We provide an overview on the role of a Security Council member and it includes:
- Responsibilities of Security Council members,
- Key attributes to look out for when evaluating whether a candidate may be a good security council member,
- Accountability of the Security Council members.
What is the Security Council?
The Security Council, consisting of 12 members chosen by the Arbitrum community, has the power to upgrade bridge smart contracts.
They can take action in both emergencies and non-emergencies, following the rules in the Arbitrum Constitution. For instance, if a critical security issue is reported privately to the Arbitrum Foundation, the Security Council assesses the situation. If necessary, they can approve an upgrade to fix the problem.
Choosing the right council members is crucial to the security of the Arbitrum ecosystem due to the authority granted to them.
Council Member Responsibilities
All Security Council members are paid $5k in ARB per month and they are expected to fulfil the following responsibilities:
- Be Aligned: Uphold the Constitution of the ArbitrumDAO and have the Arbitrum ecosystemâs best interests at heart
- Be Diverse: Spread across geographies, time-zones, and organizations to add to the Security Councilâs diversity
- Have Good OpSec: Prioritise operational security which includes, but not limited to, the use of a dedicated hardware wallet for this single role
- Be Available: and contactable in case of an emergency
- Be (Proactively) Engaged: with all other Security Council members when an action is necessary, and participate in security drills and flag day events organised by the Arbitrum Foundation
- Have Good Communication: Work with the Foundation to actively communicate the need for emergency and non-emergency actions when an issue is detected, and provide follow ups accordingly
- Be Responsible: Document all actions and publish a transparency report after the emergency actions are completed, and maintain confidentiality of critical vulnerabilities and other sensitive information until the transparency report is published
- Be Competent: Independently assess, evaluate and understand a technical situation, as well as the respective solution and desired outcome, during an emergency
- Be Reputable: Be experienced with emergencies and security incidents in the blockchain ecosystem (i.e. has been in âwar roomsâ, and knows how to communicate with confidentiality accordingly)
Good (And Bad) Values and Practices of Security Council Members
| A Good Member is | A Good Member is not |
|---|---|
| Familiar, engaged, and aligned with the Arbitrum ecosystem | Someone who does not care about the success and future of Arbitrum, and has conflicts of interests that may impede their judgement |
| Able to keep good operational security and operate a hardware wallet securely. Additionally, they are someone with good security hygiene and following best practices | Oblivious to the responsibilities they carry, and are careless with hardware wallet security. |
| Will voluntarily engage the other Security Council members when emergency / non-emergency actions are necessary, and aid the Foundation in documenting post-mortems and publish a full transparency report. | Someone who exhibits free-rider behaviour, and does the bare minimum in emulating what the other Security Council members does. |
| Willing to wake up 3am for a drill ensuring all members are reachable in case of an emergency | Away all year round and not engaging in practice runs and discussions with other council members |
| Deeply responsible for the security of Arbitrum | Only motivated by financial compensation, as this role comes with serious obligations |
| Unique in location, background and occupation (in comparison to other Security Council members) | Similar to other Security Council members |
| Able to think critically and independently to understand what action the Security Council is taking, determine whether the proposed action will have the desired outcome, and critically assess whether this is a good idea (which requires both technical and non-technical judgement) - as there may be situations where there isnât an obvious answer | Someone who does not come from a technical background, is unable to review code nor understand what they are signing |
The character features above should be considered when casting your vote. After all, it is up to the Arbitrum community to vote for candidates who will will participate as a member in the Security Council member. It is critical to pick members who will act in good faith, think critically and independently, and perform their duties as a council member. A final judgement is not always about technical prowess, but willingness to take up the role and actively participate.
Security Council Member Accountability
As outlined in the Arbitrum Constitution, there are two methods to remove a Security Council member if they fail to faithfully fulfil their role:
- At least 10% of all Votable Tokens have casted votes âin favorâ of removal and at least 5/6 (83.33%) of all casted votes are âin favorâ of removal;
- At least 9 of the Security Council members vote in favor of removal.
Each member of the Security Council bears accountability not only to the Arbitrum DAO but, most significantly, to their fellow council members.
Of course, the removal of a Security Council member is a publicly detectable event, and substantial public discourse should follow the removal of any members.