Summary
We propose to seek implementation of the community multisig to be used as a guardian for Compound Governance. The goal of this Proposal Guardian is to act as a last defense against any malicious governance votes in the future. Additionally, we propose a few future changes to the Compound Governor contract to be more robust in the future.
Proposal Guardian
The Proposal Guardian would initially consist of the Community Multi-sig (0xbbf3f1421D886E9b2c5D716B5192aC998af2012c), a 4/8 multi-sig composed of trusted Compound DAO community members (here) which has been functioning as the Pause Guardian for the majority of Compound’s existence. This Proposal Guardian role should only be able to veto a proposal that has passed a majority vote and is awaiting execution. We have established this set of rules for when the Proposal Guardian is able to choose to move forward with a veto:
- Users’ funds deposited into the protocol might be infringed or at risk by a proposal passing
- If a vote has been controlled by a single entity or a proposal will result in a single entity taking effective control of the DAO
- When necessary to coordinate pausing protocol functionality during urgent security emergencies to protect the protocol and user funds.
- Serious considerations will be made when votes having received at least 400K “NO” votes still pass.
Update: Based on community feedback, the Proposal Guardian role will automatically expire to ensure that the Community Multi-sig cannot use its veto power to remain in-place indefinitely. The initial expiration period will be set to 6 months and require another governance proposal to renew. The additional changes are currently underway and will be ready to share and include in the on-chain proposal and forum post by this Friday.
Technical Implementation
@Arr00 has completed technical work and OpenZeppelin has reviewed the changes to implement the Guardian changes in PR16. It introduces a new proposalGuardian
role that can call the cancel
function on any proposal and a _setProposalGuardian
function to set the role. The PR also includes simulation tests to ensure the changes work as expected on-chain.
Please note that the compound-governance repo being used as the base for this upgrade was previously audited by OpenZeppelin as a new source for Compound governance with dedicated testing and coverage. It also introduces the ability to vote with reason and propose by signature.
Timeline
Given the nature and sensitivity of this proposal, we will be moving forward in an accelerated timeline. The proposal will be discussed on the Community Call this week on Aug 7th and shared privately with all major identified delegates to collect final feedback. The proposal will then be published on the forums and submitted on-chain Friday, Aug 9th so that voting can begin early next week.
Future
A full “Constitution” regarding when to get involved in veto votes will be drafted in the near future. Coupled with a concurrent new delegate race to get more Compound delegated and active in governance to trusted members of the DAO, this should set a new foundation for a more secure and active Compound governance!
Additionally, we propose exploring additional changes to Compound Governance to improve security and coordination in the future:
- Upgrade Compound Governor Bravo to use OpenZeppelin Governor that has more gas efficiency, security features and optional extensions. There is already a CGP grant by ScopeLift working on delivering this.
- Late Quorum Voting Period: If last minute votes change the outcome of a vote, additional time will be added on to the voting period to allow for more delegates to review and finalize decisions. A Late Qurum Prevention extension is already available in OpenZeppelin Governor.
- Adaptable Voting Quorum: Quorum can increase based on the amount of delegated COMP once a proposal shifts from “review → voting”. If not technically feasible to automate on-chain, this could also be achieved by regularly adjusting the quorum threshold based on the current number of delegated COMP.
- Delegation Rights for COMP Staking Product: Ensure that the Compound Staking Product proposed by the Compound Growth Program preserves delegation rights and helps to further align COMP token holder incentives with responsible governance participation. This is already referenced as a requirement in the recent Staked COMP Design forum post.