The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program | proposals.app

posted 1 year ago

Onchain voting for this proposal is ending within 24 hours:
[Vote on Tally: The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program](https://www.tally.xyz/gov/eip155:42161:0x789fC99093B09aD01C34DC7251D0C89ce743e5a4/proposal/2585929699385410815)
* * *
I am a bot. Questions? Contact [email protected]

Tally_Support

posted 1 year ago

Onchain voting for this proposal is ending within 24 hours:
[Vote on Tally: The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program](https://www.tally.xyz/gov/eip155:42161:0x789fC99093B09aD01C34DC7251D0C89ce743e5a4/proposal/2585929699385410815)
* * *
I am a bot. Questions? Contact [email protected]

Tally_Support

posted 1 year ago

Voting has ended!
===============
[The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program](https://www.tally.xyz/gov/eip155:42161:0x789fC99093B09aD01C34DC7251D0C89ce743e5a4/proposal/2585929699385410815)

### Final Votes

| **Category**         | **Result**       | **Details**                 |
|----------------------|------------------|-----------------------------|
| **Quorum reached**   | ✅ | 205.83M of 132.07M         |
| **Majority Support** | ✅ |                             |
| **For**              |                  | 184.71M (89.7%)    |
| **Against**          |                  | 115.99k (0.1%) |
| **Abstain**          |                  | 21.13M (10.3%) |

* * *
I am a bot. Questions? Contact [email protected]

Tally_Support

posted 1 year ago

Voting has ended!
===============
[The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program](https://www.tally.xyz/gov/eip155:42161:0x789fC99093B09aD01C34DC7251D0C89ce743e5a4/proposal/2585929699385410815)

### Final Votes

| **Category**         | **Result**       | **Details**                 |
|----------------------|------------------|-----------------------------|
| **Quorum reached**   | ✅ | 205.83M of 132.07M         |
| **Majority Support** | ✅ |                             |
| **For**              |                  | 184.71M (89.7%)    |
| **Against**          |                  | 115.99k (0.1%) |
| **Abstain**          |                  | 21.13M (10.3%) |

* * *
I am a bot. Questions? Contact [email protected]

Below is a v1 analysis that brings together the many viewpoints into a concise summary, an evaluation of the strongest arguments for and against the proposal, a set of novel improvement suggestions, and the conclusion of inter-agent dialog ─────────────────────────────

Outcome

FOR: 183 AGAINST: 7 ABSTAIN: 2 Verdict: Overwhelming Support

Summary of Rationales

• Nearly every voter’s rationale states “true” (support) with only a few “false” votes.
• The core rationale is that a misuse bounty program will enhance accountability by incentivizing community members to identify—and help recover—misused DAO funds, deter bad actors, and ultimately safeguard large-scale allocations.
• Some concerns exist around clarity in the reward tiers, potential conflicts of interest in the review process, and the possibility that a secretive or subjective evaluation might harm transparency and community trust.

Most Compelling Arguments

In Favor

• Accountability & Deterrence: The proposal builds on historical DAO shortcomings by establishing a formal, incentive‐driven oversight mechanism. It draws on past cases of misappropriation and lessons learned in previous proposals, showing that a robust bounty system can both recapture funds and deter abuse.
• Low Implementation Cost vs. High Benefits: The program can quickly create a decentralized, low‐cost watchdog mechanism that leverages trusted community reviewers and open-source tools like GlobaLeaks.
• Community Empowerment: With anonymity and predefined reward structures, the program empowers white-hat actors while adding a layer of “checks and balances” that has been missing from previous governance frameworks.

Against

• Subjectivity & Concentration of Power: Opponents worry that a small committee—even with trusted members—might exercise subjective discretion, raising the risk of conflict of interest or bias. Historical DAO disputes warn against centralized control when reviewing fund misuses.
• Clarity in Definitions and Procedures: Without crystal-clear definitions of “misuse” or detailed criteria for categorizing low/medium/high cases (and how to act when recovery is partial or minimal), there is a risk of inconsistent decision-making.
• Potential Chilling Effects: A process that delays public knowledge of misuse incidents might protect individuals but could also obscure damaging patterns from broader community scrutiny, historically a key driver for swift corrective action.

Novel Improvement Suggestions

• Introduce a Data-Driven Preliminary Screening: Leverage machine learning algorithms to flag anomalous transactions or patterns. This “first pass” would provide standardized metrics before human review—helping reduce subjectivity and improve consistency. • Establish a Rotating Independent Audit Panel: Beyond the fixed review committee, implement a randomized, externally vetted panel (rotating periodically) to verify contentious decisions. This would further reduce conflict risks and enhance legitimacy without relying on community nominations already widely suggested. • Dynamic Reward Calibration: Incorporate a historical-data–driven model that adjusts the reward tiers and percentages based on past recovery rates and the actual fund amounts involved. This dynamic model would help ensure that rewards are proportionate and can adapt to changing market or political conditions.

Final Thoughts

While the overwhelming support in the initial rationales confirms the proposal’s appeal, addressing the remaining concerns with novel, data- and tech-enabled measures could not only mitigate the weaknesses but also broaden its appeal. Inter-agent debate suggests that embedding automated evaluations and independent audits is likely to foster greater trust, ultimately moving the proposal toward near-unanimous support.

ZER8

17.1K TOKEN

posted 1 year ago

The Watchgod proposal is innovative, I've never seen anything similar mechanism being implemented in web3 and will be voting yes on it because I'm curios how it will deliver. That being said, here are the things that I believe the proposal are lacking are:

1) Transparency and a plan into CTAs, in the sense that:

who will drive the people/entities that will actually do the detection? The action plan is not described in the proposal itself.
how will the DAO know if they are doing a good job?

Neutrality

Arbitrum Foundation being an allocator themselves cannot always act as a neutral party, also it is not stated who exactly from the foundation and entropy will act as a reviewer, in this sense the proposal operates a bit like a black box- is this an intentional ?

Quoted from Entropy

If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report. If the report is made public, the reviewers’ identified COIs will be published at the same time. To reduce the need for an additional election process and budgeted compensation, the Watchdog program will leverage trusted community members who have been elected to other Arbitrum DAO initiatives such as, but not limited to, the Domain

back to top ↑
recruiting additional reviewers from programs that actually allocate is not ideal, I recommend removing the D.A.O program from the additional reviewers list to eliminate any backlash and to maintain the neutrality of the additional reviewers- they could consult because of the experience tho.

Quoted from limes

That’s where preventative controls come in, and that’s the role I believe SafeNotes (my own product) can play for Arbitrum. Safenotes is used to track and publicly document every transaction carried out by multisig signers, giving the community a clear, human-readable record of what’s happening with DAO funds before something goes wrong.

jump to post →

Resonate with @limes thinking and indeed it would be optimal if the DAO, possibly the ARDC would consider options to try to avoid fund misuse before the need to recover them.

PS. As a former reviewer myself I know it's sometimes hard in practice to maintain neutrality on all levels and that anti-fraud work always requires a bit of trust in the parties involved.

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

edited 1 year ago

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Tally voting.

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Tally voting.

We strongly believe the Watchdog program represents a crucial initiative for safeguarding DAO resources. It leverages community vigilance, enabling a proactive approach to ensuring DAO funds are utilized effectively and responsibly.

Initially, we built an MVP called Truence (GitHub Repo) that incorporates most required functionalities outlined in the initial proposal, with the intention to participate if an RFP process was conducted for selecting the service provider to develop the Watchdog platform.

Quoted from Entropy

After evaluating several options, we have determined that GlobaLeaks offers everything necessary for the program’s privacy requirements.

jump to post →

When Entropy Advisors mentioned that no RFP process would be conducted and they are exploring an alternative solution, we shared our solution directly with them to explore how it could best serve the DAO without charging anything for the platform. Ultimately, Entropy decided to proceed with GlobaLeaks due to its extensive usage, proven reliability, and robust privacy features, criteria which we also value highly. As delegates, we respect this decision and support moving forward with the program. Our MVP was created purely out of enthusiasm and support for this critical initiative, and taken part in the RFP process if it had been conducted.

Additionally, we acknowledge the committee's decision to release Watchdog reports on a case-by-case basis. We encourage timely and transparent disclosures whenever possible, as consistent updates will help the community and delegates to stay updated on the program.

Overall, the Watchdog program marks a significant step forward for the Arbitrum DAO, enhancing security, accountability, and community involvement. We look forward to its successful implementation and long-term impact.

Outcome

FOR: 183 AGAINST: 7 ABSTAIN: 2 Verdict: Overwhelming Support

Summary of Rationales

Most Compelling Arguments

In Favor

Against

Novel Improvement Suggestions

Final Thoughts

ZER8

17.1K TOKEN

posted 1 year ago

1) Transparency and a plan into CTAs, in the sense that:

who will drive the people/entities that will actually do the detection? The action plan is not described in the proposal itself.
how will the DAO know if they are doing a good job?

Neutrality

Arbitrum Foundation being an allocator themselves cannot always act as a neutral party, also it is not stated who exactly from the foundation and entropy will act as a reviewer, in this sense the proposal operates a bit like a black box- is this an intentional ?

Quoted from Entropy

If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report. If the report is made public, the reviewers’ identified COIs will be published at the same time. To reduce the need for an additional election process and budgeted compensation, the Watchdog program will leverage trusted community members who have been elected to other Arbitrum DAO initiatives such as, but not limited to, the Domain

back to top ↑
recruiting additional reviewers from programs that actually allocate is not ideal, I recommend removing the D.A.O program from the additional reviewers list to eliminate any backlash and to maintain the neutrality of the additional reviewers- they could consult because of the experience tho.

Quoted from limes

jump to post →

Resonate with @limes thinking and indeed it would be optimal if the DAO, possibly the ARDC would consider options to try to avoid fund misuse before the need to recover them.

PS. As a former reviewer myself I know it's sometimes hard in practice to maintain neutrality on all levels and that anti-fraud work always requires a bit of trust in the parties involved.

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

edited 1 year ago

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Tally voting.

The following reflects the views of the Lampros DAO governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

We are voting FOR this proposal in the Tally voting.

Quoted from Entropy

After evaluating several options, we have determined that GlobaLeaks offers everything necessary for the program’s privacy requirements.

jump to post →

Entropy

31.7M TOKEN

posted 1 year ago

edited 1 year ago

We appreciate delegate's patience as Entropy explored multiple avenues for the Watchdog portal and the programs next steps. Our team would also like to thank the teams who expressed interest in providing a solution. After evaluating several options, we have determined that GlobaLeaks offers everything necessary for the program's privacy requirements.

For those not familiar with GlobaLeaks, it is an open-source whistleblowing platform used by governments, NGOs, and investigative journalists. A dedicated submission portal can be deployed by the Arbitrum Foundation on a VPS to enable secure & anonymous submissions. For the Watchdog program, it is a free option that supports the submission and review of grant misuse reports, offers end-to-end encryption, includes reviewer dashboards/functionality, and has optional Tor access for those looking to maximize their privacy.

There are a few other notable changes to the proposal. The first being that the ARDC Research member has been replaced with @SEEDGov as the third member on the reviewing committee. Given SeedGov's position as a trusted community member and DIP admin, our team felt they were a bit fit for such a role until the program is moved to OpCo's domain. Secondly, adjustments have been made to the reward structure so that in the event of funds being recovered the base ARB payment is deducted from the total amount. This is to prevent the total reward from exceeding 5% in cases of large misuse and was originally suggested by @pedrob. Lastly, the 400k ARB used to pay out valid Watchdog reports, will now be sent to a Foundation controlled address instead of the MSS.

A summary of all the changes are provided at the top of the proposal. Our team is excited to move this initiative forward to Tally next week with the vote being scheduled to start on May 8th. If passed, we believe it is feasible to have the GlobaLeaks portal created and program launched by the end of May.

shogun

8.0M TOKEN

posted 1 year ago

edited 1 year ago

The following reflects the views of GMX’s Governance Committee, and is based on the combined research, evaluation, consensus, and ideation of various committee members.

Entropy’s proposition of a Watchdog Bounty Program aims to provide stronger oversight in funds utilised across incentive programs, grants, investment vehicles, or service provisioning. This program allows reports from whistleblowers to be made to a Watchdog group if there’s malpractice within the distribution of grants.

The following reflects the views of GMX’s Governance Committee, and is based on the combined research, evaluation, consensus, and ideation of various committee members.

We are happy this program has been approved by the community, we wanted to help highlight our decision-making, this program is great for creating accountability within the DAO, with close resemblance to the Dodd-Frank Wall Street Reform and Consumer Protection Act, in which Whistleblowers are able to report on fraudulent activities in the financial services industry. Those Whistleblowers can maintain anonymity and can receive a percentage on the penalties incurred by offending corporations. Similarly, this program allows whistleblowers to report resourceful information on parties who misappropriate funding given by the DAO.

Alongside the misuse definition which clearly defines the impact, we suggest a framework documenting how watchers can provide this information with discretion to protect their identities or recourse on them for disclosures. Unfortunately, the issue of malicious or forged reports, as @JoJo had mentioned is an issue that we have no determination for, but we do believe the committee will act in accordance with proper evaluation and confirm the evidence shared in the report.

Overall we were favourable to this program, it is well-meaning and heads in the right direction, creating a valuable oversight committee for managing Arbitrum DAO grants to prevent bad actors from taking advantage of good initiatives.

Entropy

31.7M TOKEN

posted 1 year ago

edited 1 year ago

shogun

8.0M TOKEN

posted 1 year ago

edited 1 year ago

The following reflects the views of GMX’s Governance Committee, and is based on the combined research, evaluation, consensus, and ideation of various committee members.

The Watchdog passed on Snapshot with a total of 154.6m combined FOR and ABSTAIN votes. Therefore, the proposal obtained the non-constitutional quorum requirement that Entropy outlined.

Addressing the additional concerns that came up during the voting period:

Quoted from mcfly

Critical concern: KYC requirements will deter top blockchain investigators from participating, especially given Arbitrum Foundation’s previous KYC data breach. The most effective sleuths value privacy and anonymity. We should explore a non-KYC track similar to Immunefi’s model - perhaps with lower reward caps but preserving investigator privacy.

jump to post →

For clarification, sleuths and community members will be able to submit a report without completing a KYC. However, in order to be eligible for the reward, KYC is required. Unfortunately, due to the Foundation’s compliance policies, there is no way to avoid this measure.

Quoted from maxlomu

Suggestion: I would recommend explicitly stating that reporting the same issue by multiple watchers would reward only the first valid submission.

jump to post →

This is a great suggestion, language will be added before the onchain vote to clarify that the first report deemed valid will be the only one rewarded. Consideration will be given on how to best communicate this out to the community as every report may not be made publicly available.

Quoted from Uhthred

If an anonymous researcher does not want to dox themselves/ get rewarded for forensic accounting/ fraud research, would they be punished for publishing their findings on the forum?

jump to post →

The Watchdog program’s intention is to provide a private & safe avenue for community members to report misuse. It does not explicitly block other means of reporting misuse, such as posting it directly on the forum. However, even if an anonymous researcher does not wish to report the misuse through the Watchdog, Entropy strongly encourages that they at least bring it to the attention of the Arbitrum Foundation before bringing accusations straight to the forum.

Quoted from danielM

However, it does not explicitly mention who will initially choose these three entities?

Will we vote on candidates or will they be pre-selected based on their current positions and roles in the DAO ecosystem? And if it is not the delegates who choose them by voting, then who will? What is meant by “whitelisted”?

jump to post →

The term “whitelisted” was written with the intention that the program could be eventually moved to OpCo, when and if it is stood up, and that at least during this first 6-month trial period, the listed entities (Entropy, Arbitrum Foundation, and ARDC Research Member) would be pre-selected as the reviewers.

Quoted from pedrob

One aspect I am not fully convinced about is the need for an RFP to build a platform to handle these communications. I believe using public infrastructure, such as ProtonMail, would suffice. Entropy could provide an email address where anyone can send evidence and a clean address where they want to receive the funds. I don’t see why this needs to be made more complex, especially considering that claiming the bounty would require going through a KYC process.

jump to post →

Reducing costs and complexity through this kind of set up is an interesting idea. While @JoJo already provided context on why ProtonMail specifically may not be sufficient, Entropy will continue to consider how to keep this program streamlined & cost effective. During the RFP process, if we determine that there is a better solution than building out the original portal we had envisioned, then we will update the DAO and make adjustments to the proposal.

With our team finishing up deliverables for a few other initiatives, delegates can expect an update regarding the RFP process and its next steps early next week.

The Watchdog passed on Snapshot with a total of 154.6m combined FOR and ABSTAIN votes. Therefore, the proposal obtained the non-constitutional quorum requirement that Entropy outlined.

Addressing the additional concerns that came up during the voting period:

Quoted from mcfly

jump to post →

Quoted from maxlomu

Suggestion: I would recommend explicitly stating that reporting the same issue by multiple watchers would reward only the first valid submission.

jump to post →

Quoted from Uhthred

If an anonymous researcher does not want to dox themselves/ get rewarded for forensic accounting/ fraud research, would they be punished for publishing their findings on the forum?

jump to post →

Quoted from danielM

However, it does not explicitly mention who will initially choose these three entities?

jump to post →

Quoted from pedrob

jump to post →

With our team finishing up deliverables for a few other initiatives, delegates can expect an update regarding the RFP process and its next steps early next week.

Quoted from JoJo

Coming a bit late to the discussion, so won’t likely add too much value here compared to the discussion.

This program is needed because I know for a fact that people are “scared” of reporting misuse. There is no incentive in a structure like a DAO to do so, you only create enemy for yourself, more so if you are part of a protocol. So the program is needed, and having a redacted identity for the whistleblower is paramount.

Main concern is that we go into a witch hunt as others said; this can either happened because the general sentiment of the DAO is quite adversarial (which is not right now and I don’t see necessarily happening but could indeed happen) or because the program is abused by externals. While former is a somehow greater responsibility on the shoulders of everybody in here, the latter could maybe be partially mitigated.

Quoted from duokongcrypto

In addition to rewarding whistleblowers, there should also be a set of punitive measures to limit malicious or false reports.

jump to post →

I don’t think we can realistically have “punitive” measures. Even if the whistleblower KYC with the foundation, what measure can we apply? Ban from DIP? Doesn’t seems to get any effect if the person was not going to participate anyway. Ban from grant program? Only works if the person has affiliation with a protocol, and this affiliation is stated before hand in the KYC, but this info cannot be likely verified without breaching the identity of the user somehow, which is a key part of the program.

It could also be hard to identify a fake report from a report that is just wrong in the interpretation: we will have situations with smart contract interactions not easy to review, and they could be misunderstood by a reported in good faith. At the same time, a report in which we have fake/forged evidences can be instead evaluated as malicious. So this last case is probably the only one that could lead to an exclusion, of the individual, to

the DIP program
any role in the DAO
any participation of protocols that have him as member to the grant program.

But what is mentioned above is something extremely serious, punitive and heavy, and again should be only done in case of a clearly blatant fake report aimed at damaging an innocent third party; likely would need a DAO vote.

All of these are things for which is difficult to draw a line in the sand, if that was possible we would just outsource the judiciary system in the world to computers instead than to people; I trust the committee, entropy and the foundation to have the best interest of the DAO in mind to do the right thing paired with their experience. On this note, plugging in people that understand incentive mechanisms can be a +ve to facilitate the work, and that’s why ARDC members are a good choice since most of them up to some degree had a role, or judged, or created report, on previous grant programs that we had in the DAO.

In general I also second the better classification of low/medium/high. I think it could be structured with a few key metrics, specifically: amount of capital impacted, and how the funds are misused. Misusing funds can be a lot of things: having capital that should have been allocated to development, and is instead used in marketing, is a misuse, but likely less severe than wash trading from the protocol to get the funds for example. A simple matrix of the amount of money, plus subcases on the type of misuse consequences, could help, knowing that in the end not all cases can be put on paper and it will be more of an indication than anything, and will have to be upgraded over time.

As a final note, I think is fine to have the program fall into the opco at a later date; BTW in the OpCo i see the program running in the same fashion, with the OpCo potentially replacing Entropy or Foundation in the committee. I don’t think we can exclude ARDC: again, to evaluate certain interactions in smart contracts to draw a judgment, we will need technical expertise that might just not be in the OpCo itself.

Thanks @Entropy for the proposal

EDIT Have a question. Knowing that the KYC part could potentially scare some whistleblower, is there a way, from a compliance standpoint, to have this program created without KYC? Not a lawyer here, maybe the Foundation can answer, but in the end we give for granted that “everybody that interacts with money flowing from the dao has to kyc” and maybe there is a ground for not doing it here?

Quoted from Entropy

Watchers will be required to undergo Foundation KYC before being eligible for rewards.

For example, there could be a ground for a whistleblower being non KYCed if they don’t want a reward. This case should take in account in the program.

jump to post →

This proposal is very good, and received many responses in the previous feedback, I vote: yes at snapshot The reasons are as follows: 1. DAO's fund allocation needs an effective monitoring mechanism, and the current lack of reporting incentives and mechanisms to protect whistleblowers makes it difficult to detect abuses. This project can motivate the community to participate in monitoring and improve the transparency and security of DAO's fund usage. 2. The reward mechanism is clear and will balance abuse and anti-abuse.

I support the proposal. The Entropy team proposes a sensible mechanism to monitor the use of DAO funds while encouraging community members to actively report misuse of funds. The Watchdog Project is an interesting, innovative, and necessary proposal that could significantly improve DAO accountability and optimize the management of funds. With a few improvements in false reporting, RFP transparency, and whistleblower flexibility, I believe the program could better serve the Arbitrum community. I will vote in favor. Here are my reasons and additional suggestions:

Reasons for support: 1. Clear process and incentive mechanism: The proposal defines the severity of funds misuse (low, medium, and high) and designs an incentive mechanism for whistleblowers that takes into account both the base incentive and the percentage of funds recovered. This approach effectively incentivizes whistleblowing behavior while providing real value to the DAO’s funds recovery efforts. 2. Deterrent effect: A transparent and fair bounty program not only helps recover misused funds but also serves as a deterrent to potential malicious actors, further protecting the interests of the DAO. 3. Follow-up: The proposal includes a 6-month trial period and a commitment to provide a retrospective report and data summary at the end of the period. This ensures the community has a basis for evaluating and optimizing the program.

My additional recommendations: 1. Transparency of the RFP process: The proposal mentions that Entropy will be responsible for vendor selection, but delegates will only see the results. I recommend strengthening community engagement, such as regular updates on the RFP evaluation process or introducing transparent scoring criteria, to increase trust. 2. Flexibility in KYC requirements: The current scheme requires whistleblowers to complete KYC in order to receive a reward, but this may deter some whistleblowers, especially in sensitive cases. Would it be possible to provide an option for whistleblowers to “report anonymously but forfeit the reward,” thereby encouraging more submissions? 3. Dynamic adjustments in the allocation of funds: While the budget of 400,000 ARB may seem sufficient, the actual impact will depend on subsequent implementation. I suggest providing a brief report on the use of funds and the effectiveness of the plan halfway through the pilot phase to give the community an early understanding of progress. Personally, I would prefer a team linear release to motivate everyone.

JoJo from jojothecow.eth

2.6M TOKEN

posted 1 year ago

edited 1 year ago

Voting in favor of the proposal.

We need the ability to tell to "someone" if something is wrong, without fear of repercussion in a space that is not only quite small but lacks proper accountability like other industries, at least for now. I love that was introduced the clause for which people can submit a report without having to kyc if they don't want the reward: this is key for several actors, such as protocols, that are best positioned to understand what is going on and if there is anybody acting in a shady way. Pretty sure there were plenty of protocols during stip, ltipp, stip bridge, that saw stuff that was "non compliance" and were just hesitant of coming forward due to fear of repercussion, reputational damage and what not due to the lack of this program.

Voting in favor of the proposal.

I am also in favor to build an ad-hoc infra for this (@pedrob mentions protonmail, but would not suffice imho because it will make the commission work just too complex; it also does not allow for proper anonimity on the side of whistleblower if they are not careful enough on their email). But would like to see this infra lately fall into the hands of opco, not in the management sense, but in the ownership sense, as well as all the other website we will build for our dao.

Thanks Entropy

Entropy

31.7M TOKEN

posted 1 year ago

The Watchdog proposal has now been updated based on the feedback shared. Below is a short summary of the changes:

Proposed a definition of misuse of funds
Clarified the Low, Medium, High severity scale by adding definitions and examples.
Clarified the review process and that Watchdog reports will only be made public on a case by case basis at the discretion of the committee.
Updated the payout structure to be a combination of lower ARB base payments and 5% of recovered funds with varying caps depending on severity.
Added a retrospective report near the end of the 6-month trial.
Clarified that the RFP process will be public, but the selection will be done by Entropy.
Reduced the overall budget by 100k and after confirmation with the other members of the ARDC Supervisory Council, the funds for the ARDC Research Member will come from the ARDC V2 budget.

The Watchdog proposal has now been updated based on the feedback shared. Below is a short summary of the changes:

Proposed a definition of misuse of funds
Clarified the Low, Medium, High severity scale by adding definitions and examples.
Clarified the review process and that Watchdog reports will only be made public on a case by case basis at the discretion of the committee.
Updated the payout structure to be a combination of lower ARB base payments and 5% of recovered funds with varying caps depending on severity.
Added a retrospective report near the end of the 6-month trial.
Clarified that the RFP process will be public, but the selection will be done by Entropy.
Reduced the overall budget by 100k and after confirmation with the other members of the ARDC Supervisory Council, the funds for the ARDC Research Member will come from the ARDC V2 budget.

Additionally, we’ll respond to a few additional questions that were not directly addressed in the updates.

To reiterate again, the identity of the person/entity that submits a Watchdog report will remain private throughout the review process and into perpetuity.

Quoted from jameskbh

Lastly, I have a question: I believe it is implied (meaning the answer is “yes”), but is the program is to be retroactively applied to all previous programs?

jump to post →

Yes, the Watchdog program will be applied retroactively to all previously funded programs.

Quoted from SEEDGov

So, does this mean Entropy will select a provider from the bids submitted, and then a Snapshot vote requiring 3% quorum of the circulating supply will follow?

jump to post →

Following the selection of the provider, the proposal will be updated and moved to Tally. As now detailed in the proposal, Entropy will share rationale for the selection prior to the vote so that delegates can ask questions prior to the onchain vote.

Quoted from pedrob

Could this role be merged with the reporting role proposed by @AlexLumley ? Even though the DAO rejected the design and budget, I believe there is interest in having such a role, and it could fulfill both functions. I think that would make the most sense. Or why did you consider them as two distinct roles?

jump to post →

Entropy is unsure of where Alex’s proposal stands following the Holiday Break, but we view these initiatives as separate. Actively monitoring every single grant recipient is too much work for any individual. This system empowers the entire Arbitrum community and decentralizes the overseeing process compared to just a singular role. From our understanding, Alex’s proposal focuses less on catching/preventing misuse, but instead streamlining reporting functions in the DAO to improve the dissemination of information to delegates.

With no material changes being made to the proposal, we plan to move forward with a Snapshot vote tomorrow, January 16th.

karpatkey

153.8K TOKEN

posted 1 year ago

Thank you, @Entropy, for sharing such a forward-thinking and impactful proposal. Programs like these are crucial in enhancing transparency and accountability within decentralized ecosystems. Overall, we’re very supportive of this proposal and the positive outcomes it seeks to achieve.

We see this initiative as a novel adaptation of bug bounty programs, shifting the focus from technical vulnerabilities to non-technical issues such as fund misuse. Given bug bounty programs' success and widespread adoption in the technical space, we suggest closely following a similar framework. Bug bounty programs have been battle-tested over time and provide valuable lessons in structuring rewards, categorizing severity, and ensuring due process.

Here are a few specific suggestions for consideration:

To improve clarity and ensure fairness, each severity category (low, medium, high) should include a list of misuse scenarios or some concrete examples that would fall into each category. This will help community members and the review committee make consistent assessments.
We suggest providing grant or incentive recipients the chance to remedy the issue if it falls into the "low" or "medium" severity categories. This approach ensures that unintentional or minor oversights can be addressed constructively. Recipients should face stricter consequences for more serious issues, such as those in the "high" category. A temporary ban (e.g., 6-12 months) from receiving additional grants or incentives could act as a deterrent while leaving room for future participation once trust is restored.

Incorporating the above points can help balance enforcement with fairness, aligning the program’s execution with the collaborative and open values of the DAO.

Quoted from JoJo

Coming a bit late to the discussion, so won’t likely add too much value here compared to the discussion.

Quoted from duokongcrypto

In addition to rewarding whistleblowers, there should also be a set of punitive measures to limit malicious or false reports.

jump to post →

the DIP program
any role in the DAO
any participation of protocols that have him as member to the grant program.

Thanks @Entropy for the proposal

Quoted from Entropy

Watchers will be required to undergo Foundation KYC before being eligible for rewards.

For example, there could be a ground for a whistleblower being non KYCed if they don’t want a reward. This case should take in account in the program.

jump to post →

JoJo from jojothecow.eth

2.6M TOKEN

posted 1 year ago

edited 1 year ago

Voting in favor of the proposal.

Thanks Entropy

Entropy

31.7M TOKEN

posted 1 year ago

The Watchdog proposal has now been updated based on the feedback shared. Below is a short summary of the changes:

Proposed a definition of misuse of funds
Clarified the Low, Medium, High severity scale by adding definitions and examples.
Clarified the review process and that Watchdog reports will only be made public on a case by case basis at the discretion of the committee.
Updated the payout structure to be a combination of lower ARB base payments and 5% of recovered funds with varying caps depending on severity.
Added a retrospective report near the end of the 6-month trial.
Clarified that the RFP process will be public, but the selection will be done by Entropy.
Reduced the overall budget by 100k and after confirmation with the other members of the ARDC Supervisory Council, the funds for the ARDC Research Member will come from the ARDC V2 budget.

The Watchdog proposal has now been updated based on the feedback shared. Below is a short summary of the changes:

Proposed a definition of misuse of funds
Clarified the Low, Medium, High severity scale by adding definitions and examples.
Clarified the review process and that Watchdog reports will only be made public on a case by case basis at the discretion of the committee.
Updated the payout structure to be a combination of lower ARB base payments and 5% of recovered funds with varying caps depending on severity.
Added a retrospective report near the end of the 6-month trial.
Clarified that the RFP process will be public, but the selection will be done by Entropy.
Reduced the overall budget by 100k and after confirmation with the other members of the ARDC Supervisory Council, the funds for the ARDC Research Member will come from the ARDC V2 budget.

Additionally, we’ll respond to a few additional questions that were not directly addressed in the updates.

To reiterate again, the identity of the person/entity that submits a Watchdog report will remain private throughout the review process and into perpetuity.

Quoted from jameskbh

Lastly, I have a question: I believe it is implied (meaning the answer is “yes”), but is the program is to be retroactively applied to all previous programs?

jump to post →

Yes, the Watchdog program will be applied retroactively to all previously funded programs.

Quoted from SEEDGov

So, does this mean Entropy will select a provider from the bids submitted, and then a Snapshot vote requiring 3% quorum of the circulating supply will follow?

jump to post →

Quoted from pedrob

jump to post →

With no material changes being made to the proposal, we plan to move forward with a Snapshot vote tomorrow, January 16th.

karpatkey

153.8K TOKEN

posted 1 year ago

Here are a few specific suggestions for consideration:

To improve clarity and ensure fairness, each severity category (low, medium, high) should include a list of misuse scenarios or some concrete examples that would fall into each category. This will help community members and the review committee make consistent assessments.
We suggest providing grant or incentive recipients the chance to remedy the issue if it falls into the "low" or "medium" severity categories. This approach ensures that unintentional or minor oversights can be addressed constructively. Recipients should face stricter consequences for more serious issues, such as those in the "high" category. A temporary ban (e.g., 6-12 months) from receiving additional grants or incentives could act as a deterrent while leaving room for future participation once trust is restored.

Incorporating the above points can help balance enforcement with fairness, aligning the program’s execution with the collaborative and open values of the DAO.

Coming a bit late to the discussion, so won't likely add too much value here compared to the discussion.

This program is needed because I know for a fact that people are "scared" of reporting misuse. There is no incentive in a structure like a DAO to do so, you only create enemy for yourself, more so if you are part of a protocol. So the program is needed, and having a redacted identity for the whistleblower is paramount.

Main concern is that we go into a witch hunt as others said; this can either happened because the general sentiment of the DAO is quite adversarial (which is not right now and I don't see necessarily happening but could indeed happen) or because the program is abused by externals. While former is a somehow greater responsibility on the shoulders of everybody in here, the latter could maybe be partially mitigated.

Quoted from duokongcrypto

In addition to rewarding whistleblowers, there should also be a set of punitive measures to limit malicious or false reports.

jump to post →

I don't think we can realistically have "punitive" measures. Even if the whistleblower KYC with the foundation, what measure can we apply? Ban from DIP? Doesn't seems to get any effect if the person was not going to participate anyway. Ban from grant program? Only works if the person has affiliation with a protocol, and this affiliation is stated before hand in the KYC, but this info cannot be likely verified without breaching the identity of the user somehow, which is a key part of the program.

the DIP program
any role in the DAO
any participation of protocols that have him as member to the grant program.

All of these are things for which is difficult to draw a line in the sand, if that was possible we would just outsource the judiciary system in the world to computers instead than to people; I trust the committee, entropy and the foundation to have the best interest of the DAO in mind to do the right thing paired with their experience. On this note, plugging in people that understand incentive mechanisms can be a +ve to facilitate the work, and that's why ARDC members are a good choice since most of them up to some degree had a role, or judged, or created report, on previous grant programs that we had in the DAO.

As a final note, I think is fine to have the program fall into the opco at a later date; BTW in the OpCo i see the program running in the same fashion, with the OpCo potentially replacing Entropy or Foundation in the committee. I don't think we can exclude ARDC: again, to evaluate certain interactions in smart contracts to draw a judgment, we will need technical expertise that might just not be in the OpCo itself.

Thanks @Entropy for the proposal

EDIT Have a question. Knowing that the KYC part could potentially scare some whistleblower, is there a way, from a compliance standpoint, to have this program created without KYC? Not a lawyer here, maybe the Foundation can answer, but in the end we give for granted that "everybody that interacts with money flowing from the dao has to kyc" and maybe there is a ground for not doing it here?

Quoted from Entropy

Watchers will be required to undergo Foundation KYC before being eligible for rewards.

For example, there could be a ground for a whistleblower being non KYCed if they don't want a reward. This case should take in account in the program.

jameskbh from jameskbh.eth

4.74 TOKEN

posted 1 year ago

Interesting proposal!

As others mentioned, there are some definitions that are too broad, so it would be interesting to have it outlined in the proposal, to act as a guideline to those will act as the watchdogs, for example.

Interesting proposal!

Quoted from Entropy

Arbitrum DAO’s successful identification of misappropriated funds, whether by a service provider, protocol, grant recipient, or anyone else that receives funds from Arbitrum DAO has two large benefits:

Quoted from Entropy

The Watchdog program will extend to ALL DAO-funded initiatives including end recipients of other programs such as the Questbook Domain program, Stylus Sprint, Arbitrum Foundation grants, and the incentives programs.

As we are mentioning incentives programs, SPs, Protocols, grants, "anyone that receives funds", it is important to have a definition of what misuse of funds represent on each scenario.

Quoted from Entropy

Reviewers are required to abstain from specific review processes if a conflict of interest (COI) is identified. If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report. If the report is made public, the reviewers’ identified COIs will be published at the same time.

Similarly, a list of desired skills for those external parties for each case (grants, incentive programs, etc) is important, as the skill set needed to review a report from a grantee that did not build what was agreed on is different from the one to check if the incentive distribution was done correctly or not.

Lastly, I have a question: I believe it is implied (meaning the answer is "yes"), but is the program is to be retroactively applied to all previous programs?

Juanrah from juanrah.eth

53.83 TOKEN

posted 1 year ago

I welcome this proposal because it is a move towards better accountability. However, I believe that the idea of a bounty itself reflects a broader issue which is a lack of a monitoring system for all money granted. If every initiative had clear metrics and continuous oversight, finding misuse of funds would be much more effective before the need for outside bounty hunters. It might be useful to consider a broader mechanism to identify potential misuse early on so that reactive measures as this one become a second line of defense rather than the first.

That being said, and considering the current state of affairs within the DAO, I agree that a bounty system is in order. About the bounty amount, I share the feeling expressed by other delegates that a fixed reward may be disproportional in the case of small value ARB abuse, such as 4K ARB recovered versus a 5K ARB bounty. In these cases, a better scheme would use a progressive scale or dynamic limit, considering the value of misappropriated funds to maintain the expenses proportional.

The idea of a tiered system may be a base reward for lower levels of misappropriation, scaling upwards with the size or severity of the finding to compensate fairly without overpaying. Another suggestion would be to set an adequate small, fixed payout for any verified report, complemented by a percentage bonus in case of successful fund recovery. These adjustments could keep relative expenses compatible while maintaining healthy incentives for whistleblowing.

I also support the involvement of the Research member and would consider integrating the Risk and Security members from ARDC if deemed necessary and of course, considering the proposal/initiative being analyzed. Their expertise would add weight to the review and help overcome any blind spots in the detection of exploits.

GensDAO

posted 1 year ago

Hello, first of all, we love this proposal, and we have a particular interest in the following topics:

It’s not entirely clear how the severity levels (low, medium, high) for reported cases will be determined. If possible, it would be helpful to include a more detailed explanation or a rubric specifying the factors considered, such as economic impact, intentionality, or damage to the ecosystem.

Hello, first of all, we love this proposal, and we have a particular interest in the following topics:

How will cases involving unfounded or even malicious reports be handled? For example, could temporary suspensions be implemented for individuals who repeatedly submit reports without sufficient evidence? This could help balance the evaluation team’s workload and encourage responsible reporting.

On the other hand, what would happen in the hypothetical (though unlikely) scenario where an active investigation leads to the case being rectified while the report is still open? In such a situation, we might not know if the rectification resulted directly from the report. Would the whistleblower still be compensated? Additionally, would the parties responsible for the initially flagged case receive a "strike" or some other form of record for the detected non-compliance?

Finally, a broader reflection: How will the "Watchdog" program ensure a healthy balance between vigilance and trust within the ecosystem? The proposal is well-structured, but it seems unlikely to lead to collective hysteria or witch hunts. We wonder if there’s a plan to prevent an excess of speculative reports from negatively impacting the collaborative and creative environment of the community.

SEEDGov from cattin.seedlatam.eth

7.8M TOKEN

posted 1 year ago

Hello @Entropy!

It’s great to finally see a proposal like this. We recall that other delegates have mentioned the need for a “watchdog” but we believe this proposal is superior as it “decentralizes” this function instead of assigning all responsibility to a single individual/entity/committee.

Hello @Entropy!

Quoted from pedrob

What I would add/change is to deduct the upfront payment for the valid report from the 5%.

In this way, the searcher is always guaranteed a minimum payment for their valid submissions, and the maximum payment is 5% of the recovered amount (not 5% + the initial payment). And from that remaining part of 5%, the 500K could be replenished to keep the program sustainable.

jump to post →

We agree with what @pedrob suggests here. It seems reasonable for the base compensation to act as deductible if funds are recovered.

Quoted from Entropy

If the review committee deems a report valid at their discretion, they will deem what level of misuse.

Low: 5K ARB
Medium: 20K ARB
High: 50K ARB

What criteria were used to determine these amounts?
What happens if someone validly reports the misuse of 4K ARB? We ask this because paying 5K ARB for a valid report might be economically inefficient when the maximum recovery would be 4K ARB.
This question makes us wonder whether the proposed tiers need to be detailed further. What criteria are used to categorize as Low, Medium, or High? Should we include a minimum threshold for reports to be analyzed?

Quoted from Entropy

The DAO will vote via Snapshot on whether or not the violation constitutes a DAO ban.

The requirement for 3% of the circulating supply should be added here to ensure the vote is valid.

On an off-topic note, since there are now multiple situations where 3% of the circulating supply is required as quorum, it would be optimal to add a feature in Snapshot to “activate” this requirement when setting up a vote. This would allow Snapshot to indicate when a vote hasn’t passed due to insufficient quorum and ensure that delegates are aware of the quorum requirement. @raam @cliffton.eth, what do you think about this? Is it feasible?

Quoted from Entropy

Anyone (watchers) can identify potential misuse of funds that originated from the DAO and submit an evidence-based report to a designated section on a to be determined bounty platform. The report remains private during the initial submission phase.

This is crucial. Reports must remain private during the initial phase to prevent a “witch hunt.”

Quoted from Entropy

We believe that this mechanism is optimal for the time being, but if/once OpCo is stood up, the program could be moved into its domain. If done so, the reviewer and voting mechanism would likely need to be restructured.

If the program is migrated to the OpCo, the evaluation committee could include: one delegate elected by the DAO, one OAT member, and one ARDC member.

We suggest including an OAT member since only individuals with no other financial ties to the DAO can be part of OAT, making a conflict of interest unlikely. Furthermore, with OpCo established, there wouldn’t be many reasons for the Arbitrum Foundation to remain in the committee, as legal agreements with SPs/Grantees would likely be signed with OpCo instead of the Foundation.

Quoted from Entropy

The selected provider and the required budget will be presented to the DAO before the proposal moves to Tally.

So, does this mean Entropy will select a provider from the bids submitted, and then a Snapshot vote requiring 3% quorum of the circulating supply will follow?

If we’ve understood correctly, we believe it would be more optimal for the DAO to vote among the different options rather than ratify a selection made by Entropy.

Lastly, we noticed no mention of how the committee’s activities will be reported. We believe one report per quarter would be sufficient.

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

The following reflects the views of the Lampros DAO (formerly ‘Lampros Labs DAO’) governance team, composed of Chain_L (@Blueweb), @Euphoria, and Hirangi Pandya (@Nyx), based on our combined research, analysis, and ideation.

Thank you, @Entropy, for coming up with another great proposal that the DAO currently needs and for giving us all an early Christmas gift.

As mentioned in the Abstract, with 422m ARB tokens being used across many projects, it's great to see a program that lets community members play an active role in keeping our funds safe. This proposal perfectly matches what DAOs are all about - working together as a community to make things better and safer.

Here are our thoughts on specific aspects of the proposal which needs some clarification:

Quoted from Entropy

Anyone (watchers) can identify potential misuse of funds

It would be much more beneficial for the community that wants to participate in the bounties to understand what constitutes misuse of grants. If this is clarified first, it would be even more beneficial. It could be common red flags to watch for, or something else. We believe a definition or list of misuse of funds can be provided.

Quoted from Entropy

If the review committee deems a report valid at their discretion, they will deem what level of misuse.

Low: 5K ARB
Medium: 20K ARB
High: 50K ARB

If the report leads to the successful recapture of funds, 5% of the recovered funds will be awarded to the watcher.

The 5% share is capped at $100K. This reward is in addition to the reward above.

While the tiered reward system is logical, the proposal doesn't define clear criteria for categorizing severity levels. Could we establish specific parameters such as Dollar value ranges for each tier, Duration of misuse, Impact on DAO reputation or Number of participants/transactions involved?

Also, only if the funds are recovered will 5% of the recovered amount be awarded, correct? Additionally, as mentioned by @SEEDGov, what are the plans if a watcher reports a 4K ARB grant? This needs to be clarified.

Quoted from Entropy

If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report.

Can we have a pre-approved list of backup reviewers, vetted by the DAO, rather than making selections on an ad-hoc basis? Or could the criteria for selecting external reviewers in COI situations be shared earlier?

Overall, we support this proposal. While we've asked for some clarifications, we believe this program will greatly benefit Arbitrum's ecosystem and community. We look forward to seeing this proposal move forward.

kuiclub from kuiclub.eth

676.13 TOKEN

posted 1 year ago

Thank you for your proposal. My personal opinion is that this bounty program is a very good direction for the DAO’s ability to regulate and account for its funds, and the establishment of a bounty program can effectively deter potential malicious actors and reduce the possibility of misuse of funds at the source. Additionally, the incentives can also attract more community members to participate.

I have some additional questions，and Suggested additions 1. While the proposal mentions that the review panel includes members of the Foundation, Entropy Advisors, and ARDC, are these individuals completely independent? Sorry, I’m new to this and don’t know enough about many of the members. 2. The community may question whether there is a potential conflict of interest with internal review, especially if the DAO money flow is sensitive. 3. The proposal mentions low, medium, and high reward amounts, but how is the severity of abuse defined? For example, some abuses may involve smaller amounts, but the impact on community trust is significant. Which level does this situation fall into? It is proposed to add, in more detail, a description of the evaluation criteria for abusive behavior and the specific logic in the distribution of reward amounts. 4. Although the proposal hopes to cultivate a culture of accountability through the bounty program, it may also lead to less cooperation among some members due to the fear of being reported, or even cause internal friction. I am worried that the community will be divided because of this policy. I think it should be supplemented and emphasized that education and promotion of the bounty program is of positive significance, and that the program’s implementation focuses on transparent communication. 5. The proposal mentions the recovery of funds through legal channels or smart contracts, but what is the cost and success rate of these methods? I personally feel that if abuse occurs, the probability of tracing it back is very low. Do you have any good measures and rules to constrain this? The original intent of this proposal I think is great and reminds me of the 'Guardian' program in SAFE, which I'll be following closely on the next ballot, the

Coming a bit late to the discussion, so won't likely add too much value here compared to the discussion.

Quoted from duokongcrypto

In addition to rewarding whistleblowers, there should also be a set of punitive measures to limit malicious or false reports.

jump to post →

the DIP program
any role in the DAO
any participation of protocols that have him as member to the grant program.

All of these are things for which is difficult to draw a line in the sand, if that was possible we would just outsource the judiciary system in the world to computers instead than to people; I trust the committee, entropy and the foundation to have the best interest of the DAO in mind to do the right thing paired with their experience. On this note, plugging in people that understand incentive mechanisms can be a +ve to facilitate the work, and that's why ARDC members are a good choice since most of them up to some degree had a role, or judged, or created report, on previous grant programs that we had in the DAO.

As a final note, I think is fine to have the program fall into the opco at a later date; BTW in the OpCo i see the program running in the same fashion, with the OpCo potentially replacing Entropy or Foundation in the committee. I don't think we can exclude ARDC: again, to evaluate certain interactions in smart contracts to draw a judgment, we will need technical expertise that might just not be in the OpCo itself.

Thanks @Entropy for the proposal

EDIT Have a question. Knowing that the KYC part could potentially scare some whistleblower, is there a way, from a compliance standpoint, to have this program created without KYC? Not a lawyer here, maybe the Foundation can answer, but in the end we give for granted that "everybody that interacts with money flowing from the dao has to kyc" and maybe there is a ground for not doing it here?

Quoted from Entropy

Watchers will be required to undergo Foundation KYC before being eligible for rewards.

For example, there could be a ground for a whistleblower being non KYCed if they don't want a reward. This case should take in account in the program.

jameskbh from jameskbh.eth

4.74 TOKEN

posted 1 year ago

Interesting proposal!

Quoted from Entropy

As we are mentioning incentives programs, SPs, Protocols, grants, "anyone that receives funds", it is important to have a definition of what misuse of funds represent on each scenario.

Quoted from Entropy

Lastly, I have a question: I believe it is implied (meaning the answer is "yes"), but is the program is to be retroactively applied to all previous programs?

Juanrah from juanrah.eth

53.83 TOKEN

posted 1 year ago

GensDAO

posted 1 year ago

Hello, first of all, we love this proposal, and we have a particular interest in the following topics:

SEEDGov from cattin.seedlatam.eth

7.8M TOKEN

posted 1 year ago

Hello @Entropy!

Quoted from pedrob

What I would add/change is to deduct the upfront payment for the valid report from the 5%.

jump to post →

We agree with what @pedrob suggests here. It seems reasonable for the base compensation to act as deductible if funds are recovered.

Quoted from Entropy

If the review committee deems a report valid at their discretion, they will deem what level of misuse.

Low: 5K ARB
Medium: 20K ARB
High: 50K ARB

What criteria were used to determine these amounts?
What happens if someone validly reports the misuse of 4K ARB? We ask this because paying 5K ARB for a valid report might be economically inefficient when the maximum recovery would be 4K ARB.
This question makes us wonder whether the proposed tiers need to be detailed further. What criteria are used to categorize as Low, Medium, or High? Should we include a minimum threshold for reports to be analyzed?

Quoted from Entropy

The DAO will vote via Snapshot on whether or not the violation constitutes a DAO ban.

The requirement for 3% of the circulating supply should be added here to ensure the vote is valid.

Quoted from Entropy

Anyone (watchers) can identify potential misuse of funds that originated from the DAO and submit an evidence-based report to a designated section on a to be determined bounty platform. The report remains private during the initial submission phase.

This is crucial. Reports must remain private during the initial phase to prevent a “witch hunt.”

Quoted from Entropy

If the program is migrated to the OpCo, the evaluation committee could include: one delegate elected by the DAO, one OAT member, and one ARDC member.

Quoted from Entropy

The selected provider and the required budget will be presented to the DAO before the proposal moves to Tally.

So, does this mean Entropy will select a provider from the bids submitted, and then a Snapshot vote requiring 3% quorum of the circulating supply will follow?

If we’ve understood correctly, we believe it would be more optimal for the DAO to vote among the different options rather than ratify a selection made by Entropy.

Lastly, we noticed no mention of how the committee’s activities will be reported. We believe one report per quarter would be sufficient.

Euphoria from lamprosdao.eth

218.3K TOKEN

posted 1 year ago

Thank you, @Entropy, for coming up with another great proposal that the DAO currently needs and for giving us all an early Christmas gift.

Here are our thoughts on specific aspects of the proposal which needs some clarification:

Quoted from Entropy

Anyone (watchers) can identify potential misuse of funds

Quoted from Entropy

If the review committee deems a report valid at their discretion, they will deem what level of misuse.

Low: 5K ARB
Medium: 20K ARB
High: 50K ARB

If the report leads to the successful recapture of funds, 5% of the recovered funds will be awarded to the watcher.

The 5% share is capped at $100K. This reward is in addition to the reward above.

Quoted from Entropy

If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report.

kuiclub from kuiclub.eth

676.13 TOKEN

posted 1 year ago

Thank you very much for the proposal. I believe it makes sense to have a watchdog program.

My first question is: why did you choose this system instead of empowering a person or group of people to take on this role of overseeing the allocation of funds? Could this role be merged with the reporting role proposed by @AlexLumley ? Even though the DAO rejected the design and budget, I believe there is interest in having such a role, and it could fulfill both functions. I think that would make the most sense. Or why did you consider them as two distinct roles?

If this proposal moves forward, it will be essential to have a clear definition of what constitutes “verifiable reports of misappropriation” or “valid reports of misappropriation.” These are two different terms used in the document to refer to reports that qualify for rewards. I think it’s important to unify the criteria and be very clear about the circumstances under which a report is eligible for a bounty.

Quoted from Entropy

rewarding those who successfully identify fund misuse

Additionally, a definition of “fund misuse” also needs to be included. For example, if funds that were not used and were supposed to be returned remain in a multisig, would that qualify as misuse?

Quoted from Entropy

Just the existence of a transparent and well-publicized bounty program will likely deter some malicious actors from misusing DAO funds in the first place.

The same principle would apply if the person in charge of the GRC also served as the watchdog.

Quoted from Entropy

with a temporary solution utilizing a small committee of reviewers with a long-term plan for the program to eventually fall under OpCo, if and when it is stood up.

Why did you envision this as a small committee? I believe it would be better to centralize the initial review of reports, perhaps within the Foundation or you guys from Entropy. I also don’t see the inclusion of the ARDC research member as necessary in the initial stage, given that a single member should suffice to verify the information.

To minimize program costs, you could instead form a sort of "committee" or team between you and the Foundation. In cases where there is disagreement between the two, only then should ARDC support be sought.

I do agree with other comments that if this person or committee determines that a report is “valid” or “verifiable” (based on pre-established criteria), the DAO should subsequently confirm that assessment. This would ensure transparency in the process and allow the DAO to identify providers who are not meeting expectations or misusing funds.

Quoted from Entropy

If the review committee deems a report valid at their discretion, they will deem what level of misuse.

Low: 5K ARB
Medium: 20K ARB
High: 50K ARB

If the report leads to the successful recapture of funds, 5% of the recovered funds will be awarded to the watcher.

The 5% share is capped at $100K. This reward is in addition to the reward above.

The payment system is not clear. Does this mean that whoever qualifies for the reward will receive a fixed payment of 5K, 20K, or 50K plus the 5%?

So it would be that in the case of a valid report, 5K, 20K, or 50K is paid from those 500K, depending on the importance of the report. And only if the funds are recovered would the 5% be paid, correct?

What I would add/change is to deduct the upfront payment for the valid report from the 5%.

Thank you very much for the proposal!

116

Thank you very much for the proposal. I believe it makes sense to have a watchdog program.

Quoted from Entropy

rewarding those who successfully identify fund misuse

Quoted from Entropy

Just the existence of a transparent and well-publicized bounty program will likely deter some malicious actors from misusing DAO funds in the first place.

The same principle would apply if the person in charge of the GRC also served as the watchdog.

Quoted from Entropy

with a temporary solution utilizing a small committee of reviewers with a long-term plan for the program to eventually fall under OpCo, if and when it is stood up.

Quoted from Entropy

If the review committee deems a report valid at their discretion, they will deem what level of misuse.

Low: 5K ARB
Medium: 20K ARB
High: 50K ARB

If the report leads to the successful recapture of funds, 5% of the recovered funds will be awarded to the watcher.

The 5% share is capped at $100K. This reward is in addition to the reward above.

The payment system is not clear. Does this mean that whoever qualifies for the reward will receive a fixed payment of 5K, 20K, or 50K plus the 5%?

What I would add/change is to deduct the upfront payment for the valid report from the 5%.

Thank you very much for the proposal!

116

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

TLDR of April 30th Changes (Post-Snapshot Vote)

TLDR of January 15th Changes (Pre-Snapshot Vote)

Abstract

Motivation and Rationale

Specifications

Steps to Implement

Budget

Updated Timeline

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

TLDR of April 30th Changes (Post-Snapshot Vote)

TLDR of January 15th Changes (Pre-Snapshot Vote)

Abstract

Motivation and Rationale

Specifications

Steps to Implement

Budget

Updated Timeline

TLDR of April 30th Changes (Post-Snapshot Vote)

TLDR of January 15th Changes (Pre-Snapshot Vote)

Abstract

Motivation and Rationale

Specifications

Steps to Implement

Budget

Updated Timeline

TLDR of April 30th Changes (Post-Snapshot Vote)

TLDR of January 15th Changes (Pre-Snapshot Vote)

Abstract

Motivation and Rationale

Specifications

Steps to Implement

Budget

Updated Timeline

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

The Watchdog: Arbitrum DAO’s Grant Misuse Bounty Program

Outcome

Summary of Rationales

Outcome

Summary of Rationales

Outcome

Summary of Rationales

Most Compelling Arguments

In Favor

Against

Novel Improvement Suggestions

Final Thoughts

Outcome

Summary of Rationales

Most Compelling Arguments

In Favor

Against

Novel Improvement Suggestions

Final Thoughts

Rationale

Rationale

Rationale

Rationale