Proposal [Non-Constitutional]: Set up a Sub-Committee for the Security Services Subsidy Fund

1096×269 50.3 KB

Title – Proposal: This proposal intends to set up the Security Services Subsidy Fund (‘SSSF’) Sub-committee, seeking 60,000 ARB to fund the members of the SSSF Sub-committee over 1 cohort spanning 8 weeks.

Constitutional / Non-Constitutional - Non-Constitutional

Abstract - The creation of a specialised sub-committee to administer the Subsidy Fund for Security Services.

Steps to Implement - Snapshot Vote to signal approval of the process, followed by the initiation of the election process in conjunction with the on-chain vote for the sub-committee.

Timeline - Snapshot Date: 20th May 2024

Overall Cost - 60,000ARB

Executive Summary & TLDR

This proposal intends to set up the Security Services Subsidy Fund (‘SSSF’) Sub-committee, seeking 60,000 ARB to fund the members of the SSSF Sub-committee over 1 cohort spanning 8 weeks. This will ensure that each of the 5 members to be elected will be paid 100 ARB per hour, capped at 15 hours per week. This is in line with the compensation structures of recently approved committees within Arbitrum DAO with similar workloads (e.g., LTIPP). Additionally, the SSSF Sub-committee will be tasked with administering $2.5 million worth of ARB and selecting the security service providers most deserving of a subsidy fund based on the Means Test outlined in the Subsidy Fund Proposal.

TL;DR

Proposal Overview:

• Establish the Security Services Subsidy Fund (SSSF) Sub-committee with 5 elected members.
• Members will be compensated 100 ARB per hour, up to 15 hours per week, for 8 weeks.

Funding and Structure:

• The SSSF Sub-committee will manage $2.5 million in ARB to subsidize security service providers.
• Members are elected through a Snapshot voting process using a weighted voting system.

Operational Details:

• The Sub-committee will use the Means Test from the Subsidy Fund Proposal to select deserving security service providers.
• The Sub-committee aims to maintain transparency and efficiency in the allocation of the subsidy fund.

Member Criteria and Selection:

• Candidates should possess expertise in security, legal, procurement, operational management, and financial management.
• They are expected to have strong communication skills, technical knowledge, and a track record of ethical conduct.

Election and Onboarding Process:

• Election involves a 7-day application period and a 7-day voting period, followed by KYB/KYC checks and a 3-week onboarding period.
• The total process from election to subsidy disbursement adds approximately 6 weeks to the initial timeline.

Application and Review Process.

• A two-week submission period followed by a 6-week review period using the Means Test to evaluate applications.
• Initial screening based on key sub-criteria like funding gap rationale and KPIs.

Reporting and Accountability:

• The Sub-committee will provide monthly updates on project progress and fund utilization.
• Outcome metrics include the percentage of projects successfully deployed on Arbitrum and achievements of outlined KPIs.

Budget and Allocation Constraints:

• The maximum subsidy for any single project is capped at 10% of the total fund, or $250,000 in ARB.

Introduction

Following discussions on the Subsidy Fund Proposal from the Arbitrum DAO Procurement Committee (‘ADPC’), which can be found here, the administration and selection process for these subsidies will be overseen by the SSSF Sub-committee, rather than the ADPC as originally proposed. The ADPC would also like to clarify that the applications for the Subsidy Fund will only be accepted after vendors are whitelisted in accordance with the Procurement Framework for security-oriented service providers, by the ADPC.

The original intention behind the inclusion of this task under the remit of the ADPC at no additional cost to the DAO was in part based on the fact that during the elections for the ADPC, there was a low number of applicants with a procurement background.

While the ADPC wishes to remain responsive to the wishes of the DAO, we should note the adverse impacts and risks associated with the requested approach. These include (i) the creation of a new workstream that was not part of the original mandate and distracts from the core functions of the ADPC (ii) the natural delays associated with teams getting voted in, fully briefed on the procurement strategy and developing the necessary understanding of the legalities of the framework agreement. They will also need to establish working relationships, work allocation and deal-flow, get up to speed on the state of negotiations, tools, processes, etc.

This will require at minimum a 3-4 week onboarding period, which will delay the disbursement of the subsidies by several weeks. We hope the current proposal of setting aside 3 weeks as the expectation for completion of this process represents an acceptable middle ground for the community.

This proposal aims to establish the SSSF Sub-committee, which will be composed of five [5] members. These members will be selected through an open election process using Snapshot’s weighted voting system, with the five [5] highest-ranked candidates being elected to the Committee. The committee’s term will last for 8 weeks.

While the final decision will rest with the SSSF Sub-committee, their evaluations will be strongly guided by the Means Test from the ADPC’s Subsidy Fund proposal that assesses key metrics to identify deserving projects.

Albeit not legally binding, both delegates and token holders are encouraged to adhere to the specified selection criteria when voting for the SSSF Sub-committee members. This will ensure that the committee is adequately equipped to effectively carry out its duties and responsibilities.

Note: The ADPC members will not be applying for any sub-committee positions unless this is explicitly requested by the community.

[1] Selection Criteria

In order for the committee to effectively fulfill its duties and responsibilities, it should ideally be comprised of individuals who possess the following attributes:

[i] Core Attributes

Security Knowledge

Experience with digital asset security services (on the client or service provider side) and familiar with concepts such as static analysis bug detection, visualising the state of governance contracts, ensuring correct encoding of values, whitebox source code reviews, identifying design flaws, etc.

Legal Knowledge

A solid background and understanding of legal frameworks and core legal aspects, particularly those relating to contract law. Legal professionals can identify and mitigate legal risks associated with the operations of subsidy fund as facilitated by the legal agreements underpinning this process as developed by the ADPC. This aims to safeguard the committee, ensure an airtight legal workflow for the procurement framework, and aids in ensuring that all agreements are legally sound and thus.

Procurement Expertise

Prior experience in leading and managing a strategic sourcing process, in particular relating to project planning, strategic execution and thorough performance evaluation. This skill set supports the effective oversight of deadlines, optimal allocation of resources, and management of the strategic sourcing deliverables with precision, all while ensuring that transparency and fairness are maintained.

Operational Expertise

Prior operational experience relating to the managing, administration and selection of prospective applicants, particularly in managing IT and security services.

[ii] Other relevant attributes

Proven Track Record in Collaborative Environments

Strong communication skills and proven ability to work well in team settings, especially in other DAO Communities. This encompasses skills that enhance collaboration with other fellow committee members, stakeholders, and service providers. It also includes a readiness to entertain different perspectives and achieve consensus.

Financial Acumen

A solid grasp of financial management, including budgeting, cost analysis, and understanding financial impacts is essential. This knowledge will aid in evaluating the financial health of subsidy applicants and ensure efficient distributions of subsidies, helping to maximize the ROI of the subsidy fund for the ArbitrumDAO.

Technical Knowledge & Analytical Skills

This includes robust analytical capabilities for reviewing subsidy fund proposals and performance indicators. Practical knowledge of security services is advantageous, as it enables the committee to identify and evaluate technical gaps associated with subsidy fund proposals, leading to a more thorough evaluation of technical proposals.

Ethical Conduct & Integrity

Candidates must have a clear professional record and remain free from any conflicts of interest related to potential subsidy recipients. They must disclose any existing or potential conflicts that could compromise their ability to make decisions impartially and independently. Additionally, candidates are expected to commit to the highest standards of integrity and confidentiality in their roles, ensuring transparency and fairness in the selection of security service providers.

[2] Election Timeline

The following process will be overseen by the ADPC.

[i] Application Submission Period (7 days):

Candidates can apply on this dedicated page on the ArbitrumDAO Forums, adhering to the stipulated application template. Should the ArbitrumDAO vote in favor of this proposal on Snapshot, the submission period will be initiated for a period of 7 days.

[ii] Member Election (7-day period following the end of Application Submission Period):

A Snapshot with weighted voting will be included, including the list of all eligible candidates. The five [5] highest-voted candidates will be elected to the Security Services Subsidy Fund Sub-committee.

[iii] KYB/KYC & Delegate Review Period (7-day period following the end of member election):

Applicants who have been elected will then be required to undergo KYB/KYC processes. The Arbitrum Foundation will oversee this compliance process, disqualifying any candidates who fail to meet KYB/KYC standards.

[iv] Elected Members Onboarding & Organisation (21-day period following the end of KYB/KYC + Delegate Review Period):

Following the elections, the five [5] highest-voted candidates will be briefed by the ADPC and given 3-weeks to familiarize themselves with the procurement strategy, legal frameworks, negotiation states, tools, processes, etc. Following this, the elected committee members will be responsible for executing the Application Process described in the Subsidy Fund Proposal.

As determined by the Snapshot proposal, the Subsidy Fund will take place over 1 cohort consisting of a period of 8 weeks. Subsequently, the process underlying the election of the SSSF Sub-committee will add 6 weeks to the previously expected timeframes relating to this proposal. Therefore, this will result in a total timeframe of around 14 weeks.

[3] Election Application Timeline

Kindly refer to the Selection Criteria outlined above when completing the election application template. For additional detail, reference can be made to the following guidance note.

• Name of Applicant & Applicant’s Representative [If Applicable]:
• Email Address:
• Telegram Handle (if applicable):
• LinkedIn Profile (if applicable):
• Primary languages spoken:
• Disclosure of other time commitments:
• Qualifications:
• Objectives & Motivation:
• Examples of Track Record:
• Security Expertise (if applicable):
• Legal Expertise (if applicable):
• Procurement Expertise (if applicable):
• Strategic Expertise (if applicable):
• Operational Expertise (if applicable):
• Financial Acumen:
• Technical Proficiency:

[4] Application Process

The Means Test from the Subsidy Fund proposal will be utilized by the SSSF Sub-committee to identify which subsidy fund applicants would benefit most from support, ensuring equitable access to subsidies within the Arbitrum ecosystem.

Each application will be scored by the SSSF Sub-committee, followed by a collective decision on the most deserving grant recipients, taking into account the rating against the eligibility criteria, a value-for-money evaluation and the funds available.

As per the proposal passed on 25-Apr-2024, the Arbitrum DAO will fund 1 cohort of 8 weeks (2 months) for a total fund size of $2.5 million.

[i] Application & Review Windows

After the members are elected and the onboarding process has been completed, the next stage involves a cohort that will consist of a submission period of 2 weeks, followed by a 6-week review period.

[ii] Initial Screening

To efficiently handle the anticipated surge in applications and ensure the highest quality most relevant applications are selected, the below 5 sub-criteria (with the highest weights as mentioned in the Means Test) will first be applied to all applicants, with the top-scoring applicants moving forward in the evaluation process and being assessed in greater depth:

1. Funding Gap Rationale
2. Reasonableness of Subsidy Amount Requested
3. KPIs
4. Ecosystem Contribution
5. Accountability Measures

[iii] In-Depth Review & Feedback

Projects that pass the initial screening will undergo a comprehensive review due diligence (DD) by the SSSF Sub-committee utilizing the entire Means Test, including interviews and constructive feedback (either individually or on a collective basis).

[iv] Award & Monitoring

Once approved, projects receive subsidies, with periodic check-ins and a concluding evaluation to measure impact and success.

[v] Selection Process & Reporting

Transparency and continuous dialogue form the backbone of the selection and reporting process, ensuring that each funded project remains aligned with program expectations.

In this regard, given the 2-month term of the SSSF Sub-committee, they will be tasked with providing two monthly updates towards the end of the first 30 days, and the next 30 days on their selections and updates on funded projects.

These updates will include general project trajectory and progress toward milestones. To create the reports the SSSF Sub-committee will set two monthly check-ins where projects fill a template/slide in order to give the key info about the project’s status, such as:

• Summary of Achievements for the Month
• Funds Utilized
• Milestones Reached
• Challenges Faced & Plan of Action
• Feedback Integration, i.e., how projects have incorporated feedback provided.
• Next Steps & Priorities

Output Metrics

With the initial priorities in mind, some effective measures for meaningful output will look as follows:

• Number of Projects Funded: Total number of projects that have been funded.
• Total Funds Allocated: Cumulative sum of funds distributed, showcasing the program’s financial impact.
• Percentage of projects funded in target verticals: As outlined in the Means Test, the three key verticals identified are RWAs & Tokenization, Gaming, and Collab Tech.

Outcome Metrics

Depending on the final portfolio of funded projects, the SSSF Sub-committee will gauge the success rate of awarded projects through specific outcome metrics. While these metrics can be influenced by a wide range of external factors, such as market conditions and individual decisions on a project level, the sub-committee will be committed to supporting and funding the most promising projects to the best of their ability. Metrics include:

• Percentage of funded projects successfully deployed on Arbitrum
• Percentage of KPIs outlined in the application achieved by funded projects
• Percentage of projects successfully deployed as Orbit chains: One of the key aims of the Arbitrum DAO is to build and expand the Orbit ecosystem. Funding projects that grow the Orbit ecosystem is a net positive for the DAO.

Since the results of the grants will naturally incur a time lag, the SSSF sub-committee is required to report on the outcome metrics no later than 6 months post the end of the first 8-week cohort.

[vi] Project Allocation

The allocation of the subsidy fund focuses on achieving high impact while ensuring that a de minimus number of projects obtain funding.

To ensure that the subsidy is spread across a large number of projects rather than concentrated in several larger projects, the maximum subsidy to be granted will comprise 10% of the subsidy fund available. Therefore, given that the subsidy fund amounts up to $2.5 million, the maximum subsidy that a project can receive will comprise no more than $250K worth of ARB.

The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking, and ideation of the two.

The protocols requesting a subsidy for their security audits will either be protocols that haven’t launched on Arbitrum yet or protocols that are looking to launch a new product on Arbitrum. So, in our eyes, the decisions whoever administers the subsidy fund has to make are mostly business development decisions rather than anything else.

With that in mind, the discussion quickly changes from a question of ‘who should be administering the fund’ to ‘what the people administering the fund do’. To administer the fund, you don’t really have to deeply understand the inner workings of each protocol that applies for a subsidy, but you do need to have an understanding of the broader Arbitrum ecosystem and strategy.

We believe that the ADPC has the necessary understanding to manage the subsidy fund, and we believe that they should. Introducing another subcommittee creates delays, adds overhead to the DAO in the form of elections, and complicates things further without providing a significant value-add.

We want to echo some of @krst’s points on this topic. It seems like it boils down to who is the best fit people to administer this work and as of now, it seems like the ADPC is a logical and the best answer to do this. It seems like this would create a lot of overhead and operational burdens for something that is only intended to last two months. The current ADPC is more than qualified to take this on we think and would simplify things significantly.

This is a very necessary proposal, and I fully support it.

+1 to this thought and would like to hear more before a voting decision is made. Considering this committee would be overseeing only an 8 week cohort that has fairly unanimously been viewed as a ‘trail run’, I think adding 6 weeks to the timeline for this sub-committee adds a lot of time and bureaucracy to what would otherwise be a fairly simple process.

However, I do acknowledge I am not a subject matter expert so would like to hear what the ADPC thinks in response to @krst 's post.

Can you clarify whether the existing allocation will be used or a new one?
I don’t see a problem if other people with the same level of professionalism do this.

Hi @krst, @PGov, @Bob-Rossi, @cp0x,

Thank you for your feedback re. the ownership of the selection committee at the ADPC. If this reflects the consensus of the community, the ADPC is happy to take this on.

As you may recall, we discussed this in the initial Subsidy Fund forum post, so it’s encouraging to see further alignment on this matter now. We appreciate your reflection on this. As discussed before, taking on this workstream will obviously need to be part of an extended mandate to meet the respective timelines for the roll-out of the subsidy fund.

As such, we thought it would be helpful for the community to clarify the timeline and sequence of events:

• Step 1 - Arbitrum Foundation Approval (timeline dependent on the AF): At the moment, we are waiting on the Arbitrum Foundation’s feedback on the RFP and Head Agreement. Once this has been received, we will finalize the RFP documents and publish them.
• Step 2 - Security Service Provider Whitelisting (4 weeks): A 4-week period will then commence for security service providers to apply to be whitelisted.
• Step 3 - Review of RFP Responses (4 weeks): The ADPC (along with the support of DeDaub) will review the RFP responses and whitelist security service providers over a 4-week period.
• Step 4 - Subsidy Fund Cohort 1 Applications & Evaluation (8 weeks): Once the whitelisting process is complete, the 8-week cohort for the Subsidy Fund will commence, with a 2-week applications period for subsidies followed by a 6-week review period using the Means Test to evaluate applications.

Therefore, the Subsidy Fund will only begin by early-August at the earliest, since we are still waiting on feedback to publish the RFP and get the ball rolling.

Moreover, @cp0x, the Sub-Committee will require a new allocation of 60k ARB given that this was not in the initial scope or mandate under which the ADPC was established, and the proposal is for the ADPC members to not be involved in the Sub-Committee at all.

Voted “For”, I’m hopeful the sub-committee will ensure the money is spent wisely and transparently, selecting the best service providers. The proposed funding aligns with the compensation structures of similar committees.

I voted AGAINST this proposal on Snapshot because I believe the current members of the ADPC are sufficiently qualified to evaluate protocols for subsidy fund eligibility.

As a DAO, we should be conscious of adding unnecessary organizational complexity. We are already responsible for evaluating the performance of the ADPC. We should not take on the burden of evaluating and monitoring another group without a clear reason.

On behalf of the UADP:

Our understanding and communications established that if a for vote were to win, then the ADPC will set up the sub-committee separately with other members and they will play no role in the sub-committee, while an against vote would have the ADPC take the work over. This is why we have voted against as we are in favor of the ADPC taking over the work.

Contrary to most here, i am voting in favour of this proposal.

Yes, there is definitely the merit in saying that ADPC should pursue this goal with their own current means.

But the way this is shaping is that it will be basically the equivalent of a grant program: from a protocol standpoint, applying to get money for incentives, or for audits, or to pay operation is quite similar. The end result, to me, could be the same of every grant programs we already had: an underestimation of the demand we will have (remember stip in which we had 2 rounds and we overbooked the first by 50%; ltip, that was about potentially 80 protocols with 60m available, and we ended up with 180 protocols asking for 160m).

I don’t think the adpc has the necessary manpower to do it. And in case the program will be overbooked (which i don’t think will happen), they current mix might not be the one with the best capabilities to discern who should and should not get the security grant.

Blockworks Research will be voting FOR this proposal on Snapshot.

We recognize that the concerns raised by other community members in the previous comments are extremely valid, and we have no doubt that the ADPC has the necessary understanding to manage a subsidy fund. Having said that, we think it’s important that the ADPC maintains its capacity to fully focus on its original mandate, as having a robust foundational procurement structure set in place will likely be a notable value-add for the DAO in the long run.

Voted “for”
The sub-committee will efficiently manage $2.5 million in subsidies, selecting deserving security service providers through a rigorous evaluation process. This will ensure high-quality security services, fostering a safer, more reliable environment for all Arbitrum users.

Michigan Blockchain is voting against this proposal. Agreeing with many of the posts here we think the ADPC is qualified to evaluate these proposals. Adding a subcommittee both increases organizational complexity and adds to the timeline of this program. However, if the subsidy fund becomes a recurring program we do think there’s more incentive to create this subcommittee. We see no issues with other details of the program including budget and funding.

I voted against this proposal, as this should be handled by the ADPC itself. It has the expertise and there is no need to create a new committee for it.

The below response portrays the views of the @AranaDigital governance team, represented by @farfel.eth.

We are voting against this proposal. While the creation of a subsidy fund may generate demand similar to past funding programs and require significant manpower, we believe that the ADPC is best suited for this role. It is our understanding that the subsidy fund would start around the end of the current ADPC term. The committee has had ample time to fulfill its mandate, and any extension proposal could incorporate this responsibility. Given the size of the subsidy fund and its timing, the ADPC is the most capable entity for this task, and adding unnecessary layers of complexity without clear justification is unwarranted.

Savvy DAO votes AGAINST the “Security Services Subsidy Fund Sub-Committee” proposal.

MUX Protocol Votes abstain. We echo with most of the posts here that adding an additional layer of hierarchy should be very cautious. Meanwhile, the ADPC has the capacity to manage the security fund but they may have their own focus. After seeing the ADPC’s response, we are more sure that the ADPC will take over this responsibility.

I will be voting “Against”

After seeing the ADPC’s response, I believe they have the capacity to handle this type of work without the need for an additional sub-committee. I don’t think a sub-committee would add value at this time, and I agree with @Frisson that it adds unnecessary complexity.

I will also note that if this is something that needs to be continued on past the 8 week window a sub-committe may be worth having a discussion on at that point.

After carefully reading the proposal and, of course, the comments from my colleagues, I have decided to vote AGAINST this proposal.

While reading the proposal, I couldn’t stop thinking about the current members of the ADPC, where Open Zeppelin, for example, is one of the responsible members helping us review proposals and mitigate security risks.

In my understanding, this duplicates efforts and increases the organizational complexity of the DAO.

I am open to understanding the arguments better to see, in the event of an on-chain vote, what makes this different and how it would add value to the current structure.