Discussion: Opportunities to level up DAO operations with Hats Protocol

Hello ENS! My name is Spencer Graham, aka spengrah.eth. I’m a longtime Ethereum and DAO builder and contributor, and I’m writing this post on behalf of Hats Protocol, the project I cofounded several years ago to help DAOs operate effectively without sacrificing on decentralization.

The purpose of this post is to open a conversation with the ENS community and explore opportunities where Hats may be able to offer value to the DAO. Recently, I joined the Meta-Gov Stewards weekly call to initiate this discussion, and the warm welcome Hats received encouraged me to take the next step here on the forum.

This is an open call for feedback. I look forward to your ideas, questions, and responses!

What is Hats Protocol?

Some of you may already be familiar with Hats Protocol as a way to create and manage DAO roles onchain. While this remains accurate, we’ve recently found a better way to articulate what Hats is really all about: Hats Protocol is the unstoppable API for programmable organizations.

The primary insight of Hats Protocol is that roles are the atomic unit of organizational structure. Every organization is comprised of a network of interrelated roles, which are bundles of responsibilities, permissions/authorities/resources, eligibility requirements, accountability mechanisms, compensation, and more.

By instantiating roles as software objects, we can give organizations programmable interfaces for all of those properties. And by instantiating them onchain, DAOs can program themselves with all the benefits of smart contracts: autonomy/sovereignty, automation, composability, integration with permissionless financial primitives, etc.

A number of organizations use Hats Protocol today for many use cases ranging from council-based governance to moving their entire organizational structure and operations onchain. You can see some of these in our case studies. This just a sample of what’s possible with Hats, many of which make one another more valuable. As we’ve helped DAOs improve their operations and practical decentralization, we’ve learned that the best approach is to start small. With that in mind, the next section outlines several use cases that may be good places for ENS DAO to get started with Hats Protocol.

Candidate Starting Opportunities for Hats to help ENS DAO

Here are four potential ways that ENS could get started with Hats. While I personally believe these would have substantial value for ENS DAO today, I encourage you to think about these more as thought-starters and concrete examples than formal proposals.

• a) Give the DAO admin control over Working Group multisigs
• b) Onchain steward elections
• c) Enforce steward terms onchain
• d) Onchain steward permission management

A) Give the DAO admin control over Working Group multisigs

Currently, the DAO relies on social trust and reputation rather than onchain authority to manage the Working Group multisigs. While this has worked well thus far, it does have some known drawbacks. For example, the Secretary must be added as a signer on each multisig to protect against lock risk, which i) does not fully protect against that risk (consider how often the Secretary and multiple Stewards are in the same physical room at conferences), and ii) increases collusion risk when the Secretary also serves as a Steward.

Using Hats Protocol and our Safe integration, ENS DAO could retain onchain administrative control over each Working Group multisig, including control over the signers as well as the ability to execute any transaction (eg to claw back funds). This would greatly reduce the above risks while also eliminating the need for the amendment proposed in the above-linked thread.

B) Onchain steward elections with C) onchain terms

Working Group Stewards are currently selected and managed via offchain processes (see DAO WG Rules 5, 6, and 7), relying on trusted parties to execute the will of the DAO.

Using Hats Protocol, ENS DAO can put itself back in full charge by bringing Steward elections fully onchain. Stewards would be elected into an onchain role, which could come pre-configured with various properties including permissions (see next section) and even robust accountability mechanisms (more on this later), and which could be programmed to be automatically revoked after their 1-year term (unless of course they are re-elected).

The Hats eligibility module interface that makes this possible lets developers program how a given hat is issued and to whom. Developers have already built a number of standard modules for common use cases (including a simple election concept), and the ENS community (or anybody) can build a custom module to fit the DAO’s exact election requirements.

D) Manage Steward permissions onchain

Stewards have permissioned access to several DAO-owned resources, including Working Group multisig signing rights and membership in the Steward group chat on Telegram. Currently, when a Steward is elected or removed, those permissions must be granted and revoked manually by trusted parties. This has operational cost as well as security implications, which limits the type and amount of DAO-owned resources and tools that Stewards can be given access to in order to best achieve their important responsibilities.

Using Hats Protocol, all Steward accesses and permissions — including onchain and offchain alike — can be granted and revoked as a single bundle, all securely onchain by the DAO or any programmatic logic it desires.

Additional Opportunities / Future Thought-starters

Beyond the potential starting candidates above, there are many additional improvements that ENS DAO could make to its governance and operations using Hats. To spark some ideas from the ENS community, here are some of the opportunities I see.

One category of improvements relates to hardening the Working Group rules by making the onchain instantiation of the related roles the source of truth for those roles. All of the WG rules can be expressed role responsibilities, authorities/permissions/powers, selection criteria, and accountability mechanisms.

This is a generalization of the four use cases above, also unlocking other advantages:

1. Enabling the DAO to claw back a Working Group’s assets from its multisig, eg after it has dissolved or in the case of misaligned behavior by its Stewards.
2. Strengthening qualification requirements and accountability mechanisms for Stewards, such as requiring that a Steward hold (or stake) a minimum amount of $ENS, sign a Working Group agreement/policy, or be subjected to 3ʳᵈ party arbitration.
3. Moving the source of truth for Working Group rules from centralized Github hosting to decentralized onchain DAO control.
4. Upgrading the Working Group creation process from a social exercise to a robust and clear onchain process.

Similarly, instantiating the Secretary and Lead Steward roles onchain would bring many of the benefits to those roles and related DAO rules.

Another area of opportunity is hardening access control and permissioning of Discourse and other DAO-owned resources. For example, Discourse admin/moderator rights could be attached to the relevant hats (Secretary, etc). More speculatively, general forum write permissions (which is currently gated manually) could be automated with onchain logic of some kind (eg holding a minimum amount of $ENS tokens).

The last specific category I’ll raise here is the potential to harden DAO <> Foundation relations. According to the Foundation bylaws, the DAO has control over the Foundation directors, supervisor, and members. The DAO could use Hats to strengthen those bonds by enforcing that control onchain.

More generally, Hats turns an organization’s structure into a platform for development and bottoms-up innovation. For example, anybody introducing a proposal to the DAO could express their proposal in terms of the changes it would make to the DAO’s onchain structure. Further, developers could permissionlessly build extensions and integrations for the DAO, expanding its capabilities. I’m excited to see more ideas from the community!

One active example is the Org Identity research proposal recently put forward by @jkm.eth and @arnold. Since an organization’s fractal identity is expressed as roles, Hats would be an ideal integration with an ENS-powered standard for organizational namespace. Some powerful ideas include resolving hats/roles from ENS domains and subdomains, using ENS records as the source of hat metadata (eg role responsibilities), and bringing the full dimensionality of Hats-powered roles to the org dataset indexed by ENS.

Other Important Considerations

Whenever considering adopting a new tool or capability, there are a number of non-functionality considerations that DAOs should make. Here I’ll do my best to anticipate some of these questions.

Platform Risk

Hats Protocol seeks to minimize the risk that all stakeholders take when deciding to use, integrate, or build on Hats. We approach this from both a technology and governance perspectives.

• All Hats contracts and are fully open source (AGPL or MIT licensed), immutable, and unowned.
• All contracts are permissionlessly deployable via create2 factories to the same address on all evm-compatible chains (eg no reliance on our team to deploy to additional chains, such as Namechain).
• Our subgraphs are open source (MIT licensed) and deployed to the decentralized graph network.
• Our SDKs are also open source (MIT licensed).
• Our two existing front end applications are not yet open source. However, all source of data they use are publicly publicly available via some combination of onchain state, decentralized indexers (subgraphs), or decentralized storage (IPFS). And, we are looking for the right time/opportunity/approach to open-source UI code, and so we are very open to discussing this further.

Hats is designed to be maximally composable without introducing any tightly coupled dependencies, so using Hats does not incur any platform risk from dependencies, and would not tie ENS to any specific tools to which Hats integrates.

Hats is a horizontal protocol built on open standards, designed to work with any other protocol or platform. Multiple governance platforms have already integrated Hats into their offerings, and we have been in conversation with existing ENS governance platforms (including Tally and Agora) to integrate.

Of course, for these commitments to be credible over the long run, Hats Protocol itself must be operated and governed by a DAO, just like ENS. While that is not fully the case yet, we are on that path. For the past 18 months we have been incubating a protoDAO and dogfooding our own technology to prepare for a governance transition.

Security

The primary Hats contracts have received multiple audits and have suffered no hacks or bugs since being deployed in 2023. See our security docs for more detail.

Open Call for Feedback

Thank you for your time and attention. I am excited to hear your questions, concerns, thoughts, feedback, and ideas! I will be actively monitoring this thread and you can expect quick responses.

Thanks for the in-depth post, Spencer.

I’m an advocate for giving the DAO admin control over Working Group multisigs, particularly because of the “Lock Risk” you mention. Admin control would provide the DAO with effectively free insurance against scenarios where funds become inaccessible due to signer’s losing keys, death, or other unforeseen circumstances.

Before implementing admin control, I’d like to see functionality that ensures admin functions remain easily usable and auditable through an open-source frontend—even in the worst-case scenario where Hats ceases operations. As I mentioned in another post, DAO tooling companies shutting down have put us in difficult positions twice before.

Thanks again for taking the time to share this analysis and for building solutions for DAOs!

This is super important concern that we’ve thought a lot about. Our focus on decentralized, immutable infrastructure is driven primarily by the importance of minimizing platform risk for developers and vendor risk for DAOs/users. But for the latter, usability is also important, and we agree that its valuable for the front end applications providing access to the underlying contracts to also be risk-minimized.

The front end application for DAO-controlled multisigs that we’ve built thus far supports some but not all of the admin functions that ENS may find valuable (and that are available/possible today at the contract level). The UI does not yet, for example, support clawback.

If ENS finds this sort of admin control valuable enough to fund, the Hats team could flesh out the front end functionality and open source the relevant code.

Very keen to hear addition feedback in this area.

I have been fortunate to be a steward of Hats protocol. The work that this team has done to organize operations on-chain and continue doing has been phenomenal.

Strongly in favor of this proposal by @spengrah.eth and moving the ENS DAO further.

Hey there Spencer, thanks for putting this forward.

A few questions:

I took a look at the case studies, can you disclose how many DAOs are currently using this functionalities, and if so, how many longer than a year? Similar to Limes comment, what would happen in the case of Hats Protocol being deprecated?

Second question, with these DAOs, how long it took to implement? and most important, since I didn’t see it and I might have missed it somewhere, how much the implementation, maintenance and upgrades would cost? Considering that we change stewards every year.

There are bunch of orgs who are using Hats on their own, or via other platforms that have integrated our protocol. You can see all of their org structures (aka “Hats trees”) on the Hats app. I would estimate between 20 and 50 organizations actively using Hats in various ways.

Most of what makes up Hats cannot be deprecated. If our team were to cease operations, or if we were to stop hosting front end applications (including the Hats app I linked to above), DAOs using Hats would not have access to those applications, but all of the core logic and data/state would remain fully accessible/usable via decentralized and persistent means. If that were to happen before we found the right approach to open-sourcing our UI code, we would likely just open-source it as is.

But more realistically, we will work out the right approach to open-sourcing our UI code so that it is easy for DAOs like ENS to self-host in a worst-case scenario. That is a conversation I am very eager to have with this community.

In its fullness, Hats Protocol is an extremely rich and varied solution that can address many related but distinct use cases across what organizations traditionally label as IT and HR. SaaS solutions such as Rippling and Okta are decent if imperfect analogs here. Embedding Hats into all aspects of an organization like this is extremely powerful, but does involve a higher degree of configuration complexity.

Which is why I strongly recommend starting with a single or small set of use cases. This can be much simpler and cheaper to start.

That said, it is hard for me to estimate what the cost would be without knowing more about what ENS would value. This is why I’ve framed this thread as a discussion to identify what could be useful rather than as a specific proposal or offering. Once we (collectively) identify good candidate use cases, I can put together a more concrete proposal with a clear scope and budget.

A big part of the value proposition of Hats is that you can set up the structure (ie the onchain hats themselves) once and it is very easy to adjust who is operating within that structure (ie who is “wearing” the hats) over time. So the cost of maintaining an established use case should be low/predictable.

Upgrades would be at the DAO’s discretion. Our protocol is immutable so nothing would be forced.