Title: Security - Operations & Investment Account
Authors: Matthew Graham (@Matthew_Graham), Dylan Tran (@dylan), Accelerated Capital (@AcceleratedCapital) )PrairieFi (@prairiefi) Elliot (@ElliottWatts) DarkForestCapital (@DarkForestCapital) verto0912 (@verto0912) Mr Madila (@MrMadila) George (@george)
We propose creating two separate multisig wallet addresses: one for each of the Operations and Investment accounts. We discuss the responsibilities of each multisig from an account security perspective.
As outlined in the Treasury Diversification Proposal, the Treasury Working Group intends to split the current treasury into two accounts: an Operations Account and an Investment Account. In order to accomplish this, it is necessary to create two separate Gnosis multisig wallet addresses.
Initially, each account will have its own multisig wallet that will require 3 of 4 owners to approve a transaction. The four Index Coop representatives are: primary focal point for each account, TWG lead and 2 members of the Treasury Committee. The initial requirement for a minimum of 3 addresses approving a transaction from an eligible 4 addresses can be amended in the future as required.
Currently, all transactions from the Treasury Committee Wallet are controlled via a 3 person multisig with a 1 of 3 approval requirement and the main Treasury Wallet is controlled by a 3 person multisig with a 2 of 3 approval requirement. Although the Treasury Committee has proven viable, due to the rapid growth Index Coop has experienced and the frequency of transactions increasing, we now need to cascade responsibility amongst the broader community.
With regards to overseeing Index Coop’s finances, some responsibilities are being transitioned from the Treasury Committee to the Treasury Working Group (TWG). The first step in this transition is for the TWG to set up the security structure around Operation and Investment accounts. The Operations and Investment Accounts are to be funded from the Treasury Wallet as we transition to a more DAO-lead approach.
Multisig wallet addresses enable DAOs to delegate transaction approval authority to selected contributors - known as owners. The DAO places the trust in owners to transfer funds efficiently and securely knowing multiple owners need to approve each transaction, see infographic below.
One core feature of a multi-signature wallet is to be operated by multiple accounts known as owners. OwnerManager.sol allows you to add, remove, and replace owners. Furthermore, a threshold number of owners required to confirm a transaction for it to be executed can be specified and modified. This is a great feature as it allows the DAO to modify the control features as the DAO evolves over time. There is also the ability to set daily transfer limits on ERC20 tokens and approve whitelisted addresses that do not require confirmations. Initially we are opting for the basic version and will revisit the functionality of the wallet in time when the need to do so emerges. Multi-sig signers are expected to use hardware devices linked to their web3 wallet when performing these transactions, thus maximising the security against a potential attack.
There have been 6 audits on Gnosis Safe with the most recent being 4th May 2020. All findings have been implemented and currently, there is $7.5M bug bounty funds that offers $100K per bug. Gnosis Safe is trusted by many big name DeFi protocols like Aave, Yearn and Balancer.
The initial names listed on the multisig accounts are as shown below:
|Roles||Operations Account||Investment Account|
|Treasury Committee||@DarkForestCapital, @dylan||@DarkForestCapital, @dylan|
|Treasury Work Group Lead||@Matthew_Graham (Fire )||@Matthew_Graham (Fire )|
Create Operations & Investment Account wallet addresses according to the IIP-46 proposal.
DO NOT create Operations & Investment Account wallet addresses according to the IIP-46 proposal.
Copyright and related rights waived via CC0.