Main Multisig spring cleaning
We need to restructure the Multisig a bit because Vojtech requested to be taken off as his responsibilities shift more onto his next projects. So while it is clear that we will respect his wishes, we have to be a bit careful about how to handle the situation, because Vojtech always was very active and quick to sign off on transactions.
To make visible who is on the multisig now and when the last time was when they were active, I made a spreadsheet
For successful execution of transactions, the quorum is currently set to 6 confirmations.
Vojtech leaving would put us in the yellow area where we would need to ping people that are not always active in the channel.
I will not make a proposal immediately about this, but make my voice heard in the thread here and would like to discuss the options at community meeting
Pol Lanski
Sat 2 Mar 2019 4:19AM
While I agree with the underlying problem of getting the RegularRewards timely and predictably, this feels it needs a bit more thought.
Dani
Sat 2 Mar 2019 2:38PM
This isn't what i was expecting - I thought we would make the funding more flexible based on what forms of currency are donated and available.
Poll Created Sat 9 Mar 2019 3:38PM
The Main Giveth Multisig should have 5 people removed and 4 or 5 people added Closed Thu 14 Mar 2019 8:03PM
Tension
V wants to resign from all the multisigs and our main multisig is full of inactive people.
Proposal
Let's remove Alex, Oz, Yalor, Quazia, and Vojtech and then make 2 other loomios to decide whether we should have 4 or 5 people added. There are 2 questions here:
1. Should we remove all of these people?
2. Do we keep 6 required signatures for this very important multisig.
Background
This is a really really important multisig... it controls the bridge, and therefore all of the funds held in the bridge and all of the permissions around who can do what in the bridge contract It is also our default address for donations.
The main multisig has these people on it and this is my assessment of their status:
Bowen available and active
Griff available and active
Kay available and active
Kris available and active
RJ available and active
Edu available and active
Jordi available and active
Yalor Not available and not active
Quazia Not available and not active
Oz Available but not active
Alex Available but not active
Vojtech Would like to resign, will be greatly missed
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Explicit Duties
Owns the bridge
Receives donations and deals with those donations (hopefully we will get rid of that eventually)
Can cancel any payment in the bridge
Can pause the bridge completely and unpause it
Add tokens to the whitelist (in the bridge needs to be donw on rinkeby side as well)
Can change the max security guard delay
Can change the 2 day time lock in the bridge
can change the security guard
Can change the bridge service... and who can create payments to the bridge
can change the escape hatch caller
Can remove/change ownership
Has all the powers needed to decentralize the bridge
Can call the escapeHatch(address _token) in an emergency to move all the money out of the bridge for the specified token
Can call escapeFunds(address _token, uint _amount) to move some of the money out of the bridge to be extra cautious
Results
| Results | Option | % of points | Voters | |
|---|---|---|---|---|
|
|
Agree | 100.0% | 10 |
|
| Abstain | 0.0% | 0 | ||
| Disagree | 0.0% | 0 | ||
| Block | 0.0% | 0 | ||
| Undecided | 0% | 43 |
|
10 of 53 people have participated (18%)
Griff Green
Sat 9 Mar 2019 3:43PM
I think because it is such an important thing, requiring 6 signatures while yes it is annoying, it is worth the security benefit. its very hard to get 6 people to agree to do something bad and very difficult to get a hold of 6 different keys...
Kay
Sat 9 Mar 2019 7:38PM
Wow - what an avalanche of proposals! Will be interesting to see the results.
Loie
Sun 10 Mar 2019 4:06PM
so it's a 6 of 12 multisig? and adding 4 people would make it a 6 of 11, adding 5 would keep it at 6/12, correct? If so I'm for adding only 4, I think the majority dynamic here is valuable
Kris is
Sun 10 Mar 2019 10:39PM
Yes to point 1, for point 2 you have another loomio, so I follow the majority as an answer to that one.
Josh Fairhead
Mon 11 Mar 2019 3:03PM
3 unavailable, 2 inactive seems fair.
Kyle Kirchner
Thu 14 Mar 2019 4:44PM
Get me in here!!
Poll Created Sat 9 Mar 2019 4:12PM
How many people should we have on the Main multisig Closed Thu 14 Mar 2019 8:03PM
Tension
We are doing a major Multisig overhaul as stated here: https://www.loomio.org/p/PB2e5AdZ/the-main-giveth-multisig-should-have-5-people-removed-and-4-or-5-people-added
Proposal
Let's use this poll to determine the number of people to be added to the multisig... The number stated assumes that we agree to keep 6 required signatures.... if you think 6 signatures is a bad idea, thats cool too, make that your top choice!
Background
We have a 6/12 multisig now.
Lots of people like to have a over 50% majority required... so that would mean we only have 11 people or less on the multisig the fewer people the more secure...
But some times it takes a long time to get people to get their keys and make a tx.. so the more people we have the faster we can move things thru.
This is a really really important multisig... it controls the bridge, and therefore all of the funds held in the bridge and all of the permissions around who can do what in the bridge contract It is also our default address for donations.
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Explicit Duties
Owns the bridge
Receives donations and deals with those donations (hopefully we will get rid of that eventually)
Can cancel any payment in the bridge
Can pause the bridge completely and unpause it
Add tokens to the whitelist (in the bridge needs to be donw on rinkeby side as well)
Can change the max security guard delay
Can change the 2 day time lock in the bridge
can change the security guard
Can change the bridge service... and who can create payments to the bridge
can change the escape hatch caller
Can remove/change ownership
Has all the powers needed to decentralize the bridge
Can call the escapeHatch(address _token) in an emergency to move all the money out of the bridge for the specified token
Can call escapeFunds(address _token, uint _amount) to move some of the money out of the bridge to be extra cautious.
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
12 | 1 | 17.1% | 12 | 2.4 | ||
|
|
11 | 2 | 15.7% | 11 | 2.8 | ||
|
|
13 | 3 | 14.3% | 10 | 3.3 | ||
|
|
Abstain | 4 | 11.4% | 8 | 4.0 | ||
|
|
9 | 5 | 11.4% | 8 | 2.0 | ||
|
|
10 | 6 | 11.4% | 8 | 2.0 | ||
|
|
6 signatures is probably too much | 7 | 11.4% | 8 | 2.7 | ||
|
|
14 | 8 | 5.7% | 4 | 2.0 | ||
|
|
6 signatures is probably not enough | 9 | 1.4% | 1 | 1.0 | ||
| 15 | 10 | 0.0% | 0 | 0 | |||
| Undecided | 0% | 0 | 0 |
7 of 53 people have participated (13%)
Griff Green Sat 9 Mar 2019 4:15PM
| 1 - 13 | ||
| 2 - 12 | ||
| 3 - 14 | ||
| 4 - 6 signatures is probably not enough | ||
| 5 - 11 | ||
| 6 - 10 | ||
| 7 - 15 | ||
| 8 - 9 | ||
| 9 - 6 signatures is probably too much | ||
| 10 - Abstain |
I am happy to have more people on the multisig :-D Multisigs are like hot tubs, the more the merrier!
Griff Green Sat 9 Mar 2019 4:16PM
| 7 - 13 | ||
| 8 - 12 | ||
| 9 - 14 | ||
| 10 - 6 signatures is probably not enough |
I am happy to have more people on the multisig :-D Multisigs are like hot tubs, the more the merrier!
Bowen Sanders Sat 9 Mar 2019 8:22PM
| 7 - 13 | ||
| 8 - 12 | ||
| 9 - 14 | ||
| 10 - 6 signatures is probably too much |
While 6 is definitely more secure, just keep in mind it's actually quite hard to get four people to do anything simultaneously let alone in a timely fashion (read: try going to a club or dinner with a group. There's a reason why the term cat herder has become a part of the Ethereum dialogue) so we might want to think about how well this new strategy actually works and perhaps move to revisit this after a few transactions passes through with new people on it.
Loie Sun 10 Mar 2019 4:12PM
| 7 - 11 | ||
| 8 - 10 | ||
| 9 - 9 | ||
| 10 - 12 |
this poll is a little confusing... but i get it. I def think we should keep a majority for passing. I'd be happy with a 5 of 9 b/c i see how slow it is sometimes to get folks mobilized to sign... but i think that's more about not having enough active people. if we add the proposed unicorns to the multisig i think everything will go way faster so 6/11 is fine
Josh Fairhead Mon 11 Mar 2019 5:16PM
| 7 - Abstain | ||
| 8 - 6 signatures is probably too much | ||
| 9 - 9 | ||
| 10 - 10 |
4/7 seems a more appropriate number. Has this previously been discussed/tried? Is there a timing concern with the less people? it would increase security to do so. This seems like a design challenge and there is probably an optimal distribution of time zones that should also possibly be considered. So I guess what should we optimise for? Security, diversity, time zone distribution, all three or other things? What problems do we want to address & how can we simplify to do so?
Poll Created Sat 9 Mar 2019 4:34PM
[Anon Poll] Who should be added to the Main Multisig? Closed Thu 14 Mar 2019 10:03PM
Tension
We are doing a major Multisig overhaul as stated here: https://www.loomio.org/p/PB2e5AdZ/the-main-giveth-multisig-should-have-5-people-removed-and-4-or-5-people-added
We need to add a lot of people to this very important multisig, as it controls the Bridge and receives donations, There will likely be 1 or 2 transactions a month.
Proposal
Let's use this poll to determine who should be added to the multisig... The top choices will get added assuming the people agree and want to be in the multisig and that this proposal passes at the Community Meeting. The number of people that get in will be dependent on the results of: https://www.loomio.org/p/wqF5MS60/how-many-people-should-we-have-on-the-main-multisig
Background
It is important that we trust these people and that they are willing and able to back up and secure a key on their person as they travel that can be used to vote on these transactions. This key should probably be stored on Metamask.
This is a really really important multisig... it controls the bridge, and therefore all of the funds held in the bridge and all of the permissions around who can do what in the bridge contract It is also our default address for donations.
Currently on the Multisig:
Bowen available and active
Griff available and active
Kay available and active
Kris available and active
RJ available and active
Edu available and active
Jordi available and active
Currently proposed to be taken off the multisig
Yalor Not available and not active
Quazia Not available and not active
Oz Available but not active
Alex Available but not active
Vojtech Would like to resign, will be greatly missed
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Explicit Duties
Owns the bridge
Receives donations and deals with those donations (hopefully we will get rid of that eventually)
Can cancel any payment in the bridge
Can pause the bridge completely and unpause it
Add tokens to the whitelist (in the bridge needs to be done on rinkeby side as well)
Can change the max security guard delay
Can change the 2 day time lock in the bridge
can change the security guard
Can change the bridge service... and who can create payments to the bridge
can change the escape hatch caller
Can remove/change ownership
Has all the powers needed to decentralize the bridge
Can call the escapeHatch(address _token) in an emergency to move all the money out of the bridge for the specified token
Can call escapeFunds(address _token, uint _amount) to move some of the money out of the bridge to be extra cautious
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
Lorelei | 1 | 16.2% | 70 | 6.4 | ||
|
|
Dani | 2 | 13.7% | 59 | 6.6 | ||
|
|
Michael | 3 | 13.2% | 57 | 6.3 | ||
|
|
George | 4 | 8.8% | 38 | 4.2 | ||
|
|
DAppLion | 5 | 8.1% | 35 | 5.0 | ||
|
|
Lanski | 6 | 6.3% | 27 | 4.5 | ||
|
|
Adam | 7 | 5.8% | 25 | 3.6 | ||
|
|
Jeff | 8 | 5.6% | 24 | 3.4 | ||
|
|
Josh | 9 | 5.6% | 24 | 3.4 | ||
|
|
Kirch | 10 | 5.3% | 23 | 4.6 | ||
|
|
Alan | 11 | 4.2% | 18 | 4.5 | ||
|
|
Deam | 12 | 3.7% | 16 | 3.2 | ||
|
|
Adria | 13 | 1.9% | 8 | 1.6 | ||
|
|
Parker | 14 | 1.6% | 7 | 1.8 | ||
|
|
Linds | 15 | 0.2% | 1 | 1.0 | ||
| Undecided | 0% | 0 | 0 |
12 of 12 people have participated (100%)
Anonymous Mon 11 Mar 2019 3:00PM
| 8 - Michael | ||
| 9 - DAppLion | ||
| 10 - Deam | ||
| 11 - Dani | ||
| 12 - Lorelei | ||
| 13 - Lanski | ||
| 14 - Parker | ||
| 15 - Josh |
Michael is steward, Devs have strong tech ability for this stuff, then I'm voting for people I interact with rather than perceived strangers (no offence intended, I'd still like to get to know you guys!)
Poll Created Sat 9 Mar 2019 4:50PM
[Anon Poll] Replacing Vojtech on the Overflow Multisig Closed Thu 14 Mar 2019 9:03PM
Tension
Vojtech would like to be removed from the Overflow multisig.
Proposal
Let's just simply replace V and use this poll to determine who should be added to the multisig... The top choice will get added assuming the person chosen agree and want to be in the multisig and that this proposal passes at the Community Meeting.
Background
It is important that we trust the person and that they are willing and able to back up and secure a key on their person as they travel that can be used to vote on these transactions. This key should probably be stored on Metamask.
This is an important multisig... it controls the bridge overflow, so when the bridge has a lot of money, any of the people in the EscapeHatchCaller multisig can move money out of the Bridge to this multisig and then this multisig can move it back into the bridge if needed.
The strategy here is that to mitigate risks by not holding all funds in one smart contract, we can move funds that we dont expect to be spent anytime soon to this Overflow Multisig... and when it seems like that money might be spent in the DApp we can move the funds back.
Currently on the Multisig:
Bowen
Griff
Jordi
Kay
Kris
Perissology
Vojtech
Explicit Duties
Receives overflow/escaped funds from the Bridge
Sends funds back to the Bridge when funds get low using depositEscapedFunds()
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
Lorelei | 1 | 31.0% | 31 | 3.1 | ||
|
|
Michael | 2 | 24.0% | 24 | 2.7 | ||
|
|
Dani | 3 | 22.0% | 22 | 2.4 | ||
|
|
Lanski | 4 | 10.0% | 10 | 1.7 | ||
|
|
Don't add anyone, leave it 4 of 6 | 5 | 7.0% | 7 | 3.5 | ||
|
|
Add more than just 1 person | 6 | 3.0% | 3 | 3.0 | ||
|
|
George | 7 | 2.0% | 2 | 1.0 | ||
|
|
Josh | 8 | 1.0% | 1 | 1.0 | ||
| Jeff | 9 | 0.0% | 0 | 0 | |||
| Adria | 10 | 0.0% | 0 | 0 | |||
| Undecided | 0% | 0 | 0 |
10 of 10 people have participated (100%)
Anonymous Mon 11 Mar 2019 2:03PM
| 7 - Michael | ||
| 8 - Lanski | ||
| 9 - Dani | ||
| 10 - Lorelei |
Michael as Dapp steward, otherwise I'd suggest the first gen unicorns as reliable guardians
Poll Created Sat 9 Mar 2019 6:02PM
[Anon Poll] Replace Vojtech on the EscapeHatchCaller Multisig Closed Thu 14 Mar 2019 6:02PM
Tension
Vojtech would like to be removed from the Mainnet EscapeHatchCaller multisig.
Proposal
Let's replace V with 2 people and use this poll to determine who else should be added to the multisig... The top choices will get added for sure assuming the person chosen agrees and wants to be in the multisig and that this proposal passes at the Community Meeting. We might consider adding more people to this multisig as well.
Background
This multisig is used to push the button to move funds out of the Bridge and into the Overflow Multisig. It is important that we trust the person added, because they could remove all the other people in the multisig but at no time will they have control over any funds. It's really more about trusting that they are paying attention, and that they are willing and able to back up and secure a key on their person as they travel. This key should probably be stored on Metamask.
Bowen is not allowed on this multisig because of his security guard role.
Currently on the Multisig:
Griff
Jordi
RJ
Vojtech
Explicit Duties
Can call the escapeHatch(address _token) in an emergency to move all the money out of the bridge for the specified token
Can call escapeFunds(address _token, uint _amount) to move some of the money out of the bridge to be extra cautious.
Giveth Deployment doc
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
Michael | 1 | 21.8% | 24 | 2.4 | ||
|
|
Lorelei | 2 | 20.9% | 23 | 3.3 | ||
|
|
Dani | 3 | 20.0% | 22 | 2.4 | ||
|
|
Only add 1 person | 4 | 10.9% | 12 | 4.0 | ||
|
|
Kay | 5 | 9.1% | 10 | 2.0 | ||
|
|
Adria | 6 | 6.4% | 7 | 3.5 | ||
|
|
Josh | 7 | 3.6% | 4 | 2.0 | ||
|
|
Lanski | 8 | 3.6% | 4 | 2.0 | ||
|
|
Add 3 people!!! | 9 | 1.8% | 2 | 1.0 | ||
|
|
Don't add anyone 3 people is cool | 10 | 0.9% | 1 | 1.0 | ||
|
|
Kris | 11 | 0.9% | 1 | 1.0 | ||
| George | 12 | 0.0% | 0 | 0 | |||
| Jeff | 13 | 0.0% | 0 | 0 | |||
| Undecided | 0% | 0 | 0 |
11 of 11 people have participated (100%)
Anonymous Mon 11 Mar 2019 6:25PM
| 10 - Only add 1 person | ||
| 11 - Michael | ||
| 12 - Kay | ||
| 13 - Dani |
Why add two people? Is it a response time thing?
What are we optimising for? (probably multiple criteria)
Poll Created Sat 9 Mar 2019 6:49PM
[Anon Poll] Replace Vojtech on the DApp God Rinkeby Multisig Closed Thu 14 Mar 2019 8:03PM
Tension
Vojtech would like to be removed from the DApp's very important Rinkeby Multisig.
Proposal
Let's replace V with 1 person and use this poll to determine who else should be added to the multisig... The top choice will get added assuming the person chosen agrees and wants to be in the multisig and that this proposal passes at the Community Meeting.
There are multiple choices here so that voter's various top choices can all gather points to be considered for the top spot. Only one person will go to this multisig.
Background
This multisig is used to to upgrade the DApp, RJ used it for instance to up grade all the recent campaign and milestone smart contract changes. It is rarely used but the power it has is pretty ridiculous. It has the power to upgrade our DApp so it an basically do anything it wants. It is important that we trust the person added, but at no time will they have control over any funds as long as we trust the bridge set up. It's rarely used, but still they need to be willing and able to back up and secure a key on their person as they travel. This key should probably be stored on Metamask.
Bowen is not allowed on this multisig because of his security guard role.
Currently on the Multisig:
Griff
Jordi
RJ
Vojtech
Jorge (Aragon)
Explicit Duties
This multisig has a special place in the AragonApp it authorizes upgrades to any smart contract in our system
Also acts as the escape hatch destination for the Rinkeby LP Vault
Giveth Deployment doc
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
Michael | 1 | 25.0% | 25 | 2.8 | ||
|
|
Dani | 2 | 22.0% | 22 | 2.4 | ||
|
|
Kay | 3 | 14.0% | 14 | 2.3 | ||
|
|
Lorelei | 4 | 13.0% | 13 | 2.2 | ||
|
|
George | 5 | 11.0% | 11 | 3.7 | ||
|
|
Adria | 6 | 7.0% | 7 | 2.3 | ||
|
|
Edu | 7 | 6.0% | 6 | 3.0 | ||
|
|
Kris | 8 | 2.0% | 2 | 1.0 | ||
| Undecided | 0% | 0 | 0 |
10 of 10 people have participated (100%)
Anonymous Sat 9 Mar 2019 7:29PM
| 5 - Michael | ||
| 6 - Lorelei | ||
| 7 - Dani | ||
| 8 - Adria |
Would not put the burden on somebody who is not actively engaged in DApp development.
Anonymous Sun 10 Mar 2019 4:20PM
| 5 - Dani | ||
| 6 - Kay | ||
| 7 - Edu | ||
| 8 - Michael |
wait so is this poll only determining 1 person that will replace Vojtech? I don't quite understand what the other names/ranking on here means. is this also a poll to increase the number of people on this multisig and therefore the ratio required for approval?
Anonymous Sun 10 Mar 2019 5:54PM
| 5 - Adria | ||
| 6 - Michael | ||
| 7 - Dani | ||
| 8 - Lorelei |
Adria knows Aragon really really well
Griff Green Sat 9 Mar 2019 6:50PM
I made a bunch of votes... The ones where we select people are Anon and the people that vote will never be revealed so we can avoid the social shit
Josh Fairhead · Sun 3 Mar 2019 4:06PM
I understood this proposal to mean we convert ETH (our general reserve currency of sorts) to DAI when DAI runs low. That was also my interpretation of the fireside but perhaps I'm wrong...