We provide an overview on the role of a Security Council member and it includes:
- Responsibilities of Security Council members,
- Key attributes to look out for when evaluating whether a nominee may be a good security council member,
- Accountability of the Security Council members.
The Security Council, consisting of 12 members chosen by the Arbitrum community, has the power to upgrade bridge smart contracts.
They can take action in both emergencies and non-emergencies, following the rules in the Arbitrum Constitution. For instance, if a critical security issue is reported privately to the Arbitrum Foundation, the Security Council assesses the situation. If necessary, they can approve an upgrade to fix the problem.
Choosing the right council members is crucial to the security of the Arbitrum ecosystem due to the authority granted to them.
All Security Council members are paid $5k in ARB per month and they are expected to fulfil the following responsibilities:
- Uphold the Constitution of the Arbitrum DAO.
- Be available and contactable by the Arbitrum Foundation in case of an emergency.
- Proactively engage with all other Security Council members when an action is necessary.
- Work with the Foundation to actively communicate the need for emergency and non-emergency actions when an issue is detected, and provide follow ups accordingly.
- Document all actions and publish a transparency report after the emergency actions are completed.
- Maintain confidentiality of critical vulnerabilities and other sensitive information until the transparency report is published.
- Participate in security drills and flag day events organised by the Arbitrum Foundation.
- Prioritise operational security which includes, but not limited to, the use of a dedicated hardware wallet for this single role.
- Independently understand all security incidents and how the proposed upgrade will fix it.
|A Good Member is||A Good Member is not|
|Familiar, engaged, and aligned with the Arbitrum ecosystem||Someone who does not care about the success and future of Arbitrum|
|Able to keep good operational security and operate a hardware wallet securely. Additionally, they are someone with good security hygiene and following best practices||Oblivious to the responsibilities they carry, and are careless with hardware wallet security.|
|Will voluntarily engage the other Security Council members when emergency / non-emergency actions are necessary, and aid the Foundation in documenting post-mortems and publish a full transparency report.||Someone who exhibits free-rider behaviour, and does the bare minimum in emulating what the other Security Council members does.|
|Willing to wake up 3am for a drill ensuring all members are reachable in case of an emergency||Away all year round and not engaging in practice runs and discussions with other council members|
|Deeply responsible for the security of Arbitrum||Only motivated by financial compensation, as this role comes with serious obligations|
We have put together some character features to consider when casting your vote which includes alignment to Arbitrum, operational security, engagement, availability and whether they are ready to protect the Arbitrum eco-system.
After all, it is up to the Arbitrum community to vote for nominees who will will participate as a member in the Security Council member. It is critical to pick members who will act in good faith and perform their duties as a council member. A final judgement is not always about technical prowess, but willingness to take up the role and actively participate.
As outlined in the Arbitrum Constitution, there are two methods to remove a Security Council member if they fail to faithfully fulfil their role:
- At least 10% of all Votable Tokens have casted votes “in favor” of removal and at least 5/6 (83.33%) of all casted votes are “in favor” of removal;
- At least 9 of the Security Council members vote in favor of removal.
Each member of the Security Council bears accountability not only to the Arbitrum DAO but, most significantly, to their fellow council members.
Of course, the removal of a Security Council member is a publicly detectable event, and substantial public discourse should follow the removal of any members.