[6.47] [Social] Proposal for a New Security Council

Status Draft
Voting Snapshot
Discussion Thread Discuss

Abstract

The two-year mandate of the current Security Council, framework established under EP5.7, members confirmed under EP5.10, and contract deployed under EP5.13, expires soon.

The Security Council holds an extraordinary power: the ability to cancel a proposal after it has passed through the DAO’s ordinary governance process and entered the timelock. That power is justified only as a narrow emergency safeguard to defend the DAO against malicious, coercive, or exploitative governance attacks.

Recent events have made clear that there is disagreement over the mandate and remit of the Security Council. In particular, there does not currently appear to have a sufficiently shared understanding of when a passing governance proposal may properly be treated as a malicious governance attack. That ambiguity is dangerous in both directions: a Security Council that is too constrained may fail to stop a genuine attack, while a Security Council that is too broad risks becoming a political veto over valid governance outcomes.

Given the importance of a well-functioning Security Council, this proposal seeks to establish a successor Security Council that clarifies the understanding of the expectations: a tighter public mandate, a binding commitment from each member to that mandate, a removal mechanism for members who act outside it, and a transition that preserves continuity of Security Council coverage.

The new Security Council would be enabled alongside the current one for any overlap period, and the current one disabled once its term ends. The intent is to have no gap in coverage.

Motivation

The Security Council was created to address a specific economic risk. As the DAO’s treasury grew and the percentage of actively delegated tokens declined, the cost of acquiring enough $ENS to control a governance attack fell below the value of what could be extracted from the treasury. EP5.7 framed the response narrowly: the Security Council exists to cancel malicious proposals, and only that.

The narrowness of that mandate is the point. The Security Council is not a second legislature, a policy review body, or a political backstop. It holds the DAO’s only post-vote veto over the timelock, meaning it can override a proposal that has already passed through the ordinary governance process. Such a power can only remain legitimate if its mandate is public, narrow, and accepted in advance by the members holding it.

Recent events have made it necessary to ask whether the current Security Council is exercising that power within remit, or whether it is being used as leverage in disputes that fall well outside the categories EP5.7 contemplated. If the answer is the latter, the Security Council is no longer fulfilling its function, and a successor Council operating under tighter, publicly affirmed terms is the right path forward.

The scheduled expiration of the current Council creates a natural point for the DAO to resolve this ambiguity. The DAO should not renew or replace an extraordinary veto power on ambiguous terms. A Security Council can only be legitimate if its members know in advance what they may veto, what they may not veto, and what consequences follow if they knowingly exceed that mandate. Waiting past expiry would create a coverage gap. Allowing the current Council to roll over without addressing the remit question would entrench the problem.

Specification

This proposal would:

  1. Establish a new Security Council of 8 members operating through a new multisig, with a 5/8 threshold for action (up from the current 4/8).
  2. Publish a tighter public mandate for Security Council action, more narrowly drawn than the operational guidance in EP5.7, with explicit criteria for what is and is not in remit.
  3. Require each nominee to publicly affirm the mandate as a condition of nomination and confirmation.
  4. Add a removal mechanism for members who act outside the mandate.
  5. Require each confirmed member to sign the Appointment Agreement with the ENS Foundation, drafted by counsel, that gives the publicly affirmed mandate operative legal effect.

The Security Council Charter, the Appointment Agreement, and the Public Pledge are published with this post and are available here. Delegates should review the framework before the social vote. The scope of authority granted to the new Council will remain the same as that defined by EP5.13: cancellation of timelocked proposals, nothing more.

The 5/8 threshold (up from 4/8 under EP5.7) means a majority of members is required for any cancellation, rather than half. The intent is to make it more difficult for any subset of members to use the veto for purposes outside the mandate without broader Council consensus. The tradeoff is some additional friction in legitimate emergency response, which the current circumstances justify.

Transition

To avoid any gap in veto coverage, the new Security Council would be enabled as an additional veto authority during any overlap period with the current Council. Once the current Council’s mandate ends, it can be disabled by revoking the PROPOSER_ROLE from the existing SecurityCouncil contract. The new council would carry forward the same role, operating under the new public mandate and the Appointment Agreements.

Nomination and Selection

The nomination process is open. Anyone can self-nominate or be nominated by another community member on this thread.

To appear on the Snapshot ballot, a nominee must meet all of the following:

  1. Be nominated publicly on this thread within the nomination window.
  2. Publicly affirm the new mandate and charter for the Security Council.
  3. Meet at least one of the following participation criteria:
    • At least 80% participation in ENS DAO Snapshot and governor votes over the past year; or
    • Suitable professional credentials relevant to Security Council responsibilities (e.g., smart contract security, governance design, applicable legal practice).
  4. Have no statements on record that would contradict the affirmation in (2).
  5. Ultimate confirmation to the Security Council is contingent upon the member’s willingness to sign the Appointment Agreement (mentioned above) and undergo a KYC and background check process.

If a top-8 nominee does not complete (5), the seat moves to the next-highest vote-getter.

To submit a nomination, please respond to this thread with the following:

  1. Name + ENS name
  2. Statement affirming the new Security Council mandate and charter
  3. Basis for eligibility under (3) above — voting record (with links), or relevant professional credentials (with supporting references)
  4. Confirmation of (a) no public statements on record contradicting the affirmation in (2), and (b) willingness, if selected, to sign the Appointment Agreement and undergo a KYC and background check

Please submit any interest for candidacy to this thread ASAP, the thread will be closed on Monday, July 6th at 11:59 PM UTC. (Note that the deadline has been extended from the original deadline of July 3rd at 11:59pm UTC)

Next Steps

  1. Solicit public nominations for new Security Council members on this thread
  2. Social proposal on Snapshot to confirm the new Security Council, following the EP5.10 template.
  3. Executable proposal to grant the PROPOSER_ROLE to the new multisig.
  4. Once the new Council is operational and the current Council’s mandate ends, the PROPOSER_ROLE will be revoked from the existing contract.

Relevant Links

Edit note, 07/03/2026 @ 3:30pm UTC : the deadline for nominations have been extended.

6 Likes

7 posts were split to a new topic: Discussion: [Draft] [Social] Proposal for a New Security Council

Name: Nick Johnson (nick.eth)
Statement: I agree with the new security council mandate and charter and will act only in accordance with it.
Eligibility: I have maintained a participation rate of 87% over the life of the DAO, as shown on the blockful interface.
Confirmation: I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo a KYC and background check.

7 Likes

Name: zeroShadow (zeroshadow.eth)
Statement: we agree with the new security council mandate and charter and will act only in accordance with it.
Eligibility: our team has experts in all areas of security and maintain 24/7 vSOC, incident response and other related services to quick and responsive experience for proposed changes as well as any urgent matters that arise.
Confirmation: we have made no statements contradicting the security council mandate and charter. If elected we agree to sign the appointment agreement and undergo any applicable KYB and KYC and background checks needed for this role.

5 Likes

Name: Pablo Sabbatella (pablito.eth)

Statement: I agree with the new security council mandate and charter and will act only in accordance with it.

Eligibility:

I am Pablo Sabbatella, also known as pablito.eth. I am a web3 operational security researcher, member of SEAL (Security Alliance) and founder of Opsek. I also created the “Blockchain Security series” podcast.

I am fully committed to improving the security of the ecosystem. I am totally convinced that security is the biggest issue the industry is facing right now, stopping it from achieving mass adoption. If we continue on this path, with DPRK being funded by large hacks like Bybit, we are gonna be a total failure.

I know for sure that my knowledge and experience will be valuable in order to enhance the security of ENS’s Security Council, infrastructure, team and community.

I am fully doxxed and dedicate lots of resources to talk about the importance of Security in the Web3 ecosystem from my Twitter account with more than 83K followers, with the Blockchain Security Series podcast and with lots of free Blockchain security courses you can check at at Defy Education Youtube Channel.

I know how security councils work and what they expect from signers and I can fulfil all those requirements.

I started with cybersecurity back in 1999, when I founded Hackemate and have been involved in technology since then. Today I am a signer in the Arbitrum Security Council, Optimism Security Council and the Polygon Protocol Council.

I founded Opsek, where we do operational security audits and training for Web3 organizations (DeFi, CEXs, L1s, L2s, VCs, service providers) and HNWIs. The reason behind my work and founding Opsek is very simple: 99% of funds being lost are due to operational security issues (Private key leakage, malware, 0day exploits, blind signingm, social engineering, phishing, account takeovers, domain hijacking, insider threat, etc) and not due to smart contract hacks anymore.

My expertise is understanding an organization, defining and protecting its attack surface: what does the organization do? Who is the team? What are the tools and tack that they use? What does the day to day operation look like? What are the most valuable assets it’s protecting? Which are the biggest risks? We also train the teams on physical security.

Part of our auditing process includes multisigs: how were they created? Who are the signers? What’s the appropriate threshold? How are private keys generated? How are seeds handled? Are they backed up or deleted? How do you travel with your hardware wallet? Have signers developed a threat model? Hardware wallet diversity, frontend diversity, transactions verification and simulation, definition of procedures and policies, etc. I spend a lot of time researching more and more on transactions signature procedures and how to make this processes safer.

We have already audited many firms (many of them we do not make public, but more than 50bn TVL). Some of them: Optimism, Electric Capital, Sky (ex MakerDao), Centrifuge, Contango, Midas, Aligned Layer, and many more.

I have participated in many war rooms, incident response and helped many people and companies save funds during attacks (and still do this daily).

Some of my presentations:

Projects I created but where I am not involved anymore:

  • I co-founded Ethereum Argentina.
  • I created the first “Blockchain and DeFi" subject in an Argentinian University and served as teacher for two years.
  • I founded Defy Education.

Disclosure: I am an active signer in the Arbitrum Security Council, Optimism Security Council and the Polygon Protocol Council. None of them have conflicts of interest.

Links:

Confirmation: I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo a KYC and background check.

5 Likes

Name: Officer’s Notes a.k.a. Vladimir S. (officercia.eth)

Statement: I agree with the new security council mandate and charter and will act only in accordance with it.

Eligibility: My name is Vladimir Sobolev, and I am a security researcher living in Yerevan, Armenia. Fully doxxed.

Operational security, OSINT, and DeFi are my primary areas of expertise and concentration. Having worked in cybersecurity for the past ten years, I am now totally focused on blockchain security, especially investigating new attack types and doing some on-chain research.

I conduct operations security audits for my clients, who are frequently the targets of assaults because of their involvement in the financial and crypto industries. Additionally, I worked on the Developer Roadmap for Lido.fi & OpSec guidebook. I also worked for Immunefi, Hexens, and Pessimistic and have a lot of knowledge in the Web3 security space.

I am aware of the precautions that must be taken to safeguard users, teams, infrastructure, and communication channels. I’ve also been mentioned in the media a few times:

Confirmation: I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo any applicable KYC and background checks needed for this role.

2 Likes

Name : Dylan Brodeur (dylanb.eth)
Statement : I agree with the new security council mandate and charter and will act only in accordance with it.
Eligibility : I have maintained a participation rate of 91% over the life of the DAO, as shown on the blockful interface.
Confirmation : I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo a KYC and background check.

4 Likes

Name : Colton Liberacki (coltron.eth)
Statement : I agree with the new security council mandate and charter and will act only in accordance with it.
Eligibility : I have maintained a voting participation rate of 96% (Source: blockful interface)
Confirmation : I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo a KYC and background check.

4 Likes

Name: Isaac Patka isaacpatka.eth
Statement: I agree with the new security council mandate and charter and will act only in accordance with it.
Eligibility: I am an experienced security researcher with specialization in protocol control structures, multisigs, and incident response preparation. In my capacity as founder of Shield3, a security services firm, and initiative lead at the Security Alliance I have worked with, and been a member of a variety of security councils supporting the security of the Ethereum ecosystem.
Confirmation: I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo any applicable KYB and KYC and background checks needed for this role.

2 Likes

Name: Hudson Jameson hudson.eth

Statement: I agree with the new security council mandate and charter and will act only in accordance with it.

Eligibility: I am a long time web3 security professional who believes that doing everything we can to prevent hacks and security incidents within our ecosystem is the only way to truly hit mass adoption. I have the skills, experience, and availability to contribute in this way to the ENS Security Council. If elected I agree to sign the appointment agreement and undergo any applicable KYB and KYC and background checks needed for this role.

I have over a decade of experience in the blockchain space with much of that time being spent in security roles. During my time at the Ethereum Foundation (2016-2021) I coordinated every network upgrade and was on the emergency response team responsible for responding to security events on chain and off chains. This gave me a lot of experience in war rooms, emergency comms, and security councils. I was a member of the Polygon PoS security council multi-sig while I worked there as VP of Governance and Community from 2023-2025. I am currently on the board of directions for the Ethereum Cat Herders Institute with the role of Treasurer, on the Technical Steering Committee for the Security Alliance (SEAL), and Head of Ecosystem of the cybersecurity company CertiK.

I spoke about threat models and multi-sigs at Protocol Berg last year: Are You Vitalik or Are You My Mom? Analysis of Wallet Set Ups

https://www.youtube.com/watch?v=e41HmRQKIts

Confirmation: I have made no statements contradicting the security council mandate and charter. If elected I agree to sign the appointment agreement and undergo a KYC and background check.

6 Likes

Name: Cristiano Silva (Nethermind Security)

Statement: I agree with the new Security Council mandate and charter and will act only in accordance with it.

Eligibility: I lead the Nethermind.io business unit responsible for Web3 security. We are one of the firms responsible for auditing ENS. I hold a PhD in Computer Science and have published 130+ academic papers throughout my career.

Confirmation: I have made no statements contradicting the Security Council mandate and charter. If elected, I agree to sign the appointment agreement and undergo a KYC and background check.

2 Likes

Name: Kevin Gaspar (validator.eth)

Quick background for anyone who doesn’t know me. I’ve been a part of Ethereum since the 2014 crowdsale, and my address sits in the genesis block. I’ve been involved in ENS since day one as a user. I served as an original steward on the Community Working Group in the DAO’s first term, and stepped back as the community stepped up. I’ve been an ENS Foundation director since the DAO’s creation in 2021. I’ve worked at ENS Labs on ecosystem/community and support for the past 5 years. Outside of formal roles, I run ENS Fairy, where I’ve registered and given away thousands of .eth names to projects and brands in the name of adoption.

Statement: I’ve read the Security Council Charter, the Appointment Agreement, and the Public Pledge. I affirm the new Security Council mandate and charter and will act only in accordance with them. The cancel power exists for one purpose: stopping malicious governance attacks on the DAO. A passing proposal I disagree with isn’t an attack, and I won’t treat it like one.

Eligibility: I qualify under the professional credentials criterion.

ENS Foundation director since the DAO’s formation in October 2021. More than four years of fiduciary responsibility for the DAO’s legal entity, including carrying out DAO instructions and signing agreements on its behalf.

I am a signer on several multisigs. Key custody, signing discipline, and knowing when not to sign are the operational core of a Security Council seat.

Original Community Working Group steward, first term of 2022.

Confirmation: I have no public statements on record contradicting the affirmation above. If selected, I agree to sign the Appointment Agreement and undergo the KYC and background check. One disclosure for transparency: the Appointment Agreement is executed with the ENS Foundation, where I serve as a director. I’ll recuse myself from the Foundation’s side of executing my own agreement.

3 Likes

Name: Alex Van de Sande (avsa.eth)

I have been involved in ENS since day one. I care deeply about its governance and its future. The Security Council was stated after a warning that came from a conversation from me and Netto. I have served on the council before and would like to stay.

Statement: I believe Governance Attacks are defined by significant treasury being taken outside the control of the DAO and I have spoken at length with Urbelis to make sure the new documents would reflect that. It’s not about policy disagreements but control of treasury and protocol.

Eligibility: I qualify under the professional credentials criterion.

I have been ENS Foundation director for some years now, I have been on Metagov and Public Good working groups. I want to see the DAO succeed.

Confirmation: All my statements on the matter are public and I think this new proposal is unnecessary complication over what should’ve been a procedural election – but I stand by my statement above.

7 Likes

Name: Daniel Nowak

Statement: I affirm the new Security Council mandate and charter. The cancel power exists to stop malicious governance attacks. Nothing else. I will act only within that scope.

Eligibility: I qualify under professional credentials.

Thirty years tracking nation-state and criminal threat actors, most of it spent on the intelligence side of security rather than the audit side. I founded ShadowDragon, a threat intelligence and OSINT platform used by law enforcement and intelligence community investigators globally. I hold CISSP since 2001.

My exposure to this space predates the current terminology. I was involved with e-gold and Loom in the 1990s, when open ledger and digital cash systems were a fringe concern rather than an industry. I began exploring the new landscape that opened up when the Bitcoin whitepaper appeared in late 2008, and have followed it closely through the first modern iterations of blockchains and smart contracts.

Since then, I have conducted cryptocurrency investigation and blockchain forensics using commercial blockchain exploration tooling, with a specific focus on mixer analysis and alternative market activity. I have trained law enforcement and government organizations on cryptocurrency crime, mining infrastructure, mixing services, and darknet markets.

My background is adversary behavior, not smart contract review. The Security Council’s core judgment call, distinguishing a genuine malicious governance attack from a political dispute dressed up as one, is closer to threat attribution than code audit. That is the specific judgment I have spent my career making. I write about exactly this at archetypesandobjectives.substack.com, including a piece on operational security for private crypto holdings and another on insider threat patterns in crypto environments.

I run Celsus Advisory Group, a security consulting practice, in parallel with this research.

Confirmation: I have no public statements on record contradicting the mandate above. If selected, I agree to sign the Appointment Agreement and undergo the KYC and background check.

  1. Griff Green = griff.eth
  2. I agree to uphold the mandate and charter
  3. I am a current member of the ENS security council and I’m also on the Arbitrum security council, I lead TheDAO Security Fund and am an active delegate with a great voting record: Griff Green's Delegate Profile
  4. I don’t have any public statements contradicting the affirmation in (2), and am willing to sign the Appointment Agreement and undergo a KYC and background check

I am excited to continue my tenure to protect ENS.

  1. Alex Netto - netto.eth
  2. I agree to uphold the mandate and charter
  3. I am a current member of the ENS security council and I’m also on the Shutter security council, balancer and Superfluid admin multisig. I am an active delegate with a great voting record: Delegate Profile
  4. I don’t have any public statements contradicting the affirmation in (2), and am willing to sign the Appointment Agreement and undergo a KYC and background check

Thank you to everyone for the nominations. The nomination period has now ended and this thread will now be locked. All eligible candidates will appear on the final voting ballot.

This is now live for voting on Snapshot.