[EP1] [Social] Proposal: Transfer ENS Treasury and Contract Ownership

Summary

Transfer ENS treasury and contract ownership from the ENS Multisig to ENS DAO.

Abstract

With the recent launch of the ENS DAO and $ENS token, it is now time for key governance powers of ENS to be transferred from the ENS root multisig to the ENS DAO.

:fire:_ :fire:(Fire Eyes DAO) has taken a central role in the planning and execution of ENS’s decentralization journey and is excited to present this first proposal to the community.

This proposal will take a different form than normal as it proposes making a request to the ENS multisig root keyholders, rather than executing an action on the DAO.

This proposal looks to execute a transfer of ownership of several aspects of the protocol which are currently controlled by the ENS root multisig:

  1. We propose that control over the existing ENS treasury is transferred to the DAO.

  2. We propose that ownership of the ENS Registrar Controller and the pricing oracle is transferred to the DAO.
    Ownership of the price oracle gives the DAO the ability to:

    1. Set the contract used to get the USD-ETH price.*
    2. Change the price per year of each length of domain name.

    Ownership of the registrar controller gives the DAO the ability to:

    1. Replace the price oracle contract.
    2. Withdraw accumulated funds to the DAO treasury.
    3. Set the minimum and maximum period between the first and second transactions of the registration process.
  3. We propose that ownership of the ENS Registrar is transferred to the DAO. Ownership of the .eth registrar gives the DAO the ability to:

    1. Add and remove controller contracts.
    2. Set the resolver contract for .eth
  4. We propose that ownership of the ‘.reverse’ namespace, which governs assignment of primary ENS records, be transferred to the DAO. Ownership of the .reverse TLD gives the DAO the ability to:

    1. Replace the reverse registrar for Ethereum addresses.
    2. Create new types of reverse resolution (For example, bitcoin addresses) and update them.

Importantly, control over the ENS root will remain with the ENS root multisig for now. Control over the root allows for the creation and replacement of ENS top-level domains (TLDs) other than .eth (.eth is locked and cannot be changed by the root). This proposal also does not transfer ownership of the DNSSEC registrar contract, necessary for administering the DNSSEC integration used to allow owners of DNS domains to claim them on ENS.

Powers over the ENS root are not being requested immediately, as they are both powers that can be abused to revoke or reassign non-.eth ENS names, and as such the risk to name owners is significantly higher than the other powers the DAO will exercise. Once the DAO has demonstrated its ability to sucsessfully govern ENS, a future proposal will transfer these powers to the DAO.

Snapshot voting on the above proposals will be conducted individually via approval voting; any proposal above that gets at least 50% approval and a quorum of 1% becomes the official policy of the DAO.

Specification

The ENS DAO formally petitions the ENS root keyholders (being the owners of the multisig located at multisig.ens.eth) to execute a transaction or transactions taking the following actions:

  1. If proposal 1 passes, transfer all ETH and USDC held by multisig.ens.eth to the DAO’s timelock contract at wallet.ensdao.eth.
  2. If proposal 2 passes, call transferOwnership on the contracts at controller.ens.eth and 0xb9d374d0fe3d8341155663fae31b7beae0ae233a (the price oracle), passing in the address of wallet.ensdao.eth.
  3. If proposal 3 passes, call transferOwnership on the contract at registrar.ens.eth, passing in the address of wallet.ensdao.eth.
  4. If proposal 4 passes, call setSubnodeOwner on the root, passing in keccak256(‘reverse’) and the address of wallet.ensdao.eth.

The ENS DAO agrees to use these funds and powers in accordance with the ENS Constitution.

Conclusion & Next Steps

This proposal looks to set precedent as the first action taken by ENS delegates & token holders. Upon successful execution, the ENS DAO will hold control over two significant aspects of the protocol, and will be able to dispense funds effectively towards community initiatives.

  • Discuss this proposal on the ENS forum and discord.
  • Implement a vote on this proposal on Snapshot.
  • If passed:
    • Transfer existing assets from the ENS Community multisig to the ENS DAO.
    • Transfer control over the Registrar Controller to the ENS DAO.

Proposal Live: Snapshot

https://snapshot.org/#/ens.eth/proposal/0xfe73d1b06675d6bc1cc074f440c347274d13c55b513ea02ec950efe639adbbb0

38 Likes

One thing we need is more details on what practical requirements are needed for the DAO to manage the price oracle. Do we have to do a full proposal every time it needs to be updated?

7 Likes

Great writeup. Just so I’m understanding correctly, the root node and DNSSEC contract isn’t being requested at this time because there is no notion of a Registrant for TLDs besides .eth, so technically speaking the root could update the controller for any of those second-level domains at any time, right?

Just wondering and may be a tangent, but are the second-level domains for the other non-.eth TLDs also technically ERC-721 tokens as well, it’s just that they’re all just owned by the root account?

5 Likes

Agree - a bit more detail would be very helpful. Also, re “These powers are not being requested immediately” - when would they be requested, is there a cadence etc. does this prop need to be broken down in phases etc.

6 Likes

This is essentially a symbolic first step then, right? What other purpose would ownership serve without control? Not to downplay your petition, it’s great, I just want some clarification on this part. Because obviously there are not any mechanisms in place yet for how the DAO would or could control these functions, other than proposals and voting. However I do understand and agree with the symbolic intent behind this being first, if that is the main purpose.

4 Likes

If I understand right, it’s not just symbolic for the .eth namespace, since that registrar contract is locked and cannot be changed, even by the root. I don’t have a primary source, but were the keys for that specific contract burned, if I recall correctly?

1 Like

So just to clarify for all, the only part not being requested immediately is the ENS root - Which will remain in the ENS multisig for the medium term (while governance / decentralisation rolls out).

This proposal is outlining the treasury, controller and .reverse namespace be transfered from the multisig to the DAO.

Edit: editted the first post to clarify ‘These powers are not being requested immediately’ line

3 Likes

This makes sense to me. A lot of work was put in before the DAO was created to make sure .ETH was secure from governance gone wrong. DNSSEC-based namespaces don’t have that same protection, so it makes sense to be more cautious about moving that over until we are on our feet in terms of coordinating governance.

4 Likes

Full support for this proposal, currently ~64% of the ENS airdrop has been claimed (~16M $ENS / ~$768M) from 82,000+ different addresses (currently ~58,000 holders according to Etherscan). Given this level of distribution, market valuation (opportunity cost of attack), and inherently limited scope (control over future registrations with no ability to revoke existing ENS names), this seems like a clear step towards the decentralization of the protocol.

Some context, ENS uses the Chainlink ETH/USD price feed which is continuously updated by a network of 31 nodes with a 0.5% deviation threshold and 1 hour heartbeat. When names are registered, the Chainlink ETH/USD reference contract is queried on-chain for the latest update and used to determine how much ETH equals the USD amount required for registration for that time period (set by the ENS DAO). There wouldn’t need to be any active participation from the DAO when a price feed updates, only if the DAO wants to change the USD pricing of registrations or change the oracle.

I would disagree that this is just a symbolic move. This proposal would grant the ENS DAO control over $28M in treasury assets to distribute as desired, change the USD pricing of registrations, as well as update primary .eth related contracts. The only thing out of scope is non-.eth names from the DNS space, which would be under the multi-sig.

5 Likes

What is the reason for holding this one back at this point? Just to do decentralization in stages since at the moment the team fears the DAO may not be ready for this responsibility?

Powers over the ENS root are not being requested immediately, as they are both powers that can be abused to revoke or reassign non-.ETH ENS names, and as such the risk to name owners is significantly higher than the other powers the DAO will exercise


As others mentioned in the thread it would be nice to also then think a bit on how the DAO should manage its treasury. Should all fund movements be requiring a vote + proposal? (super slow).

Should a smaller amount of funds be transferred to a treasury manager multisig for easier/faster management and act as a kind of a hot wallet? etc.

5 Likes

It’s more because the .eth TLD is “locked” - it can’t be changed by anyone any longer - while the same is not true for the other TLDs.

They’re not; presently only .eth 2LDs are 721 NFTs. We’re working on a name wrapper contract that would let you wrap any name at any level into an 1155 NFT, though.

That’s really up to the DAO and the keyholders. Personally I’d like to see the DAO demonstrate a track record of sensible governance before asking the keyholders to hand over the most easily abused of the powers.

It’s worth enumerating the powers.

Ownership of the price oracle gives the DAO the ability to:

  1. Set the contract used to get the USD-ETH price.
  2. Change the price per year of each length of domain name.

Ownership of the registrar controller gives the DAO the ability to:

  1. Replace the price oracle contract.
  2. Withdraw accumulated funds to the DAO treasury.
  3. Set the minimum and maximum period between the first and second transactions of the registration process.

Ownership of the .eth registrar gives the DAO the ability to:

  1. Add and remove controller contracts.
  2. Set the resolver contract for .eth

Ownership of the .reverse TLD gives the DAO the ability to:

  1. Replace the reverse registrar for Ethereum addresses.
  2. Create new types of reverse resolution (For example, bitcoin addresses) and update them.

Of all the powers it’s the only one that can be easily abused to deny someone else ownership of their ENS name. I don’t think that’s likely to happen, but I think caution is warranted.

I would like to see the DAO establish budgets for each working group, that can be accessed via a multisig controlled by representatives appointed for each WG. I think @alisha.eth will be working to roll out proposals for this based on Gitcoin’s experience in the coming days and weeks.

7 Likes

I support this proposal and would vote to approve it in its current form. Control over the root itself would be a good thing for the DAO to control eventually, but I think caution is warranted. The powers requested for the DAO listed above are very substantial already and will be plenty for the DAO to deal with initially. If after a period of time the DAO is responsible with these, I would support moving the root itself to the DAO.

12 Likes

+1 fully support this proposal & would love to be part of any DAO budget/treasury management working groups.

2 Likes

I would generally say that I support this proposal, but it is essentially a technical proposal, because changes will be made to smart contracts which will introduce new dependencies to other smart contracts. The possibility of technical problems is not zero. What is my responsibility in regard to technical side of things? If I vote yes, am I saying that I agree with the idea of it, but I just hope that everything is done right on the technical side of things? Or should I take personal responsibility for the technical side of things as well. In that case that means going over every line of code myself, or in a group setting so that I can personally say that I understand the technical changes, and I believe that it is a good idea to move forward with them. I have already gone through most of the ENS contracts myself and have a general idea of what is gong on, but that doesn’t mean that I can personally give my assurance on the technical aspect of this proposal. How do DAO’s generally handle this? Is there a delegate representative that fully understands the code and can be made available for deep dives into the inner functions of the smart contracts? Is this person sufficiently independent, such that they could have an independent voice from the core development team? Is just voting yes, just because the idea of having the DAO take over responsibility sounds good, an informed vote?

4 Likes

I don’t think it’s expected that every DAO member has deep smart contract expertise - though it helps to at least understand the basics. It should certainly be the case that the executable details of a proposal are published in advance of voting, so that people who do have experience can examine them and verify they’re correct.

In this case the instructions will be executed by the keyholders, not by the DAO directly, and I think the instructions above are sufficiently clear to compose a multisig signing request.

6 Likes

I guess I am not sure why this step has to happen now. I would propose setting up a call with an independent technical person who can go over the DAO contracts, and answer questions, before taking the step of turning over the control over almost all of ENS over to a set of newly deployed smart contracts.

4 Likes

This is a fair point; it’s probably a good idea to demonstrate that the DAO can successfully execute a proposal onchain before transferring everything to it!

One option would be to go straight to voting on a no-op proposal onchain using Tally; another would be to wait for another proposal, such as the primary ENS name multiplier airdrop one, to pass first.

4 Likes

I’m strongly in support of very gradually working up through increasingly levels of significance in DAO operations. There’s a lot at stake and it will be good to both be careful and to set a good example of what being careful looks like.

4 Likes

Just to reassure my own paranoia, I successfully executed a complete proposal (from proposal to execution) on a Tenderly fork of mainnet last night, and it worked fine - so I’m not concerned about the DAO’s ability to make changes onchain.

That said, if the DAO wants to take things slowly, I’m fine with that. My own suggestion for the order of events would be:

  1. Existing treasury funds from the multisig.
  2. Ownership of the ETH registrar controller (and its funds) and the price oracle.
  3. Ownership of the ETH registrar.
  4. Ownership of the .reverse namespace.

These can be bundled together in whatever ways seem appropriate, but in my mind those are the best order from least- to most- risky.

8 Likes

I think if the concern is our ability to execute / execute effectively, doing (1) and (2,3,4) would make sense. No need to fracture 2,3,4 on that list into separate steps, either we’re ready or we’re not. Down for moving the funds first and control of ENS contracts second, though, if that makes people more comfortable!

1 Like