PIP-25: Transition of Veto Council Access

Overview
This proposal, PIP-25, aims to update the access control for the Veto Council within the Panther Protocol’s governance structure to enhance security and efficiency. The goal is to ensure the governance mechanisms reflect the current needs of the protocol while introducing measures to strengthen governance and protect user funds.

Purpose
The purpose of this proposal is to update Veto Council membership, improve the security of the DAO Multisig, and introduce a new emergency mechanism to safeguard the protocol. This involves removing inactive council members, optimizing the operation of the Reality.eth module, and establishing a dedicated emergency stop mechanism.

Proposed Changes

1. Snapshot Admin Control Over Reality.eth Module
   Enable the Snapshot Admin (via the Snapshot Admin Multisig) to toggle the Reality.eth module on the DAO Multisig, activating it only during active voting periods and disabling it otherwise. This reduces the time window during which the Reality.eth module requires close monitoring to prevent unauthorized or fake voting proposals.

2. Creation of Emergency Stop Committee
   Establish a new “Emergency Stop Committee” with elected members who operate a dedicated multisig. This multisig will have the sole authority to execute a single type of transaction: halting all protocol operations in case of an emergency to protect user funds deposited in the protocol. The DAO can vote via a future PIP to resume operations once the emergency is resolved. Additionally, the committee may enable the Reality.eth module as a backup measure if the Snapshot Admins are unable to do so.

3. Removal of Inactive Veto Council Members
   After implementing the above measures, remove the old, inactive Veto Council members from the signers of the DAO Multisig.

Discussion Points

• Council Membership Transition: Suggestions for managing the removal of inactive Veto Council members and ensuring a smooth transition to the updated governance structure.
• Snapshot Admin and Reality.eth: Feedback on the proposed toggle mechanism for the Reality.eth module to balance security and operational efficiency.
• Emergency Stop Committee: Ideas on the structure, election process, and responsibilities of the Emergency Stop Committee to ensure it effectively protects the protocol.
• Community Feedback: Input on the overall process, potential impacts on governance, and additional safeguards to consider.

Next Steps

• Community members are encouraged to share their thoughts and suggestions in this thread.
• Feedback will be reviewed to refine the proposal before it is formalized for a DAO vote.

We invite all community members to participate in this discussion to help shape the future of the Panther Protocol’s governance. Your input is crucial for ensuring a transparent, secure, and effective transition.

I think it’ll be helpful to define what counts as an emergency situation. It’s clear, that hacks/vulnerabilities are involved but what’s the community’s opinion on things like regulatory requests to halt (for example if let’s say North Korea somehow manages to use some fake ID to launder). Should it be restricted to only hacks/vulnerabilities/economic exploitation?

PIP-25: Transition of Governance Access

Overview

This proposal, PIP-25, aims to update the access control for the Panther Protocol’s governance structure to enhance security and efficiency. The goal is to align governance mechanisms with the protocol’s current needs while introducing measures to strengthen oversight and protect user funds.

Purpose

The purpose of this proposal is to transition the governance structure to a streamlined model, improve the security of the DAO Multisig, and introduce a new emergency mechanism to safeguard the protocol. This involves updating the DAO Multisig configuration, optimizing the operation of the Reality.eth module, and establishing a dedicated emergency stop mechanism.

Additionally, in alignment with the intent of PIP-24, and following the Foundation’s decision to withhold the compliance grant due to a divergence in preferred candidates, the DAO will now proceed to fund the Compliance Officer role directly. To ensure the continued integrity and regulatory alignment of Panther’s operations, a stipend of 3.2 million ZKP shall be minted from the rewards pool and transferred to the DAO Multisig wallet. This enables the DAO to transparently and independently manage disbursement in line with its governance decisions.

Proposed Changes

1. Snapshot Admin Control Over Reality.eth Module

Enable the Snapshot Admin (via the Snapshot Admin Multisig) to toggle the Reality.eth module on the DAO Multisig, activating it only during active voting periods and disabling it otherwise. This reduces the time window during which the Reality.eth module requires close monitoring to prevent unauthorized or fake voting proposals.

The following wallet addresses will be added as admins to the Snapshot Admin Multisig to manage this functionality:

• eth:0x09E43Cf49d8bCee4256BEe50A9b1652556a597cb (@ToXiC_eHC)
• eth:0xe661154ae8a02B6bBD3f7F7D55CEd0D86D99FDa1( @Praetorian)

2. Creation of Emergency Stop Committee

Establish a new Emergency Stop Committee with elected members who operate a dedicated multisig. This multisig will have the sole authority to execute a single type of transaction: halting all protocol operations in case of an emergency to protect user funds deposited in the protocol. The DAO can vote via a future PIP to resume operations once the emergency is resolved. Additionally, the committee may enable the Reality.eth module as a backup measure if the Snapshot Admins are unable to do so.

The committee will include:

• Elysium: eth:0x1b18Fad5D149AdDd747Aa523e0AB188cb7b80765
• PureFi: eth:0xbdc9cf6c40278011fdf2735898bef05d0eca596f
• Zerolith: eth:0xeF5795C6a59549100afBFDC209BE63ED85E6a402

3. Removal of Veto Council from DAO Multisig

After implementing the above measures, remove the Veto Council from the signers of the DAO Multisig, transitioning governance control to the Reality.eth module and the Emergency Stop Committee.

4. Minting of ZKP to pay compliance officer

To ensure the continued integrity and regulatory alignment of Panther’s operations, a stipend of 3.2 million ZKP shall be minted from the rewards pool and transferred to the DAO Multisig wallet. This enables the DAO to transparently and independently manage disbursement in line with its governance decisions.

Discussion Points

• Governance Transition: Suggestions for managing the removal of the Veto Council from the DAO Multisig and ensuring a smooth transition to the new governance structure.

• Snapshot Admin and Reality.eth: Feedback on the proposed toggle mechanism for the Reality.eth module and the addition of the specified wallet addresses to the Snapshot Admin Multisig.

• Emergency Stop Committee: Ideas on the structure, election process, and responsibilities of the Emergency Stop Committee, including the inclusion of the Compliance Officer, PureFi, and one additional member, to ensure it effectively protects the protocol.

• Compliance Officer Funding (per PIP-24 context): Feedback on the proposal to mint 3.2 million ZKP from the reward pool and transfer it to the DAO Multisig for stipend disbursement, ensuring continuity of Panther’s compliance function in a decentralized manner.

• Community Feedback: Input on the overall process, potential impacts on governance, and additional safeguards to consider.

Next Steps

• Community members are encouraged to share their thoughts and suggestions in this thread.
• Feedback will be reviewed to refine the proposal before it is formalized for a DAO vote.
• We invite all community members to participate in this discussion to help shape the future of the Panther Protocol’s governance. Your input is crucial for ensuring a transparent, secure, and effective transition.

Can this council in anyway vote themselves or cause trouble if they just decided to. If nothing is wrong and they said we are just going to shut everything down now. What would be the protocol to kick them out of office per say.

The proposed Veto Council current would consist of a member from the DAO Council, a representative of Purefi and we are looking for the third person.

Those parties would be able to co-sign on a multisig in which 2 signatures are required.

The purpose of this is for emergencies - unforeseen events which may occur which may trigger such an ‘emergency stop requirement’.

So no single person on the VETO council can do anything independantly.

I hope that answers your question?

GM, we are just waiting for the execution code for this proposal as well as the 1 missing wallet address then we proceed.

Rather than still calling it a Veto Council which was the old terminology, it is better to call it the Emergency Stop Council since the way it is architected, the Emergency Stop Council can only stop the protocol/deposits/withdrawals and not anything else. We should be consistent with using the terminology it to avoid confusion. It can’t even reactivate unless the DAO approves it. This limits the scope and ambit of the Emergency Stop Council rather than giving them unfettered control of the protocol.

I thought it was @Praetorian that was the Compliance Officer not Elysium?

I think it is ideal for Panther governance that someone who already sits on the Compliance Officer role and DAO Council role, to not also sit on the Emergency Stop Council role since this is effectively wearing 3 hats and makes the segregation of powers a moot point.

I also am of the opinion that it would be good to get more community feedback on this since it’s changing a lot of parameters.

Hello @reuben we already updated the terminology:

image765×364 22.6 KB

Just to note these changes have been made:

Compliance Officer removed from the Emergency Stop Council.
Elysium added in his place.
Anish Anish Muhammad will be the third signature, waiting for his wallet address.
Minting of DAO Nominated Compliance Officer stipen.

Friends PIP-25 is now live for voting:
https://snapshot.box/#/s:pantherprotocol.eth/proposal/0x1ee588b51714facfb550a6e7fb32eb2ea0b6679b6e106b921e8ec41b43591d26