BrightId Gatekeeper for Aragon permissions

Proposal Information

Proposal description:

We propose to write a smart contract that can be attached to any AragonOS DAO (including Gardens) to prevent DAO members from performing certain actions unless they are validated with BrightId.

The initial use case is to limit the creation of decision and funding proposals for the BrightId Garden. Only verified accounts will be able to create these sorts of proposals.

The work will consist of three parts:

  • Writing the smart contract. This will take the form of an AragonOS ACL oracle that can be attached to any AragonOS DAO permission. It can permit the action if the performing address is registered within the BrightId User Register (this is the same register used for limiting the amount of HNY staked in Celeste).
  • Adapting the frontend. We would like to do minimal modifications to the frontend as this is not a feature supported by most of the gardens. We basically will add an extra requirement in the sign covenant modal that is going to ask you to validate your address.
  • Deploying the solution. After testing it on rinkeby, we will create a decision vote in the BrightId DAO on xDAI. We will use the new EVMcrispr library to roughly speaking “change the DAO’s DNA”, sending the encoded action that is going to be executed by the DAO itself.

Proposal Rationale

This proposal can be seen as a step further towards a closer integration of BrightId and Gardens (and Aragon DAOs in general).

The scope of this funding proposal is to prevent non-verified community members from creating DAO proposals. This is not, in itself, a particularly special thing. But it lays the ground work for future applications that do more with the identity constraints that BrightId enables

For example, it opens the door to the implementation of apps such as Quadratic Voting and/or Quadratic Conviction Voting (which could be done with a “Quadratic” Voting Aggregator). If this proposal is successful, we could study the feasibility of such a thing (we believe this would be extremely useful for the broader Aragon ecosystem).

This solution will also implement the new ACL oracle interface required by Aragon Govern, so it could also be used to prevent unverified unverified members from creating votes in the Aragon Network DAO - assuming BrightId is eventually selected as their decentralized identity solution.

Expected duration or delivery date (if applicable):

We think we can have this ready in two weeks (after the vote is executed).

Team Information (For Funding Proposals)

Skills and previous experience in related or similar work:

  • Will built the BrightId Register that is working right now for Celeste.
  • Sem has implemented ACL oracles for the same use case previously.
  • Elessar has coded most of the EVMcrispr library that will be used to create the vote in the Garden.

Funding Information (For Funding Proposals)

Amount of Bright requested: 8,000 BRIGHT (~$5,000) that will support the work of Gardens Swarm.

Ethereum address where funds shall be transferred:
Gardens Swarm Agent Address - 0xc542cc61ed9be9e6e29652ac8a918554ecd2bc98

More detailed description of how funds will be handled and used:
Some of the funds will be transferred to the people who works on the proposal (listed above), and the remaining will be used to support other endeavors within the Gardens project.

EDIT: We clarified some parts of the proposal. Praise to @sacha for his thorough proof-reading :raised_hands:.


The proposal is now live on BrightId Garden.


That went smooth. It’s already funded. Very good!


Oh wow, this was fast. We are going to start working this week on the smart contract and deployment script. Expect news soon!

1 Like

This was so fast i did not have a chance to vote for it :smile: This will be awesome, looking forward to the results!


Summary thread here


We’d like to show our progress in this proposal, and which are the blockers we have found (it’s going to take a bit more of time, sorry folks).

  • We have a first version of the smart contract and installation script in the 1hive/brightid-gatekeeper repository.
    • We found an issue with the original plan, as canPerform does not receive the proper msg.sender when it’s called. We need to pass the sender as a permission parameter.
  • In order to do that, we have to slightly modify the Disputable Voting, Conviction Voting and Hooked Token Manager apps in order to implement permissions with parameters on the create vote and wrap functions.

This is not a lot of work, but we will need some more time to work on this.

Btw, congratulations to the BrightId community for having been selected to be the identity solution for the Aragon Network DAO.

Please tell us if doing this project we can assist you in some way to integrate with Govern. The gatekeeper contract includes the willPerform used as Aragon Govern ACL oracle. Is it useful in some way for the case for the integration you are working on?


Additional features that could be useful to AN DAO and other DAOs:

  1. Restrict voting to BrightID verified addresses.
  2. When minting a token in a membership dao, show whether the recipient is BrightID verified.

Awesome proposal! let me know if you need any support from the Aragon team :slight_smile: