Code in Github: aragon-apps/apps/vault

Vaults own and manage the ERC20 assets the DAO has.

The design rationale for having Vaults:

  • Allowing the installation of third party apps that can spend from the same pool of assets as other apps.
  • Being able to revoke spending permissions to apps without having to move assets.

Granting permissions to execute functions on the Vault must be done extremely carefully (it can cause irreversible leak of funds) and ideally only other trusted smart contracts (e.g. Finance app) should have access to it.


Requesting allowance

vault.requestAllowance(ERC20 token, uint256 amount)

Grants the sender of the call the ability to spend amount tokens out of the Vault's token balance whenever the sender decides. Under the hood it performs a ERC20 approve on the token.

This is useful because an entity can request an allowance once from the Vault and then spend it in chunks (by executing multiple transferFrom)

However, allowing an entity to use this function could be dangerous as once an entity has requested an allowance, it will have it perpetually (until it spends it or requests an allowance of 0 tokens) even if permissions are revoked to the entity.

Transfer tokens

vault.transferTokens(ERC20 token, address receiver, uint256 amount)

Performs a direct ERC20 transfer of token, sending the specified amount to receiver