[REVISED] RRC-11: On-Chain Protocol Governance & Security Council

#1

RRC-11: ON-CHAIN PROTOCOL GOVERNANCE AND SECURITY COUNCIL

The Diagrams will be added for Tally submission. This draft incorporates the DAO feedback on the initial version of RRC-11.

Submitted by: Fumbles

Abstract

This RRC-11 proposes to establish a process by which the RARI DAO will be able to propose, vote on and execute updates and changes to the Rarible Protocol’s core contracts directly on-chain via self-executing actions. This RRC-11 also proposes to implement a committee consisting of a DAO-appointed 3-member multi-sig (“Security Council”) which will have the ability to perform emergency and non-emergency actions such as urgent upgrades, minor, routine maintenance, to the Rarible Protocol, ans stoping DAO hack attempts.

Motivation

As part of the path to a more decentralized Rarible Protocol, the power to govern the Rarible Protocol contracts should be within the hands of the RARI DAO, which currently has direct on-chain governance authority over the RARI DAO treasury and is on the path to govern the Rarible Protocol. As such, there is a need for a mechanism to prevent governance attacks, in which an attacker acquires voting power through legitimate means (e.g. buying token on the open market) but uses that to manipulate votes to their own benefit - e.i. exploiting the DAO’s treasury or the Protocol via skewing governance or introducing Protocol vulnerabilities. The DAO needs a body with emergency veto and upgrade powers that will be able to step in to protect the DAO and its interests.

Rationale

By growing the robustness of the RARI DAO governance and mitigating governance attacks risks, the DAO will be able to fully adopt the Rarible Protocol and engage in activities to grow the Protocol’s ecosystem by onboarding new communities and expanding NFT use cases.

Key Terms (Optional)

N/A

Specifications

  1. Current RARI DAO Governance:

  2. The RRC Process as laid out in “Specifications” section of RRC-0 shall apply to Rarible Protocol core contract updates and changes.

1. Phase 1: RRC Idea

  1. An RRC Idea must be submitted as a post in the [Forum](https://forum.rari.foundation), where it should gather feedback for a period of 7 days

2. Phase 2: RRC Draft

  1. After Phase 1, the RRC Idea author must generate an RRC Draft with the required fields as laid out in RRC-0.

3. Phase 3: Live RRC

  1. Once an RRC Draft is ready, the RRC author (provided that they have at least 5,000 veRARI) must post it as a Live Draft on Tally, where it will undergo a 5 day voting period.
  2. The Live RRC must reach the quorum requirement dictated in RRC-0, and voting options are “in favor” and “against”. A Live RRC which meets the quorum requirement and receives more votes cast “in favor” than cast “against”, it shall be deemed an Accepted RRC.

4. Phase 4: Cooldown Period

  1. An Accepted RRC undergoes a 2-day Cooldown Period, during which the Security Council and the Board of the RARI Foundation may each reject such Accepted RRC* if it would:

    1. Directly conflict with a proposal that is currently up for vote;
    2. Directly conflict with another proposal approved by the RARI DAO;
    3. Not include the required proposal terms as detailed in Phase 2 of the RRC Process;
    4. Compromise the Board’s fiduciary duties as they are owed to the RARI Foundation;
    5. Be in violation of the RARI Foundation’s bylaws or articles, any statutory requirements of Cayman Islands laws or the laws or regulations of any other applicable jurisdiction;
    6. Cause harm (including reputational harm) to the RARI Foundation (as determined in the Board’s sole discretion); and/or
    7. Cause the RARI Foundation to be in breach of any contracts, agreements or any other arrangements.

  2. * This RRC-11 is proposing this update to Phase 4 of the RRC Process – that is, the Security Council as well as the director of the RARI Foundation, has the ability to reject an Accepted RRC during a Cooldown Period.

5. Phase 5: Implementation

  1. Proposed Security Council:

  2. This RRC-11 establishes a 3-member Security Council.

1. In Phase 1 (immediately), the Security Council will be able to reject an Accepted RRC during the Cooldown Period should the proposal be malicious or exploitative to the DAO.
2. In Phase 2 (after a period of 3 months), the Security Council will also be able to perform emergency actions in critical security scenarios (e.g., a hack, serious bugs, etc.) as well as perform minor routine maintenance of the Protocol contacts.
3. After each action, the Security Council will publish a detailed report with the rationale for their actions and outline of the implementation details within a reasonable timeframe.
  1. The initial members of the Security Council are nominated by the RARI Foundation and will serve a term of 12 months.
1. Campbell Law, current Director of the Foundation; wallet address: 0xd9C3EeD65968443F8587Bb068e6530A48dB5d177
2. Andrei Taraschuck, current delegate; wallet address: 0x25Ad94C7768108666BfDB6742aB66b109CA82946
3. StableLab, professional delegates, represented by Mattew Stein; wallet address: Stablelab.eth
  1. The Safe multisig wallet the Security Council will use to perform its function is: 0xd35ec9F67Aa082Ae666be1716C79291f1f6e4E0a
  2. Appointment and Removal
1. The members of the Security Council will serve a term of 12 months. The future members of the council may be appointed via the RRC process or via an on-chain election process if the community decides to establish on-chain elections with a stand-alone proposal.
2. The members of the Security Council must act upon the direction of the director of the RARI Foundation as well as the RARI token-holders pursuant to the RRC. Failure to act in accordance with directions from either the director of the RARI Foundation or the RRC Process constitutes a reason for an ad hoc removal of Security Council members. Such removal shall follow the RRC Process, and one member of the Security Council must remain in place.
3. The number of members on the Security Council may also be expanded or reduced pursuant to the RRC Process, provided that (i) there must be at least 1 member on the Security Council and (ii) at least 1 member of the Security Council must be a director of the RARI Foundation.
  1. Compensation
1. Security Council members are entitled to compensation of 2,000 USDC per month.

Steps to Implement

Phase 1:

Implement Security Council’s veto power in the Timelock contract: 0x6552C8fb228f7776Fc0e4056AA217c139D4baDa1

Phase 2:

Encode Security Council’s upgrade powers to all governance contracts:

Governor: 0x6552C8fb228f7776Fc0e4056AA217c139D4baDa1

Token: 0x096Bd9a7a2e703670088C05035e23c7a9F428496

Timelock: 0x7e9c956e3EFA81Ace71905Ff0dAEf1A71f42CBC5

Encode Security Council’s upgrade powers to Protocol contracts along with implementing DAO governance over the Protocol.

Timeline

Phase 1: immediately

Phase 2: after 3 months of the first Security Council in place

Overall Cost

72,000 for the first year. Cost for the first 6 months was approved as part of the Rari Foundation’s H2 ‘23 operational budget.

7 Likes
#2

I am glad we added the detailed after action report.

4 Likes
#3

We at StableLab firmly believe that establishing a dedicated security council is essential to safeguard the DAO and protect Rari’s treasury.

We would like to begin by disclosing that should this proposal be approved, StableLab would assume one of the security council seats and receive a monthly compensation of $2,000 USDC. However, in this forum post, we aim to outline the importance of a security council in safeguarding Rari in an impartial manner, supported by data and examples.

Why We Need a Security Council

Below is a table illustrating the last 5 governance votes at Rari DAO. At the current price of ~ $0.9616 per RARI token, it would cost an attacker less than $14,000 to acquire the necessary votes to influence a governance vote.

Proposal Votes Needed to Flip Vote Dollar Value to Flip Vote
RRC-11: On-chain Protocol Governance and Security Council 6K Rari $5,769.60
RRC-10: H2 2023 RARI Foundation Operational Budget 13.84K Rari $13,308.54
RRC-9: Delegate Launchpad Proposal 11.66K Rari $11,212.25
RRC-7: Rewards-2 (resubmitted) 8.99K Rari $8,644.78
Oamo Partnership Proposal 751 Rari $722.16

The Rari DAO Treasury currently holds more than $9,000,000 in assets. This means a hacker would have to spend $14,000 in order to pass a vote that could steal millions in treasury funds. A security council would ensure the safety of the treasury by allowing a group of trusted community members to veto any malicious vote that threatens the DAO.

While this does introduce a centralized element to the DAO in its early stages, it is a necessary measure to protect DAO funds. As the number of voters and votes increases over time, the need for a security council can be reassessed. However, given the prevailing circumstances, having a security council is vital for the foreseeable future.

Brief History of Governance Attacks

Governance attacks pose a severe threat to DAOs. In the past, malicious actors have targeted protocols, amassing sufficient voting power to influence vote outcomes and drain DAO treasuries. In these examples, if there had been a security council in place they could have vetoed the malicious proposal and protected the DAO. Let’s explore instances of past governance attacks and how much they cost the DAO.

Beanstalk

BeanStalk, a stablecoin protocol, lost $182,000,000 when an attacker used a flashloan to gain enough voting power to pass a proposal to send themselves $182 million of Beanstalk’s reserves.

Tornado Cash

A malicious proposal in Tornado Cash allowed the attacker to “withdraw all locked governance votes and drain all the tokens from the governance contract” costing the protocol around $1,000,000

Build Finance

Build Finance lost $470,000 when an attacker was able to gain enough voting power to pass a proposal that gave them “full control of the governance, contract, minting keys, and treasury”

Conclusion

The provided examples and data on voter turnout clearly demonstrate that governance attacks are a real danger and must be taken seriously. We believe a three-person security council made up of trusted ecosystem actors provides the DAO with a strong layer of protection against any kind of governance attack.

It would be an honor to serve on Rari’s security council and we would be happy to provide more information on StableLab’s experience and expertise to show why we would be a great fit for this council.

4 Likes
#4

Also in support for the proposal.

This revised version shows the importance of implementing the necessary steps to secure the DAO’s governance and full protocol adoption.

@Matt_StableLab Thank you for the outline about governance attacks and why we need the security council. Glad to see you take a dedicated role in the security council!

3 Likes
#5

Just to reiterate this, I believe one key function of the council will be to stop hack attempts. Emergency actions do need to be taken when such attempts occur and with the Security Council team in place, we are sure that if these attacks come, they will be well taken care of.

Totally in support of this proposal.

5 Likes
#6

Fully support this proposal. This is a great step forward towards bringing more security to RARI DAO and be ready to react in a timely manner agains any risk.

Really appreciate the response from @Matt_StableLab for stating extremely clear the supporting facts in the table.

4 Likes
#7

Thank you for the proposal @fumbles

While this proposal addresses the need for protection against governance attacks and protocol vulnerabilities, potentially safeguarding the DAO’s interests. However, it also adds complexity to the governance process and introduces compensation for Security Council members, which may raise questions about accountability and incentives. Careful implementation and ongoing community oversight will be crucial.

1 Like