RRC-11: ON-CHAIN PROTOCOL GOVERNANCE AND SECURITY COUNCIL
The Diagrams will be added for Tally submission. This draft incorporates the DAO feedback on the initial version of RRC-11.
Submitted by: Fumbles
This RRC-11 proposes to establish a process by which the RARI DAO will be able to propose, vote on and execute updates and changes to the Rarible Protocol’s core contracts directly on-chain via self-executing actions. This RRC-11 also proposes to implement a committee consisting of a DAO-appointed 3-member multi-sig (“Security Council”) which will have the ability to perform emergency and non-emergency actions such as urgent upgrades, minor, routine maintenance, to the Rarible Protocol, ans stoping DAO hack attempts.
As part of the path to a more decentralized Rarible Protocol, the power to govern the Rarible Protocol contracts should be within the hands of the RARI DAO, which currently has direct on-chain governance authority over the RARI DAO treasury and is on the path to govern the Rarible Protocol. As such, there is a need for a mechanism to prevent governance attacks, in which an attacker acquires voting power through legitimate means (e.g. buying token on the open market) but uses that to manipulate votes to their own benefit - e.i. exploiting the DAO’s treasury or the Protocol via skewing governance or introducing Protocol vulnerabilities. The DAO needs a body with emergency veto and upgrade powers that will be able to step in to protect the DAO and its interests.
By growing the robustness of the RARI DAO governance and mitigating governance attacks risks, the DAO will be able to fully adopt the Rarible Protocol and engage in activities to grow the Protocol’s ecosystem by onboarding new communities and expanding NFT use cases.
Key Terms (Optional)
Current RARI DAO Governance:
The RRC Process as laid out in “Specifications” section of RRC-0 shall apply to Rarible Protocol core contract updates and changes.
1. Phase 1: RRC Idea 1. An RRC Idea must be submitted as a post in the [Forum](https://forum.rari.foundation), where it should gather feedback for a period of 7 days 2. Phase 2: RRC Draft 1. After Phase 1, the RRC Idea author must generate an RRC Draft with the required fields as laid out in RRC-0. 3. Phase 3: Live RRC 1. Once an RRC Draft is ready, the RRC author (provided that they have at least 5,000 veRARI) must post it as a Live Draft on Tally, where it will undergo a 5 day voting period. 2. The Live RRC must reach the quorum requirement dictated in RRC-0, and voting options are “in favor” and “against”. A Live RRC which meets the quorum requirement and receives more votes cast “in favor” than cast “against”, it shall be deemed an Accepted RRC. 4. Phase 4: Cooldown Period 1. An Accepted RRC undergoes a 2-day Cooldown Period, during which the Security Council and the Board of the RARI Foundation may each reject such Accepted RRC* if it would: 1. Directly conflict with a proposal that is currently up for vote; 2. Directly conflict with another proposal approved by the RARI DAO; 3. Not include the required proposal terms as detailed in Phase 2 of the RRC Process; 4. Compromise the Board’s fiduciary duties as they are owed to the RARI Foundation; 5. Be in violation of the RARI Foundation’s bylaws or articles, any statutory requirements of Cayman Islands laws or the laws or regulations of any other applicable jurisdiction; 6. Cause harm (including reputational harm) to the RARI Foundation (as determined in the Board’s sole discretion); and/or 7. Cause the RARI Foundation to be in breach of any contracts, agreements or any other arrangements. 2. * This RRC-11 is proposing this update to Phase 4 of the RRC Process – that is, the Security Council as well as the director of the RARI Foundation, has the ability to reject an Accepted RRC during a Cooldown Period. 5. Phase 5: Implementation
Proposed Security Council:
This RRC-11 establishes a 3-member Security Council.
1. In Phase 1 (immediately), the Security Council will be able to reject an Accepted RRC during the Cooldown Period should the proposal be malicious or exploitative to the DAO. 2. In Phase 2 (after a period of 3 months), the Security Council will also be able to perform emergency actions in critical security scenarios (e.g., a hack, serious bugs, etc.) as well as perform minor routine maintenance of the Protocol contacts. 3. After each action, the Security Council will publish a detailed report with the rationale for their actions and outline of the implementation details within a reasonable timeframe.
- The initial members of the Security Council are nominated by the RARI Foundation and will serve a term of 12 months.
1. Campbell Law, current Director of the Foundation; wallet address: 0xd9C3EeD65968443F8587Bb068e6530A48dB5d177 2. Andrei Taraschuck, current delegate; wallet address: 0x25Ad94C7768108666BfDB6742aB66b109CA82946 3. StableLab, professional delegates, represented by Mattew Stein; wallet address: Stablelab.eth
- The Safe multisig wallet the Security Council will use to perform its function is: 0xd35ec9F67Aa082Ae666be1716C79291f1f6e4E0a
- Appointment and Removal
1. The members of the Security Council will serve a term of 12 months. The future members of the council may be appointed via the RRC process or via an on-chain election process if the community decides to establish on-chain elections with a stand-alone proposal. 2. The members of the Security Council must act upon the direction of the director of the RARI Foundation as well as the RARI token-holders pursuant to the RRC. Failure to act in accordance with directions from either the director of the RARI Foundation or the RRC Process constitutes a reason for an ad hoc removal of Security Council members. Such removal shall follow the RRC Process, and one member of the Security Council must remain in place. 3. The number of members on the Security Council may also be expanded or reduced pursuant to the RRC Process, provided that (i) there must be at least 1 member on the Security Council and (ii) at least 1 member of the Security Council must be a director of the RARI Foundation.
1. Security Council members are entitled to compensation of 2,000 USDC per month.
Steps to Implement
Implement Security Council’s veto power in the Timelock contract: 0x6552C8fb228f7776Fc0e4056AA217c139D4baDa1
Encode Security Council’s upgrade powers to all governance contracts:
Encode Security Council’s upgrade powers to Protocol contracts along with implementing DAO governance over the Protocol.
Phase 1: immediately
Phase 2: after 3 months of the first Security Council in place
72,000 for the first year. Cost for the first 6 months was approved as part of the Rari Foundation’s H2 ‘23 operational budget.