DAO is the only special contract, cause it has to mint CKB interests, something that no other contract can do
Phroi (No DM) (2026-03-21T21:32:29, Nervos Nation)
But user locks are not
Phroi (No DM) (2026-03-21T21:33:25, Nervos Nation)
This is the contract used by Neuron for example:
Night Lantern (2026-03-21T21:39:37, Nervos Nation)
Replying to this message from Phroi (No DM):
Just missed the initial Community DAO v1.0 opportunity and v1.1 proposers were not receptive about iCKB
would one have to use iCKB or could they still use just CKB in this model your thinking of?
Phroi (No DM) (2026-03-21T21:52:31, Nervos Nation)
Replying to this message from Night Lantern:
would one have to use iCKB or could they still use just CKB in this model your thinking of?
If I was to launch the DIS for DAO v1.2, I would personally go for iCKB only, locking up iCKB to vote.
This would be fully on-chain, skip all the problems currently affecting v1.1, including those stemming from the compatibility with Neuron
Say App5 was to decide to bring Neuron up to speed, then Neuron users would be able to vote via CCC: [FR] Allow CCC DApps to use local Signer + Light Client · Issue #3438 · nervosnetwork/neuron · GitHub
Phroi (No DM) (2026-03-21T21:56:15, Nervos Nation)
Currently Neuron is clearly leading the races 
Night Lantern (2026-03-21T22:05:58, Nervos Nation, edited 2026-03-21T22:09:18)
Replying to this message from Phroi (No DM):
If I was to launch the DIS for DAO v1.2, I would personally go for iCKB only, locking up iCKB to vote.
This would be fully on-chain, skip all the problems currently affecting v1.1, including those stemming from th…
just from a vanilla users perspective its seems simpler to just deposit CKB. That’s what was nice about the joyid paradigm— cipher had in mind regular every day users, even though it didn’t fully pan out his vision had accounted for the masses. I think for these reasons we should be doing our best to keep things as simple as possible. And at least not require users to have to switch there CKB to iCKB. but as you say seems there’s some technical benefits, not sure if i think that tips the scales for me though
Phroi (No DM) (2026-03-21T22:12:45, Nervos Nation)
Replying to this message from Night Lantern:
just from a vanilla users perspective its seems simpler to just deposit CKB. That’s what was nice about the joyid paradigm— cipher had in mind regular every day users, even though it didn’t fully pan out his vision ha…
User doesn’t even need to know they are using iCKB, you go from CKB to vote in a single tx
Phroi (No DM) (2026-03-21T22:13:16, Nervos Nation)
If you tell them that they are still getting interests, that would be enough
Phroi (No DM) (2026-03-21T22:13:38, Nervos Nation)
If they want to go deeper, sure, all explanations are available
Night Lantern (2026-03-21T22:14:01, Nervos Nation)
Replying to this message from Phroi (No DM):
User doesn’t even need to know they are using iCKB, you go from CKB to vote in a single tx
so you just deposit CKB and the vote automatically utilizes iCKB under the hood?
Phroi (No DM) (2026-03-21T22:16:36, Nervos Nation, edited 2026-03-21T22:16:50)
Replying to this message from Night Lantern:
so you just deposit CKB and the vote automatically utilizes iCKB under the hood?
Yeah OFC, it would work for most low cap users, higher ones would still need two txs
Phroi (No DM) (2026-03-21T22:17:45, Nervos Nation)
Trick is to match a Limit Order already present on-chain created by bot, so you get an instant CKB to iCKB conversion
Phroi (No DM) (2026-03-21T22:18:20, Nervos Nation)
Alternatively, I could create an intent cell dedicated to this very purpose
Night Lantern (2026-03-21T22:19:56, Nervos Nation, edited 2026-03-21T22:34:04)
yeah i think if it comes off like your just using your regular CKB i have not particular qualms about it
Phroi (No DM) (2026-03-21T22:26:11, Nervos Nation, edited 2026-03-21T22:51:39)
Replying to this message from Night Lantern:
yeah i think if it comes off like your just using your regular CKB i have not particular qualms about it
Biggest issue with what v1.1 is doing is that v1.1 is not controlling the lock of the users deposits, so users can withdraw / rebind … midvote, it’s very messy
This coupled with the fact that Nervos L1 doesn’t have a state root on-chain (we have something, but just for headers) means you have to rely on bulky off-chain operations.
These bulky off-chain operations are not made easy by CKB Node, cause the node doesn’t even support archive mode. In short you cannot query how was the cell set at a particular block, say for example when the vote ended, crucially.
It means implementing bulky off-chain operations from scratch, but then you also need to have auditors, which ideally use a separate stack… it gets messy.
v1.1 road is not an easy one
Night Lantern (2026-03-21T22:38:45, Nervos Nation)
Replying to this message from Phroi (No DM):
Biggest issue with what v1.1 is doing is that v1.1 is not controlling the lock of the users deposits, so users can withdraw / rebind … midvote, it’s very messy
This coupled with the fact that Nervos L1 doesn’t have…
from what i understood your right they can withdraw and rebind midvote.. but its redundant because only the last vote cast is accounted for. although I’m not certain of what and any ramifications this would cause?
Phroi (No DM) (2026-03-21T22:39:41, Nervos Nation, edited 2026-03-21T22:40:17)
Replying to this message from Night Lantern:
from what i understood your right they can withdraw and rebind midvote.. but its redundant because only the last vote cast is accounted for. although I’m not certain of what and any ramifications this would cause?
Say you want to account for this on-chain, attacker can make enough of these actions that you run out of block space
Phroi (No DM) (2026-03-21T22:40:03, Nervos Nation, edited 2026-03-22T13:56:52)
ZK could help, but we are not there yet
Night Lantern (2026-03-21T22:40:30, Nervos Nation)
so could be used as an atack vector
Phroi (No DM) (2026-03-21T22:41:13, Nervos Nation, edited 2026-03-21T23:00:52)
Replying to this message from Night Lantern:
so could be used as an atack vector
For tallying votes on-chain in a reasonably auditable way without controlling the deposit locks? Yes
Phroi (No DM) (2026-03-21T22:41:33, Nervos Nation)
@rink1969 can join anytime
Night Lantern (2026-03-21T22:43:42, Nervos Nation)
appreciate you taking the time to making sure we remain as robust as possible Phroi, Thank you
Phroi (No DM) (2026-03-21T22:49:53, Nervos Nation)
Replying to this message from Night Lantern:
appreciate you taking the time to making sure we remain as robust as possible Phroi, Thank you
My pleasure, just I’m a bit bummed that we came to this point with v1.1, I even told in November that I was available for reviewing step-by-step the design:
I’m still shocked that normal user actually hacked MetaForo out of spite over this proposal!! I had my reservations, but at least I’m trying to contribute in a concise & positive way. Wild times
@zz_tovarishch if you want to reduce the chance of future hacks on Community Fund DAO v1.1, would you like me to do a step-by-step review? Anyone else from the community want to review?
Also, since you showed proof your proposal won, can you start by open-sourcing the work being done?
Congrats, Phroi
BaClaire (2026-03-22T11:53:09, Nervos Nation, edited 2026-03-22T11:53:50)
Replying to this message from Phroi (No DM):
Biggest issue with what v1.1 is doing is that v1.1 is not controlling the lock of the users deposits, so users can withdraw / rebind … midvote, it’s very messy
This coupled with the fact that Nervos L1 doesn’t have…
I am not sure if this will be related , but I wish, this DAO thing could also be used as the organization of the first testers and Users of the applications being built on Nervos CKB Ecosystem. This will enable developers to get initial users and testers who are committed to providing feedback on their usage of applications. We dont expect the apps to be adopted from outside inside, but better inside outside.
Phroi (No DM) (2026-03-22T18:29:34, Nervos Nation)
Replying to this message from BaClaire:
I am not sure if this will be related , but I wish, this DAO thing could also be used as the organization of the first testers and Users of the applications being built on Nervos CKB Ecosystem. This will enable develo…
@BaClaire Your message got me thinking, so I reviewed the V1.1 identity layer to see how close did:ckb is to serving the broader ecosystem.
Short answer: the foundation is there. did:ckb is chain-native, the source code is open, and anyone can run the DID indexer. A second app on CKB could resolve your identity today. CCC even has an unmerged branch (feat/did-ckb) with SDK functions for creating, updating, and destroying DID cells.
What’s not wired up yet: DID document updates (so one identity registers with multiple apps), account portability (so users are not locked to one server), and key management beyond browser localStorage.
Full review: DAO V1.1 Web5 Identity Layer: Community-Led Review
Matt (2026-03-22T20:25:39, Nervos Nation, edited 2026-03-22T22:49:45)
Replying to this message from Phroi (No DM):
@BaClaire Your message got me thinking, so I reviewed the V1.1 identity layer to see how close
did:ckbis to serving the broader ecosystem.Short answer: the foundation is there.
did:ckbis chain-native, the s…
If we really want to build web5 eventually we will accommodate any did that complies with w3c