This is not exactly a commercial site: it teaches rather than asking for money
(please, take a look at our "donate" link :) So let's discuss a security
issue that most DAO web sites would rather avoid mentioning.
Note 1: this is not the issue of this particular site, but of all sites that
provide Web interface to Ethereum payments, so it is a very good idea to
familiarize yourself with the subject.
Note 2: Unfortunately, MetaMask does not pay us for this commercial.
Below, you have two payment choices. First of all, you can start your favourite wallet
(Mist, MetaMask, Geth - whatever) and click the "Become Duke!" button below.
You will be prompted for a password by Mist / Geth, because these programs
require you to reconfirm the password in order to send coins. As for MetaMask,
it manages your password internally and therefore, your password is safe.
Is it safe to use Geth of Mist (that is using Geth internally)? The answer is NO.
It is hard to hack the ethereum network, so you can be
reasonably confident paying with your wallet, but a web site is a different thing.
It can be hacked.
Now, imagine someone hacking the "Duke of Ether" web site and placing there some malicious
code. It can: a) send your coins elsewhere and b) send more than you expected
("b" is only possible if you use developers tools, like Geth: you are safe
This is an important issue to keep in mind: for example
CoinDash, an Israeli startup, planned to raise capital by
selling its own digital tokens in exchange for the cryptocurrency Ethereum... But just 13
minutes into the token sale... an "unknown perpetrator" hacked CoinDash's website and
changed the address for sending investments to a fake one, the company later announced
on its website. That diverted millions of dollars in contributions to the attacker...
To avoid the problem, you have few choices.
First, if you are a web guru, you can examine the web site... which is long, boring and there still is
a chance you'll miss something.
Second, do not pay from a wallet that has a lot of money (or use MetaMask, as it asks for
confirmation, displaying an amount every time). If you have $1 in your wallet,
and a hacker drains it all, he'll get $1, which isn't that much after all.
Third, keep as much control over your payment as you can: do not pay through a web site,
pay directly (either via "If you don't trust us" or (again!) use MetaMask).
In other words, if you are using Geth to connect to a Ethereum network,
follow the "If you don't trust us" section to make a cold payment with your favorite wallet.
This way a Web site does not get your password from you: you enter it in Geth or Mist
directly. And you do not need a password to browse the DApp: only to pay.
While if your "favorite wallet" is MetaMask, lucky you.
Finally, to avoid that last danger (hacker replacing the payment address on the site),
you can use etherscan.org
to find the Duke contract by its address (see below in the "If you don't trust us" section)
and study it. First, if you can not find it, then the site was probably hacked; second,
if you know Solidity, you can analyze the code, and finally, look at the date a contract
was published. I wouldn't worry about it for few bucks, but if you are paying $1000+,
it is better to play it safe.
As an additional precaution, you can save the web site on your disk and run the local copy.
It will not help if the site ALREADY contains malicious code, but it can protect you from the
future attacks (site changes on Web, but not on your disk). There are two disadvantages:
first, not all sites support independent work (ours does), and second, if the site changes,
providing more functional, you will miss it.
How realistic is the danger? Well, there are thousands sites online that have "please donate" Bitcoin
and Ethereum addresses... and they seem to work. But - see the CoinDash story above - it is
possible. A simple defence is: do not keep a lot of money in a wallet that you expose to
Internet, that's all.
Thatsfer ether (min. amount is ether)
to the function "BecomeDuke" or ( ether) "addRemoveCountry" of the following contract:
You have to have Ethereum enabled browser. It can be Geth or Mist running alongside to
Browser, or MetaMask plugin. Anything that gives a Browser an access to blockchain.
If you do not know how to do it, read our
Very Brief Instructions.
Select a Country you feel like ruling. Select payment: anything larger than a suggested min. price.
Read instructions above and pay the "I trust you" or "I don't trust you" way. If you are
reasonably paranoid, as any Duke should be, use contract address to fing it on
etherscan.io and read the contract.
You do this - you become a Duke. To comfort your predecessor, to throw him a bone, so to speak,
money you paid will go to him. Keep in mind that the next Duke has to pay MORE, so if
some impostor decides to overthrow you, he'll pay dearly, and you will end up with 50% more than
you spent... Well, there is always a chance that they will be too scared, so no one will come.
After two month of tyrany (it is your tyrany, so it is a good thing), the price ot throne will
begin to go down, 5% a day. It is like you are asking "Ok, are you still afraid to challenge me?!"
And even if an usurper comes and kicks... sorry, asks you away, your name will stay in the
blockchain for as long as Ethereum itself exists.
Long live the Duke!
Dark side has cookies? A lie! If overthrown, you will get back exactly what you paid (minus a small
comission). No profit. One have to be deep on the Dark Side to bring devastation on an entire
country, so this is going to be his reward.
Ok, in human language: to destroy the country, you pay more, become the Duke of a DESTROYED country
(it will clearly say so in a block chain) and when (if) the next Duke overthrows you, you will
get back what you paid (minus small fee) - no extra bonus, as it would be in case of taking the throne
of an intact country.
To overthrow the Dark Duke, you have to take a throne. As with Destroying, Restoring rewards you
(when/if you are overthrown) with exactly (minus fee) same money you paid. No extra bonus.
Being on a Brigth Side, you should forget about greed. Correct?
To make it even harder (more demanding to your Bright Side), the next Duke can overthrow the
creator of a country by paying the same price Creator paid. So again, you do it not for profit,
but for the sheer pleasure of giving a life to a new country. As for money, you will break equal,
when the next Duke takes the throne. Minus a small fee.