IIP: 170
Title: Modify the Organization Structure
Status: Proposed
Author(s): @anthonyb.eth (On behalf of the Index Coop Council)
Reviewed by: @edwardk @DevOnDeFi @afromac
Created: 16 December 2022
Quorum: 473,884 (10% of Votable Supply)

Summary

This proposal modifies the organizational structure of the Index Cooperative to increase robustness, operational efficiency, and empower the token holders with hard power, namely the ability to directly replace Safe signers.

Index Coop will adopt Metropolis (formerly known as Orca), a lightweight permissions wrapper around a Safe multi-sig that turns each Safe into a “Pod.” This creates an on-chain organization structure where power is delegated from token-holders to elected Pod Members.

The implementation proposed is intended to be version one, and this structure should continue to evolve over time.

There will be three high-level Pods that are responsible for the three main functions of Index Coop:

Engineering: To deploy and maintain Index Coop smart contracts and products

Operations: To serve the DAO’s off-chain needs such as product design, marketing, partnerships, etc.

Treasury: To manage the Index Coop treasury, pay expenses, collect revenue, and deploy capital to investments

1600×1152 133 KB

Key to the Diagram Above

The Engineering, Operations, and Treasury Pod each have three representatives chosen by INDEX holders. Because Index doesn’t have a governor contract and due to the current limitations of Snapshot, a “Delegate Safe” will enact token holder decisions. In time, the Delegate Safe will be removed and INDEX holders can change Pod representatives directly.

Pods can create sub-Pods as shown in the diagram above. This proposal creates the structure as shown in the diagram with three high-level Pods and a number of function-specific sub-Pods.

As a result of these changes and IIP-164, the Index Coop Council (ICC) will cease to exist. The implementation of this structure should occur on or before December 31, 2022.

Motivation

This proposal establishes a persistent system not reliant on a council to make difficult decisions, however, it will maintain the efficiency of decision-making and continue to provide a face to the organization that can interface with on and off-chain entities.

The system is built upon token holders’ sovereignty and their willing, explicit delegation of this power to various component parts, whether they be one or more levels removed.

The DAO must minimize human involvement in its operations to maximize security, robustness, and credible decentralization. Moving to this new organizational structure reduces the reliance on individuals; when human involvement is necessary, those individuals will be appointed and changed by token holders.

Specification

Overview

On-chain entities’ organizational structures are constantly evolving and Index Coop is adopting best practices from around the ecosystem. This proposal has received much iteration and feedback from advisors and community members to accomplish the following objectives:

1. Reduce reliance on individuals

2. Add on-chain governance

3. Raise the primacy of token-holders

In addition, the proposed organizational structure was designed with the aim of keeping Index Coop DAO as nimble as possible. As a result, it broadly increases the decentralization regarding large and important decisions and outsources day-to-day, low-level, operational decisions to appointed Pod members.

Structure

Currently, several multi-signature Safes are owned by the DAO, some of which are inactive. To simplify the structure, only active Safes (i.e., those with assets or permissions) are included in the new organizational structure.

The INDEX token-holders (“token-holders”) will elect representatives (i.e., signers) to the following:

• Delegate Safe (5)
• Operations Pod (3)
• Engineering Pod (3
• Treasury Pod (3)

Each Pod has the discretion to create or modify sub-pods without direct token-holder approval.

Token-holders are also responsible for electing the Director(s) of the Cayman Foundation.

This proposal includes the initial representatives to each Pod and makes changes to the Directors of the Cayman Foundation. At any time, an IIP can be called to make changes to Pod representatives, Directors, or members of the Delegate Safe.

Directors of the Cayman Foundation

This proposal reduces the number of Directors from three to one with the sole Director as Index Coop’s fiduciary service provider.

Delegate Safe

The delegate safe is a temporary measure required due to technical feasibility. In the future, token-holders can change Pod representatives directly via a token vote. Because Index does not have a governor contract and due to limitations in Snapshot, the Delegate Safe will enact decisions made by token holders on-chain.

The delegate safe will begin with a 3-of-5 Safe with the original signers as follows:

Operations Pod

The Operations Pod is a 3-of-5 Safe with 3 individual representatives, supported by the Engineering Pod and Treasury Pod as the additional two signers. The individual members will assist with day-to-day decisions and interface with partners and token-holders.

Currently, there would be no plans for the Operations Pod to handle any funds and most of the activity falling under its purview would be off-chain.

The Operations Pod is the manager of the Contributor Pod. The Operations Pod will be responsible for managing personnel, roles, and remits, and all proposed hiring and offboarding decisions are subject to 3-of-5 approval. This action will take place on-chain by removing the contributor from the Contributors Pod. The initial individual representatives to the Operations Pod are Dev, Anthony B, and Jordan T.

Contributors Pod (operations.contributors)

The Contributors Pod is a sub-Pod of the Operations Pod that enables all paid contributors of the DAO to exist on-chain via Metropolis’s Pod Member NFT system. This NFT acts as a “key card”, so to speak.

There are no immediate plans to use this feature set of Metropolis, but the Contributors Pod is useful for conducting on-chain votes by internal contributors on Snapshot (using the orca-pod strategy). It can also be used for token-gating access to things such as the internal contributor Discord Server. In addition to token-gating access, the Contributors Pod provides an additional layer of on-chain governance, which creates an auditable structure with a higher degree of decentralization.

The Contributors Pod will have a 1-of-n threshold because it will hold no funds and have no permission. All active paid contributors will be members of this Pod and issued NFTs.

Engineering Pod

The Engineering Pod is a 3-of-5 Safe with 3 individual representatives, supported by the Operations Pod and Treasury Pod as the additional two signers. The individual representatives will assist with deploying and maintaining smart contracts on behalf of the DAO. The permissions or keys to all Index Coop smart contracts are set to the Engineering sub-Pod, engineering.ops (eth:0x6904110f17feD2162a11B5FA66B188d801443Ea4). The initial individual representatives to the Engineering Pod are Defensible LLC, Flattest White, and Sid Hemraj.

Treasury Pod

The “Treasury Account” (eth:0x9467cfadc9de245010df95ec6a585a506a8ad5fc) will become the “Treasury Pod.” The Treasury Pod is a 3-of-5 Safe with 3 individual representatives, supported by the Operations Pod and Engineering Pod as the additional two signers. The individual representatives will assist with managing the assets of the DAO, paying expenses, processing payroll, and maintaining the runway. The initial individual representatives to the Treasury Pod are afromac, Mr Madila, and C-Squared LLC.

The Treasury Pod also has a number of Safes under its management that are used to segregate assets including:

Summary

1. Adopt Metropolis

2. Update the Directors of the Cayman Foundation

3. Create the following new Safes:

   1. delegate_safe

   2. engineering

   3. operations

   4. treasury.liquidity.fast

   5. operations.contributors

4. Update the Signing Structure of the Treasury Pod

5. Add the Metropolis Pod features to the following Safes

Voting

FOR: Do modify the organization structure
AGAINST: Don’t modify the organization structure

gm @anthonyb.eth and Owls -

I like this proposal in spirit given it moves toward better organization; I believe it confuses the challenges of decentralization and automation within The Cooperative.

As I see it, the Delegate Safe having the ability to reconstitute the three core pods means that there should not be an overlap of signers with the pods. At first blush I don’t know who the two non-individual signers are and given this appears to be a tacitly elected body in control of all DAO assets on behalf of token-holders, should there not be an election where those reputations can be examined by the electing INDEX holders? Put simply, this is a republic-model given it’s not on-chain, and this proposal outlines a structural (process and security) and leadership change (election) in one swoop . . . I’d like more context on the high-level signers and their track-record on dutifully and expeditiously representing the will of the INDEX tokenholders (as well as regional and intradisciplinary coverage by signers - three appear to be ‘product’ contributors).

Other concerns:

• The signing structure is 3-member/2-pods for each multisig . . . would it not be prudent to make the other pods requisite-signers on treasury expenditures? As it stands it appears the three individual treasury signers could drain the treasury without the other pods being able to prevent it.
• What is the cadence of re-election of signers at the three core pods and Delegate Safe? What entity is responsible for ensuring the legitimacy and accountaiblity of the INDEX token-voting process? Who is eligible to be a signer on the Delegate Safe?
• I can’t fully grok the system that’s being deprecated so even a vote for no change is still confusing. Who are the current signers on the relevant multisigs and where will assets be migrated from/to? Has a risk analysis been performed on the exact adding and deprecation of signers and xfer of assets or will that follow and be published? Have you retained a firm other than metropolis to review and have metropolis successfully transitioned a DAO in this way before? I’m thirsty for details that give me confidence it all stays bolted together through the transition described above.

I believe the proposal gives sufficient consideration to DAO internal organization and not enough to security and assurances on behalf of the INDEX tokenholder. My recommendation would be to agree on a revamped structure here and THEN hold an election for the 5 signers on the master contract as that is the only connection (defense) between the will of the INDEX tokenholders and DAO execution, and as proposed it’s still off-chain and appears fully capturable by a small DAO constituency of just 3 people.

Further, some discussion of the relevant utility of the INDEX token in light of these changes would be helpful context. The above IIP seems to change the governable surface of the Cooperative without making it more explicit or secure; what types of decisions will INDEX holders be making besides elections, and how often, or is this a move toward an elected board (shareholder model)? On one hand I like that the DAO are communicating desired structure; it speaks well to organizational coherence . . . on the other I think you’re missing the other half of the conversation and that’s that your collective is not governed by multisigs and humans, it’s governed by token voting and despite years now to sort it out, I’m still relying on humans to do the job of code . . . why can you still tell me no after I vote? (no one likes the word veto, but what you’ve retained in this model is DAO veto ability without addressing it properly - will the signers at least attest to some principle-based behaviors?) I want you all gone from that Delegate Safe and code in your place . . . it’s not meant to be personal and having held a position of power within a DAO I know you likely don’t enjoy that responsibility either as I try and empathize with those that crafted this proposal and are affected by it; is it possible and what steps are taking place at present to get IC gov on-chain given that this proposal doesn’t appear to move that needle?

I realize I may be lacking sufficient context and look forward to any corrections of fact above; on balance I’m quite impressed with this DAO, all contributors, and the recent transitions toward further practical autonomy. I’m abstaining from the current vote as I do see the above as net positive, but I find it lacking in the current form for the reasons above and do hope to see these concerns addressed in the near future regardless of proposal passage. Thanks Owls!

Hey @mel.eth,

Thanks for your reply and I will try to address all of the points below.

The Delegate Safe having the ability to reconstitute the three core pods means that there should not be an overlap of signers with the pods.

This is an understandable concern, however, I don’t anticipate any problems with it. I’d be happy to step down from the Delegate Safe personally and be replaced by another trusted party. Given that we are entering new territory, this decision was made because it provides some continuity. For what it’s worth - the Delegate Safe will not go against decisions made by token holders and all of the people on the Delegate Safe are in favor of automating this with code as you suggest. The only problem is that it will take some time to change this.

The two non-individual signers you cited are Defensible LLC (@edwardk) and our Professional Director Firm who is a Director of the Cayman Foundation.

The signing structure is 3-member/2-pods for each multisig . . . would it not be prudent to make the other pods requisite-signers on treasury expenditures? As it stands it appears the three individual treasury signers could drain the treasury without the other pods being able to prevent it.

Corrupting 3-of-3 is not impossible, but highly unlikely. If just one was honest you’d need to corrupt another 2-of-3 in the Operations or Engineering Pods. This is practically next to impossible meaning you’d have to corrupt 4-of-9.

In addition, I’m hopeful that we can establish some on-chain limits on both the Engineering and Treasury Pod actions in the future and it is a topic that has been discussed with Metropolis.

What is the cadence of re-election of signers at the three core pods and Delegate Safe? What entity is responsible for ensuring the legitimacy and accountaiblity of the INDEX token-voting process? Who is eligible to be a signer on the Delegate Safe?

This process is deliberately step-by-step. As such, there is not a specified cadence for re-election yet, but my preference is for a six-month review. As for the entity presiding over that, the goal is no entity and to move to on-chain governance in by the end of June 2023.

No eligibility rules have been put in place for the Delegate Safe as its intended to be temporary.

Who are the current signers on the relevant multisigs

The only relevant multi-sig is the Treasury Account and the relevant signers can be found here. The Operations Pod and Engineering Pod would be new Safes under the new structure.

Have you retained a firm other than metropolis to review and have metropolis successfully transitioned a DAO in this way before? I’m thirsty for details that give me confidence it all stays bolted together through the transition described above.

We have not retained a firm to review, but this proposal has been circulated to many partners who have lots of experience with different governance structures including VCs and also through conversations with people at Aave, Goldfinch, and a few other protocols.

As for Metropolis - they have been successful at ENS as the primary example. You can read more about that here.

Further, some discussion of the relevant utility of the INDEX token in light of these changes would be helpful context.

The utility of the INDEX token is something that has been under consideration for some time. In my personal view, this is secondary to growth and the core DAO functions at the moment, but I intend to spend time working on this problem in the coming months. As for this proposal, I think INDEX utility is out of scope - except for the fact that this proposal gets us closer to an implemented on-chain governance system.

will the signers at least attest to some principle-based behaviors?) I want you all gone from that Delegate Safe and code in your place . . . it’s not meant to be personal and having held a position of power within a DAO I know you likely don’t enjoy that responsibility either as I try and empathize with those that crafted this proposal and are affected by it; is it possible and what steps are taking place at present to get IC gov on-chain given that this proposal doesn’t appear to move that needle?

Yes, as I mentioned above (but it is worth reiterating), I will simply take the actions decided by token holders. And it is important to me to move to on-chain governance. I can speak on behalf of @afromac, @edwardk, and @DevOnDeFi as well when I say that we will all act in accordance with token holders. Our professional director is also mandated to act in accordance with token votes.

While it doesn’t move the needle on on-chain voting - it does move the needle on on-chain governance. This structure inches us closer to implementing on-chain voting and it makes the processes for selecting representatives clear and transparent. I view bringing the organization structure on-chain as a great first step towards an improved Index Coop.

I hope I adequately answered all of our comments and questions. I’m aware this proposal does not solve all governance at Index Coop, but it does move us considerably in the right direction and it signals our overall intention to maximize decentralization without reducing operational efficiency.

Best,
Anthony

gm @anthonyb.eth -
I appreciate the increased clarity and expeditious response. It’s comforting to find alignment on outcomes, and i would agree that this is a big step in that direction. I appreciate you and the other signers affirming the will of token holders, and for protecting Coop treasure as diligently through governance considerations as you do with product launch considerations. I do look forward to IC governance moving on-chain and appreciate these efforts toward that outcome by all. I see removal of yourself from that multisig as an enabler to better organizational and node level health; I appreciate you standing guard at the gate until it can be protected better with code through decentralization automation. Good luck with this proposal, subsequent execution, and governance upgrades to follow.

@anthonyb.eth can you please share the execution steps when they are completed on this forum post. I am mostly interested in point 2 being completed ASAP.

Thanks

Hey Elliott,

Just an update here: The Foundation now only has 1 member. You and @DevOnDeFi have been removed.

Best,
Anthony