[RFC] Introducing a Subsidy Contract

Previously, I had discussed the idea of subsidizing gas costs for verified, ENS-aligned voters as a way to strengthen governance participation and create a flywheel between voter activity, developer incentives, and ENS ecosystem growth.

I’d like to pivot this conversation toward a broader and more infrastructure-oriented approach: exploring how .eth L1 gas subsidies could be funded directly from registration and renewal revenue, and structured as a universal public good for all .eth holders rather than a discretionary or participant-exclusive incentive.

—

Introduce a dedicated subsidy contract

Currently, the Registrar Controller collects funds from .eth registrations and renewals, and the DAO withdraws those funds into its treasury. I propose developing a dedicated subsidy contract that receives a percentage of revenue from the Registrar Controller and uses it to subsidize .eth-related gas costs.

How it works

Revenue split at the Registrar Controller

Modify the Registrar Controller so that, instead of routing 100% of proceeds to the treasury, it splits incoming funds by a configurable ratio (for example, 90/10) between the DAO treasury and the new subsidy contract.

This creates a sustainable, automatic funding source for gas subsidies rather than relying on ad-hoc DAO votes or periodic treasury grants.

Subsidy contract accumulation and reimbursement

The subsidy contract accumulates its share of revenue and is programmed to reimburse or sponsor eligible .eth transactions (to be defined in the proposal).

It can include:

• per-transaction reimbursement cap to protect against gas spikes.
• periodic budget cap that limits the total amount distributed within a given timeframe.

DAO governance and parameters

The subsidy contract would remain fully governed by the DAO, which could set or adjust parameters such as reimbursement caps, eligible actions, budget ratios, and emergency overrides.

This approach ties subsidies directly to ENS usage, improving long-term sustainability, while keeping all parameters transparent and adjustable by the DAO with clear on-chain records.

—

The Ask

This would naturally require careful design and comprehensive auditing, as it introduces new logic and potential attack surfaces. I’m seeking input on whether the benefits of implementing this contract outweigh the risks.

I’ve been thinking along similar lines. The obvious simple approach is to say that up to 10% of a user’s registration fees can be claimed back in subsidized transactions - but the main issue with this is accounting overhead; if we have to track an extra token balance for gas sponsorship, that adds significant overhead to all transactions; it may as much as double gas usage!

I think blanket routing 10% could be a dangerous. Looking at Q4-25 registration rev. That’s a ~0.5M program per quarter which “feels” wasteful.

It’s important to consider what the nature of the subsidy is for. Is the DAO supporting new builders? First time ENS users? Users from marginalised countries? Students? NonProfits?

If so a 100% rebate in these clear cut cases feels more meaningful than a blanket 10% subsidy.

I would be in favour of a system where, with some smart onchain/offchain lookups, we could process some eligibility assertions and issue a rebate. This type of system would also scale cleanly as the program is refined and evolves.

It also pushes fwd innovation with respect to what can be stored on ENS and provably verified.

eg. I think if you were an EthGlobal builder who submitted a hack, you may have some on-chain proof which we could easily verify?

It only costs as much as is actually spent on qualifying transaction gas costs. Some form of expiry would be needed to recover unused funds either way.

Given the cost savings of not running an L2, I’d like to spend a meaningful proportion of that on subsidizing all ENS transactions for users, up to a reasonable limit (such as 10% of that user’s registration fees).

Would this include Text updates?

Personally I think that would be interesting. I’m all for encouraging users to put more data on ENS. Some quick and dirty analysis on what that roughly looks like historically.

image2208×732 50.2 KB

I don’t see any reason to discriminate on what users do with their subsidized transactions, as long as they’re on ENS contracts!

Circling back to this with a more concrete design. The OP left the accounting mechanism open-ended intentionally — the conversation surfaced why per-user credit balance tracking is a naive approach.

Regarding the accounting mechanism: we need a way to avoid the state-write problem entirely to eliminate overhead, and a way to require no user action for seamless, universal UX.

I propose a novel approach — a retroactive gas rebate via epoch push:

How it works

1. A publisher posts a Merkle root onchain by submitting a bond — anyone can do this. The computation is deterministic from public onchain event data, so any actor can independently verify or produce the correct root.
2. A 24–48h dispute window opens — anyone can verify and challenge
3. ETH is pushed automatically to eligible addresses

No claim step. No wallet requirement. Works for EOAs, smart accounts, multisigs — the vast majority of address types.

The only failure case is contracts that explicitly reject ETH (no receive(), or a receive() that reverts) — an edge case mostly limited to protocol treasuries and some proxy contracts.

Failed pushes don’t lose the rebate: it stays in the subsidy contract and is claimable directly by that address before the epoch expires. Push is the default; claim is the fallback.

The UX: you used ENS, ETH arrived in your wallet — contingent on a root being published each epoch. In practice this is a low-maintenance operation; the bond mechanism ensures anyone can step in.

The epoch delay is addressed by a real-time accrual dashboard — users see their pending rebate growing as they interact with ENS throughout the epoch. The delay becomes engagement, not friction.

—

Funding the subsidy contract

Originally, I’d intended to modify the Registrar Controller directly to split funds between the Treasury and the proposed Subsidy Contract. @Blockful’s Treasury Flow Automation (TFA) proposal changes that — and improves on it.

The epoch push rebate mechanism is downstream of TFA. Because TFA introduces the RegistrarManager as the single owner of all controllers — with a permissionless withdrawAll() that routes ETH to a DAO-configurable destination — we can insert a RevenueSplitter contract at that destination rather than touching the controllers at all.

The RevenueSplitter would be set as the RegistrarManager’s destination via a single setDestination() call, bundled into the same executable proposal that deploys both contracts.

Its properties:

• Receives ETH from RegistrarManager on withdrawAll()
• Splits by a DAO-configured ratio (e.g. 95/5) — set on deployment, adjustable by timelock
• Routes the majority to the Endowment (endowment.ensdao.eth)
• Routes the minority to the Subsidy Contract
• Zero changes required to blockful’s contracts
• Simple, auditable — ~50 lines of Solidity

—

Design Questions:

Building on Nick’s framing — rebates capped at 10% of a user’s registration fees, with expiry — the open design questions are around the mechanism itself.

1. Bond sizing and slashing: the publisher bond needs to exceed the maximum epoch rebate to make griefing unprofitable. What’s the right floor, and who captures a slashed bond — the challenger, or does it burn?
2. Dispute mechanism: “anyone can challenge” needs to be deterministic in practice. The standard pattern is: challenger submits a leaf, proof, and expected value that contradicts the root, and the contract verifies and slashes. Does this feel sufficient, or is there a simpler construction?
3. Batched push execution — if an epoch has thousands of eligible addresses, a single push transaction will exceed the block gas limit. Push execution would need to be batched across multiple transactions. Worth designing for from the start; at current gas levels the execution cost is negligible.

—

If this reasoning sounds right, I’ll follow up with a more detailed spec for community feedback on the design — and if there’s rough consensus, move to a Temp Check.

Update: Following yesterday’s Meta-Governance Meeting, I committed to sharing my rationale for settling on the retroactive epoch push model.

In total, I evaluated four implementation paths against three criteria:

1. Forward compatibility with @blockful’s upcoming Treasury Flow Automation proposal
2. User Experience, and
3. Universality.

Below, I outline other paths I considered, and why the merkle proof path wins out, despite the engineering overhead:

Pull Model: off-chain accounting + onchain claim

This pattern computes eligibility off-chain, publishes a merkle root onchain, and lets users claim their rebate by submitting a proof.

It scores well on universality — EOAs, smart accounts, and any wallet type can participate — and adds zero per-tx overhead to normal ENS usage. The tradeoff is UX and participation rate. Users must know the rebate exists, actively initiate a claim transaction, and pay gas to do so.

ENS’s own 5.19 distribution shows what happens in practice: only 26 out of 98 eligible recipients (26%) claimed their tokens six months after distribution — and @danch.quixote noted that those who did were “exactly those who are close to the DAO and are aware of what is happening in it.”

In this case, the subsidy reaches the people who are already engaged, not the ones gas friction is actually costing.

ERC-4337 paymaster

This pattern covers gas in-transaction, and while the UX is seamless (no claim step necessary), it’s currently limited to users transacting via a 4337-enabled wallet. The restriction isn’t about how a name was registered — it’s about the wallet being used to interact with ENS today.

While we are trending towards transacting on such wallets, the majority of ENS users transact via EOA wallets — evidenced by the wallet options surfaced on app.ens.domains, where MetaMask, Ledger, Rainbow, and Browser Wallet (all EOA) represent the primary connection paths.

Requiring smart account adoption as a precondition defeats the purpose of a subsidy designed to reduce friction for all ENS users. It also introduces bundler and EntryPoint infrastructure dependencies, and requires smart account adoption to reach meaningful scale before the subsidy has any real impact.

Lazy accounting at claim time

This pattern keeps everything onchain and eliminates offchain computation entirely. No merkle root, no watcher, no centralization risk. Eligibility is computed directly from onchain state when the user initiates a claim. It’s the simplest of the four designs to reason and audit. However, the simplicity comes with a heavy tax to the user, computing the claim amount is compute-heavy compared to a merkle proof, which means the gas cost is much higher.

Paying gas to get a gas rebate is an oxymoron and kills the attractiveness of this approach.

—

One dimension the path descriptions above don’t fully expose is how trust and centralization risk vary across each:

The Epoch push is genuinely worth the engineering overhead when you take everything into consideration.

It’s the only path that scores on all three criteria — forward compatibility with TFA, UX, and universality. It asks nothing of users.

At the end of every epoch, ETH arrives in their wallet, and they’re happier for it.

—

Backtesting is the natural next step — will follow up with data, a detailed spec, and implementation design, though it’ll take some time to pull together.

If you’re curious and want to follow updates and/or contribute, I created a dedicated space to talk about this: join here.

Update: Following up after spending time with the ENSv2 contracts — the epoch-push model I outlined in March was built on ENSv1 revenue mechanics that v2 doesn’t share.

The ERC-4337 paymaster path I’d ranked out is now the most natural fit — because of how HCAs are wired into the v2 registrar.

Below: why this makes the paymaster path feasible, its trust model, and open design questions.

1. V2 Changes

ENSv2 collects payment as ERC-20 sent straight to an immutable BENEFICIARY on every registration and renewal:

SafeERC20.safeTransferFrom(paymentToken, _msgSender(), BENEFICIARY, base + premium)

There’s no withdrawal step. The epoch-push design I previously advocated for depended on one — it’s where RevenueSplitter was supposed to attach.

Without the withdrawal step, that approach is rendered null.

The v2 registrar contracts are deliberately payment-agnostic; they expose a clean ERC-20 entry point and leave the gas story to the integration layer. That’s where the subsidy mechanism has to exist.

2. HCAs make paymasters feasible

We had previously crossed out the paymaster path because it appeared to require end-users to hold ERC-4337-enabled smart-account wallets, while most ENS users transact from EOAs.

After learning about HCAs, I realized that conclusion was wrong.

Hidden Contract Accounts (HCAs) are an attribution primitive. ETHRegistrar inherits HCAEquivalence, takes the HCA factory as a constructor arg, and resolves _msgSender() through it.

This means that when a user registers or renews through a proxy, the v2 registrar pulls the ERC-20 registration fee from the resolved owner EOA — its balance and approval — not from the proxy.

The proxy is only the EVM-level transaction submitter.

This unblocks the paymaster path. An EOA user can have their tx submitted via an ERC-4337 flow with a paymaster sponsoring gas, and because _msgSender() resolves to their EOA, they stay the payer of record — without having to pre-fund the proxy or migrate to a smart account.

One nuance: HCA isn’t necessarily the only path in. EIP-7702 lets a plain EOA temporarily delegate to smart-account code and submit a UserOp itself.

So there is likely a complementary path for both HCA and 7702, where HCA covers users already behind real proxies (Safes, AAs, multisigs, etc.), and 7702 covers plain EOAs directly.

Looking further, the contracts-v2 repo includes a full ERC-4337 CI harness that exercises v2 registration flows — though it’s stale, a July 2025 proof-of-concept that hasn’t been substantively revised since.

What remains is wiring the production HCA factory into the deploy scripts — it’s a mock placeholder there today (MockHCAFactoryBasic). And there’s no production paymaster yet either, only the mock in the CI harness.

3. Trust model for the paymaster path

With an on-chain-rule paymaster — eligibility encoded in the contract, owned by the DAO timelock, not a verifying paymaster with an off-chain signer — the trust surface looks something like this:

• Liveness dependency — keeping the paymaster’s deposit at the EntryPoint funded
• DAO governance — the DAO owns the paymaster’s params and upgrades
• Rhinestone HCA Factory — external contract under separate audit scope; trusted for correct proxy → owner resolution
• EntryPoint — the canonical, audited ERC-4337 singleton
• Bundlers — can censor (decline to include a UserOp), but cannot steal or forge

A note on where the sponsored-gas direction comes from. The CI harness above uses a verifying paymaster mock — and “verifying” bundles two separate things:

• What’s paid — it sponsors gas rather than charging the end-user in tokens. That’s the sponsored-gas direction we’re advocating for here. Given the harness’s vintage, I’d treat this as a weak signal rather than a settled one — but it’s at least the pattern ENS reached for when they scoped it.
• How eligibility is decided — via an off-chain signature. The mock is sig-based because that’s the simplest thing to stand up in CI; it doesn’t settle the production eligibility model — which is why the trust surface above deliberately assumes on-chain-rule instead.

4. What the mechanism would look like

A paymaster contract, owned by the DAO timelock, encodes which transactions it sponsors — commit, register, renew on the v2 ETHRegistrar — plus a per-address cap (covered below).

Because registration is commit-then-reveal with a ~60s minimum commitment age, a sponsored registration is two UserOps, not one. The full flow:

• UserOp 1 — approve + commit. The user approves the ETHRegistrar to pull the ERC-20 fee from their EOA and submits the commitment, batched into a single UserOp via an HCA proxy. Because of HCA resolution, the registrar treats the user’s EOA — not the proxy — as payer of record.
• The paymaster checks its on-chain rule and sponsors the gas; the EntryPoint settles.
• Wait out the ~60s minimum commitment age.
• UserOp 2 — register. Submitted the same way: the registrar pulls the ERC-20 fee from the user’s EOA, the paymaster sponsors the gas again, the EntryPoint settles.

Net result: the user pays the name’s ERC-20 price and nothing else — across two transactions they otherwise never have to think about. Collapsing it to a single signature requires a smart account with session/intent support to auto-fire UserOp 2 after the delay (see open questions).

5. Costs

According to ENS Blog:

“If we subsidized every single ENS transaction that occurred in 2025, we’d spend roughly $10,000 at current gas prices. Even at the highest gas prices we’ve observed post-Fusaka, that number only rises to around $250,000.”

Earlier, I assumed that the subsidy contract should partition a structural proportion of protocol revenue — an assumption that stemmed from ENSv1-era gas costs.

At ~$10k/year for full coverage at current gas — and ~$250k even at peak post-Fusaka prices — this becomes a trivial budget line either way.

This changes two things:

1. Funding — the paymaster’s deposit at the EntryPoint can be topped up permissionlessly — anyone can fund it. Only the sponsorship rules and withdrawal authority remain with the DAO timelock.
2. User caps — nick.eth’s concern wasn’t the subsidy’s budget, it was implementation. He warned the obvious “10% of registration fees” cap adds significant accounting overhead to all transactions — not just subsidized ones. Because enforcing it onchain means the registrar must accumulate each user’s cumulative fees — taxing every register / renew, subsidized or not. A flat per-address-per-epoch cap avoids that: it lives entirely in the paymaster, so it only adds cost to sponsored transactions and never touches the base registrar path.

6. Open design questions

• What will the paymaster’s production eligibility model be? I’m advocating for an on-chain rule, per §3.
• What is the eligibility scope? Given the discussion thus far, I’m leaning towards commit, register, renew, but perhaps we consider resolver writes as well.
• Cap design: leaning flat per-address-per-epoch to counter griefing. Fee-proportional seems unnecessary and costly, though it provides better sybil resistance.
• Does user participation in gas subsidies require routing through an HCA proxy, or are there plans to also integrate EIP-7702 to let plain EOAs participate directly?
• The two-UserOp commit-reveal flow needs something to fire the register op after the ~60s delay without a second user signature — a smart account with session-key or intent support. Does that capability come from the HCA proxy, an EIP-7702 delegation, or the wallet/app layer?
• Will the DAO periodically fund the EntryPoint deposit, and are top-ups automated via a keeper function or governance-triggered?
• Is there active work toward a production AA/paymaster setup?

—

Sharing this in the spirit of research and contribution to the ENS protocol. @nick.eth @mdt — would value your input here.