We provide an overview of the Security Council member role, including:
- Responsibilities of Security Council members,
- Key attributes to look out for when evaluating candidates,
- Accountability of the Security Council members.
What is the Security Council?
The Security Council, consisting of 12 members chosen by the ArbitrumDAO, has the power to upgrade bridge smart contracts.
They can take action in both emergencies and non-emergencies, following the rules in the Arbitrum Constitution. For instance, if a critical security issue is reported privately to the Arbitrum Foundation, the Security Council assesses the situation. If necessary, they can approve an upgrade to fix the problem.
Choosing the right council members is crucial to the security of the Arbitrum ecosystem due to the authority granted to them.
Council Member Responsibilities
All Security Council members are paid $5k in ARB per month and they are expected to fulfil the following responsibilities:
- Be Aligned: Uphold the Constitution of the ArbitrumDAO and act in the best interests of the Arbitrum ecosystem.
- Be Diverse: Collectively represent a broad mix of geographies, time zones, and organizations to ensure capture resistance and rapid response capability.
- Maintain Strong OpSec: Prioritize operational security, including (but not limited to) using a fresh, dedicated hardware wallet for this specific role.
- Be Available: Be ready to prioritize Arbitrum and respond immediately in the event of an emergency.
- Be Proactively Engaged: Collaborate with fellow Security Council members when action is needed, and participate in security drills and flag day events organized by the Arbitrum Foundation.
- Communicate Effectively: Coordinate with the Foundation to clearly communicate the need for emergency and non-emergency actions, and provide timely follow-ups.
- Act Responsibly: Document all actions, publish a transparency report after emergency actions are taken, and protect confidential information until that report is released.
- Demonstrate Competence: Independently assess technical situations, evaluate proposed solutions, and understand desired outcomes during emergencies.
- Be Reputable: Bring prior experience in managing blockchain security incidents (i.e. experience in ‘war rooms’).
Example Behaviours and Attributes of Good (and Bad) Security Council Members
| A Good Member is | A Bad Member is |
|---|---|
| Familiar, engaged, and aligned with the Arbitrum ecosystem. | Someone who does not care about the success and future of Arbitrum, and has conflicts of interests that may impede their judgement. |
| Able to keep good operational security and operate a hardware wallet securely. Additionally, they are someone with good security hygiene and follows best practices. | Oblivious to the responsibilities they carry, and are careless with hardware wallet security. |
| Willing to engage with the other Security Council members when emergency / non-emergency actions are necessary, and aid the Foundation in documenting post-mortems and publish transparency reports. | Someone who exhibits free-rider behaviour, and does the bare minimum in emulating what the other Security Council members do. |
| Willing to wake up 3am for a drill ensuring all members are reachable in case of an emergency. | Away all year round (unannounced) and not engaging in practice runs and discussions with other council members. |
| Deeply responsible for the security of Arbitrum. | Only motivated by financial compensation, as this role comes with serious obligations. |
| Unique in location, background and occupation (in comparison to other Security Council members). | Similar to other Security Council members. |
| Able to think critically and independently to understand what action the Security Council is taking, determine whether the proposed action will have the desired outcome, and critically assess whether this is a good idea (which requires both technical and non-technical judgement) - as there may be situations where there isn’t an obvious answer. | Someone who does not come from a technical background, is unable to review code nor understand what they are signing. |
The characteristics above should be considered when casting your vote. After all, it is up to the Arbitrum community to vote for candidates who will participate as a member in the Security Council member. It is critical to pick members who will act in good faith, think critically and independently, and perform their duties. A final judgement is not always about technical prowess, but willingness to take up the role and actively participate.
Security Council Member Accountability
As outlined in the Arbitrum Constitution, there are two methods to remove a Security Council member if they fail to faithfully fulfil their role:
- At least 10% of all Votable Tokens have casted votes “in favor” of removal and at least 5/6 (83.33%) of all casted votes are “in favor” of removal;
- At least 9 of the Security Council members vote in favor of removal.
Each member of the Security Council bears accountability not only to the ArbitrumDAO but, most significantly, to their fellow council members.
Of course, the removal of a Security Council member is a publicly detectable event, and substantial public discourse should follow the removal of any members.