This is not just a commercial site: it teaches in addition to asking for money
(please, take a look at our "donate" link :) So let's discuss a security
issue that most DAO web sites would rather avoid mentioning.
If you do not want to read the theory, jump to a conclusion
Note: this is not the issue of this particular site, but of all sites that
provide Web interface to Ethereum payments, so it is a very good idea to
familiarize yourself with the subject.
When it comes to blockchain payments, one can be reasonably paranoid or totally
paranoid. One should never be at ease. Paranoid people do not visit grocery
store carriynt all their life savings with them. Same thing here: learn what a
"cold" and "paper" wallets are and store the REAL money there. And if you
want to pay for some service online, use a wallet with SOME coins, not with
everything you got.
Below, you have two payment choices.
As for the rest: please note that unfortunately MetaMask does not pay us for
this commercial. Nevertheless, we strongly suggest using it - or any similar
wallet that manages passwords for you. This is because if you use Geth or some other
mean of connecting to a blockchain that does not, you will have to enter password
not in the wallet you trust (like MetaMask, but remember, you still should be paranoid!),
but on a web page itself. Now, what if a malicious web page sends all your money
God knows where? MetaMask (and similar wallets, but MetaMask is the most popularright now)
handles passwords and prompts you "do you really want to transfer "amount" to "address",
so this scenario will not work.
However, there are other scenarios. See, it is hard to hack the ethereum network itself,
so you can be reasonably confident paying with your wallet (and it is up to you to
select a reliable wallet software!), but a web site is a different thing.
It can be hacked.
Now, imagine someone hacking the Duke of Ether
web site and placing there some malicious code. It can: a) send your coins elsewhere
(even if you use MetaMask) and b) send more than you expected (not if you use MetaMask).
This is an important issue to keep in mind: for example, consider this
CoinDash, an Israeli startup, planned to raise capital by
selling its own digital tokens in exchange for the cryptocurrency Ethereum... But just 13
minutes into the token sale... an "unknown perpetrator" hacked CoinDash's website and
changed the address for sending investments to a fake one, the company later announced
on its website. That diverted millions of dollars in contributions to the attacker...
To avoid the problem, you have few choices.
First, if you are a web guru, you can examine the web site... which is long, boring and there still is
a chance you'll miss something.
Second, as we already mentioned, do not pay from a wallet that has a lot of money (safe with MetaMask,
but you still should not do it!). If you have $1 in your wallet, and a hacker drains
it all, he'll get $1, which isn't that much after all.
Third, keep as much control over your payment as you can: do not pay through a web site
if in doubts, pay directly. Below, we provided the "If you don't trust us" section allowing
to do a cold payment: you use some kind of an advanced wallet (like Mist) to call contract's
functions directly. It is boring and error prone, besides, you will not be able to see our
Web UI (no fun!). Note that it makes no sense if you use MetaMask, but if you use
a walloet that is attached to Geth (like Mist), then it is safer.
Finally, to avoid that last danger, you can use etherscan.org
to find the contract by its address (see below in the "If you don't trust us" section)
and study it. First, if you can not find it, then the site was probably hacked; second,
if you know Solidity, you can analyze the code, and finally, look at the date a contract was published.
This is some kind of a protection, but keep in mind that so called "verified contract code"
on Etherscan can easily be forged: look in out tutorial at
Making a trap article. Keep staying paranoid.
As an additional precaution, you can save the web site on your disk and run the local copy.
It will not help if the site ALREADY contains malicious code, but it can protect you from the
future attacks. There are two disadvantages: first, not all sites support independent work
(ours does), and second, if the site changes, providing more functional, you will miss it.
How realistic is the danger? Well, there are thousands sites online that have "please donate" Bitcoin
and Ethereum addresses... and they seem to work. But - see the CoinDash story above - it is
1. Use MetaMask plugin for Chrome as your wallet/DApps browser.
2. Keep most of your coins in a "cold storage", and do not "show" online more than you are
willing to spend right now.
3. Stay paranoid. Just in case.
Use your favorite wallet capable of calling contracts' functions (example: Mist).
Note that if you use MetaMask, you are reasonably safe with "If you trust us"
Thansfer (>>>Use calculator on the left to get amount<<<) ether
to the function "shareHolderInvest" of the following contract:
From your wallet (geth, Mist, etc.) call shareHolderWithdraw function of the following contract:
and pass to it the amount of shares to withdraw
(>>>Use calculator on the left to get amount<<<).
Distribute Bonus Shares
This activity is restricted to Contract owner ONLY.
Number of shares bought and sold daily.
Amount of money (which is a specified fraction of an original contract(s) profit) to be
distributed among share holders.
Cumulative of "Daily Profit" column, the money (which is a specified fraction of an original contract(s) profit) to be
distributed among share holders.
A total cost of all shares Share Holders currently posess (ethers).
Number of Shares Share Holders currently own.
Price of a Token in ether. The price is calculated based on profit,
initially (and until it exceeds the min. token price) it is set to min. token price.