Main Multisig spring cleaning
We need to restructure the Multisig a bit because Vojtech requested to be taken off as his responsibilities shift more onto his next projects. So while it is clear that we will respect his wishes, we have to be a bit careful about how to handle the situation, because Vojtech always was very active and quick to sign off on transactions.
To make visible who is on the multisig now and when the last time was when they were active, I made a spreadsheet
For successful execution of transactions, the quorum is currently set to 6 confirmations.
Vojtech leaving would put us in the yellow area where we would need to ping people that are not always active in the channel.
I will not make a proposal immediately about this, but make my voice heard in the thread here and would like to discuss the options at community meeting
Poll Created Sat 9 Mar 2019 4:12PM
How many people should we have on the Main multisig Closed Thu 14 Mar 2019 8:03PM
Tension
We are doing a major Multisig overhaul as stated here: https://www.loomio.org/p/PB2e5AdZ/the-main-giveth-multisig-should-have-5-people-removed-and-4-or-5-people-added
Proposal
Let's use this poll to determine the number of people to be added to the multisig... The number stated assumes that we agree to keep 6 required signatures.... if you think 6 signatures is a bad idea, thats cool too, make that your top choice!
Background
We have a 6/12 multisig now.
Lots of people like to have a over 50% majority required... so that would mean we only have 11 people or less on the multisig the fewer people the more secure...
But some times it takes a long time to get people to get their keys and make a tx.. so the more people we have the faster we can move things thru.
This is a really really important multisig... it controls the bridge, and therefore all of the funds held in the bridge and all of the permissions around who can do what in the bridge contract It is also our default address for donations.
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Explicit Duties
Owns the bridge
Receives donations and deals with those donations (hopefully we will get rid of that eventually)
Can cancel any payment in the bridge
Can pause the bridge completely and unpause it
Add tokens to the whitelist (in the bridge needs to be donw on rinkeby side as well)
Can change the max security guard delay
Can change the 2 day time lock in the bridge
can change the security guard
Can change the bridge service... and who can create payments to the bridge
can change the escape hatch caller
Can remove/change ownership
Has all the powers needed to decentralize the bridge
Can call the escapeHatch(address _token) in an emergency to move all the money out of the bridge for the specified token
Can call escapeFunds(address _token, uint _amount) to move some of the money out of the bridge to be extra cautious.
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
12 | 1 | 17.1% | 12 | 2.4 | ||
|
|
11 | 2 | 15.7% | 11 | 2.8 | ||
|
|
13 | 3 | 14.3% | 10 | 3.3 | ||
|
|
Abstain | 4 | 11.4% | 8 | 4.0 | ||
|
|
9 | 5 | 11.4% | 8 | 2.0 | ||
|
|
10 | 6 | 11.4% | 8 | 2.0 | ||
|
|
6 signatures is probably too much | 7 | 11.4% | 8 | 2.7 | ||
|
|
14 | 8 | 5.7% | 4 | 2.0 | ||
|
|
6 signatures is probably not enough | 9 | 1.4% | 1 | 1.0 | ||
| 15 | 10 | 0.0% | 0 | 0 | |||
| Undecided | 0% | 0 | 0 |
7 of 53 people have participated (13%)
Griff Green Sat 9 Mar 2019 4:15PM
| 1 - 13 | ||
| 2 - 12 | ||
| 3 - 14 | ||
| 4 - 6 signatures is probably not enough | ||
| 5 - 11 | ||
| 6 - 10 | ||
| 7 - 15 | ||
| 8 - 9 | ||
| 9 - 6 signatures is probably too much | ||
| 10 - Abstain |
I am happy to have more people on the multisig :-D Multisigs are like hot tubs, the more the merrier!
Griff Green Sat 9 Mar 2019 4:16PM
| 7 - 13 | ||
| 8 - 12 | ||
| 9 - 14 | ||
| 10 - 6 signatures is probably not enough |
I am happy to have more people on the multisig :-D Multisigs are like hot tubs, the more the merrier!
Bowen Sanders Sat 9 Mar 2019 8:22PM
| 7 - 13 | ||
| 8 - 12 | ||
| 9 - 14 | ||
| 10 - 6 signatures is probably too much |
While 6 is definitely more secure, just keep in mind it's actually quite hard to get four people to do anything simultaneously let alone in a timely fashion (read: try going to a club or dinner with a group. There's a reason why the term cat herder has become a part of the Ethereum dialogue) so we might want to think about how well this new strategy actually works and perhaps move to revisit this after a few transactions passes through with new people on it.
Loie Sun 10 Mar 2019 4:12PM
| 7 - 11 | ||
| 8 - 10 | ||
| 9 - 9 | ||
| 10 - 12 |
this poll is a little confusing... but i get it. I def think we should keep a majority for passing. I'd be happy with a 5 of 9 b/c i see how slow it is sometimes to get folks mobilized to sign... but i think that's more about not having enough active people. if we add the proposed unicorns to the multisig i think everything will go way faster so 6/11 is fine
Josh Fairhead Mon 11 Mar 2019 5:16PM
| 7 - Abstain | ||
| 8 - 6 signatures is probably too much | ||
| 9 - 9 | ||
| 10 - 10 |
4/7 seems a more appropriate number. Has this previously been discussed/tried? Is there a timing concern with the less people? it would increase security to do so. This seems like a design challenge and there is probably an optimal distribution of time zones that should also possibly be considered. So I guess what should we optimise for? Security, diversity, time zone distribution, all three or other things? What problems do we want to address & how can we simplify to do so?
Poll Created Sat 9 Mar 2019 4:34PM
[Anon Poll] Who should be added to the Main Multisig? Closed Thu 14 Mar 2019 10:03PM
Tension
We are doing a major Multisig overhaul as stated here: https://www.loomio.org/p/PB2e5AdZ/the-main-giveth-multisig-should-have-5-people-removed-and-4-or-5-people-added
We need to add a lot of people to this very important multisig, as it controls the Bridge and receives donations, There will likely be 1 or 2 transactions a month.
Proposal
Let's use this poll to determine who should be added to the multisig... The top choices will get added assuming the people agree and want to be in the multisig and that this proposal passes at the Community Meeting. The number of people that get in will be dependent on the results of: https://www.loomio.org/p/wqF5MS60/how-many-people-should-we-have-on-the-main-multisig
Background
It is important that we trust these people and that they are willing and able to back up and secure a key on their person as they travel that can be used to vote on these transactions. This key should probably be stored on Metamask.
This is a really really important multisig... it controls the bridge, and therefore all of the funds held in the bridge and all of the permissions around who can do what in the bridge contract It is also our default address for donations.
Currently on the Multisig:
Bowen available and active
Griff available and active
Kay available and active
Kris available and active
RJ available and active
Edu available and active
Jordi available and active
Currently proposed to be taken off the multisig
Yalor Not available and not active
Quazia Not available and not active
Oz Available but not active
Alex Available but not active
Vojtech Would like to resign, will be greatly missed
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Explicit Duties
Owns the bridge
Receives donations and deals with those donations (hopefully we will get rid of that eventually)
Can cancel any payment in the bridge
Can pause the bridge completely and unpause it
Add tokens to the whitelist (in the bridge needs to be done on rinkeby side as well)
Can change the max security guard delay
Can change the 2 day time lock in the bridge
can change the security guard
Can change the bridge service... and who can create payments to the bridge
can change the escape hatch caller
Can remove/change ownership
Has all the powers needed to decentralize the bridge
Can call the escapeHatch(address _token) in an emergency to move all the money out of the bridge for the specified token
Can call escapeFunds(address _token, uint _amount) to move some of the money out of the bridge to be extra cautious
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
Lorelei | 1 | 16.2% | 70 | 6.4 | ||
|
|
Dani | 2 | 13.7% | 59 | 6.6 | ||
|
|
Michael | 3 | 13.2% | 57 | 6.3 | ||
|
|
George | 4 | 8.8% | 38 | 4.2 | ||
|
|
DAppLion | 5 | 8.1% | 35 | 5.0 | ||
|
|
Lanski | 6 | 6.3% | 27 | 4.5 | ||
|
|
Adam | 7 | 5.8% | 25 | 3.6 | ||
|
|
Jeff | 8 | 5.6% | 24 | 3.4 | ||
|
|
Josh | 9 | 5.6% | 24 | 3.4 | ||
|
|
Kirch | 10 | 5.3% | 23 | 4.6 | ||
|
|
Alan | 11 | 4.2% | 18 | 4.5 | ||
|
|
Deam | 12 | 3.7% | 16 | 3.2 | ||
|
|
Adria | 13 | 1.9% | 8 | 1.6 | ||
|
|
Parker | 14 | 1.6% | 7 | 1.8 | ||
|
|
Linds | 15 | 0.2% | 1 | 1.0 | ||
| Undecided | 0% | 0 | 0 |
12 of 12 people have participated (100%)
Anonymous Mon 11 Mar 2019 3:00PM
| 8 - Michael | ||
| 9 - DAppLion | ||
| 10 - Deam | ||
| 11 - Dani | ||
| 12 - Lorelei | ||
| 13 - Lanski | ||
| 14 - Parker | ||
| 15 - Josh |
Michael is steward, Devs have strong tech ability for this stuff, then I'm voting for people I interact with rather than perceived strangers (no offence intended, I'd still like to get to know you guys!)
Poll Created Sat 9 Mar 2019 4:50PM
[Anon Poll] Replacing Vojtech on the Overflow Multisig Closed Thu 14 Mar 2019 9:03PM
Tension
Vojtech would like to be removed from the Overflow multisig.
Proposal
Let's just simply replace V and use this poll to determine who should be added to the multisig... The top choice will get added assuming the person chosen agree and want to be in the multisig and that this proposal passes at the Community Meeting.
Background
It is important that we trust the person and that they are willing and able to back up and secure a key on their person as they travel that can be used to vote on these transactions. This key should probably be stored on Metamask.
This is an important multisig... it controls the bridge overflow, so when the bridge has a lot of money, any of the people in the EscapeHatchCaller multisig can move money out of the Bridge to this multisig and then this multisig can move it back into the bridge if needed.
The strategy here is that to mitigate risks by not holding all funds in one smart contract, we can move funds that we dont expect to be spent anytime soon to this Overflow Multisig... and when it seems like that money might be spent in the DApp we can move the funds back.
Currently on the Multisig:
Bowen
Griff
Jordi
Kay
Kris
Perissology
Vojtech
Explicit Duties
Receives overflow/escaped funds from the Bridge
Sends funds back to the Bridge when funds get low using depositEscapedFunds()
Giveth Deployment doc:
https://docs.google.com/document/d/1XExY55sCdH-gGgnMnzSHhbPZsMhmc6w2fHJ_Ro7ILyw/edit
Bridge Security Doc:
https://docs.google.com/document/d/1OUSLO-qmboncSf5tKP3Jo5JX__vvUZ7jnyfBdQhvA_4/edit
Results
| Results | Option | Rank | % of points | Points | Mean | ||
|---|---|---|---|---|---|---|---|
|
|
Lorelei | 1 | 31.0% | 31 | 3.1 | ||
|
|
Michael | 2 | 24.0% | 24 | 2.7 | ||
|
|
Dani | 3 | 22.0% | 22 | 2.4 | ||
|
|
Lanski | 4 | 10.0% | 10 | 1.7 | ||
|
|
Don't add anyone, leave it 4 of 6 | 5 | 7.0% | 7 | 3.5 | ||
|
|
Add more than just 1 person | 6 | 3.0% | 3 | 3.0 | ||
|
|
George | 7 | 2.0% | 2 | 1.0 | ||
|
|
Josh | 8 | 1.0% | 1 | 1.0 | ||
| Jeff | 9 | 0.0% | 0 | 0 | |||
| Adria | 10 | 0.0% | 0 | 0 | |||
| Undecided | 0% | 0 | 0 |
10 of 10 people have participated (100%)
Anonymous Mon 11 Mar 2019 2:03PM
| 7 - Michael | ||
| 8 - Lanski | ||
| 9 - Dani | ||
| 10 - Lorelei |
Michael as Dapp steward, otherwise I'd suggest the first gen unicorns as reliable guardians