Non emergency actions to facilitate key rotation of Security Council - December 2024

TLDR

• The Security Council is initiating a non-emergency action to enable the non-emergency path to perform key rotations.
• Once this is complete, the following members will be rotating into new addresses within the council:
  • John Morrow, Immunefi, and Dennison Bertram will be using new addresses with more secure setups.
  • For Certora, a corporate member, Derek Sorensen will be replaced by Aleksander Kryukov as the individual representing the organization.

No actions need to be taken by users of Arbitrum One or Arbitrum Nova. We will update this thread as we progress through the steps of enabling the action and rotating the security council member’s keys. If you have any questions, please do respond on this thread!

Enabling and Enacting Key Rotation

Four security council members have opted to rotate their keys:

• John Morrow (Gauntlet)
• Immunefi
• Dennison Bertram
• Certora (In Certora’s case, Derek Sorensen will be replaced by Aleksander Kryukov)

To facilitate the key rotations for these security council members, the non-emergency security council must initiate a transaction that will take ~14 days to complete.

Key Rotation Requests

See the list of signed messages from each Security Council member to authorize key rotation, below:

—

Name: John Morrow (Gauntlet)

Address: 0x3e286452b1c66abb08eb5494c3894f40ab5a59af

Message: John Morrow is changing the security council member key from 0x3e286452b1c66abb08eb5494c3894f40ab5a59af to 0x78bB97d2F3811256D7F0041E81Aaf4B426eF3b67
Signature Hash: 0x5e3d0241324a85d10132be74bc9032241b10cb15d76eb67f92a62c4c2c22a7e628b8130198bba0a917216102efff87cd7de67f02c9794b85480960d0f7c3ef311b

Name: John Morrow (Gauntlet)

Address: 0x78bb97d2f3811256d7f0041e81aaf4b426ef3b67

Message: John Morrow owns this address
Signature Hash: 0x56f79e31044c8d5a44fc1d5c5518f8705468215def25652e055da0a028ab674d5cf4208b3c884157929fd6369d876f9a62533d70a92facff256556c5beec4a281c

—

Name: Goncalo Magalhaes (Immunefi)

Address: 0x1716C1C037e4968D5A06d4d080904F9B7a6508f2

Message: Immunefi is changing their security council member key from 0x1716C1C037e4968D5A06d4d080904F9B7a6508f2 to 0x9A301de96b15Db3aB778E2969Bf6cAa909cA56E8

Signature Hash: 0x911fb3f6bc78a7a92a8c864ad609515d02d1127c632b25ff5a609aae44da736b7a02063b63be0b4c1b49f58242938a94df7b4bfb54180b9a822a997dfa8279841b

Name: Goncalo Magalhaes (Immunefi)

Address: 0x9A301de96b15Db3aB778E2969Bf6cAa909cA56E8

Message: Immunefi is changing their security council member key from 0x1716C1C037e4968D5A06d4d080904F9B7a6508f2 to 0x9A301de96b15Db3aB778E2969Bf6cAa909cA56E8

Signature Hash: 0xc7a24cdbc8c0b938aa4ff190e457664246f5c72751d22f10f633b9cdd510d75128edfcf915779454efe11f63b2964c2900f44d981a83c2a89e7a0a6432bfbb1b1b

—

Name: Dennison Bertram

Address: 0xea4a4a886aca47dd0167b4aee5b1345e18d20ee5

Message: I authorise changing my Security Council address to 0x59c8535419bbcb8adffdb3c835435e907e3b183b

Signature Hash: 0xc3896394160762dfd8b3fc1bd7565dc0b3a65662b622d3d7ba2a11c3f125684d6ba2179225c7fb84e885bea8330d13a724149cf8c5f181f5dd755c577e25161b1b

Name: Dennison Bertram

Address: 0x59c8535419bbcb8adffdb3c835435e907e3b183b

Message: Dennison Bertram owns this address

Signature Hash:

0x7ce97ebd84c64baf89121fe70a2df0effbd9d74f14b5df4b3ab1c2a631693d383abe25cfa27f80276952a4f6665675cfa48c48ca95b6be4992ba9888ef3449781b

—

Name: Derek Sorensen (Certora)

Address: 0x70C006fC86A392c16D7E085cefc0Ad1FF7de6C75

Message: I can confirm that Certora is replacing their Security Council member to Aleksander Kryukov and the new key is 0x444EDf8B90763bE7015F1F099a0dA0ef10250c71

Signature Hash: 0x0a6e6072282dddf42dad58d8faed46e2d77fb07f433eb825e7577c964cda9b0e0e2f5619b4fd5f34766b37eab6e1e053fb6df40793272abeb34a81b84ba034511c

Name: Aleksander Kryukov (Certora)

Address: 0x444EDf8B90763bE7015F1F099a0dA0ef10250c71

Message: I can confirm that Certora and Aleksander Kryukov are the single controller of this new key.

Signature Hash: 0x1ca60a02c0e41714995486b49fea2d43fea9b88b37a2e88ae361c856c506fd9310976ac7d4dd9e389148cf1d04330a99c056d72c461d0f8f1fb1b644af6889671b

–

The Security Council have authorised the action to perform the key rotations and has signed the transaction:

This non-emergency action has now taken effect across the Security Council’s multi-sigs:

• Arb One Emergency: Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One
• Arb One Non-Emergency: Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One
• Ethereum: Ethereum Transaction Hash (Txhash) Details | Etherscan
• Nova: Arbitrum Nova Transaction Hash (Txhash) Details | Arbitrum Nova

This wallet address that is currently in our Security Council is the same wallet that was used by @Janabe to run for the September 2024 Security Council Nomination phase here.

This wallets’ Tally profile name and photo were edited after the September 2024 elections, so right now, this looks like we had 2 @dennison running for the security council election in September 2024, and the one that was not elected is the one currently in our Security Council.

CleanShot 2025-03-31 at 15.27.12@2x1920×1864 183 KB

Also, the description of this nominee looks really weird here since this is @Janabe experience and not @dennison experience as the CEO of Tally.xyz

CleanShot 2025-03-31 at 15.29.07@2x1920×1865 210 KB

As additional context, @Janabe recently publicly disclosed here on her OAT Election Application that:

Given this, and the fact that it is recommended that the Security Council wallets to be fresh wallets with no previous history, and this wallet has onchain activity of the previous nominations (2 for Dennison, 1 for Jana), I recommend that @dennison Security Council key to be rotated, again, into a fresh new hardware wallet, just for extra measure, and to ensure that only Dennison has access to it.

Hey folks, yeah happy to rotate the key.

For context, I disclosed this with the foundation compliance team around the time of the last key rotation and nothing was requested of me and no issues were found with the current setup that were communicated to me.

Also, @Janabe and I (Dennison Bertram), are legally married and reside in the same residence. The key is on a hardware wallet that is being used only for the Arb Security Council. I’m happy to update the profile though to make this clear, as well as happy to rotate the key. The previous transaction history is only to register on the security council election.