Discussion: [Draft] [Social] Proposal for a New Security Council

DAO-Wide General Discussion
1

There’s an already existing security proposal live with a majority of delegate support. Why would this nomination proposal be needed?

8 Likes
[Draft] [Social] Proposal for a New Security Council
2

The Abstract and Motivation sections make the need for it clear.

3

ENS Labs is now trying to change the rules after its own proposal was widely recognized as a threat to ENS governance and the protocol’s future.

Even if you can control enough voting power to push something through, that does not automatically make it legitimate. ENS tokenholders and the broader community still know the difference between a valid governance outcome and a security issue that requires intervention.

ENS Labs knows that too.

1 Like
4

I want to clarify that I did not consider labs new foundation to be a governance attack and think using the security council to block it would’ve been an overreach. Yet, by blocking the renewal based on the fear of a theoretical attack we are opening ourselves to a much less theoretical one.

The DAO is a $130M treasury safeguarded by at best $20M worth of tokens. This is a real issue. By changing the definition of a governance attack from the effect of the proposal into the legitimacy of the votes, we are opening up the possibility of legitimizing the fact that a well funded entity could simply buy enough ENS tokens to take over the treasury and protocol. It might be easy to detect vote renting or flash loans but we can’t prove a connection between the voter and another entity that just happens to open a short position on ENS which would turn the Security council teeth less and make the attack doubly profitable. Even if they don’t actually do a short position or take any illegitimate action they would still be very profitable in their takeover.

@nick.eth I don’t see why Labs has to fight this hard for this. If we take off the clause that the new foundation takes effective control of the treasury, and open the seats to vote, you’d still be able to vote the board you want and approve the budgets you requested. Our counter proposal for the foundation is pretty mild and non-antagonistic against Labs IMHO. But this proposal is just turning bad optics into worse.

7 Likes
5

We all know this is fake. I’m surprised you’re doing so much work to keep up the pretenses.

7 Likes
6

I’m glad you agree - and I’d encourage you to stand for the new SC if you feel able.

I agree, a lack of SC coverage is an unacceptable gap. That’s why I signalled my disagreement with renewing the current SC as-is ahead of the vote, in the hopes we could come up with a solution. With the proposal going up unmodified, we’ve instead had to put this proposal forward ourselves.

With the proposed timeline for this putting nominations up for a vote late this week or early next, followed immediately by an onchain vote, there will be no gap in SC coverage.

That’s not what this does. Here’s the concrete list of criteria the SC would be empowered to act on:

(a) The proposal violates a specific article of the ENS Constitution.
(b) The proposal transfers treasury assets to an address controlled by a person
or entity who obtained the right to receive the transfer through fraud, theft of
governance credentials, exploited vulnerability in the proposal mechanism, or
other unauthorized means.
(c) The proposal modifies, removes, or disables protocol-level smart contracts
(root key control, registry control, smart contract upgrades, fee structures), and
the DAO vote authorizing the proposal was procured through bribery, vote
buying, or exploited flash loan, supported by documentary evidence published
alongside the Council action.
(d) The proposal transfers treasury assets to a person or persons who obtained
their voting power for the specific purpose of passing the proposal (for example,
through a flash loan, an undisclosed pre-coordinated token acquisition
immediately before the vote, or a vote-buying arrangement) and would not have
had majority support without those acquired votes.

If there are classes of governance attack that wouldn’t trigger any of those clauses, we’re open to amending the conditions to make sure they’re covered, too. In my mind even clause (a) is a very strong protection against malicious proposals, as the constitution already embodies most of the important safeguards for ENS.

7

I want to make these process points very clearly:

  • I support renewing the ENS DAO Security Council.
  • I support clarifying the Security Council’s mandate.
  • I support preventing the Security Council from becoming a general-purpose political veto.
  • But I do not support changing the Security Council “in the middle of a live treasury/governance dispute”, (in a way that makes it “less capable” of checking the “exact concentration-of-power risk” that it was created to address).

Relevant links:

The old renewal vs the new proposal

The existing renewal proposal was straightforward.

It would:

  • renew the Security Council before expiration
  • keep the 4-of-8 multisig
  • keep the same cancel-only emergency mandate
  • rotate one inactive signer
  • preserve continuity
  • keep the Council as a narrow backstop against malicious proposals and governance attacks

That is not the same as the new proposal.

The new proposal materially changes the structure.

It would:

  • change the threshold from 4-of-8 to 5-of-8
  • create a new slate / nomination process
  • require nominees to publicly affirm a new mandate
  • require nominees to have no public statements contradicting that mandate
  • require an Appointment Agreement with the ENS Foundation
  • require KYC / background checks
  • add a removal mechanism for acting outside the new mandate

Some of those ideas may be reasonable in isolation.

But context matters.

  • This is happening immediately after several Security Council members and major delegates raised concerns that the Foundation proposal may represent treasury capture / governance capture.

So the practical effect is hard to ignore:

  • The old Security Council could plausibly act as a check if a treasury-transfer proposal passed mainly through concentrated Labs-aligned voting power.
  • The new Security Council proposal makes that materially harder.

Nick’s prior statement vs the new proposal

In the renewal thread, Nick said:

The Security Council is a vital protection for the DAO against governance attacks, and I firmly support renewing it so it can continue to guard against them.

But he also said:

I will vote against any replacement Security Council that includes a member on record saying they would veto a proposal that does not violate the ENS Constitution. And I will vote against any replacement Council that does not commit to that standard publicly before the vote.

That statement matters.

  • Because the new proposal now does exactly that structurally.
  • It creates a new mandate.
  • It requires nominees to publicly affirm that mandate.
  • It excludes nominees with statements on record that contradict that affirmation.
  • It raises the signing threshold from 4-of-8 to 5-of-8.
  • It makes Security Council action harder in precisely the governance scenario currently being debated.

Then Nick immediately supported the new framework and nominated himself under it.

  • I am not alleging bad faith.
  • But this is not neutral process design.
  • It is a new Security Council framework that directly aligns with Nick’s stated condition:
    • no Council members who might treat the Foundation treasury proposal as a governance/security threat unless they accept his narrower interpretation of the Council’s remit.

The voting-power problem

The larger issue is concentrated voting power.

Based on the Security Council renewal vote people are discussing, Nick appears to have used roughly half of the active voting power to vote against renewal.

  • That means Nick can effectively block a Security Council he does not accept.
  • That is the core governance problem.

The Security Council exists because active voting participation is low relative to the size of the ENS treasury; It exists because token voting can be captured, concentrated, or financially conflicted.

  • But if one dominant voter can block renewal of the existing Council,
  • then support a replacement Council designed around his preferred mandate,
  • then nominate himself to that Council,
  • then the Council becomes less useful as an “independent” check.

The Security Council’s legitimacy depends on being independent enough to check concentrated voting power.

  • If the dominant voter can “block renewal of the existing Council” and then “support a replacement Council”, (designed around his preferred mandate),
  • then the Council becomes “less of a check on governance capture” and more of a “permissioned check”, (approved by the power it may need to restrain).

That defeats the purpose.

Why this matters for the Foundation proposal

The broader Foundation proposal is already a massive governance change.

  • It would move significant operational and treasury authority toward the Foundation structure.
  • It would put Nick on the Foundation Board.
  • It would give the Foundation more power over treasury stewardship, grants, operating budgets, and long-term capital strategy.
  • It would reduce the DAO’s direct role in treasury oversight and operations.

This is why the Security Council question matters so much.

  • If the DAO is about to consider transferring practical treasury control, (away from the onchain DAO)…
    • …then the emergency backstop should become stronger,
    • more independent,
    • and more credibly neutral.
  • Instead, the current path appears to:
    • make it narrower,
    • more Foundation-legible,
    • more legally tied to the Foundation, and
    • less capable of acting against the very proposal that created this crisis.

That is backwards.

The Security Council’s purpose should not be rewritten mid-conflict

The ENS Security Council docs say the Council is expected to act in emergency situations, including:

  • if a proposal goes against the ENS Constitution
  • if a proposal is approved with malicious intent against DAO longevity / sustainability
  • if a proposal is approved by voters directly financially incentivized to vote against the DAO’s interests to preserve their own financial stake
  • if a proposal benefits an attacker

A credible argument can be made that a proposal transferring practical treasury control from the DAO to a Foundation structure with Labs-aligned seats falls within the kind of risk the Security Council was created to evaluate.

  • People can disagree with that argument.
  • But it should not be preemptively disqualified by rewriting the Council mandate after the issue arises.

A Security Council that can only stop obvious smart contract exploits is not enough.

  • Governance capture is often not obvious.
  • It can happen:
    • through process,
    • voting concentration,
    • institutional incentives,
    • legal control,
    • treasury flows, and
    • control over who gets funded.
  • That is the whole point of having a governance-security backstop.

4-of-8 vs 5-of-8

The move from 4-of-8 to 5-of-8 is not a minor detail.

  • Under 4-of-8, four independent signers can act in an emergency.
  • Under 5-of-8, a majority must act (with great difficulty).

That may sound more legitimate in the abstract…but in this specific context it makes the veto much harder to use against concentrated power.

  • If even four members believe there is treasury capture or a governance attack,
    • then they cannot act.
  • If Nick is elected to the new Council and refuses to sign,
    • then five (of the other seven) must coordinate (with great difficulty).
  • If multiple Foundation/Labs-aligned or mandate-constrained members are elected,
    • then the Council becomes “effectively unable” to act against a Foundation treasury-transfer proposal.

So the threshold change materially benefits the side that wants the Security Council to be less capable of stopping the Foundation proposal.

Foundation appointment agreements

I am also concerned that new Security Council members would sign Appointment Agreements with the ENS Foundation.

  • Maybe that is legally cleaner.
  • But again, context matters.

The live controversy is whether the Foundation should receive far more power over ENS treasury/governance.

  • The Security Council may need to independently evaluate proposals involving the Foundation.
  • Having the Council legally bound through Foundation appointment documents weakens the appearance of independence.
  • If the Council is meant to check governance capture, it should not become institutionally dependent on the same Foundation whose empowerment is the subject of the dispute.

ENS Labs accountability

The DAO has generally funded and supported ENS Labs when asked.

For example, EP5.22 increased ENS Labs’ annual funding from $4.2M USDC/year to $9.7M USDC/year for ENSv2 development and was executed.

Reference:

So I do not think this governance crisis should be framed as though ENS Labs has been structurally blocked by the DAO.

  • ENS Labs has received major trust, funding, legitimacy, and operational deference from the DAO.
  • If the concern is execution, strategy, accountability, metrics, or operational performance, then let’s discuss that directly.
  • But the answer should be more accountability before more control.

We should not treat centralization as the default cure for every institutional failure.

My position

I support renewing the Security Council.

I support clarifying the mandate.

I support preventing the Security Council from becoming a general-purpose political veto.

But I do not support changing the rules mid-conflict in a way that:

  • makes the Council less independent
  • raises the veto threshold during a live treasury-capture dispute
  • filters out members who have expressed concern about the Foundation proposal
  • ties members more closely to the Foundation
  • allows the dominant voter to effectively decide which Council is acceptable
  • makes the Council less capable of checking concentrated voting power

The Security Council should be renewed first, with continuity.

  • Then the DAO can discuss reforms calmly, separately, and without an active treasury-control fight hanging over the process.

If we want a new Security Council model, it should be designed around decentralization, credible neutrality, nameholder protection, and DAO sovereignty.

  • And it should not be designed around making the current Foundation proposal easier to pass.

ENS is supposed to be credibly neutral public infrastructure.

  • The Security Council should protect that.
  • The DAO should remain sovereign over the treasury.

And no single voter, founder, company, or Foundation structure should be able to reshape the checks and balances precisely when those checks and balances become inconvenient.

4 Likes
[Draft] [Social] Proposal for a New Security Council
8

Me, Nick and Urbelis had an exchange on twitter which is relevant to this thread and I want to put it here to keep context: Alex Van de Sande (avsa.eth) on X: "@aurbelis @nicksdjohnson @LefterisJP I would support this. Usage of flash loans, shorts etc OR having the effect of transferring control of endowment or DAO tokens to the proposer would both allow the security council to act." / X

In summary: I point out that paragraph d is not strong enough or specific enough. For example, if an like Arca Management decides to slowly accumulate tokens for the purpose of overtaking the DAO, is that vote buying or a legitimate use of token voting power? My reading is that Urbelis agreed and would like to extend the definition of an attack to the effects of the proposal, not only how the tokens were gotten. If that’s the case I would like to allow the security council to act on any proposal that attempts to take control of a large amount of treasury or ens tokens.

I don’t think this merits rejecting the whole proposal that had passed a social approval (with record quorum!) just to make such clarification for the security council members.

9

I’m afraid that would give the Security Council too broad a mandate, creating a major expansion of discretionary veto power and turning it into a shadow court for proposals its members oppose solely on political grounds.

Governance attacks can be defined by effect as well as mechanism, including in cases of slow accumulation. However, effect alone cannot be the test, or else any major governance reform becomes presumptively reviewable by the Council.

The line has to remain tied to malicious, coercive, or procedurally abusive conduct outside legitimate governance, not simply to the scale or consequence of a proposal.

1 Like
10

I absolutely agree with this, and I think Alex is working to refine the wording.

As @estmcmxci says, this would amount to an expansion of SC powers to cover any proposal they don’t like that touches enough funds. A Security Council’s mandate should be focused on ensuring the security of the platform, and they should only be acting if they legitimately believe that is at threat. The other reasons enumerated - especially the requirement for compatibility with the constitution - provide ample grounds to reject malicious proposals in my view.

2 Likes