TLDR:
Make a technical lock on the Endowment preventing more than 5% of its current capital to be withdrawn each year. This increases the security of the protocol and safeguards it from hacker attacks or institutional capture and limits the damage that can be done by mismanagement.
Summary
This temp check proposes three linked changes to how the ENS DAO holds and spends its treasury:
-
A hardcoded annual spending cap on the Endowment. No more than a fixed amount may leave the Endowment per year — proposed at 5% of the current endowment, adjusted upwards 5% per year. These limits would be timelocked so while the DAO could remove the caps, doing so would require a months long cooldown.
-
Consolidating all currently DAO-held ETH and liquid ENS tokens into the Endowment Safe, behind the same audited permission perimeter that already governs the rest of the Endowment, under a role that does not permit them to be sold or withdrawn (except for any required for currently approved budget).
-
Plan for a more risk averse 2027 Endowment mandate that targets a conservative 5% yearly to reach a self sustainable level.
The goal is to solve two problems with one mechanism: drastically shrink the treasury’s attack surface, and give the DAO a disciplined, predictable fiscal policy. Crucially, the design is intent-free — it bounds how much value can leave per year regardless of who is trying to move it or why, which is exactly the property our current defenses lack. This proposal is intentionally focused on treasury security rather than governance reform. It should be understood as one constitutional safeguard within a broader governance architecture not as complete solution to governance capture. It is meant to protect the treasury from either malevolent attacks or just plain bad fund management.
This is deliberately a simple, boring mechanism. The simplicity is the security.
Background: the problem
The DAO’s assets sit in three places today:
-
The Endowment: ETH, stablecoins and liquid-staking positions, actively managed by karpatkey through a Zodiac Roles perimeter on a DAO-owned Safe.
-
The DAO timelock and registrar controllers: the operating float in ETH and stables.
-
55M ENS tokens — the DAO’s own governance tokens, with 9.8M currently held in the wallet.ensdao.eth and another 45M already fully unlockable in the time lock contract.
We face two distinct problems that, it turns out, have the same fix.
Problem 1 — Security
ENS is a token-weighted DAO whose treasury is worth far more than the cost of acquiring a working voting majority. That asymmetry is the root governance-attack risk, and it has been understood since at least 2023.
The Security Council is one layer of defense, but it might be more fragile than previously thought. Currently it is near its end of life and there are two competing proposals to renew it, differing mostly in how each defines what is considered an attack. This proposal sidesteps this by making the simplest mode of a DAO attack, a proposal that requests the treasury, 95% less profitable.
Problem 2 — Fiscal discipline
Separately, and less dramatically: the DAO has no structural ceiling on its own spending. Draws happen proposal by proposal. An endowment exists to preserve a corpus and spend only a sustainable slice of it — that is the entire point of the institution — and right now nothing enforces that discipline at the contract level. This year there has been a dramatic change in the structure of working groups and there’s an active discussion on how to better structure the foundation moving forward. This proposal ensures that, no matter how the issue is resolved, the Endowment cannot be drained by a failure in governance.
The security case
A spending cap defends the treasury in precisely the case the Security Council cannot: it does not care who the attacker is, how they acquired their votes, or what they intend. It simply bounds the amount of value that can leave per year.
-
A hard cap per year means that even a successful, undetectable, majority-controlled drain extracts at most one year’s budget line — on the order of a 95% reduction in the single-year profitability of an attack on the liquid treasury.
-
It makes the “remove the Council, then drain” sequence pointless. The cap binds regardless of who holds which roles, so capturing the cancel mechanism buys an attacker nothing.
-
It converts the hardest, most dangerous attack (a quiet, hedged, attribution-proof accumulation) from “drain the treasury” into “extract one capped year and wait a year for the next” — under a one-year cooldown that is fully public and gives the community, and the price, a long window to respond.
-
Under the proposal, the most an attacker could extract in a year (~$6M) is comparable to the value of ENS that is being actively used for voting in proposals
Consolidating ENS into the Endowment closes the biggest remaining hole. Today the governance-token position is our least-protected asset. Moved into the Endowment Safe, it sits behind the same battle-tested Zodiac perimeter as everything else and simply cannot be swept by a hostile proposal. This is the more important half of the proposal, and the one I expect the most discussion on.
The fiscal case
The same mechanism is also just good treasury policy.
-
5% of the current Endowment is ~$6M which is roughly our current annual operating envelope. Setting the cap there forces us to budget to a sustainable number rather than treating the corpus as spendable.
-
A 5%/year escalator approximates long-run inflation plus modest real growth, giving working groups, service providers and the Foundation a predictable multi-year planning figure.
-
Re-votable every five years so the policy adapts to genuine changes in scale or cost — but on a deliberately slow cadence, not a casual one.
How the cap is calculated
The cap will set by looking at 5% of the endowment at the time of the proposal execution (which would be about 6 million dollars at the current state) and hard coding that as the cap, which is then increased slowly by 5% yearly.
Initially this proposal explored the idea of having the cap float to always be 5% of the total value of the Endowment at any point, so that reasonable conservative investments could offset them. A live percentage of total value has two main drawbacks:
-
It requires an on-chain valuation of an actively-managed, multi-protocol portfolio — which means either a manually-entered number (a trust hole) or a complex valuation oracle (an audit and manipulation surface).
-
A percentage cap floats up in a bull market — i.e. it gets looser at exactly the moment an attacker’s buy-and-drain is cheapest to execute. That is precisely backwards.
A hardcoded, time-indexed schedule — cap = 6M × 1.05^(years elapsed) — needs no oracle, cannot be inflated by a price pump, is trivial to compute, and is dramatically cheaper to audit. It is strictly more conservative in the scenario that matters and it’s both similar to 5% of the current Endowment and our current operation budget.
Mechanism (high level)
The intent is to reuse existing, audited primitives rather than deploy new custom contracts:
-
Implemented via Zodiac modules on the existing Endowment Safe — the same stack KPK already operates, which already includes an Allowance Module with periodic resets.
-
A cap module enforces the escalating annual schedule on value leaving the Endowment, based on current market value of the outgoing asset.
-
The module limits the types of tokens that can be withdrawn to a few select USD Stables (which count to the cap) or ENS (which also have their own separate 5% cap)
-
It means the DAO pays budgets in USD stables only*, and it’s up to the endowment manager to make sure there are enough to be swapped
-
A Delay Modifier enforces the one-year cooldown on any over-cap action — and, critically, gates its own removal and reconfiguration, so the self-binding is real and there is no fast path around the delay.
-
In-perimeter activity is unaffected. Swaps, deposits, rebalancing and yield strategies that keep value inside the fund do not count against the cap; only value exiting the Endowment does.
-
The cap would be proportional to the last time it was executed, so the limit could be applied either yearly, quarterly or monthly, depending on the DAO needs.
* Alternatively, the cap could be based on market value of any token at the moment of transfer but this adds the requirement of having on chain oracles again, which adds a target for attack.
Relying on Zodiac is a feature, not a compromise: it is in production on this exact Safe, has live bug bounties, and is far simpler to review than a bespoke treasury vault.
This is only the amount that can be withdrawn from the endowment, if it’s insufficient for running the operations, it can be complemented using ENS revenue (although we recommend always focusing on depositing part of it back to the endowment), sponsorships, conferences – or cost cutting to reach the target.
Endowment mandate 2027
Recently the DAO approved Karpatkeys latest “2026 Endowment Policy update” a long detailed document that might have been overlooked by some delegates under other debates. The approved policy update states that the vision for the endowment is divided in:
Medium-term (0–5 years): capital growth and optimised deployment toward institutional-grade onchain strategies that enhance yield without compromising capital preservation, liquidity, or ENS’s values.
Long-term (5+ years): capital preservation as the dominant objective, with risk appetite shifting downward as the Endowment matures toward self-sustainability.
The endowment was conceived in 2022 meaning the 5 year window is getting closer. Currently the Endowment is “medium to low” in risk tolerance and has a 60:40 eth and stables split. The high ETH share is a reflection of the DAO’s own governance, made up of many members who are high risk tolerants and look positively to ETH as an asset (present author included) but this is not a reasonable split for a conservative low risk appetite focused on capital preservation and growth.
This proposal limiting withdrawals, combined with a discussion to make the 2027 policy a low risk endowment with the target of at least a 5% yearly return (a normal yield in most index markets), could ensure that the Endowment, and therefore the DAO would survive any future upheaval in governance and make sure that a decent budget for ENS development would be available for an indeterminate amount of time.
Relationship to other ongoing work
- This is orthogonal to the Foundation or Security Council debate. Whatever entity ends up operating the treasury, a rate limit protects it. This proposal takes no side on that question — it is a guardrail that makes any operating structure safer, so the other debates can be easier.
