The Watchdog: Arbitrum DAO's Grant Misuse Bounty Program

Abstract

The Arbitrum DAO has allocated over 422m ARB tokens across various initiatives, including incentive programs, grants, investment vehicles, and service providers, amounting to a total spend in the nine-figure USD range. While these allocations have driven significant growth and innovation, there has been minimal oversight or review of how these funds are ultimately used, and no system currently exists to incentivize the identification and reporting of fund misappropriation. Although three instances of misuse have been uncovered, it is likely that additional cases remain undetected.

In response, Entropy Advisors proposes the establishment of a grant misuse bounty program dubbed “The Watchdog” to incentivize the identification and reporting of misused DAO-allocated funds. The program would utilize an incentive mechanism to reward community contributors and investigators who submit verifiable reports of misappropriation. If the proposal passes a temperature check, Entropy will manage a selection process to determine a suitable platform to host the Watchdog program.

Motivation and Rationale

By offering financial rewards for valid reports of misappropriation, there will be a stronger motivation for community members to contribute skills or information that aid in identifying misconduct in the DAO. Today, the identification of wrongdoing can result in retaliation, unnecessary friction within the DAO, and other negative externalities for the investigators, and with no incentive to bring forth allegations, it is unlikely that most community members would. The Watchdog program creates a decentralized force of accountability, augmenting the DAO’s capacity to detect abuse that would likely otherwise go unnoticed while protecting the member from repercussions.

Arbitrum DAO’s successful identification of misappropriated funds, whether by a service provider, protocol, grant recipient, or anyone else that receives funds from Arbitrum DAO has two large benefits:

  1. The DAO (likely through the Foundation, as it has done so in the past) may be able to recapture some of the funds. This could involve legal avenues, smart contract enforcement (clawbacks / stream stopping), or community pressure.
  2. The evidence can be used to identify possible improvement opportunities in the underlying programs and make more informed decisions surrounding the recognized bad actors in the future.

Other benefits include a mechanism for malicious action deterrence and bringing sophisticated onchain sleuths into the DAO.

Just the existence of a transparent and well-publicized bounty program will likely deter some malicious actors from misusing DAO funds in the first place. Knowing that the community has the tools and incentives to identify misallocation increases the risk of exposure for those who might consider abusing the DAO’s trust. Recipients of DAO funds will need to think twice before acting in a way that doesn’t align with the DAO’s strategic objectives, rules, and the broader interests of Arbitrum.

By allowing anyone to submit evidence-based reports of misuse anonymously, the program empowers the entire Arbitrum and crypto ecosystem to take an active role in maintaining the financial health and integrity of the Arbitrum DAO. We hope this fosters a culture of vigilance, good intentions, and accountability while bringing white-hat actors into the ecosystem.

Specifications

The Watchdog program will extend to ALL DAO-funded initiatives including end recipients of other programs such as the Questbook Domain program, Stylus Sprint, Arbitrum Foundation grants, and the incentives programs. The process for rewarding those who successfully identify fund misuse will start with a temporary solution utilizing a small committee of reviewers with a long-term plan for the program to eventually fall under OpCo, if and when it is stood up.

The workflow for bounties will be as follows:

1. Report Submission

  • Anyone (watchers) can identify potential misuse of funds that originated from the DAO and submit an evidence-based report to a designated section on a to be determined bounty platform. The report remains private during the initial submission phase.

2. Review Process

  • A whitelisted group of three DAO-associated reviewers will have the ability to review the submitted reports. We propose the group of initial reviewers to comprise the Arbitrum Foundation, Entropy Advisors, and the elected Research Member of the ARDC. This structure would help minimize operating costs of the program, but we are open to other group structures and electing members if the community disagrees with the proposed reviewers. Entropy and the Arbitrum Foundation will be waiving payment as reviewers and the ARDC Research Member will be paid at their stated hourly rate. We anticipate the review process for a Watchdog report to take a minimal amount of hours.
  • The three reviewers will discuss reports and, if required, will contact the concerned party for clarifications. If two or more reviewers agree (at their discretion) that the submission is based on substance and rules have been broken, the watchers (individual or group) will receive their bounty. The reviewers will also determine the level of severity of the misuse, which will impact the bounty reward as outlined in step 4.
  • In the case the ⅔ of the reviewers deem there has been fund misuse, the reviewers will then work together with the Arbitrum Foundation to open up private channels of communication with the concerned party and attempt to get the funds back for the DAO.
  • Reviewers are required to abstain from specific review processes if a conflict of interest (COI) is identified. If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report. If the report is made public, the reviewers’ identified COIs will be published at the same time.

3. DAO Forum & Snapshot Voting

  • If all attempts at backchanneling are failed, the report will be posted to the forum with all the watcher’s personal and identifiable information redacted in the version posted publicly.
  • The DAO will vote via Snapshot on whether or not the violation constitutes a DAO ban. Delegates can reference the Furucombo instance as an example.

4. Reward Mechanism

  • If the review committee deems a report valid at their discretion, they will deem what level of misuse.
    1. Low: 5K ARB
    2. Medium: 20K ARB
    3. High: 50K ARB
  • If the report leads to the successful recapture of funds, 5% of the recovered funds will be awarded to the watcher.
    1. The 5% share is capped at $100K. This reward is in addition to the reward above.
    2. If recaptured funds are denominated in a volatile asset, the reward awarded to the watcher will be calculated as the 30D TWAP of the underlying on the day the transfer is made.
  • Watchers will be required to undergo Foundation KYC before being eligible for rewards.
  • The program will run until the 500K ARB is exhausted from valid misuse reports. Once 100k ARB remains, a proposal will be put forward to the DAO to extend the budget or shut down the program.

We believe that this mechanism is optimal for the time being, but if/once OpCo is stood up, the program could be moved into its domain. If done so, the reviewer and voting mechanism would likely need to be restructured.

Steps to Implement: RFP Process

It will be necessary to create a secure platform where community members or contributors can submit their reports. This will ensure confidentiality and data security for all parties involved. With the requirements resembling a bug bounty program, we imagine that an existing platform can quickly build the necessary portal. If the proposal passes a temperature check, Entropy will directly contact potential providers and solicit bids. The selected provider and the required budget will be presented to the DAO before the proposal moves to Tally. The Arbitrum Foundation will serve as the counterparty for the agreement.

Budget

Rather than setting a maximum budget for the RFP, the process will be conducted before moving to Tally. Post selection, the proposal will be updated with a final request.

In total 520,000 ARB + the necessary amount of ARB for the selected bounty platform (determined by RFP process) will be sent to a new MSS multisig in order to facilitate the program.

  • 500,000 ARB available to reward valid Watchdog reports.
  • 20,000 ARB to cover a minimum of 50 hours of the ARDC Research member. This is an overestimation and excess ARB will be returned if the program moves under OpCo or is disbanded after a 6 month trial.
  • Amount of ARB necessary to build and host the Watchdog program. To be determined through a RFP process.

The expectation will be that 6 months post program launch, Entropy Advisors will raise a subsequent vote to the DAO in order to gauge the program’s success. At this point the DAO can determine if the program should continue in its current state, be moved under OpCo if or when it is stood up, or if the program should be discontinued.

Timeline

December 20th: Forum post
January 9-16th: Snapshot vote
January 20th : Procurement process begins
TBD: Onchain Vote
TBD: Program is launched

Voting Options

With the RFP process happening pre-Tally ratification, the Snapshot vote will be subjected to the non-constitutional quorum requirements of 3% of the votable token supply with a simple majority of votes in favor/abstain.

It will be a basic vote with FOR, AGAINST, and ABSTAIN as the three options.

Conflicts of Interest

Outside of being placed as one of the three reviewers, Entropy does not have any other conflicts of interest to disclose as part of this proposal.

9 Likes

I strongly support the idea of a misuse bounty program. The cost to implement such a program is minimal, and the benefits are significant. Not only would it serve as an effective deterrent against “grant farmers” and other bad actors who might otherwise exploit DAO-allocated funds, but it would also encourage greater accountability across the ecosystem. In fact, I personally know of two cases I’d be ready to bring to the Watchdog’s attention once the program is live.

I suggest creating a well-crafted document or set of guidelines that clearly defines what constitutes “misuse” of funds. This will help us avoid unnecessary witch hunts or false accusations, while ensuring that genuine wrongdoing is appropriately addressed.

4 Likes

babe wake up, Entropy finally dropped the watchdog/whistleblower/sleuth proposal… =)

I even did my happy dance when I woke up to this! Thank you for this proposal!

A few clarifications:

in here, what reward above?

the non-constitutional quorum requirement is 3% of the voting circulating token supply.

2 Likes

I love this proposal. I do have one question.

From my understanding, if a misuse happens the reviewers will attempt to recover the funds through private communication channels and only if these private attempts fail, the report will be made public in the DAO forum. Is this correct?

I don’t support this process. In case misuse happens we should know about it. Maybe through reports?

3 Likes

Thanks for the great proposal. This is absolutely a very necessary oversight mechanism for Arbitrum DAO. However, I have a few concerns. First, I believe it’s necessary to clearly define the scope of “misuse,” and determining whether a violation has occurred should go through a more rigorous review process. Ideally, reviewers should publish a detailed report for the DAO to vote on. Without this, I worry there could be instances of power abuse, which would severely harm the DAO. Second, while stopping the disbursement of future funds in case of a violation is straightforward, recovering previously distributed funds could be more challenging. Considering participants are from various countries, legal avenues might not be effective. Happy to discuss!

1 Like

Proposal to establish a “Watchdog” grant misuse bounty program to incentivize the identification and reporting of misuse of DAO-allocated funds. After reviewing the entire proposal, it appears to operate at a low cost while serving a supervisory role, which is highly supportive of the proposal. It is suggested that some members of the review panel be selected through community voting or open nominations to enhance the credibility of the program. Additionally, once the bounty program is launched, it should regularly report its operations and fund usage to the community. In addition to rewarding whistleblowers, there should also be a set of punitive measures to limit malicious or false reports. Currently, the proposal does not set an upper limit on the budget for platform development. It is recommended that a budget range be provided during the procurement process to ensure the selection of the most cost-effective platform. The proposal mentions a 6-month trial period, but if the program proves successful, should it be incorporated into the DAO’s long-term governance framework to establish a sustainable culture of fund oversight?

We need such supervision. Currently, the budget cost is not high, but as funding increases in the future, supervision will become more complex, and costs will rise. The implementation plans and the associated costs should be detailed. If the initial experiment is successful in identifying abusers, a long-term monitoring plan will be required.

I am concerned that if the misuse of funds is confirmed, recovering the funds will be a challenging task, as you will need to account for the legal costs in different countries. It is not just about community opinion or relying on the conscience of the other party. This will require additional expenditures, yet I have not seen a budget for this.

Reviewers should be elected by the community. While you may nominate individuals, future voting will still be needed to involve more people in supervising their work. Ensuring fairness and justice will require significant time and costs.

This is a good suggestion, and I support it, but more comprehensive implementation steps are needed.

1 Like

great idea to bring accountability to grantees.

Thank you very much for the proposal. I believe it makes sense to have a watchdog program.

My first question is: why did you choose this system instead of empowering a person or group of people to take on this role of overseeing the allocation of funds? Could this role be merged with the reporting role proposed by @AlexLumley ? Even though the DAO rejected the design and budget, I believe there is interest in having such a role, and it could fulfill both functions. I think that would make the most sense. Or why did you consider them as two distinct roles?

If this proposal moves forward, it will be essential to have a clear definition of what constitutes “verifiable reports of misappropriation” or “valid reports of misappropriation.” These are two different terms used in the document to refer to reports that qualify for rewards. I think it’s important to unify the criteria and be very clear about the circumstances under which a report is eligible for a bounty.

Additionally, a definition of “fund misuse” also needs to be included. For example, if funds that were not used and were supposed to be returned remain in a multisig, would that qualify as misuse?

The same principle would apply if the person in charge of the GRC also served as the watchdog.

Why did you envision this as a small committee? I believe it would be better to centralize the initial review of reports, perhaps within the Foundation or you guys from Entropy. I also don’t see the inclusion of the ARDC research member as necessary in the initial stage, given that a single member should suffice to verify the information.

To minimize program costs, you could instead form a sort of “committee” or team between you and the Foundation. In cases where there is disagreement between the two, only then should ARDC support be sought.

I do agree with other comments that if this person or committee determines that a report is “valid” or “verifiable” (based on pre-established criteria), the DAO should subsequently confirm that assessment. This would ensure transparency in the process and allow the DAO to identify providers who are not meeting expectations or misusing funds.

The payment system is not clear. Does this mean that whoever qualifies for the reward will receive a fixed payment of 5K, 20K, or 50K plus the 5%?

So it would be that in the case of a valid report, 5K, 20K, or 50K is paid from those 500K, depending on the importance of the report. And only if the funds are recovered would the 5% be paid, correct?

What I would add/change is to deduct the upfront payment for the valid report from the 5%.

In this way, the searcher is always guaranteed a minimum payment for their valid submissions, and the maximum payment is 5% of the recovered amount (not 5% + the initial payment). And from that remaining part of 5%, the 500K could be replenished to keep the program sustainable.

Thank you very much for the proposal!

2 Likes

I love the proposal and think this has to be in place to disincentivize grant hunters or farmers from coming to Arbitrum. I just have a couple of questions and suggestions.

First, what do you mean by the “report remains private during the initial submission”? I just want to be clear: I support this if the reporter remains anonymous throughout the whole process and can be paid without the program disclosing their identity.

Also, I think the payment structure is unclear. If you meant it’s only 5%, I believe that’s too low to incentivize reporters, especially considering that funds may or may not be recovered. If the payment is fixed depending on the level of misuse, plus a 5% bonus, I think that would be perfect! Could you please clarify this?

Thanks for the proposal! I will support it as long as the amount determined by the RFP is not excessive.

I fully support this proposal.
I’d like to know more about the reporting process. Will it be anonymous, and how can we submit reports? Email? A section on the Arbitrum website?
I think a system platform that allows users to track their reports and communicate directly with the reviewer would be beneficial. This would help prevent spam and ensure cases are handled efficiently.
Additionally, a public blacklist of abusers could help to advise and protect the community.

Thank you for your proposal. My personal opinion is that this bounty program is a very good direction for the DAO’s ability to regulate and account for its funds, and the establishment of a bounty program can effectively deter potential malicious actors and reduce the possibility of misuse of funds at the source. Additionally, the incentives can also attract more community members to participate.

I have some additional questions,and Suggested additions
1. While the proposal mentions that the review panel includes members of the Foundation, Entropy Advisors, and ARDC, are these individuals completely independent? Sorry, I’m new to this and don’t know enough about many of the members.
2. The community may question whether there is a potential conflict of interest with internal review, especially if the DAO money flow is sensitive.
3. The proposal mentions low, medium, and high reward amounts, but how is the severity of abuse defined? For example, some abuses may involve smaller amounts, but the impact on community trust is significant. Which level does this situation fall into? It is proposed to add, in more detail, a description of the evaluation criteria for abusive behavior and the specific logic in the distribution of reward amounts.
4. Although the proposal hopes to cultivate a culture of accountability through the bounty program, it may also lead to less cooperation among some members due to the fear of being reported, or even cause internal friction. I am worried that the community will be divided because of this policy. I think it should be supplemented and emphasized that education and promotion of the bounty program is of positive significance, and that the program’s implementation focuses on transparent communication.
5. The proposal mentions the recovery of funds through legal channels or smart contracts, but what is the cost and success rate of these methods? I personally feel that if abuse occurs, the probability of tracing it back is very low. Do you have any good measures and rules to constrain this?
The original intent of this proposal I think is great and reminds me of the ‘Guardian’ program in SAFE, which I’ll be following closely on the next ballot, the

Hello @Entropy!

It’s great to finally see a proposal like this. We recall that other delegates have mentioned the need for a “watchdog” but we believe this proposal is superior as it “decentralizes” this function instead of assigning all responsibility to a single individual/entity/committee.

We agree with what @pedrob suggests here. It seems reasonable for the base compensation to act as deductible if funds are recovered.

  • What criteria were used to determine these amounts?
  • What happens if someone validly reports the misuse of 4K ARB? We ask this because paying 5K ARB for a valid report might be economically inefficient when the maximum recovery would be 4K ARB.
  • This question makes us wonder whether the proposed tiers need to be detailed further. What criteria are used to categorize as Low, Medium, or High? Should we include a minimum threshold for reports to be analyzed?

The requirement for 3% of the circulating supply should be added here to ensure the vote is valid.

On an off-topic note, since there are now multiple situations where 3% of the circulating supply is required as quorum, it would be optimal to add a feature in Snapshot to “activate” this requirement when setting up a vote. This would allow Snapshot to indicate when a vote hasn’t passed due to insufficient quorum and ensure that delegates are aware of the quorum requirement. @raam @cliffton.eth, what do you think about this? Is it feasible?

This is crucial. Reports must remain private during the initial phase to prevent a “witch hunt.”

If the program is migrated to the OpCo, the evaluation committee could include: one delegate elected by the DAO, one OAT member, and one ARDC member.

We suggest including an OAT member since only individuals with no other financial ties to the DAO can be part of OAT, making a conflict of interest unlikely. Furthermore, with OpCo established, there wouldn’t be many reasons for the Arbitrum Foundation to remain in the committee, as legal agreements with SPs/Grantees would likely be signed with OpCo instead of the Foundation.

So, does this mean Entropy will select a provider from the bids submitted, and then a Snapshot vote requiring 3% quorum of the circulating supply will follow?

If we’ve understood correctly, we believe it would be more optimal for the DAO to vote among the different options rather than ratify a selection made by Entropy.

Lastly, we noticed no mention of how the committee’s activities will be reported. We believe one report per quarter would be sufficient.

1 Like

Very good proposal. I have been waiting for something like this for a long time. I think this will help a lot to force anyone who received a grant or funding from the DAO to deliver what they promised on time (!). This is important for us and to further detect bad behavior as the example with Furucombo outlined. I will re-read the proposal and see if there are any important questions I should raise that haven’t been raised yet.

+1 on the second paragraph. We must have a detailed document that states what the meaning of misuse is in this context.

hey @SEEDGov thanks for asking. I will look into whether it is possible re Snapshot and get back to you.

1 Like

I noticed that the Watchdog proposal seems to address some similar concerns regarding fund misuse and accountability within the DAO. and I wanted to ask if there are any potential conflicts between my proposal here . I believe it’s important to ensure we’re all aligned and that both initiatives can complement each other if they share similar goals.

The following reflects the views of the Lampros DAO (formerly ‘Lampros Labs DAO’) governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

Thank you, @Entropy, for coming up with another great proposal that the DAO currently needs and for giving us all an early Christmas gift.

As mentioned in the Abstract, with 422m ARB tokens being used across many projects, it’s great to see a program that lets community members play an active role in keeping our funds safe. This proposal perfectly matches what DAOs are all about - working together as a community to make things better and safer.

Here are our thoughts on specific aspects of the proposal which needs some clarification:

It would be much more beneficial for the community that wants to participate in the bounties to understand what constitutes misuse of grants. If this is clarified first, it would be even more beneficial. It could be common red flags to watch for, or something else. We believe a definition or list of misuse of funds can be provided.

While the tiered reward system is logical, the proposal doesn’t define clear criteria for categorizing severity levels. Could we establish specific parameters such as Dollar value ranges for each tier, Duration of misuse, Impact on DAO reputation or Number of participants/transactions involved?

Also, only if the funds are recovered will 5% of the recovered amount be awarded, correct? Additionally, as mentioned by @SEEDGov, what are the plans if a watcher reports a 4K ARB grant? This needs to be clarified.

Can we have a pre-approved list of backup reviewers, vetted by the DAO, rather than making selections on an ad-hoc basis? Or could the criteria for selecting external reviewers in COI situations be shared earlier?

Overall, we support this proposal. While we’ve asked for some clarifications, we believe this program will greatly benefit Arbitrum’s ecosystem and community. We look forward to seeing this proposal move forward.

this is possible as a setting of the whole snapshot space, but not per proposal. in the same way that shielded votes are possible to activate for the whole snapshot space and not per proposal. one of the things we could be asking snapshot going forward, since we are now Turbo customers, would be to have both of these features at the proposal level, so that the proposal creator could choose them for each proposal without having to ask the AF to turn on and off the space settings just to post 1 proposal.

I think this is a good proposal. As for the rewards for reporting, perhaps the fixed amounts should be somewhat lower, because the 5% share of recovered funds is a good enough incentive in my opinion.

Also, the fixed amounts for rewards should be denominated in USD (but paid out in ARB), just in case the ARB price goes up significantly.

It would also make sense to have a pilot phase for the program (measured in months or until funds run out - whichever is first), and evaluate everything after it (including the platform), so that it can be properly improved upon.