I understand this but what if the bounties paid out for one year end up being more than the budget; say 2 critical bugs and a high one?
The latest version of the bounty program is here; the rewards are substantially higher than the original version.
Any bounties higher than the WG budget would have to go to the DAO, and if there were enough small bounties to exhaust the WG’s budget, it’d have to make an out-of-band request for more funds.
1 Like
Okay, so those are definitely a lot higher.
When you say “have to go to the DAO”, it effectively means, “make a proposal to directly withdraw the funds and pay out the person claiming the bounty”, right?
Now, from what I understand, the setup you’re proposing is : Having a 50k$ fund, that we pay out small bounties from every year, and that we top-up each following year, if we have to, right?
How about, instead of topping it out, the funds carry over? Each year we put aside a 50k that is only touched once a bug is found.
I understand that the rarity and unexpectedness of critical bugs is why it’s difficult to budget for, but honestly there is still a solution we can do, except it could somewhat be expensive.
The solution different than the one above, would be to create an entire allocation for bug bounties, but which unfortunately runs out.
We allocate say, a 150k$ per year, and put it in the “Bounty fund”. As long as no bug is found, the bounty fund keeps increasing, and we can choose to increase the bounty rewards with it. But if the fund runs low, so will the bounty rewards, as we adjust them back down.
How many bugs have been found in the contracts since 2017? Maybe it’d help choose which solution would work best if we have a history.
1 Like
That’s right. It doesn’t seem viable or advisable to give the Ecosystem WG >.5M in funds just in case a critical vulnerability is discovered.
I don’t think this is viable - it means that if more critical bugs are being found, we’re offering smaller rewards for them.
The EF paid Sam Sun for the critical vulnerability he found in the original registry, before ENS took over responsibility for the bounty. Since then the only bounty we’ve paid out was 1 ETH for a website issue that someone identified, which wasn’t technically covered by the bounty, but warranted a reward anyway.
1 Like
Fair enough, the other downside to allocating a yearly fund to the bug bounty is that in case no critical bugs are discovered, (which is the likely to happen scenario), we are freezing a 150k$ per year that isn’t necessarily going to be used.
Now finally, is 50k the flat amount that is set aside for all these activities ?
This part needs a bit more clarification, this is in addition to the comments @SpikeWatanabe.eth made.
Should we separate the Bug bounty section from the rest of the activities? The caveat is that it’s somewhat only a one-time allocation, that only keeps getting topped up every year, not renewed.
1 Like
Yes in USDC/DAI, plus 6 ETH and 6,500 $ENS. This is for the Q1&Q2 2022 term.
Regarding the administration of the bug bounty, what kind of clarification are you looking for?
1 Like
Hackathons or integrations in particular.
I mean that 50k should be set aside for bug bounties alone. As even low severity bugs get rewarded with up to 20k according to the new rules.
The rest of the categories can have their respective budgets, but you need to consider @SpikeWatanabe.eth’s comments
I think there is another issue with that budget
@slobo.eth as one of stewards of this working group must have incentive to request and spend funds in the most efficient way from ENS DAO perspective, in other words in the best interest of ENS
on the other hand @slobo.eth is cofounder of startup called NFTY chat, which relies on .eth names, and as such is directly incentivised to request and spend funds in such a way which is beneficial for his own startup, in other words he is interested in obtaining as much funds as possible for his own startup as cheaply as possible
I believe that those two interests cannot coexist without conflict
That is why if for example if you are to become government official, you cannot own or otherwise have interest in any commercial enterprises, because it produces conflicts of interest
Lets say I was elected to be municipal servant in charge of road network, and simultaneously I would own a company building / repairing road network, then I would be incentivised to award all municipal contracts to my own company, at inflated prices and exclude any competition from that process
In the light of that issue my questions about distribution of funds allocated become even more relevant, because significant proportion of funds been allocated to “3rd Party Projects”, and the rest of spending is opaque at best being allocated to "unknown category"
On the governmental level this situation typically would not be possible at all, because public officials would not be allowed by law to participate in any commercial activity. If that is allowed to exists, then it inevitably leads to all sorts of corruption, government officials are fusing with other structures commercial and official, spending becomes very inefficient, and new entrants are restricted from participation in both “fair commercial tenders” and “fair political process”
Typically corrupt government officials like to enjoy their monopolised position with access to public funds and would prevent anyone from taking that position either via fair commercial tender and or via fair political process by rigging the elections
In case of ENS governance this sets potentially dangerous precedent
1 Like
While you are right in theory, it’s still not that easy for him to be that biased, considering how transparent funding is going to be.
Is @slobo.eth going to be the “DAO Treasurer”? Or will each steward be in charge of requesting a yearly fund to manage their working group?
Regardless of the answer to that question (which should still be answered for transparency reasons), the issue of some funds being spent inefficiently, can be solved by making these smaller spendings go through an off-chain vote, and have 1 (or more, depending on working groups) on-chain vote to get the funds off the Treasury.
So once this yearly budget is approved, the money will be transferred from the treasury to the treasurer, or the steward in charge of this working group. But then that steward/treasurer has to go through an off-chain voting process to allocate them to this or that event, to this or that startup, and so on…
Are there any systems in place to prevent this person from straight up running away with the funds? Or maybe there is not going to be a “tether” at all, and every small spend has to be done through an on-chain vote?
I do not think it is practical to expect stewards to avoid participating in any project that could potentially benefit from grant funding.
Instead, I would expect stewards to disclose when they have a connection to a proposed grantee, and recuse themselves from voting on anything related to it.
3 Likes
the point is that this document here
is broken in many different places, I pointed them out
If everyone still thinks that its ok to approve it as it is, well my mission is done either way 
I’m pretty sure though, that if budgets will get approved on regular basis with large sums allocated to “unknown” and unchecked conflicts of interest, this will be the “end of treasury as we know it” 
EDIT: Interestingly, everyone is very keen to discuss how to squeeze some extra yield on staking, but there is very little concern on spending. Having very well structured disciplined approach towards costs control is a much more efficient way to ensure financial stability, rather than throwing money into risky staking schemes
2 Likes
Some of these questions also apply to any working group that has a budget.
Additional clarity on how funds are handled and disbursed makes sense to have. However, since this applies to all working groups, my gut feel this falls into meta governance. They may have already discussed it, but I have not kept up with what is going on there.
Regarding my other projects, I updated my forum profile to show that I’m a co-founder of a web3 start up* for transparency.
*When the project officially launches I will also include the name of the company.
From this DAO-Wide guidance
Does the Ecosystem WG or subgroups have specific goals for which funds are being requested (ie: instead of a general “support hackathons” description, a specific goal would be “host ENS hackathon”)? Or is this budget designed to be mostly discretionary, with goals “to be determined”? I understand that we’re still figuring all these things out, but community members might feel more comfortable if requested funds are first attached to concrete and measurable goals.
This is tricky. Even if a conflicted steward recuses themselves, they still exert influence via their working relationships with the other voters. If I were a steward, I might not feel comfortable voting down a colleague’s funding request, potentially poisoning the team dynamics moving forward (I wouldn’t expect a begrudged steward to sponsor my “supplemental compensation” request, for example). @slobo.eth would you be willing to forgo active solicitation of funding grants for projects you’re involved in during this first term?
$1000/month is a solid middle-class, full-time, monthly wage in many parts of the world, but would only fund a few hours of time from a top lawyer/developer/manager. What type of time commitment can the community expect from their stewards for this compensation? Did some type of hours * rate calculation go into this $1000 figure? Would the stewards be willing to document roughly how they’re spending their time?
3 Likes
I understand your concern about unchecked conflict of interest and allocation of unknown sums of money. These are real concerns, but the possibility of this just isn’t a reality with the intended framework.
My understanding is our working groups are requesting these budgets to merely be allocated from the DAO treasury for spending. This allocations grants the WG permission to disburse the funds, but it does not guarantee that they will be disbursed. For example, the Community WG intends to roll any used funding to the next quarter or back into the treasury.
For the security of the allocated funds, the actual disbursement of these funds will be executed by multi-sig. I think if we are worried about three signers running off with ~16k each (50k budget), there might be larger trust issues to consider.
Speaking to conflicts of interest regarding personal projects by @slobo.eth… I’m not aware that he is actively seeking any grants for third-party integrations directed towards his project. If he has received grants in the past while not serving as a steward, I don’t see why that would be an issue. Through my personal interactions with him I have absolutely zero concern that he would exploit his position.
@KingZee 
See above. Funds will be disbursed by multi-sig.
There’s been some back and forth of wether or not to use an hourly rate for compensation within the DAO. I personally don’t think it’s practical in the case of Steward Comp. The current expectation is that Stewards will commit at a minimum 5hr/wk. I think a lot of this comes down to the integrity of the Stewards we elect and making sure we don’t take this role lightly. I’d be fine documenting my time, but planning for this as a “salaried,” position seems more appropriate due to the nature of the work.
Also, at a point it becomes work to track times, input them and field community audits of timesheets… I’ve done that with the Federal Gov’t and it’s a friction point that’s not fun for anyone involved… We have a enough social proof and voting mechanisms to allow for corrective action if a steward fails to meet their responsibilities.
I might suggest that stewards don’t pay themselves. A steward comp multi-sig consisting of representatives from each WG would be a fair way to ensure accountability.
5 Likes
Hey @spikewantabe.eth I want to thank you first and foremost for your in depth look and analysis of the budget put forth. I think we should reframe and think of third party applications as things such as the eth leaderboard and other future projects that could help further expand ENS. I think it shows great faith in the ecosystem, that builders integrating ENS also want to help shape its future. I don’t foresee a devaluing of ENS goals for the views of one persons objectives, we act as a team when allocating funds.
3 Likes
I am finding it hard to get behind enforcing the wage rate-limit or even “counting time”. The issue with this is that once you start pinning wages next to the position, it signals to the people that it is work-for-hire. But it is instead a voluntary and publicly elected appointment similar to that of a politician or head of state. The commitment to the job depends entirely on the voluntarity of the contribution of the individual. In modern work environments, it is not unheard of to treat hour-rate-limiting as flexible. There is a reason why certain (all?) publicly elected jobs are not remunerated by the hour and it is precisely this reason. Once you start counting hours and signalling importance to that metric, stewards who are putting 15hr/week for fun will feel demotivated. Plus, there are some people who can do in an hour what others take days but this issue is not native to ENS but a general inequity. The positions are already only semi-annual and the DAO can decide soon enough if the stewards did the stewarding right.
2 Likes
Ladies and gentlemen, I really don’t know what else to tell you. I see fairly little substance in that discussion, except for @nick.eth contributions, which were fairly constructive
The rest of replies felt very vague
This is a community discussion after all, I raised flags, which I thought were important, I’m confident that issues which I raised are very clear and easy to understand, @royalfork further rephrased and reiterated them, I think his message was even better and more eloquently worded
If community feels that this discussion is effective, addresses important questions in the best interest of ENS, then it is what it is
I’m personally going to vote against this budget
@SpikeWatanabe.eth Thanks for outlining that budget above in USD values - it helps to get a much better picture at a glance!
I agree that the unallocated funds is frustratingly high, but I also think that leniency should be afforded during these early days of ENS governance where we’re all finding our footing. Regarding your question about third-party projects: I think they are what makes a protocol thrive. It’s kinda like asking what would Ethereum be without dapps? ENS is a third-party program on top of Ethereum, and IMO ENS needs third-party programs being built around it to have a chance to grow and grow and grow. ENS has certainly gained a high level of awareness by simply existing, but will need more things built around it to adopt more users and more use cases.
Your concerns about conflict of interest are fair and it’s a bummer that Slobo is the target of those concerns. I think you should keep an eye of healthy skepticism but also don’t start off on the wrong foot by pre-emptively assuming the worst of folks. Being part of a DAO is just as much about relationship management as it is about knowing numbers.
@royalfork $1,000 monthly compensation for stewards is the rate that the Community WG is currently working with as well. As @Coltron.eth mentioned, the estimated amount of hours a steward might contribute per week is 5, which translates to a rate of $50/hour. 5 hours is pretty light and there will be weeks where we contribute more than 5 hours (like last week) and maybe even weeks where we contribute fewer than 5 hours. I feel $1,000 is a pretty reasonable number. Aside from that, I have no strong feelings for or against the “supplementary steward compensation.”
I’ve said this a lot, and I’ll continue to reiterate it: a lot of us are figuring this whole governance thing out for the first time. I’d like to request a level of DAO-wide leniency from the greater community that allows us to learn and grow and find out the best way that we can each support the ENS DAO as individuals and in groups.
Bringing up concerns is healthy and appreciated, but please remember that it’s impossible to be perfect - especially on the first go-around of anything. Everything is transparent, every step of the way, and we can all work together to try things, observe how they go, adjust, and try again.
Edit: A lot of what I’m trying to get across as well is the idea of acting in good faith and assuming everyone else is as well. I would say that every single steward is acting in good faith, but some of your replies come across as if we’re acting in bad faith.
5 Likes
Setting measurable and specific goals ensures that both DAO memebers and stewards are on the same page regarding expectations for the term. This helps DAO members understand exactly what they’re getting before committing a $200k investment into the Ecosystem WG, and lets stewards know what they’re expected to deliver should they seek another term.
Completely understood. I think stewards should try their best to define goals they feel comfortable committing to at this time, with the understanding the goals will be intentionally vague and may change. Some examples would be “come up with long-term goals”, “define processes to execute goals”, “figure out how to measure progress on goals”, etc. Then, if the WG can deliver 3 blog posts on those topics by the end of the term, everyone will be happy.
Agreed. I trust the WG will be largely self-policing (to @inplco’s point, no need to track hours or anything like that), but it’s helpful that everyone is on the same page regarding a general time commitment.
I don’t think anyone is assuming the worst in anybody. @slobo.eth seems like a genuinely nice and competent person, and no one in this thread is accusing him of anything untoward. That said, we are all just strangers on the internet, so I think a pretty high bar is justified when large sums of money are at stake. I fully expect that conflicts of interests will come up regularly, and we should all figure out a fair policy for dealing with and managing those conflicts. If Slobo can say that he won’t solicit a grant this cycle, all of this is moot and we don’t need to worry about it. If he plans to ask for a grant, in the spirit of full transparency, I think that should be communicated up front (I also think he should privately tell at least 1 other steward the nature of his stealth venture, in case any of his competitors ask for grants). None of this is meant to sound accusatory, and I have full confidence in the stewards to “do the right thing”. Trust, but verify.
2 Likes