[Executable] Establishing a new Security Council

Abstract

This proposal establishes the new ENS Security Council based on the results of EP 6.50 “Election of the New ENS DAO Security Council”. The term will last two years, until 16 July 2028.

Motivation

The Security Council was originally established in EP 5.13 as a 4-of-8 multisig with a single power: to cancel malicious proposals made to ENS DAO. It cannot propose, amend, or initiate any governance action. Its term was two years, ending 24 July 2026.

The purpose of this proposal is to establish a new Security Council that will inherit the same responsibilities for the coming two years.

Specification

A single call to the DAO’s TimelockController, granting PROPOSER_ROLE to Blockful’s Security Council contract, which is owned by a multisig with the Security Council members elected in EP 6.50.

The Security Council contract has been deployed to 0x2acBf518b3759f6e1fA163294eda55bF1d0ae051, and the multisig to 0x7101B78638e34444F0a5AdE9e1149fbEeC029931.

After two years, any address may call renounceTimelockRoleByExpiration() to revoke its cancel power unless extend() is called first by a separate DAO proposal.

Transaction

Target: 0xFe89cc7aBB2C4183683ab71653C4cdc9B02D44b7

Function: grantRole(bytes32 role, address account)

Arguments:
- 0xb09aa5aeb3702cfd50b6b62bc4532604938f21248a27a1d5ca736082b6819cc1
- 0x2acBf518b3759f6e1fA163294eda55bF1d0ae051
1 Like

This is now live for voting

2 Likes

As a delegate it would have been nice to have this proposal up on the forum for at least 12 hours before it was moved to vote.

This is the executable part of 6.47 - it implements exactly what was proposed and voted on in 6.47. It’s also time-critical as we need to ensure it completes before the current security council expires in order to avoid the risk of the DAO being unprotected.

1 Like

Live proposal calldata security verification

This proposal is now live!

Calldata executes the expected outcome: a single grantRole call handing the timelock’s
cancel gate (PROPOSER_ROLE) to the new Security Council contract, owned by the 5-of-8
Safe of the elected members, with the term ending 16 July 2028. The
council bytecode is identical to the audited deployment from EP 6.49, and the Safe is a
vanilla 5-of-8 with no modules and no guard. The simulation confirms the Safe can cancel a pending timelock operation. The full test of the live proposal is here.

One request for the council members: 3 of the 8 Safe signer addresses
(0x1fEBBa3230f157656AD05Df16A4aB8DDac4291FD, 0x06f2caFB5276B11bAA6679ABE49D5A5C0A911f5B,
0x34f23a532A81118eB53A565ae9Cf560aaE59777d) have no ENS primary name set, so they
cannot be publicly tied to the elected members. Please set a primary name on your signer
address, as the other five members did, so anyone can verify the Safe is controlled by
the elected council.

To verify locally:

  1. Clone: git clone https://github.com/blockful/dao-proposals.git
  2. Checkout: git checkout 0f96015
  3. Run: forge test --match-path "src/ens/proposals/ep-new-security-council/*" -vv