Executable EGP 19 - Everclear Security Council Upgrade

full proposal in the RFC at the forum

Abstract

We would like to propose changes to the originally proposed Security Council structure:

• Reducing signers from 12 to 9.
• Introducing the Security Council Leader position
• Adding the requirement that all the Council members (9 out of 9) have a technical background that allows them to read code and detect possible vulnerabilities.
• The term of each cohort will still be 12 months.
• Providing a monthly compensation for each Council member, which remunerates them for their work and the risk of taking on the responsibility that comes with being part of the Council.
• Drafting a contract that legally protects Council members for their actions in the Council.
• Building a framework that serves as an operational guide for the Council, as well as work on emergency drills, so that we can optimize the response times of the team as much as possible.
• Establishing a step-by-step procedure to carry out the vote for the Council.
• Creating procedures for slashing/rotating inactive Council members
• Reducing the maximum members of the same organization from 3 to 2

All of these changes, including the Security Council election process, will be added to the DAO Documents.

Rationale

It’s necessary to remember that the Security Council has a vital role for both the DAO and the Protocol: to corroborate that all the DAO’s executable proposals and protocol updates are carried out correctly.

As has been discussed on several occasions, the primary challenge facing the current Council is obtaining the required signatures for each action. These proposed changes are designed to enhance both the efficiency and effectiveness of the Council’s operations.

For the requirement to have 9 out of 9 members with technical skills, we believe that given the key role of the Council, it is important to maintain a minimum standard that all members can read code to understand independently what each transaction will accomplish. This protects the protocol and it provides third parties with certainty about the safety of using Everclear.

Regarding compensation, @GNSPS (current Security Council member) provided excellent feedback and expressed the need to remunerate the efforts of Council members as commitment to the Council requires some time and effort. Paying the Security Council will not only ensure that there are 9 technical people committed to the security of Everclear, but also that all members are technically capable of reading code and will invest time into independently verifying that proposed transactions will accomplish their intended outcome, and are not malicious.

With regard to contracts for Council members, it is necessary to establish (legal) mechanisms that provide them with protection against any unforeseen event that may arise, so that we continue to mitigate the risks of being part of the council.

Also, (again thanks to @GNSPS) we have observed that the Council has no operational guidance on “what to do” in certain situations, nor how to handle specific internal Council communications. That is why it is necessary to incorporate a framework that allows the DAO to clearly delimit some measures that help to achieve the correct functioning of the Council and maximize its efficiency.

Finally, establishing a step-by-step procedure to carry out the vote will allow us to be clear on how to initiate and administer the electoral process, providing order and simplicity.

Specifications - Steps to implement - Timeline

Revamping the Council

The new council will be composed of 8 regular members and a Lead, translating into a 7/9 multisig.

Considering this 3-member reduction (from the previous 12) the two cohort division is left aside and a single cohort with a 12-month duration is the updated composition. This translates into a simpler electoral process while keeping the security standards outlined in the L2BEAT in their research (75% threshold and at least 8 signers).

Also following the L2BEAT's framework we suggest reducing the maximum members of the same organization from 3 to 2 to prevent members of the same organization from being able to block the council's operations.

Introducing the Security Council Leader position

Another consensus derived from the call was the necessity of having a Security Council lead with vast experience in security as well as sufficient resources to ensure the integrity and validity of the protocol upgrades and transactions proposed by the Council. This leadership role will also ensure and coordinate the overall operations of the Security Council.

Due to the nature of the position, the election of the Lead will be held separately but following the same electoral process as the rest of the council: application, KYC/KYB, and then Snapshot voting.

Some of the expected tasks of the Security Council Lead are:

• Security Code Review
• Transaction Proposal Review
• Identify and mitigate potential vulnerabilities in the main system's codebase
• Smart Contract Upgrades
• Protocol Upgrade Discussions
• Perform an in-depth analysis of Everclear's existing security posture, infrastructure, and policies.
• Evaluate and improve documentation, policies, and procedures related to Everclear's security council.

This list is not taxative and the final scope of the Security Council Lead will be the one proposed by the elected candidate in their application.

Note: the applicant will have to credit vast experience in security audits, smart contract upgrades, risk detection, previous participation in Security Councils, and a profound knowledge of the Everclear ecosystem. Also, a budget rundown is required on the postulation.

Member Removal and Compensation Slashing

In the case of repeated non-compliance of the expected duties, any Security Council may be revoked at any time outside of standard elections if a mayority of the existing council members agree on the removal. Also, the EverclearDAO can also remove council members through a two-thirds majority vote with a minimum participation of 6% of the token supply. (this is already in DAO's docs)

Preliminarily, as a warning, the Security Council Lead may slash a member’s compensation upon non-compliance with their duties or with the Security Council Framework.

The removed member slot will be replaced by the same electoral process described in this proposal.

Election Process

As Program Managers of the approved Governance Task Force, we will co-organize the elections with the Everclear Foundation once this proposal is approved.

This is the election process detailed step-by-step:

• Contender submission (7 days): Any DAO member may declare their candidacy for the Security Council (by using the Template in the docs).
• Compliance process (T+7 until T+14 days): All candidates will cooperate with the Everclear Foundation and complete the compliance process (KYC/KYB). The Everclear Foundation is responsible for removing any candidates that fail the compliance process.
• Member election (T+14 until T+21 days): Each DAO member or delegate may vote for any declared candidate. Each token may be cast for one candidate.
• At T+21 days: The process for replacing the security council members with the 8 candidates who received the most votes will be activated.

Current Security Council members could be re-elected in their position. This process also applies for the Security Council Leader position.

Compensation

The compensation for each regular member of the Security Council will be the equivalent of 1,500 USD in NEXT. This amount is subject to change over time if the Security Council deems the pay rate insufficient.

Every 12 months, an executable proposal will be made to transfer funds from the treasury to the exclusive multi-sig 3 of 5 already created for this purpose.

The compensation for the Lead seat will be determined by the DAO at the moment of choosing between the different applicants and it will be managed separately from the rest of the budget.

Note: The amount of tokens requested will be based on the average closing price of NEXT from the previous 30 days, as listed on Coingecko. If necessary, additional funds will be requested to ensure proper compensation of Council members.

Multisig signers:

@NMajors as Head of Governance from Everclear Foundation.

@SEEDGov as Program Manager of the Governance Task Force

@Sinkas from L2Beat as the GTF’s Operations Manager

@jengajojo of DAOplomats as GTF’s Treasury Officer

@saltyfacu as DAO delegate.

Multi-sig address:

Mainnet: 0xB4065BCA91f70cB46BE88b1b14dDfE692589fEf2

Legal Agreement

The Foundation will sign contracts with each Security Council member offering legal protection.

Overall cost

Monthly payment for each Council Member: 1,500 USD in NEXT

Members in the (regular) Security Council: 8

Monthly budget: 12,000 USD in NEXT

Term budget: 144,000 USD in NEXT - 1,064,090 NEXT

Term buffer: 212,818 NEXT

Total request: 1,276,908 NEXT

The executable proposal includes a 20% price buffer and we will use a 30-day TWAP at the moment of posting it on Snapshot. ($0,135327 on September 2, 2024)