-1.png?width=300&height=47&name=OZ_logo_color%20(3)-1.png "OpenZeppelin"){kind=logo}
Decentralization is a journey, more than a destination.
A Web3 project that has started to scale through a rapidly growing community presents a unique challenge. Despite decentralization being a core ethos of the long-term development strategy, the founding team still needs to be hands-on in the early phases of decentralization, addressing bugs and refining the product-market fit. The ultimate goal is for the project to be governed entirely by user participation, but initially, the team needs to steer the project. The balance between protocol security, safe user experience, rapid innovations, and decentralizing governance can become a complicated tight-rope act for core teams during pivotal early stages. To gradually increase decentralization as the project scales, the following approaches can be considered to leverage the utility of the OpenZeppelin Governor contract. These approaches feature the engagement of some of the top projects across the blockchain, including Gnosis for their Safe multi-signature wallet product (which supports the Zodiac “expansion pack” for DAOs), Scopelift’s Seatbelt tool, and UMA’s Optimistic Governor.
As a security-first team, the blockchain project will be in the process of undergoing or recently completing a security audit from a top-tier firm. Measures such as bug bounties, security monitoring, and a well-tested incident response plan have been put in place. Contract deployment best practices have been followed, with permissions assigned to a multi-signature contract allowing for joint control and management by multiple parties. Active community members weigh in with feedback and input, but ultimately, control lies with the multi-signature signers. This arrangement has been necessary so far, but as the treasury grows, the responsibility and potential liability also increase. Some questions arise, such as what happens if all the signers want to take a vacation at the same time? How does the community feel about its ability to exercise control in decision-making over the long term?
For many Web3 organizations, the ultimate goal is to adopt a more decentralized model of governance, where control is shared among a larger group of stakeholders. Enter OpenZeppelin Governor. A Governor contract, used by teams such as The Graph, Uniswap, ENS, Gitcoin, Nouns, and Compound, makes it possible to set up a system where multiple parties can vote on proposed changes to a contract, with the aim of reaching a consensus on the best course of action.
For a team that is accustomed to centralized control, a transition to decentralized governance can feel like a big leap. How do you go from one to the other? For Gnosis multisig users, the Gnosis Guild team has made the Zodiac module available to help. This module provides an implementation of OpenZeppelin Governor designed for use in a Zodiac-style setup, so Gnosis Safe users can simply “equip” the Governor module, allowing a transition from multisig to DAO with on-chain voting (allowing for either ERC-20 or ERC-721 tokens) using a web interface that sets the parameters on the underlying Governor contract. These parameters include specifications for quorum and voting period and will govern the voting process.
By equipping the Governor module, the Safe gains support for Governance, however, the multisig signers retain control. Note that to obtain a complete transfer to the Governor, the original multisig signers will need to renounce privileges over the Safe. In practice, this means that all but one signer must be removed from the Safe, and the last signer must be changed to an invalid address (such as 0x000…dead). Once the contract has been migrated, the community will be able to start voting on proposed changes. The Governor contract will track the votes and determine whether the minimum number of votes has been reached to pass a proposal.
By providing the option to equip Governor to a multisig in a plug-and-play manner, DAOs and other organizations now have a seamless way of progressively decentralizing while also preserving the modular design shared by OpenZeppelin and Zodiac. This optionality allows organizations to avoid the massive switching costs and complex contract changes needed to migrate to a more opinionated platform or start over from scratch, creating a simpler and more composable path to progressively decentralize. We think this modular approach is not just easier and more practical, but where the ecosystem is heading.
– Marvin Lin, Gnosis Guild
OpenZeppelin Defender – a leading secure smart contract automation platform – provides teams with a reliable way to monitor the state of relevant contracts, perform administrative actions, and implement circuit-breaker-like security automation such as pause guardians, as well as a host of other options. Using Defender as a contract orchestration dashboard allows teams to be notified based on security events as well as relevant information-based alerts, which can be fine-tuned via integrations with custom Forta bots, and sent via a combination of notification channels including PagerDuty, Slack, Datadog, OpsGenie, Telegram, email, or another webhook-based channel. Notifications can also be delivered to the relevant community Discord to keep users up-to-date on the current safety status of the underlying contracts.
Under a decentralized governance model, the community benefits because they gain more control and can make collective decisions for the good of the community as a whole. Because decentralized governance is by no means without risk (due to the potential for bugs or even malicious proposals), users benefit from careful verification that ensures submitted proposals go through without issue. ScopeLift’s Seatbelt tool, developed in collaboration with Uniswap, gives Governor users an interface for simulating proposals and generating human-readable reports, with the goal of guarding against potential errors that would cause the transaction to revert, lose funds, or even render governance permanently unusable. They’re able to run these simulations for different deployments of governance because OpenZeppelin Governor provides a standard and trusted interface.
On the other hand, many users might decide that they seek a governance model that does not depend on actions taken by multisig signers or ERC-20 token-based votes. Even when handled securely and protected entirely from attacks, coin-based voting poses risks to users due to potential conflicts of interest, the influence of “whales,” and the inherent emphasis on ensuring the token’s value. OpenZeppelin Governor also supports ERC-721-based voting, allowing for identity representation via NFTs as one possibility. Under this model, the entity which owns the NFT would receive a vote with equal weight as another entity holding the same kind of token.
Additionally, UMA’s Optimistic Governor offers DAOs the ability to ensure that the rules and parameters they set for their governance system get enforced. This model requires the DAO to set all necessary parameters in advance, which then allows users to propose their own transactions. These user-proposed transactions will succeed unless disputed. Under Optimistic governance, humans get brought into the mix only if dispute resolution is needed.
As the use of smart contracts and blockchain technology continues to grow, it is becoming increasingly important for organizations to think carefully about managing and maintaining the security and health of their contracts. These goals will be reached by adopting best practices for secure development and operations. This also requires efficient and well-tested code libraries, decentralized on-chain monitoring, and well-tuned incident response plans.
Decentralized governance using OpenZeppelin Governor can help ensure that your organization’s smart contracts are managed and maintained in a secure, transparent, and democratic way, while also giving you the flexibility to adapt and respond to changing needs and circumstances over time.
Available and widely adopted since 2016, OpenZeppelin Contracts have been continually improved and optimized based on security best practices, providing Web3 with secure smart contract libraries that are reusable, modular, and highly composable while maintaining security and being gas efficient.
OpenZeppelin provides a range of products and services to guide blockchain projects in their journey to safe decentralization. If you’d like to explore using OpenZeppelin Governor contracts for your own development, proceed to our documentation. If you’re interested in working with OpenZeppelin on DAO security best practices or advising on how to build your blockchain project securely, then please get in touch with our team.
