This proposal asks to establish the Risk Pod within Gro DAO. This proposal will be open for comments over the next 3 days. If no substantial changes are required, it will then be open for voting for another 5 days.
As Gro DAO further decentralises, I propose forming the Risk Pod to:
- Provide independent risk assessment for decisions on proposals, such as strategy whitelisting, before they are submitted to governance votes
- Provide feedback and analysis on risk levels of suggestions from other pods / committees when requested
- Create and maintain documentation on risks to Gro protocol
- This will include a comprehensive list of threats
- Each threat will have a mitigation, alert (as required) and response plan
- Engage with third parties for additional expertise in better understanding Gro protocol’s risk exposure and improving its risk management practices
- Submit proposals to Gro DAO to help address and mitigate risks
There is already a risk channel created in the Gro DAO Discord server. This proposal seeks to formalize the Risk pod, which would lay the foundation to improving risk management to advance the DAO’s mission. The risks faced by Gro DAO have been preliminarily outlined in this separate document.
This does not include executing on smart contract audits or bug bounty programs, which would be under the Groda Product Pod’s purview.
Following the framework suggested in this post, the Risk Pod can include individual and entity contributors alike. The pod could have contributors on a regular, full-time basis as well as those contributing on a part-time or project basis.
I would also propose myself as the Risk Pod’s facilitator. My current role is as President of DeFiSafety. I have extensive risk based experience, both from 2 years of DeFiSafety and more from my time in aerospace. I have spent the last 2 years studying DeFi security exploits.
I would commit to a minimum of 4 days per month, maximum of 6, depending on the workload. This would be for a fixed compensation of US$5,000 per month (averaging $104-156 per hour which is in line with benchmark figures outlined in the Aave RiskDAO proposal here), plus 18,000 GRO tokens per month with 12 month vesting to align long-term incentives.
For the next 6 months, I propose a budget of $100,000 USDC that will be transferred to the Risk Pod operational wallet if approved.
Budget breakdown (first six months): $100,000
- 1 facilitator: 30,000 USDC over 6 months
- Projects or part-time contributors:
- Exponent Real time DeFi risk metrics $53,000
- Buffer (additional part-time contributors or services): $17,000] USDC over 6 months
For check and balance, the operational wallet will be a 2-out-of-3 multi-sig with Risk Pod facilitator and 2 contributors in the People Pod as signers. To facilitate day-to-day operating expense payment, the Risk Pod facilitator will be designated as beneficiaries to a spending limit on Gnosis Safe. The spending limit is defined as all budget to be sent to operational multi-sig listed below excluding the Risk Pod facilitator cost. The Risk Pod facilitator compensation will require at least 1 signer from the People Pod for payment – it should by default be paid out unless the pod acts maliciously, goes missing, or otherwise goes off-path. The operational wallet’s address and signers will be published once set up for transparency.
Given the above figures, the spending limit under the Risk Pod facilitator’s complete discretion would be $70,000 USDC.
Actual spend will be reconciled with the budget at the end of the 6-month period. Any unspent budget will be returned to the DAO treasury after the reconciliation.
Risk Pod will update the DAO on its progress regularly through the community channels such as Community Forum, Discord, and Telegram.
In addition, there will be a quarterly report to summarize progress achieved and high-level plans for the next 3 months on the Community Forum. The second quarterly progress report will coincide with the 6-monthly budget report outlining actual spend and proposing budget for the next 6 months.
I also work as President of DeFiSafety. This is advantageous to both GRO DAO and DeFiSafety. GRO DAO gets the value of my significant risk experience and contacts. DefISafety better understands the inside operation of a DeFi protocol. It is win-win.
However when GRO DAO contracts DeFiSafety for work, for example in the Framework proposal, there is a clear conflict of interest. For these commitments, I suggest they go to a full DAO governance vote. This will take place just once per year.
This proposal will be open for comments over the next 3 days. If no substantial changes are required, it will then be open for voting for another 5 days.