[EP1] [Social] Proposal: Transfer ENS Treasury and Contract Ownership

If I understand right, it’s not just symbolic for the .eth namespace, since that registrar contract is locked and cannot be changed, even by the root. I don’t have a primary source, but were the keys for that specific contract burned, if I recall correctly?

1 Like

So just to clarify for all, the only part not being requested immediately is the ENS root - Which will remain in the ENS multisig for the medium term (while governance / decentralisation rolls out).

This proposal is outlining the treasury, controller and .reverse namespace be transfered from the multisig to the DAO.

Edit: editted the first post to clarify ‘These powers are not being requested immediately’ line

3 Likes

This makes sense to me. A lot of work was put in before the DAO was created to make sure .ETH was secure from governance gone wrong. DNSSEC-based namespaces don’t have that same protection, so it makes sense to be more cautious about moving that over until we are on our feet in terms of coordinating governance.

4 Likes

Full support for this proposal, currently ~64% of the ENS airdrop has been claimed (~16M $ENS / ~$768M) from 82,000+ different addresses (currently ~58,000 holders according to Etherscan). Given this level of distribution, market valuation (opportunity cost of attack), and inherently limited scope (control over future registrations with no ability to revoke existing ENS names), this seems like a clear step towards the decentralization of the protocol.

Some context, ENS uses the Chainlink ETH/USD price feed which is continuously updated by a network of 31 nodes with a 0.5% deviation threshold and 1 hour heartbeat. When names are registered, the Chainlink ETH/USD reference contract is queried on-chain for the latest update and used to determine how much ETH equals the USD amount required for registration for that time period (set by the ENS DAO). There wouldn’t need to be any active participation from the DAO when a price feed updates, only if the DAO wants to change the USD pricing of registrations or change the oracle.

I would disagree that this is just a symbolic move. This proposal would grant the ENS DAO control over $28M in treasury assets to distribute as desired, change the USD pricing of registrations, as well as update primary .eth related contracts. The only thing out of scope is non-.eth names from the DNS space, which would be under the multi-sig.

5 Likes

What is the reason for holding this one back at this point? Just to do decentralization in stages since at the moment the team fears the DAO may not be ready for this responsibility?

Powers over the ENS root are not being requested immediately, as they are both powers that can be abused to revoke or reassign non-.ETH ENS names, and as such the risk to name owners is significantly higher than the other powers the DAO will exercise


As others mentioned in the thread it would be nice to also then think a bit on how the DAO should manage its treasury. Should all fund movements be requiring a vote + proposal? (super slow).

Should a smaller amount of funds be transferred to a treasury manager multisig for easier/faster management and act as a kind of a hot wallet? etc.

5 Likes

It’s more because the .eth TLD is “locked” - it can’t be changed by anyone any longer - while the same is not true for the other TLDs.

They’re not; presently only .eth 2LDs are 721 NFTs. We’re working on a name wrapper contract that would let you wrap any name at any level into an 1155 NFT, though.

That’s really up to the DAO and the keyholders. Personally I’d like to see the DAO demonstrate a track record of sensible governance before asking the keyholders to hand over the most easily abused of the powers.

It’s worth enumerating the powers.

Ownership of the price oracle gives the DAO the ability to:

  1. Set the contract used to get the USD-ETH price.
  2. Change the price per year of each length of domain name.

Ownership of the registrar controller gives the DAO the ability to:

  1. Replace the price oracle contract.
  2. Withdraw accumulated funds to the DAO treasury.
  3. Set the minimum and maximum period between the first and second transactions of the registration process.

Ownership of the .eth registrar gives the DAO the ability to:

  1. Add and remove controller contracts.
  2. Set the resolver contract for .eth

Ownership of the .reverse TLD gives the DAO the ability to:

  1. Replace the reverse registrar for Ethereum addresses.
  2. Create new types of reverse resolution (For example, bitcoin addresses) and update them.

Of all the powers it’s the only one that can be easily abused to deny someone else ownership of their ENS name. I don’t think that’s likely to happen, but I think caution is warranted.

I would like to see the DAO establish budgets for each working group, that can be accessed via a multisig controlled by representatives appointed for each WG. I think @alisha.eth will be working to roll out proposals for this based on Gitcoin’s experience in the coming days and weeks.

7 Likes

I support this proposal and would vote to approve it in its current form. Control over the root itself would be a good thing for the DAO to control eventually, but I think caution is warranted. The powers requested for the DAO listed above are very substantial already and will be plenty for the DAO to deal with initially. If after a period of time the DAO is responsible with these, I would support moving the root itself to the DAO.

12 Likes

+1 fully support this proposal & would love to be part of any DAO budget/treasury management working groups.

2 Likes

I would generally say that I support this proposal, but it is essentially a technical proposal, because changes will be made to smart contracts which will introduce new dependencies to other smart contracts. The possibility of technical problems is not zero. What is my responsibility in regard to technical side of things? If I vote yes, am I saying that I agree with the idea of it, but I just hope that everything is done right on the technical side of things? Or should I take personal responsibility for the technical side of things as well. In that case that means going over every line of code myself, or in a group setting so that I can personally say that I understand the technical changes, and I believe that it is a good idea to move forward with them. I have already gone through most of the ENS contracts myself and have a general idea of what is gong on, but that doesn’t mean that I can personally give my assurance on the technical aspect of this proposal. How do DAO’s generally handle this? Is there a delegate representative that fully understands the code and can be made available for deep dives into the inner functions of the smart contracts? Is this person sufficiently independent, such that they could have an independent voice from the core development team? Is just voting yes, just because the idea of having the DAO take over responsibility sounds good, an informed vote?

4 Likes

I don’t think it’s expected that every DAO member has deep smart contract expertise - though it helps to at least understand the basics. It should certainly be the case that the executable details of a proposal are published in advance of voting, so that people who do have experience can examine them and verify they’re correct.

In this case the instructions will be executed by the keyholders, not by the DAO directly, and I think the instructions above are sufficiently clear to compose a multisig signing request.

6 Likes

I guess I am not sure why this step has to happen now. I would propose setting up a call with an independent technical person who can go over the DAO contracts, and answer questions, before taking the step of turning over the control over almost all of ENS over to a set of newly deployed smart contracts.

4 Likes

This is a fair point; it’s probably a good idea to demonstrate that the DAO can successfully execute a proposal onchain before transferring everything to it!

One option would be to go straight to voting on a no-op proposal onchain using Tally; another would be to wait for another proposal, such as the primary ENS name multiplier airdrop one, to pass first.

4 Likes

I’m strongly in support of very gradually working up through increasingly levels of significance in DAO operations. There’s a lot at stake and it will be good to both be careful and to set a good example of what being careful looks like.

4 Likes

Just to reassure my own paranoia, I successfully executed a complete proposal (from proposal to execution) on a Tenderly fork of mainnet last night, and it worked fine - so I’m not concerned about the DAO’s ability to make changes onchain.

That said, if the DAO wants to take things slowly, I’m fine with that. My own suggestion for the order of events would be:

  1. Existing treasury funds from the multisig.
  2. Ownership of the ETH registrar controller (and its funds) and the price oracle.
  3. Ownership of the ETH registrar.
  4. Ownership of the .reverse namespace.

These can be bundled together in whatever ways seem appropriate, but in my mind those are the best order from least- to most- risky.

8 Likes

I think if the concern is our ability to execute / execute effectively, doing (1) and (2,3,4) would make sense. No need to fracture 2,3,4 on that list into separate steps, either we’re ready or we’re not. Down for moving the funds first and control of ENS contracts second, though, if that makes people more comfortable!

1 Like

I definitely agree the DAO should have ownership of Treasury and Contracts.
However, I am also inclined to agree with @nick.eth. I would rather take things slow and make sure everything runs smoothly than transfer everything at once and run into governance issues. Or any other issues.

I understand @carlosdp POV that either we’re ready to own the contracts or we aren’t, but I don’t see a downside to adding a short cool-down time to each contract ownership transfer. The key thing being “short”.

Just my two cents.

1 Like

If the concern is the ability to execute, I’d rather have the DAO issue a no-op transaction now to demonstrate it works end-to-end, and put the transfer proposal through in parallel, not actioning it until the no-op has gone through.

If the concern is the risk of these powers being with the DAO immediately, I think it would make sense for the DAO to ask for the current funds and control of the registrar controller (and thus, future funds), and ask for the rest later.

Personally after simulating a complete proposal from soup to nuts on Tenderly, I have no concerns about technical viability.

4 Likes

Yea, I mean that’s fine. If we want to do just the funds first for now, totally down for that.

My point is, for the transfer of contract control, doing it one by one seems to not really have much benefit. If we’re worried about the DAO controlling all of them, we should be equally worried about the DAO controlling any one of them. Just compromising one can cause massive damage to ENS.

Given that @nick.eth has tested the actual execution part and verified it works fine, I would be fine backing moving everything over at once. But there’s no rush. Might be worth putting up a straw poll or something to see what people prefer?

1 Like

That’s true.

Yeah, that may be the way to go. As long as what each option implies is clearly defined so everyone understands what they’re voting for. I doubt everyone is reading the forum.

I support this if done correctly and carefully.

2 Likes