PROPOSAL: Baseline Security Protocols by @72

This proposal outlines the institution of three baseline security protocols intended to improve safety for the HashesDAO ecosystem; the institution of a multisig committee responsible for executing votes, the raising of the minimum quorum from 40 to 100 votes, and the hiring of an outside firm to perform a smart contract audit of the project code.

1.) Token-based quorum voting (which we presently use for governance proposals), can be sensitive to certain forms of attacks and inefficiencies. To eliminate the possibility that a malicious proposal not only passes quorum but is executed, I propose the institution of a multisig committee in addition to the current token-based quorum voting; comprised of 3 to 5 members (to be voted on by the DAO), the committee would be responsible for the actual execution of all successful votes that pass quorum. To mitigate the risk incurred from increased centralization via multisig, I further propose that all multisig committee members be reputable, public figures as well as members of the HashesDAO. (No anonymous multisig committee members allowed.)

2.) To further reduce the risk that our governance structure is exploited, I propose that the minimum quorum floor be raised from 40 to 100. The top ten holders of genesis shares presently control roughly 13% of the voting power, with a total of 120 votes (see table below). As such, the minimum floor for a quorum should ensure that 10 people out of the present 549 unique holders of genesis shares have a reduced ability to form a quorum on their own; if only as a precautionary security practice. (For anyone interested in the research behind the number chosen, I'll also be posting a file in Discord showing all unique addresses holding DAO genesis shares, as well as the total number of DAO genesis shares held by each address.)

Top Ten Holders of DAO Genesis Shares (excluding reserved shares) 0x962699db05a9334c5cd1f9c2867d5160c8e37742 - 29 0x3f2218b3c21b70e127089fe851e95491fc052a92 - 23 0x61e0841d103d77325e7743d1ff7117efe7c2c9f6 - 10 0x6dfc724df608c15027772f770f00b2b7a4040976 - 9 0x71c66c81846e6bbd81387e689f8b41973c4f3904 - 9 0x89fcc17c6fefe0cdbb817457aa3290849ca80bbf - 9 0x5338035c008ea8c4b850052bc8dad6a33dc2206c - 8 0xa4704cdc95e29ed91fabbec83bdc3dec0893ef91 - 8 0xba0db2aa9ed1f1da492562e712e6d2c21f8bde40 - 8 0x193f0ee42a199a0cecd479a9f09ba293eb1ca357 - 7

3.) Finally, I propose a reputable outside company (such as Consensys or Certik) be hired to perform a smart contract audit of the project code. This would provide necessary support to the development team by potentially exposing existing, exploitable bugs or flagging future issues. The auditing company would be chosen by the DAO.