Thank you for taking the time conduct a security analysis of ARB staking. On behalf of Tally, I’d like to share a few points in response to your analysis.
The current phase of the proposal is to develop the staking system. The DAO will have the opportunity to evaluate the implementation details and source code of the system once it is complete. As indicated in the proposal, the DAO will vote separately on the implementation of ARB Staking after it has completed development and audit.
ARB Staking would be implemented as a proxy contract controlled by the Arbitrum Core Governor, just like the ARB token and the Arbitrum Governance contracts.
ARB staking would have a few administrative functions, controlled by Arbitrum DAO:
- Block incorrect Karma scores
- Change the score provider
- Change the staking fee schedule
stARB (the Tally Protocol LST) would be deployed as an immutable, non-upgradeable contract. The delegation strategies would be assigned by the Arbitrum DAO. The only part of the system Tally manages is the rebalancing of underlying assets.
We agree. We included a budget for $60,000 of audits in the proposal. We’re open to further suggestions of precautions that can be taken from the ARDC and the Arbitrum community.
The underlying ARB staking contracts, like UniStaker, will not have a withdrawal period. The positions are non-liquid and rewards are dripped continuously over time
stARB does/can have a withdrawal period, configurable by the DAO. The expectation is that it will be very short and is there only to prevent people from abusing the reward mechanism (i.e. staking right before a reward, claiming a chunk of it, and immediately unstaking).If there is a price difference, arbitrageurs can instantly unstake stARB and sell it as ARB to close the price difference. This easy arbitrage opportunity minimizes price discrepancies and makes it difficult for any potential governance attacker to acquire ARB at a discount.
Our recommendation here is again to proceed with caution when moving forward with this proposal. For example, referencing Delphi-Digital response, were as the ARB supply grows and if the quorum increases too quickly w/ token supply. The same issue could arise all over again leading to people not being incentivized to stake/delegate.
Could you expand on this point? We expect the opposite effect. ARB staking rewards participation, making it easier to reach quorum.
Moreover, an increase in complexity and attack surface for the DAO opens it up to new ways of being attacked. In addition, with the volatile price movements of LSTs extra care should be taken with launching to help prevent any risks that come with it.
I believe we’ve addressed most of these concerns above. Are there other classes of attacks that you’re concerned about beyond what has been specifically addressed in this post?
This could include, thoroughly fork testing different market scenarios such as initial launch, during a market downturn, etc. Proper market monitoring should be put in place to alert the community to take action if needed. While also ensuring the entire protocol be subjected to a security audit.
We agree and plan to address all of these items in the ARB staking implementation.