🇺🇸
🇫🇷 Disponible en FR à la suite
Proposal Summary
The DAO must set up a security committee to temporarily freeze critical DApps (RMM, YAM, Bridge, etc.) in the event of an emergency. This proposal defines the security committee's operating conditions, members' eligibility criteria, and the practical organization of the election.
By voting for this proposal, you confirm acceptance of the outlined terms and conditions.
Note: The English version of this document serves as the only authoritative reference.
Motivation
DAO DApps are susceptible to various incidents resulting in a potential loss of funds for users and a decrease in credibility and trust in the DAO. To limit the damage, it is crucial to quickly shut down all or part of these services when such an incident is reported.
A traditional DAO vote would be time-consuming, and we can't entrust this responsibility to just one person. This highlights the need for a permanent, responsive safety committee.
Context
Following the approval of RIP00006, defining the security committee’s operational procedures and member eligibility criteria is crucial. A clear framework ensures efficient emergency response and community confidence. This includes:
- Defining the scope of action of the security committee
- Identifying the necessary skills and commitments of committee members.
- Outlining the practical modalities of member elections.
- Ensuring sufficient availability and distribution across time zones to provide 24/7 coverage.
Thanks to all the participants in the discussion in the corresponding puggestion and proposal sections. 🙏
Operating Conditions
Committee Powers
The committee can temporarily freeze critical DApps (RMM, YAM, Bridge, etc.) via a multi-signature system (Gnosis Safe). A vote of the DAO must validate the thaw.
The first few months will be more challenging, but further development should simplify the process of freezing the DApps.
Emergency Procedures
- Draft an alert message in the dedicated group.
- Activate emergency measures via Gnosis Safe after 3/10 committee members' agreement.
- Submit a detailed report to the DAO for analysis.
Term of Office
Objective: To have at least six active members at all times to guarantee rapid response.
Member Eligibility Criteria
Although not required, the use of a hardware wallet, or at least a software wallet dedicated to the security committee's activities, is recommended.
Incentive
- Candidates must lock between 250 and 1,000 REGs into a dedicated vault when registering their candidature,
- REGs for rejected candidates will be unlocked at the end of the vote.
- REGs for elected candidates will remain locked until the term expires.
- At term end, members will receive 80% to 130% of their locked funds based on their response to training alerts + ≈8%+ per real alert (assuming one monthly training alert). Formula:
80 + 50×(training_alerts_answered+real_alerts_answered)/total_training_alerts.
training alerts
Training alerts are designed to test members' responsiveness, validate procedures, and ensure the committee runs smoothly. Unlike real alerts, they do not require an immediate quorum but do impose a maximum response time (e.g. 24 hours). Each member is expected to sign the transaction, with a target of 100% participation by the deadline. Failure of a member to do so will impact their end-of-term reward according to the formula given earlier.
These alerts also serve as a monitoring mechanism to identify potentially unavailable members. In the event of absence or failure to respond on time, the committee may decide to investigate to assess the situation. Committee members are responsible for self-organization to guarantee continuous coverage and adapt rotations according to availability.
Responsiveness is paramount for real alerts: the transaction is validated as soon as a quorum is reached, and, excluding technical limitations, only the** first three responses count towards the associated bonus**.
This system is designed to encourage rapid reaction to real alerts while ensuring that committee members respect their responsibilities by remaining available and involved.
Implementation Steps
- Announcement: The opening of the election period will be announced on Telegram, Discord, and via a dedicated topic on the DAO forum.
- Candidate Applications: From the opening, candidates have 2 weeks to make themselves known via the forum. Each candidate explains how they meet the criteria and answers community questions.
- Eligibility Check: RealT has 1 week to verify technical eligibility criteria (KYC, NFT, REG deposit in the dedicated safe). The final list of candidates is published on the forum.
- Voting:
a) If there are 10 candidates or fewer, a single vote approves all candidates.
b) If there are more than 10 candidates or if the global approval is rejected, votes will occur per candidate. The 10 candidates with the most "yes" votes are elected. Draw disputes will be resolved by already-elected members.
- Committee Formation: The list of elected members is published, and they gain access to a private communication channel. RealT organizes training sessions within two weeks. REGs for rejected candidates are released.
Team
- RealT: Technical verification of applications (including providing the registration form).
- RealT: Responsibility for triggering training alerts on a regular basis.
- RealT: Training session's organization.
- DAO: Participation in debates and final vote.
- Forum Team: Create the election topic.
- Discord, Telegram, or Forum Team: Create the committee's private discussion channel.
Budget
At least 3,000 REGs for each 6-month term to pay incentives (see details above).
Note: If the DAO votes for a change in the method or calculation of incentives, changes will apply starting the next term.
Objectives
- Quickly respond to emergencies to limit potential financial and reputational damage to the DAO.
- Ensure the committee operates transparently and maintains community trust.
- Provide clear, actionable guidelines for the committee's establishment and operation.
Success metric
- In case of a training alert, at least 5/10 transaction signatures within the first hour.
- In case of a training alert, 100% of transactions signed within the due delay.
- In case of a real alert, the 3/10 quorum should be attained, and the transaction validated in less than one hour. Effective stop of the considered service(s) depends on technical necessities.
Key terms
- DApps: Decentralized Applications (e.g., RMM, YAM, Bridge).
- Gnosis Safe: A multi-signature wallet system used for managing funds securely.
- Multi-signature System: A system requiring multiple approvals to execute transactions.
- REGs: The governance tokens used within the RealToken DAO ecosystem.
- KYC: ("Know Your Customer"), a verification process to ensure identity compliance.
- Training Alerts: Simulated alerts used to test the readiness and response time of the security committee.
- NFT Quest Ledger: A certification mechanism to prove knowledge in specific web3-related topics.
- GnosisScan: A block explorer tool for tracking and analyzing blockchain transactions.
- Vault: A mechanism for locking tokens for various purposes, such as demonstrating commitment or securing incentives.
📍 CHECK-LIST: ( 🔲 : under discussion / ✅ : finalized / ❎: not applicable )
✅ Proposal Summary
✅ Motivation
✅ Context
✅ Implementation steps
✅ Team
✅ Budget / Allocation
✅ Roadmap
✅ Objectives
✅ Key terms
