The Tally Newsletter

Share this post

The Tally Newsletter, Issue 53

newsletter.tally.xyz

The Tally Newsletter, Issue 53

November 29, 2021

monetsupply
Nov 29, 2021
Share this post

The Tally Newsletter, Issue 53

newsletter.tally.xyz

Welcome back for issue 53 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen. 

In this issue, we catch up on the latest news from this past Thanksgiving holiday week:

  • Celo Loses Control over Optics Bridge

  • Compound Narrowly Rejects Long Term Auditing Contract

  • ConstitutionDAO Soars Despite Auction Loss

Plus quick ecosystem updates!


Optics Bridge Faces Hostile Takeover

TL;DR: cLabs, the development company behind Celo, temporarily lost control of the Optics bridge contract to undisclosed parties.

Over the past week, an issue with Celo’s Optics bridge has kept users on edge. While no funds were lost, this incident presents a cautionary example of inadequate bridge governance that applies to both L1 and L2 platforms. Here’s what we know so far.

Twitter avatar for @cLabs
cLabs @cLabs
We recently discovered an issue with Optics beta and our team is actively working to resolve it. Neither the Celo network or the Celo Reserve are impacted. Please find the full statement here:
forum.celo.orgOptics Recovery ModeI just posted this announcement in the Optics Discord server, and cross-posting here: We recently discovered an issue with Optics beta and our team is actively working to resolve it. Here is what we know: Despite no known vulnerability, and without alerting the community, someone unilaterally activ…
8:50 PM ∙ Nov 21, 2021
104Likes26Retweets

At the beginning of last week, cLabs released an announcement that “recovery mode” had been activated inadvertently. While this seems innocuous enough, this mechanism gives control over bridge upgrades to a recovery manager, potentially allowing for user funds to be stolen in a worst case scenario. Details from the Celo forum are shared below.

Source: Celo Forum

This exposed several deficiencies in the way the bridge was initially set up, including lack of clarity on the owner of the recovery manager address and incorrect timelock configuration. All of this left the bridge vulnerable to sudden compromise. 

cLabs’ response was somewhat baffling, as despite losing control of bridge upgrades they claimed that funds were not at immediate risk. This indicates they may have info about the recovery manager owner that they haven’t shared yet. But on the other hand, James Prestwich denied cLabs’ initial suggestions that he was responsible for the takeover.

Twitter avatar for @_prestwich
James Prestwich @_prestwich
I have never been a keyholder on Optics recovery mode I am disappointed that cLabs and Celo have chosen to bring their bullying into public spaces, and that they chose to lie about me to attack my reputation On the advice of my lawyer, I have nothing else to say right now
1:07 AM ∙ Nov 22, 2021
371Likes23Retweets

With community confidence in the bridge declining, the cLabs team quickly changed course and recommended a redeployment and migration of funds to a new, properly configured Optics bridge instance. But in a strange twist of fate, Optics was recently moved out of recovery mode with ownership transferred to the multisig set up to manage the new Optics v2 deployment. An initial report claims the same reassignments have taken place for the Celo and Polygon deployments, meaning that funds are now finally safe after a week at risk.

This situation has resolved favorably, but there are some clear takeaways for users and bridge platforms. Checking bridge configuration before public launch could have identified Optics bridge’s admin ownership and timelock deficiencies. And most cross chain and L1>L2 bridges are essentially governed by multisigs, so users should expect better risk management and disclosures from development teams, contrasting with the several weeks delay between cLab’s discovery of the Optics issue and public disclosure.

Compound Narrowly Rejects Auditing Contract

TL;DR: OpenZeppelin and Trail of Bits went toe to toe over a lucrative Compound auditing contract, with ToB’s last minute engagement leading to a longer contract review period.

While there has been a pickup in DAO merger activity recently, we’re now beginning to see the first signs of an emerging DAO contracting industry. Engaging with service providers allows decentralized orgs to get the benefits of deep experience and centralized management, but also poses challenges in contract negotiation as we’ve seen this past week in the Compound community.

Larry Sukernik of Reverie recently helped guide a proposal for OpenZeppelin to provide continuous auditing services to the Compound community. With the recent loss of treasury funds from a bug in Compound proposal 62, technical audits have become a critical need for the community. 

OZ was the first firm to propose services to Compound in proposal 70, but competitor Trail of Bits joined to compete for the contract with a last minute outreach on Twitter and the Comp.xyz discussion forum.

Twitter avatar for @smsunarto
Scott Sunarto 🐉 @smsunarto
You might have came across OZ's proposal for $4m (+ tentative $4m performance fee) for ongoing audit of Compound. I'm excited for a transparent and competitive B2DAO procurement; I'm glad to announce that @trailofbits is working on a proposal too! compound.finance/governance/pro… [1/4]
compound.financeCompoundCompound is an algorithmic, autonomous interest rate protocol built for developers, to unlock a universe of open financial applications.
5:44 AM ∙ Nov 21, 2021
102Likes12Retweets

ToB’s Scott Sunarto raised some important points that draw from experience in government contracting: healthy procurement mechanisms should be competitive and as open as possible. This helps contain costs and maintain quality for DAO clients, while also reducing risk of self dealing from those arranging bids.

Source: Compound Dashboard

OpenZeppelin’s initial bid for the contract was rejected to allow Trail of Bits more time to bring forward a full offer for community review. So over the coming weeks we should witness one of the first competitive contracting processes in the DAO space.

ConstitutionDAO Faces Wild Week After Losing Auction

TL;DR: The project struggled with messaging around refunds, and was then overtaken by huge hype as the token traded above redemption value.

ContitutionDAO formed in a matter of days to place a group bid on one of the original copies of the US constitution. They ended up getting outbid by Ken Griffin, owner of market making firm Citadel Securities who gained notoriety during the meme stock trading frenzy earlier this year for forcing Robinhood to halt certain retail trading. But despite this setback, ConstitutionDAO demonstrated the power of a new type of decentralized organization - the acquisition DAO. 

Acquisition DAOs allow large groups of users to pool their resources for greater financial impact. This concept was demonstrated by PartyDAO’s NFT bid platform, allowing retail users to purchase several high end cryptopunks. ConstitutionDAO took this a step further by targeting a real world object with a huge expected valuation. 

While the DAO was able to raise over $40 million in a matter of days, the way the DAO and off chain process were linked was somewhat tenuous. Contributing funds granted governance rights over how the constitution would be used and displayed, but not ownership (this was meant to avoid securities regulations about fundraising). 

Twitter avatar for @galaxyRTK
rng.eth @galaxyRTK
The @stratechery episode on @ConstitutionDAO hit on an issue I have with all party DAOs issuing governance tokens raising money “as if” they were fractional ownership but by their own terms aren’t - not clear how/when/whether proceeds will be distributed, if they even can be
11:32 AM ∙ Nov 17, 2021
27Likes1Retweet

This part of the DAO mechanism was never tested because they lost the bid. Acquisition DAOs may face similar difficulties in the future because their maximum spending capacity is known beforehand through on-chain records. ConstitutionDAO also struggled to organize contributor refunds, with a lack of pre-existing operational examples leading to mixed messaging.

Twitter avatar for @ConstitutionDAO
ConstitutionDAO (📜, 📜) @ConstitutionDAO
Of course, we know and respect some of y'all were here just for the Constitution. We'll take a snapshot of everyone's $PEOPLE balance (claimed/unclaimed) in ~24h (block 13656500). Over the next week, we'll set up a website where you can get your ETH back at the original rate.
6:40 AM ∙ Nov 20, 2021
140Likes8Retweets
Twitter avatar for @ConstitutionDAO
ConstitutionDAO (📜, 📜) @ConstitutionDAO
Hi everyone! We know you've been awaiting further news about the refund, and we're ready to go live with it now 😌 We plan to issue refunds through the same Juicebox mechanism by which donations were originally collected.
1:08 AM ∙ Nov 22, 2021
322Likes32Retweets

But in the end, the auction loss to the villain from this year’s meme stock story may have raised the project’s profile. ConstitutionDAO’s PEOPLE governance token inexplicably began trading at a premium of 20 times or more above the ETH redemption value, and was listed on several centralized exchanges. 

Given the huge attention this project has gained in the past two weeks, additional acquisition DAO’s targeting real world purchases seem inevitable. But the governance and on/off-chain coordination challenges remain untested, at least until one of these organizations succeeds in acquiring their target asset.


In Brief: 

  • Lido DAO introduces optimistic governance mechanism, only requiring voter action to cancel proposals:

Twitter avatar for @bantg
banteg @bantg
Lido DAO introduces motions, an optimistic governance primitive which passes unless challenged. They will be used for routine maintenance operations like increasing operator capacity.
research.lido.fiLIP-3: Easy Track releaseGeneral After several months of development, the new Easy Track governance feature for the Lido DAO is finally ready to be released. The feature is designed to lower voting fatigue from recurring Aragon votings and make the DAO routine operations easier. Easy Track introduces the new type of votin…
12:14 PM ∙ Nov 23, 2021
245Likes28Retweets
  • Beethoven X launches friendly fork of Balancer protocol, with distribution of governance tokens to BAL community:

Twitter avatar for @fcmartinelli
Fernando | Balancer 🦇🔊 @fcmartinelli
This is a very important moment for Balancer Protocol. Beethoven x is expanding Balancer's reach under their own brand, community and amazing developers. I'm super excited to see the Balancer family growing with shared open source code and decentralization values. Who's next?
Twitter avatar for @beethoven_x
Beethoven x @beethoven_x
When we decided to come back to life we said to each other: "Imagine if we could, one day, become the first recognised Balancer friendly fork" 481,740 votes for... 5 against. We guess that is a "Yes!". https://t.co/Tnex1d7m2e $FTM $BAL $BEETS https://t.co/AiIsqE9742
7:37 PM ∙ Nov 22, 2021
126Likes25Retweets
  • Curve considers hiring team to review gauge risks after Mochi Finance incident:

Twitter avatar for @WormholeOracle
W⬡rmholeOracle @WormholeOracle
Curve is hiring a gauge risk assessment team to review protocols seeking a gauge. Details to apply for the position in the link $CRV $CVX
gov.curve.fi[Discussion] Gauge Risk Assessment TeamSummary: Create a Gauge Risk Assessment Team responsible for reviewing and publishing any risks associated with protocols applying for a gauge. The team will also review existing gauges to create a comprehensive report on potential risks. This proposal comes from the Curve Grants Council, with co…
2:52 PM ∙ Nov 19, 2021
158Likes23Retweets
  • ENS multisig will transfer most admin powers and treasury funds to the DAO after successful vote:

Twitter avatar for @nicksdjohnson
nick.eth @nicksdjohnson
A historic moment; the ENS DAO's first proposal, to request transfer of funds and crucial admin controls from the multisig to the DAO, has just passed. All four measures were approved. Here's a copy of the email I just sent the keyholders:
discuss.ens.domains[EP1] [Social] Proposal: Transfer ENS Treasury and Contract OwnershipAll four measures passed! Below is a copy of the email I just sent the multisig keyholders. Hi Keyholders, The day has arrived! You have probably noticed that the new ENS DAO just voted overwhelmingly to request the transfer of a set of key powers from the ENS multisig to the DAO: Transfer all …
1:21 AM ∙ Nov 29, 2021
848Likes137Retweets
  • Uniswap is now voting on consensus check poll to deploy Uni v3 to Polygon:

Twitter avatar for @MihailoBjelic
Mihailo Bjelic @MihailoBjelic
Phase 1 of the Uniswap governance process went exceptionally well! 🎉 7.79M UNI (~100%) voted yes, and only 25k was required for the vote to pass! 🤯 Thanks @Uniswap community, we are humbled by this level of support! 🙏 We're moving forward with Phase 2; let's do this! 🔥
Image
Twitter avatar for @MihailoBjelic
Mihailo Bjelic @MihailoBjelic
UPDATE: Given the high level of support this proposal has received so far, we initiated the Phase 1 of the governance process - a Temperature Check poll: https://t.co/D1Tu6xpBwW Please submit your votes by November 25th. Let’s make this happen! 🤗🦄💫 https://t.co/RePmCRaBlb
2:23 AM ∙ Nov 26, 2021
694Likes158Retweets

Thanks for joining us for Tally Newsletter issue 53. Be sure to check out the Tally governance app and join us on Discord for the latest updates!

Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at newsletter@withtally.com 

Best,

Nate, Tally

Share this post

The Tally Newsletter, Issue 53

newsletter.tally.xyz
TopNewCommunity

No posts

Ready for more?

© 2023 Tally
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing