TL;DR

• We propose the creation of a working group to work on a solution for maintenance upgrades (such as registering tokens in the custom gateway) without requiring a full constitutional vote.
• We are not proposing the solution, but rather making a formal request to the DAO, Arbitrum Foundation, and Offchain Labs to participate in the working group.
• We (L2BEAT) will facilitate the creation of the working group and organise its meetings if needed
• This proposal does not request any funds and will not require submission to Snapshot.

Abstract

In the past, we had several requests for the governance to approve maintenance tasks, such as the registration of tokens in the custom gateway. We also had a case where system parameters had to be adjusted in a timely manner, and we needed to use the security council to do this.

Several contributors suggested finding a solution where similar maintenance adjustments to the system configuration could be made without a full constitutional vote, but no discussion has started yet. Through this proposal, we request that the Arbitrum Foundation start this discussion, and we offer to facilitate it.

Motivation

Over the last 12 months, the DAO had to vote on three separate registrations (RARI, SKY, BORING), going through a constitutional vote for each of them. Moreover, there was a case where system parameters had to be adjusted promptly due to oversight in the constitutional upgrade. When we (L2BEAT) cast our vote in the very first proposal, we suggested finding a way to handle these configuration changes without going through a constitutional vote. A year later, nothing has happened on this front, and we are now officially proposing that something be done.

By establishing a process that allows for these registrations to occur without a constitutional vote, we can reduce governance overhead and, for example, make it easier for projects to register their tokens.

Specifications

Creating such a solution isn’t as straightforward a process as it might seem, and making it so the DAO can maintain top-level control of that solution is even trickier. As such, we’re not currently proposing the solution itself, but instead we propose creating a working group to tackle such a solution.

The involvement of Arbitrum Foundation and Offchain Labs in this working group is of vital importance, which is why we are making a formal request specifically for their participation. As far as we know, Offchain Labs has been working on something on that front, but we’re unsure of its status or level of priority.

Steps to Implement

If and when the Arbitrum Foundation and Offchain Labs confirm their participation in the working group, alongside any delegates or other interested parties, we will organise a series of regular meetings (similar to those held for the Treasury Management discussions) to begin scoping out an approach.

We (L2BEAT) will help facilitate the working group, organize its meetings, and generally act as the ‘project manager’ for this endeavour. We also commit to liaising with L2BEAT’s research team to ensure that any solution developed by the working group complies with L2BEAT’s requirements for the Stages Framework for Arbitrum and generally does not introduce unmitigated risks for users.

Timeline

We’ll allow a week for discussion in the forum, during which we hope Arbitrum Foundation and Offchain Labs will share their opinions on this matter and commit to participating in the discussion. If there are no significant objections after that time, we will form the working group and plan calls for discussion. We assume a regular status update call every two weeks.

Overall Cost

This proposal does not request any funds. However, that doesn’t mean the creation of a solution won’t require resources. The working group will determine what’s needed, and if funds are needed from the DAO, a separate proposal will be submitted for delegates’ consideration.

We thank L2Beat for taking the initiative in this topic and we support the creation of this group. StableLab has engaged with Sky in the deployment of the custom USDS token and has followed the tedious Constitutional governance process to the finish line, calling out for a more streamlined procedure to improve DevEx in Arbitrum. We think the community and delegates are aligned in this vision and a structured discussion could help moving a solution forward.

Strongly support this initiative. Both the Sky Gateway registration and ArbOS v20 fee fix highlight the need for a clear path to enact non-controversial maintenance upgrades without recurring constitutional proposals.

Happy to participate in the working group and help shape a secure and streamlined process. I’ll defer to Arbitrum Foundation and Offchain Labs on how the Security Council could be involved but I’d be happy to contribute in my capacity there if it makes sense.

The process to approve new tokens on the native gateway is, as stated, cumbersome and most time useless. We are literally fighting to reach quorum more and more; having to do constitutional vote to allow the usage of our native bridge for tokens that want to expand in Arbitrum is a waste of resources.
One thing I don’t know as delegate, and I think most don’t know in the dao, is the technical process needed to go from point A to B: understand what needs to be done to register the tokens in the custom gateway, what security checks need to be done to ensure everything is safe for our ecosystem, what are the consequences of failing these security checks and in which scenarios, and how to effectively implement these changes. As we saw in the previous tally vote for USDS, there is in the current process the possibility of human errors.
I also do understand the above is just one case of sevaral; but, probably, the case that happens the most. Looking forward to hear the process in the call (or read it here) to better frame and understand how this group should look like.

thanks for raising this issue @krst

as a team directly impacted by this current bureacracy overhead it’s important to highlight just how painful it can be to bring an app to arbitrum without seamless onboarding of the app’s token

superboring has been blocked from expanding to arbitrum for many months, even since before the deployment was announced. we couldn’t estimate when we’d get full functionality and eventually we had to work around it against our wishes.

I imagine many other teams have found themselves in a similar position. considering the limited security risk here, review and implementation period should be simplified and aligned to the pace of development of startup teams and entrepreneurs.

Thank you, @krst, for raising this subject. I’ve been exploring this particular problem over the past two weeks and would love to contribute to the working group from the Arbitrum Foundation’s side.

We’re strong supporters of initiatives that improve the DAO’s operational efficiency, and this proposal is a clear step in that direction. Reducing the burden on delegates and streamlining minor technical updates will make the governance process smoother and more scalable.

We also want to echo L2Beat’s comment on the importance of involving both the Arbitrum Foundation and Offchain Labs in the working group. Their participation is critical to ensuring the process remains effective and practically implementable.

I love this move.

This is exactly how we reduce unnecessary governance bloat without compromising oversight. Not every config tweak needs to go through a full-blown constitutional vote, but it still needs structure, accountability, and the right voices at the table.

A working group is the smart middle ground: scoped, transparent, and flexible.

Appreciate L2BEAT for not just flagging the issue, but stepping up to facilitate. Count me in for supporting this next step toward leaner, smarter DAO ops.

Thank you for taking the time to make this proposal, @krst. I’m grateful for the attention after I’ve asked several delegates for help with gateway issues for months. I volunteer to be on a council to do this, no need for funding, let’s get it done. I have some ideas for how we can safely turn over token gateway updates to a council of devs and still maintain DAO veto power.

^This should be considered extremely unacceptable by Arbitrum DAO and Foundation, whose only mission is to grow and steward Arbitrum.

We desperately need to move this to a committee of devs instead of the DAO because its wayyyy to small & technical to waste everyone’s time on, and so hard to do for small dev teams that just want to build on Arbi.

I strongly support this, and ask everyone to move on this quickly, it will have a big impact on builders.

I’m happy to share that we have successfully scheduled the first call for our working group for Wednesday at 12 pm UTC. It will be held on Google Meet: https://meet.google.com/roh-hros-iee. I received confirmation of attendance from both AF and OCL, as well as from some other contributors.

The goal for the first call is just to discuss issues at hand and possible solutions. In particular, I’d like to explore the following topics:

• what kind of maintenance changes (other than adding tokens to the custom gateway) we might want to address
• how should the process look like and who should own specific parts of the process (how should it be initiated, who should be responsible for due diligence, what the communication with the DAO should look like)
• discuss possible solutions, both short and long term, and what is needed for each of them
• if the solution requires writing custom code for the governance contracts - who should be responsible for the development, and what should the process look like
• if there’s a need for allocating additional funds from the DAO

Please feel free to add here in this thread any other topics that you think should be covered.

Important note: this call will not be recorded; instead there will be a meeting note published afterwards

We support the motivation behind this initiative. Given governance has continued to see custom gateway requests, it makes sense to establish a process that becomes more efficient for governance while ensuring safety for the end user.

That said, we have a clarifying question:

The Arbitrum documentation suggests that governance approval is an alternative path for token registration—not the default. Specifically, the ERC20 Bridging docs state:

“Register your token on the parent chain to your token on the child chain via the L1CustomGateway contract.

Have your parent chain token’s contract make an external call to L1CustomGateway.registerTokenToL2.

This registration can alternatively be performed as a chain-owner registration via an Arbitrum DAO proposal.”

If that’s the case, why are projects increasingly opting to go through governance instead of using the standard external registration method?

We would also like to reiterate a point raised in our previous comment on the Sky custom gateway proposal, specifically, the suggestion to create a DAO-approved token list within the Arbitrum bridge. While the current approach removes the need for DAO approval in token registration, a curated token list could still be valuable. Depending on how this working group structures ownership of the process, such a list can serve as a signal of legitimacy and provide users with a reliable reference point for supported assets.

Unfortunately we were unable to join this week’s call but we are looking forward to reviewing the notes once they are posted.

Hi everyone – thanks to @krst for kicking-off this discussion. We agree that the DAO needs a lighter-weight path for housekeeping upgrades like token-gateway listings, fee-receiver tweaks, or metadata corrections.

Here’s our proposed solution to help empower more nimble, competent decision making for maintenance related upgrades, yet have the DAO retain oversight and veto capabilities on changes proposed.

Summary of proposed solution:

1. Create an Optimistic Maintenance Council (5 seat technical council consisting of Offchain Labs, the Arbitrum Foundation, 2 whitelisted security auditors, and a DAO elected technical representative).

2. Proposal authors will have the first week of every month to submit their intent of creating an optimistic proposal. All submissions must follow the standardized template provided by the Arbitrum Foundation. Proposal authors will also need to post a reply to a dedicated forum post to inform the DAO about their intent.

3. The council will use the next 2 weeks to do due diligence on the proposed changes. This includes (not limited to) template completeness, audit hash, proposer legitimacy, and calldata correctness.

4. If the due diligence stage passes, the council will proceed to create the proposal, and at least 3 out of 5 council members will need to vote FOR to progress the proposal to the veto stage.

5. The DAO will have a 7 day veto period to cast their veto votes. For a proposal to be successfully vetoed, a veto quorum (proposed to be 3% of votable supply) AND majority must be achieved. If both conditions are met, the proposal is canceled.

6. If either of the veto conditions are not met at the end of the veto period, the proposal will be optimistically passed, and will be executed.

Optimistic Maintenance Council

Tally proposes the DAO create an Optimistic Maintenance Council to balance technical expertise and independence, while staying nimble enough to keep the maintenance pipeline moving.

Screenshot 2025-08-05 at 2.45.56 AM944×994 68.4 KB

Quorum & Voting Rule

• 3 of 5 seats are required to vote FOR to advance a maintenance proposal to the veto stage.

• Any seat may abstain, but abstentions count as not contributing to quorum; i.e., at least three explicit FOR votes are mandatory.

Conflict-of-Interest Safeguards

1. Council members must disclose any token ownership or service contracts with the proposer.

2. If an auditor has a material conflict (e.g., auditing the same team for another engagement), that seat must recuse in the vote stage and publicly disclose this on the forum thread.

3. Offchain Labs and the Arbitrum Foundation should not accept payments for their seats on the council.

Proposed Process

The proposed process runs for 4 weeks. Proposal authors should only have the first week of each month to submit their intent to create a proposal using the optimistic governance path. Any submissions that fall outside of the first week will be reviewed the following month by the council.

1. Intent window (week 1): Proposal author submits intent using the Foundation-supplied maintenance template on a dedicated forum thread.

2. Due-diligence by Council (weeks 2 and 3): Council confirms template completeness, audit hash, proposer legitimacy, and calldata correctness. Council members discloses COI if relevant.

3. Council vote & on-chain creation (week 3): Proposal is posted to Tally; ≥ 3 of 5 council members must vote FOR within 24 h to advance.

1580×1232 116 KB

4. Optimistic veto (week 4): Seven-day Snapshot where any ARB holder may vote AGAINST. The proposal is blocked only if:

   • a majority (> 50 %) of votes are AGAINST, and

   • veto turnout (decided by the DAO. Tally proposes for it to be 3% of votable supply, which is representative of a voter majority).

     

     1576×852 69.6 KB

5. Execution: If the veto fails, the queued transaction executes automatically. If the veto succeeds, the proposal is cancelled.

1548×612 52.9 KB

1570×712 64 KB

Screenshots of proposal optimistically passing and being executed ^

Screenshot 2025-08-05 at 2.38.16 AM1254×506 44.1 KB

Screenshots of proposal being veto-ed ^

Video demo of end to end flow:

https://www.loom.com/share/4e8581479aa44d0a8d628f74e9ed18b0?sid=5d48ed02-92e9-4300-a0a0-32a041ac8e46

Built-in safeguards

• Scope-limited: Proposals under the optimistic governor path must not include ArbOS upgrades, economic-parameter changes (eg: Timeboost updates), changes to the treasury governor, core governor, security council and elections contracts, and changes to the constitution.

• Public audits required: Audit reports from whitelisted firms must be included in the template, and published in the forum post.

• Full transparency: Tally UI surfaces these proposals as Maintenance – Optimistic, shows council signatures, and surfaces live veto tallies. (see demo)

• Rotating seats – auditor and elected-delegate slots are refreshed annually via Snapshot to prevent ossification.

Benefits

1. Efficiency and Mitigation of Quorum Risk: Maintenance upgrades and token registrations on the custom gateway can be executed in a month, as opposed to going through the entire constitutional AIP governance lifecycle. Additionally, the risks of these constitutional proposals failing because of failure to achieve quorum is mitigated.

2. Delegate focus: Constitutional bandwidth is reserved for material protocol changes like ArbOS upgrades, changes to the core governor contracts, and improvements to the security council elections.

3. DAO Oversight and Veto Capabilities: Delegates can still block anything contentious.

Recommended next steps for the working group

• Discuss feasibility and sentiment on Tally Optimistic Governance flow on governance calls.

• Align on the exact veto quorum (3% is our recommendation).

• Publish the forum template and the monthly “intent” calendar.

Tally is ready to contribute UI work, contract code, and process documentation. We look forward to collaborating with L2BEAT, Offchain Labs, the Arbitrum Foundation, and delegates to refine and ratify this track.

@cliffton.eth did you guys considered adding this responsibility to the current Security Council, instead of creating another council just for this?

Hello @cliffton.eth! Thank you very much for this proposal.

At SEEDGov, we had been researching how to help the DAO with this issue, so we would like to contribute to the discussion with part of this analysis.

The Committee Structure

At this point, we all agreed that a specialized committee was necessary. In our analysis, we considered a similarly structured committee, including an external contributor from the DAO with technical knowledge and communication skills to keep the DAO informed about developments in the Council. From our perspective, the proposed structure seems like a good option.

The current model in practice:

In the most recent token integrations into the native bridge, we experienced several delays until final implementation:

• Register $BORING in the Arbitrum generic-custom gateway: Posted in the forum on May 13th, 2025, execution expected on August 25th, 2025. (104 days)

• Sky Custom Gateway: Posted in the forum on March 3rd, 2025, executed in L1 on July 22nd, 2025 (141 days).

• Upgrading RARI Governance Token on Arbitrum: Posted in the forum on August 5th, 2024, executed in L1 on October 31st, 2024 (87 days).

This means that reducing the delay to 30 or even 40 days is a big win compared to the current situation. Not to mention the fact that builders would have a clear and simplified path to include their tokens in the native bridge.

The Current Model in Theory

In the current governance process, we understand that there is a proposer who loads the payload, the vote is executed, and once approved, it is sent to the L2Timelock contract, where in cases like this involving a transaction (a message with instructions) from L2 to L1, there is an 8-day timelock before sending the message through the fraud proofs (7-day delay) and finally a 3-day timelock delay in the L1Timelock contract.

Now, the L2Timelock contract has the following roles:

1. PROPOSER_ROLE

• Function: They can propose actions to be executed after the timelock period

  • Who has it:

    • The Core Governor

    • The Security Council

1. EXECUTOR_ROLE

• Function: They can execute actions after the timelock expires

  • Who has it: Anyone can execute (configured as public role)

1. CANCELLER_ROLE

   • Function: They can cancel pending proposals

     • Who has it:

       • The Core Governor

       • The Security Council

2. TIMELOCK_ADMIN_ROLE

   • Function: They can change the minimum timelock delay and manage roles

     • Who has it:

       • The UpgradeExecutor (Governor)

In this case, what interests us is the proposer_role and the canceller_role which indicates who can cancel transactions. The L2Timelock allows adding more than one address to these roles.

In our analysis, we had considered two options:

Option 1: Direct Maintenance Committee Integration with L2 Timelock

Approach: Add the Maintenance Committee Multisig directly as a proposer to the L2 Core Timelock with a custom 20-day delay and restricted function scope.

Maintenance Committee Flow:

Maintenance Committee Multisig
    ↓ (20 days L2 timelock delay) - Here the DAO can Veto via on-chain vote
Modified L2 Timelock
    ↓ (8 days L2 timelock delay)
L2 Core Timelock
    ↓ (7 days L2→L1 message delay)
L2→L1 Message
    ↓ (3 days L1 timelock delay)
L1 Timelock

Total: 38 days

image1920×2038 142 KB

To make this possible, it would be necessary to modify the L2Timelock contract by admitting the committee to its proposer role, only for certain types of transactions and with a special Timelock, allowing the DAO to veto with a vote during “20 days” (number thought for the DAO to execute constitutional votes of 14-16 days)

This implies even modifying the original core L2Timelock contract so that it only accepts certain types of transactions from a specific proposer and that these transactions have a different delay than the rest, so from our perspective, it is the riskiest option.

This is where we have our first two questions regarding Tally’s proposal:

1. Is the Optimistic Governor Path designed as a separate module from the traditional Core Governor?

2. Would it be correct to assert that in this case, we are facing a similar situation regarding the proposer role? What we understand is that, whether we are dealing with a multisig (for example, similar to how the Security Council works, with the ability to propose and cancel proposals) or we are dealing with a separate governance module, it would be necessary for the L2Timelock to be updated to accept proposals and cancellations from new addresses with these roles.

These questions are important to understand the technical nature of these changes.

• Are we building a new Governor Contract with different rules?

• Are we modifying the existing Governor?

• Is there a need to make additional changes to the L2Timelock?

• If these last two questions are affirmative, don’t you think it’s a high risk to upgrade or modify any core governance contract, and requires deeper analysis? We raise this concern because Arbitrum has the largest TVL among L2s, and we must exercise caution when implementing these types of changes.

These are the questions we asked ourselves when investigating possible solutions, which is why we believe in the need to seek solutions that minimize any changes to the current core contracts and we believe that the best approach would be to create a WrappedL2Timelock as L2Timelock Proposer, with its own logic to accept, reject or dispute transactions related to maintenance/token listing tasks in the bridge.

Option 2: WrappedL2Timelock as L2 Timelock Proposer

Approach: Deploy the WrappedL2Timelock and add it as a proposer to the existing L2 Core Timelock, maintaining the original timelock’s integrity. The wrapper handles function restrictions internally, eliminating the need for core timelock modifications. Note: This option still requires granting the PROPOSER_ROLE to the WrappedL2Timelock in the L2 timelock, but does not require modifying the timelock contract itself.

Maintenance Committee Flow:

Maintenance Committee Multisig
    ↓ (20 days internal delay) - Here the DAO can Veto via on-chain vote
WrappedL2Timelock
    ↓ (8 days L2 timelock delay)
L2 Core Timelock
    ↓ (7 days L2→L1 message delay)
L2→L1 Message
    ↓ (3 days L1 timelock delay)
L1 Timelock

Total: 38 days

image1920×1504 97.4 KB

In this case, an external contract is created, with its own delay parameters, accepted transaction types, and possibility of veto via on-chain vote, as well as the possibility that the same Security Council that has veto power in the L2Timelock possesses the same ability in this external contract. In this way, the external contract would adhere to the same security standards as the L2Timelock itself, except for the Maintenance Committee Multisig. However, this approach doesn’t bring many advantages because it has the same 38-day delay as the previous approach.

Option 2B: WrappedL2Timelock with Dispute Mechanism (8-day delay + dispute)

Approach: Deploy the WrappedL2Timelock with a reduced 8-day delay and add a dispute mechanism that allows delegates with 5M+ ARB to trigger a dispute function plus constitutional vote. We believe this is the best approach:

Maintenance Committee Flow (No Dispute):

Maintenance Committee Multisig
    ↓ (8 days internal delay)
WrappedL2Timelock
    ↓ (8 days L2 timelock delay)
L2 Core Timelock
    ↓ (7 days L2→L1 message delay)
L2→L1 Message
    ↓ (3 days L1 timelock delay)
L1 Timelock

Total: 26 days

Maintenance Committee Flow (With Dispute):

Maintenance Committee Multisig
    ↓ (8 days internal delay)
WrappedL2Timelock
    ↓ (Delegate with 5M+ ARB disputes)
    ↓ (Transaction is stopped) 
    ↓ (DAO constitutional vote)
    ↓ (If AGAINST veto: 8 days L2 timelock delay)
L2 Core Timelock
    ↓ (7 days L2→L1 message delay)
L2→L1 Message
    ↓ (3 days L1 timelock delay)
L1 Timelock

Total: > 43 days (depending on the results of the dispute)

image1920×1531 110 KB

Basically, the committee proposes a transaction to the WrappedL2Timelock, there is an 8-day window during which any delegate with more than 5M ARB can dispute the transaction and stop it (this is equal to the amount of ARB needed to propose a transaction in the governor). After this, the DAO has to vote to resolve the dispute, either by canceling the transaction proposed by the committee (in favor of the dispute) or allowing the transaction to be sent to the main L2Timelock. When a proposal is disputed, there is no set time because the WrappedL2Timelock contract waits for a resolution from the DAO to continue with the process. This allows greater flexibility and is not subject to arbitrary time limits.

In the future, this WrappedL2Timelock contract could be used to add new maintenance services. And the base security of the Core contracts will always be maintained.

Note: Governance should be the owner of this contract and be able to update it, change roles, revoke them, and change the delay time.

Some final considerations

What we notice with the scheme proposed by Tally is that, while it simplifies the current process, we still always depend on a vote that, while optimistic, is necessary with every action we want to perform. Regarding the vote itself, we have some observations to make:

We understand that by definition, these transactions remain as constitutional proposals, since there are protocol modifications that involve sending an L2 to L1 message, as is the case with protocols that want to whitelist their tokens in the native bridge and have to follow the process and constitutional quorum. It wouldn’t be bad if it’s 3%, from our perspective, maintenance updates, as long as they have a limited scope in the code, should be subject to lower standards vs the standards required for ArbOS updates, governor changes, etc. But for this, the Constitution should be changed so that we include this subcategory with a new quorum threshold.

Now, if we are going to use the current 4.5%, there is something to consider: Generally, the DAO reaches this threshold in the last days of voting, within a 14-day process. This tells us that it is likely that we will have difficulty reaching the quorum in just a week, even when there is unanimity about the veto.

We mention all this because if the system forces a vote by default and we finally decide to have a 14-day vote with the constitutional quorum instead of changing the Constitution, we will have a process quite similar to the existing one except for the initial engagement with the Council and the Template, and the fact that if delegates don’t vote, there’s no quorum and therefore no veto, but the vote and delay exist anyway. Having said this, we have some final questions:

• As we asked before, it would be interesting to know the technical nature of the proposed changes, whether we are dealing with a new governance module that should be included as a proposer in the L2Timelock, or if we are making changes directly to the existing Governor.

• Will the Security Council have any role in this process? We understand that it wouldn’t be optimal for the Security Council to have the Maintenance Council role since it’s necessary to involve OCL, and it would imply having a Maintenance Council that rotates every 6 months, but it would be interesting for them to maintain veto power over transactions sent to the L2Timelock.

• Wouldn’t a model where you only vote when necessary be better? With the current proposed model, delays exist by default due to the DAO’s veto window. Considering what was explained above regarding the quorum and the days needed to reach it, at the end of the day, all projects would still need to wait 14 days of voting to list their tokens unless we change the Constitution, and there wouldn’t be much difference with the current governance process.

We support Tally’s ( @cliffton.eth ) suggestion of introducing Optimistic Governance for this type of routine operation. Given that most maintenance upgrades tend to be unanimously approved by the DAO, this approach could significantly reduce governance overhead without compromising transparency or security.

That said, we don’t believe the creation of an ad-hoc council is necessary. With the recent release of Offchain Labs’ standardised token registration template for ERC-20 token proposals to the Arbitrum Generic Custom Gateway, much of the friction in the current process is already being addressed. While we acknowledge not all maintenance upgrades involve token registrations, this is the only class of upgrade (to our knowledge) not initiated by either OCL or AF—making the template a valuable step toward simplifying the remaining edge cases.

We also align with @paulofonseca ’s view that this function could be effectively delegated to the Security Council, rather than introducing new governance structures.

In summary, we believe a combination of the OCL template, Security Council review, and a DAO optimistic governance vote would provide a streamlined, efficient, and secure path forward.

Agreed, this proposal needs to move forward to improve developer experience and overall interaction with Arbitrum’s processes. We support an optimistic approach and prefer to avoid creating an additional council as well, if possible. What are the next steps to move it forward?

Thank you @paulofonseca @SEEDGov @karpatkey @blockful and @web3citizenxyz for your comments!

I’d personally agree that the Security Council would be the most apt body to take on this role as well, and think that this falls nicely under the non-emergency actions category (as per the Constitution, this is defined as implement routine software upgrades, routine maintenance and other parameter adjustments in a non-emergency setting). While there might be concerns over the 6 month rotation of signers, this could be addressed as part of the onboarding process for elected members.

@SEEDGov also proposes good alternatives around creating a WrappedL2Timelock with a dispute mechanism - our concern around this, and this might be an edge case, is that a malicious delegate with >5M voting power could just raise disputes on all proposals created by the committee/security council, essentially forcing all these proposals to go through the constitutional proposal path. Perhaps the threshold being higher could address this concern, but from a process design perspective, we think that having all proposals go through a veto period with a sufficient veto quorum mitigates this potential issue altogether.

Hi @cliffton.eth, thanks for your reply!

While we agree that these are non-emergency actions that fall under the category of routine upgrades/maintenance, we’d like to emphasize what it would mean for the Security Council to carry out the entire process.

As you correctly pointed out in your previous comment, there’s a process of about 2 to 3 weeks that includes initial engagement from the proposal author through a template, followed by a thorough review by the responsible committee.

In this sense, we believe that proposing a specialized committee for this task makes more sense, as we can ensure its composition meets the criteria required for executing these responsibilities. The composition proposed by Tally is reasonable, as it directly involves OCL and AF (from our perspective, they must remain involved), and it also includes technical specialists who can support them.

One alternative we previously considered was to replace Security Auditors A and B with one Security Council member from each cohort. This would preserve Security Council involvement while significantly reducing rotation, especially considering the Foundation has published a proposal to extend the Security Council term to two years.

Regarding this, we agree it’s a low-probability edge case.

First, if a malicious delegate had >5M VP, they could cause more harm by directly creating proposals on Tally than by simply spamming disputes to delay the listing of a token. In other words, if we had such a delegate, we’d be more concerned about their broader influence than about the delay of routine maintenance updates.

Second, we consider this to be a highly unlikely scenario — as acquiring 5M VP today would require over $2.5M in capital just to delay a token listing. And even then, that wouldn’t be enough to stop it, as other delegates would still need to support the dispute in order to cancel the upgrade.

We continue to believe that the most sensible approach is to only require a vote when strictly necessary, instead of having a default vote/veto process. It’s worth noting once again that the proposed 7-day veto window with a 3% quorum would require a constitutional amendment. Otherwise, we’d revert to a 14-day veto period with a 4.5% quorum to cancel a malicious transaction.

We also believe that the approach we proposed minimizes the number of changes required to the Core Governance contracts, and once again, we’d be interested in understanding — from a technical perspective — the implications of the proposal made by Tally, as we previously asked in our earlier response:

This is a practical step forward. Requiring a full constitutional vote for routine maintenance tasks like token registrations clearly creates unnecessary governance overhead. Establishing a dedicated working group with representation from the DAO, the Foundation, and Offchain Labs seems like the right balance between agility and accountability.

My only recommendation would be to define clear scope boundaries for the working group upfront, so it’s limited to low-risk maintenance and cannot be misused for broader policy changes. Regular status updates (bi-weekly, as suggested) will also be key to maintaining transparency. Overall, I support this initiative

Appreciate the response @SEEDGov !

We’re open to either option and see benefits (and disadvantages) of both approaches. I’d personally not opt to substitute a security council member - there might come instances where the selection of which member gets unnecessarily complicated potentially (need to coordinate who gets selected, get their buy-in, etc). Not hard on this stance though.

I agree that the creation of malicious and/or spam proposals is actually the more probable attack vector. That said, if optimistic governance is approved and implemented, there could be more use cases beyond token listings that gets added under the scope of optimistic governance (think maintenance updates like the recent Remove Cost Cap, Update Executors, Disable Legacy USDT Bridge proposal, Nova Fee Sweep action(bundled with Timeboost which wasn’t ideal), and RIP-7212 Support and Nova Fee Router actions (bundled with Stylus)). I think it is entirely possible for a malicious actor (or even a competitor) to acquire that VP to block and route these decisions that should have been made under optimistic governance to the regular Constitutional AIP route.

Internally within Tally, we are considering removing the requirement for delegates to vote “Support” because mandatory voting contradicts the core principle of optimistic governance, that routine decisions should proceed automatically unless there’s active opposition. Our current thinking is that the optimistic proposal should be automatically veto-ed and canceled in the event that the voting quorum is achieved, rather than having delegates be called upon to vote in Support. Curious to hear thoughts here.