Q1 & Q2 2022 Ecosystem Working Group Budget Request

Summary

The Ecosystem WG is requesting funding to start the Q1/Q2 2022 term. The initial request is made up of three components:

  1. Elected steward compensation: $27,500 in USDC/DAI
  2. Bounties for the Bug Bounty program: $50,000 in USDC/DAI
  3. Ecosystem WG operational budget: $50,000 in USDC/DAI, 6 ETH, and 6,500 $ENS

After the initial comment period this request will be submitted to a snapshot vote on the 14th of February.

Bug Bounty

The ENS Bounty Program provides bounties for bugs. This program has been running since 2017 and historically has been funded by True Names Limited (TNL). With the creation of the DAO, the DAO is now able to manage and fund the bug bounty. Details of the program can be found here. The $50,000 will be awarded to developers outside of TNL who find vulnerabilities in the ENS protocol. As well as funding for white hat coding in response to system vulnerabilities which arise.

Operational Budget

The operational budget supports ecosystem subgroups with the following allocations:

Subgroup Name Description USDC/DAI ETH $ENS
Hackathons Bounties, judging, and facilitating and managing ENS’s hackathon participation. $10,000
Integrations Bounties for ecosystem integration support $10,000 500
3rd Party Projects Support projects that improve the ENS ecosystem, through proactive and retroactive grants. $10,000 6 1,000
Bug Bounty Administer the bug bounty program $5,000
WG Unallocated Funds Funds to be allocated to the above subgroups or facilitate the funding of new subgroups as the council of stewards deem necessary $15,000 5,000
Total $50,000 USDC/DAI 6 ETH 6,500 $ENS

Elected Steward Compensation

Provide compensation for the stewarding and the coordination efforts of active elected stewards.

Description Compensation Months # Stewards # Total
Base Compensation $1,000/month 5.5 3 $16,500
Supplement compensation* $2,000/month 5.5 N/A $11,000
Total $27,500 USDC/DAI

*Supplement compensation is allocated to the steward who supports coordination or who has greater involvement in DAO activities above what is expected of a steward. The steward council determines how the supplemental compensation is split between the stewards based on contributions of each steward.

It should be noted that the ecosystem working group has three elected stewards (@slobo.eth, @Ginge.eth, @bobjiang) and two appointed stewards (@nick.eth, @jefflau.eth). The appointed stewards are not compensated via this request.

Edit, adding polls

Elected steward compensation: $27,500 in USDC/DAI
  • Support
  • Oppose (provide explanation in replies)

0 voters

Bounties for the Bug Bounty program: $50,000 in USDC/DAI
  • Support
  • Oppose (provide explanation in replies)

0 voters

Ecosystem WG operational budget: $50,000 in USDC/DAI, 6 ETH, and 6,500 $ENS
  • Support
  • Oppose (provide explanation in replies)

0 voters

edit: updated bug bounty link

4 Likes

Just to clarify - the $50k for the bounty is intended to cover any bounties that are payable under this amount; if none come up, the funds would carry over to the next term, and so forth.

2 Likes

Firstly it is important to represent all numbers in terms of USD and show total and subtotals in terms of USD, this would allow to see picture more clearly

Converted proposed budget

Note: 1ETH = 2800USD, 1ENS = 18USD, as of 04/02/2022
Summary 1 - USD conversion
Subgroup Name Description USDC/DAI ETH $ENS
Hackathons Bounties, judging, and facilitating and managing ENS’s hackathon participation. 10 000
Integrations Bounties for ecosystem integration support 10 000 500
3rd Party Projects Support projects that improve the ENS ecosystem, through proactive and retroactive grants. 10 000 6 1 000
Bug Bounty Administer the bug bounty program 5 000
WG Unallocated Funds Funds to be allocated to the above subgroups or facilitate the funding of new subgroups as the council of stewards deem necessary 15 000 5 000
Sub-total on each subgroup, USD 50 000 16 800 117 000
Sub-total excluding Steward compensation, USD 183 800
Steward compensation
Base 16 500
Supplementary 11 000
Sub-total Steward 27 500
Total budget, USD 211 300

Total budget works out to c. 211 300 USD assuming 1ETH = 2800USD and 1ENS = 18USD, as of 04/02/2022

As next step absolute amount of each category relative to total budget should be considered

Summary 2, all figures quoted in USD except for % - budget structure analysis
Subgroup Name Absolute amounts % of total
Hackathons 10 000 5%
Integrations 19000 9%
3rd Party Projects 44800 21%
Bug Bounty 5 000 2%
WG Unallocated Funds 105 000 50%
Sub-total excluding Steward compensation 183 800
Steward compensation
Base 16 500 8%
Supplementary 11 000 5%
Sub-total Steward compensation 27 500
Total 211 300

Lets take top-down functional view on budget.

Compensation should be allocated proportionately work done. Within every working group 99% of work is done “on the ground” so to say, in other words in one of those subgroups: Hackathons, Integrations, 3rd Party Projects, Bug Bounty and so on. This is where value is created.

Stewards are helping to facilitate and organise the process within subgroups, then work is performed by Contributors within each group. Stewards are certainly not restricted from participating in any of those subgroups, as such they will be additionally proportionately compensated for their input to that particular subgroup. So “Supplementary Steward compensation” should be moved to one of those sub-categories. This way it will be more transparent and easy to see where each Steward also acted as a Contributor.

Having “WG Unallocated Funds” category which comprises 50% of total budget is not very efficient approach. This is effectively cost schedule, it would be impossible to find example of costs breakdown where 50% of funds were allocated to unknown category. Worst case scenario very small items might be combined into “miscellaneous” category with additional details in appendix. Together with “Supplementary Steward compensation”, quasi unknown part of proposed budget amounts to 55% - more than half.

For the purposes of this analysis budget will be adjusted removing “WG Unallocated funds” and “Supplementary Steward compensation”. Supplementary Steward compensation is removed due to the fact, that its unknown how it can be reasonably allocated to subgroups and thus following principle of conservatism it would be correct to remove it, rather than randomly including it into subgroups, especially given that spending breakdown between sub-categories is very uneven. The resulting adjusted schedule is as follows:

Summary 3, all figures quoted in USD except for % - removing WG Unallocated Funds and Supplementary Steward compensation
Subgroup Name Absolute amounts % of total
Hackathons 10 000 10%
Integrations 19 000 20%
3rd Party Projects 44 800 47%
Bug Bounty 5 000 5%
Sub-total excluding Steward compensation 78 800
Steward compensation
Base 16 500 17%
Sub-total Steward compensation 16 500
Total 95 300

Looking at this adjusted schedule, the following additional questions are proposed for discussion:

  1. c. 50% of funds are diverted to 3rd party projects, is that general consensus within community that this category is the most important one?

  2. Does community agree with this breakdown, seeing how each % effectively represents a level of priority of each category?

2 Likes

Hey @slobo.eth, thank you and the other Ecosystem stewards for this post. Appreciate the Ecosystem stewards leading the way with a budget for discussion before everything heads to a Snapshot proposal on February 14th.

It’s great to see the Ecosystem WG take responsibility for aspects of the Ecosystem, like the Bug Bounty and Hackathons, that were previously managed by True Names Limited (TNL).

With regard to steward compensation that is supplementary to the base compensation for the role, I’m glad to see that there is a provision to provide stewards with additional compensation for the amount of coordination and effort that is required in scoping out the WG and setting up infrastructure/systems that will persist beyond the Q1/Q2 2022 term.

I’m looking forward to seeing the Ecosystem WG find its feet and flourish this term. I support this funding request as it stands.

May I suggest adding some polls to your original post to get an idea of whether there is rough consensus on the amounts requested.

3 Likes

Great idea. I’ve updated the original post to have polls.

1 Like

I want to add that the Bug bounty section will in reality be more complex than just a one-time allocation.

Is this a one-time allocation btw? Or is it yearly?

If the bounty should follow the same payment structure as the one in the medium article:

This means that the yearly spending is effectively variable. But I’m not understanding exactly how much money is being awarded per vulnerability here : Is the budget defined in the post on top of the reward/per bug, or does it completely replace what’s written on the medium article?

I think a base for some soft-dollar remuneration could be included?

What part is this referring to?

The intention is that the budget request cover paying out smaller bounties directly from the ecosystem budget. Subsequent budgets will only include enough funds to top up whatever was used for bounties in the previous period.

1 Like

I understand this but what if the bounties paid out for one year end up being more than the budget; say 2 critical bugs and a high one?

The latest version of the bounty program is here; the rewards are substantially higher than the original version.

Any bounties higher than the WG budget would have to go to the DAO, and if there were enough small bounties to exhaust the WG’s budget, it’d have to make an out-of-band request for more funds.

1 Like

Okay, so those are definitely a lot higher.

When you say “have to go to the DAO”, it effectively means, “make a proposal to directly withdraw the funds and pay out the person claiming the bounty”, right?

Now, from what I understand, the setup you’re proposing is : Having a 50k$ fund, that we pay out small bounties from every year, and that we top-up each following year, if we have to, right?

How about, instead of topping it out, the funds carry over? Each year we put aside a 50k that is only touched once a bug is found.

I understand that the rarity and unexpectedness of critical bugs is why it’s difficult to budget for, but honestly there is still a solution we can do, except it could somewhat be expensive.

The solution different than the one above, would be to create an entire allocation for bug bounties, but which unfortunately runs out.
We allocate say, a 150k$ per year, and put it in the “Bounty fund”. As long as no bug is found, the bounty fund keeps increasing, and we can choose to increase the bounty rewards with it. But if the fund runs low, so will the bounty rewards, as we adjust them back down.

How many bugs have been found in the contracts since 2017? Maybe it’d help choose which solution would work best if we have a history.

That’s right. It doesn’t seem viable or advisable to give the Ecosystem WG >.5M in funds just in case a critical vulnerability is discovered.

I don’t think this is viable - it means that if more critical bugs are being found, we’re offering smaller rewards for them.

The EF paid Sam Sun for the critical vulnerability he found in the original registry, before ENS took over responsibility for the bounty. Since then the only bounty we’ve paid out was 1 ETH for a website issue that someone identified, which wasn’t technically covered by the bounty, but warranted a reward anyway.

1 Like

Fair enough, the other downside to allocating a yearly fund to the bug bounty is that in case no critical bugs are discovered, (which is the likely to happen scenario), we are freezing a 150k$ per year that isn’t necessarily going to be used.

Now finally, is 50k the flat amount that is set aside for all these activities ?

This part needs a bit more clarification, this is in addition to the comments @SpikeWatanabe.eth made.

Should we separate the Bug bounty section from the rest of the activities? The caveat is that it’s somewhat only a one-time allocation, that only keeps getting topped up every year, not renewed.

1 Like

Yes in USDC/DAI, plus 6 ETH and 6,500 $ENS. This is for the Q1&Q2 2022 term.

Regarding the administration of the bug bounty, what kind of clarification are you looking for?

1 Like

Hackathons or integrations in particular.

I mean that 50k should be set aside for bug bounties alone. As even low severity bugs get rewarded with up to 20k according to the new rules.

The rest of the categories can have their respective budgets, but you need to consider @SpikeWatanabe.eth’s comments

I think there is another issue with that budget

@slobo.eth as one of stewards of this working group must have incentive to request and spend funds in the most efficient way from ENS DAO perspective, in other words in the best interest of ENS

on the other hand @slobo.eth is cofounder of startup called NFTY chat, which relies on .eth names, and as such is directly incentivised to request and spend funds in such a way which is beneficial for his own startup, in other words he is interested in obtaining as much funds as possible for his own startup as cheaply as possible

I believe that those two interests cannot coexist without conflict

That is why if for example if you are to become government official, you cannot own or otherwise have interest in any commercial enterprises, because it produces conflicts of interest

Lets say I was elected to be municipal servant in charge of road network, and simultaneously I would own a company building / repairing road network, then I would be incentivised to award all municipal contracts to my own company, at inflated prices and exclude any competition from that process

In the light of that issue my questions about distribution of funds allocated become even more relevant, because significant proportion of funds been allocated to “3rd Party Projects”, and the rest of spending is opaque at best being allocated to "unknown category"

On the governmental level this situation typically would not be possible at all, because public officials would not be allowed by law to participate in any commercial activity. If that is allowed to exists, then it inevitably leads to all sorts of corruption, government officials are fusing with other structures commercial and official, spending becomes very inefficient, and new entrants are restricted from participation in both “fair commercial tenders” and “fair political process”

Typically corrupt government officials like to enjoy their monopolised position with access to public funds and would prevent anyone from taking that position either via fair commercial tender and or via fair political process by rigging the elections

In case of ENS governance this sets potentially dangerous precedent

1 Like

While you are right in theory, it’s still not that easy for him to be that biased, considering how transparent funding is going to be.

Is @slobo.eth going to be the “DAO Treasurer”? Or will each steward be in charge of requesting a yearly fund to manage their working group?

Regardless of the answer to that question (which should still be answered for transparency reasons), the issue of some funds being spent inefficiently, can be solved by making these smaller spendings go through an off-chain vote, and have 1 (or more, depending on working groups) on-chain vote to get the funds off the Treasury.

So once this yearly budget is approved, the money will be transferred from the treasury to the treasurer, or the steward in charge of this working group. But then that steward/treasurer has to go through an off-chain voting process to allocate them to this or that event, to this or that startup, and so on…

Are there any systems in place to prevent this person from straight up running away with the funds? Or maybe there is not going to be a “tether” at all, and every small spend has to be done through an on-chain vote?

I do not think it is practical to expect stewards to avoid participating in any project that could potentially benefit from grant funding.

Instead, I would expect stewards to disclose when they have a connection to a proposed grantee, and recuse themselves from voting on anything related to it.

3 Likes