SDIP#1 Define more precise guidelines for Liquid Lockers’ Metagovernance

Summary: The discourse following the launch of Stake DAO Liquid Lockers has sourced feedback from essential constituents of the Curve ecosystem to enhance system robustness and ecosystem safety. (source).

As a result, this proposal suggests implementing a series of contingency measures to take into account this feedback and maximize governance security of underlying protocols: Long term interest required: we will put together a TWAVP (time-weighted average voting power) mechanism to ensure a user cannot simply buy, vote, then sell; Emergency DAO: each locker will have an emergency DAO with the possibility to cancel a vote seen as malicious; veSDT veto: veSDT holders will be able to cancel a malicious vote through an accelerated voting process.

Context/implementation: In the Forum discussion, our Convex friends identified a few risks for Curve’s governance: users could maliciously use sdCRV to vote on Curve while retaining no long term interest in the ecosystem. While the risk of flashloan governance attack is nil thanks to the fact that we are using the same block as the one from the proposal, there is still a possibility that users buy sdTOKEN, vote and sell after the vote, even though it would be a risky and costly operation. It’s to avoid this kind of risk that Curve’s locking mechanism was put in place. Michwill best describes the problem statement on the Curve Forum.

“The concern is misaligned (short-term) incentives: imagine a decision which can allow to take a short-term profit (like, “turn CRV into a ponzi”), take profit and leave when it maxes out (in a couple of months). This is why veCRV has 4 years lock time in the first place.” Most of these concerns are nullified for Curve due to the supply of veCRV relative to liquid CRV, and veSDT, which boosts liquid locker voting power, has a multi-year lockup exactly like veCRV. Other solutions such as “vote-locking” did not protect against events like Mochi, Bean, et cetera. (though it has the veto kind of mitigation).

Working with Curve’s gauge security committee, Angle, Frax, and Convex’s core team, we came up with three security features which should protect Curve’s governance efficiently in case of a governance attack.

• Using a time-weighted average voting power (TWAVP) :

Using a TWAVP over one month to ensure that users will have a certain degree of alignment with the underlying protocol over time. This is mainly to avoid governance attacks where a user would buy a lot of sdTKN, vote for it, and sell a few hours or days later. It will work in such a way that new sdTKN holders will see their voting power linearly ramp up over the course of their first month of holding. The formula for voting power will still be the following one:

But the user balance (bu) will be replaced by the average user balance over the course of the past month.

• veSDT veto right:

To further make sure there is a long term alignment between sdTKN users and the underlying protocols, the votes will be secured by veSDT holders (which by nature have long term alignment with Stake DAO and therefore with the underlying protocols, due to their lock). This means that any veSDT holder will have the possibility to issue a veto vote on Stake DAO’s governance. This veto vote will have a timeline aligned on the one of the proposal in question. veSDT holders will have the possibility to vote for deeming one vote as “malicious”. If such a vote passes, the results will be calculated, not taking into account the vote deemed “malicious”. It goes without saying, this veto power should not be used to change the result of a vote, but purely to eliminate truly malicious governance attacks. This will be only effective for governance votes.

• sdTKN Emergency DAO:

In last resort, and as tracking potential governance threats requires a strong involvement and attention, the veSDT veto will be completed by an Emergency DAO for each locker. This emergency DAO will be comprised of 2 members from the underlying protocols, 2 members from Stake DAO, and 2 independent members from the ecosystem, agreed upon by the 4 other members. An emergency DAO vote would require at least 4 votes to pass. It would have the same powers as veSDT veto, i.e. the possibility of declaring a vote “malicious”, and not take it into account in the final result. Again, it works only for governance votes. If we won’t to extend the power of the emergency DAO or veSDT veto, another governance vote will be required.

Admin: Team multisig Proposal specifications: 8 days voting duration Quorum: 100,000 SDT