OPSC — April Call

## OP Security Council — April Call (Transcript) **SPEAKERS** Roberto, Alisha, Mariano, Ale **SUMMARY** The call discussed two main recommendations to improve the security council: - Improve the protocol upgrade process by adding more technical checks and balances, such as bundling contract changes together and adding internal checks. - Nominate 3 signers for each upgrade to do a deeper technical dive on the changes and provide an objective check on what is happening. **TRANSCRIPT** Alisha 00:01 Yep. Cool. Okay, so this is the April call for the or the Security Council. We didn't have any protocol upgrades to sign in the last month other than protocol upgrade sets, which was, I think that first came to us the month before, and then it had to go through. Like a review after a bug was found in the playbook. And so that was executed. But nothing new has come up in the last couple weeks. And so I thought I would just like take this opportunity to maybe get feedback or see if anyone wants to talk about had things on their mind. But something I'm thinking about is we're almost at the six month mark since December. And the idea was that we're in phase zero at the moment, the Security Council on the foundation are both on like an upgrade multisig, Roberto. Roberto 00:56 Hello, sorry, I'm late. Alisha 01:00 Okay, so it's the foundation and the Security Council then in phase one, the foundation is removed, and it's just the Security Council. So I think when we first started in December, the idea was that we would potentially move to Phase One, some time, maybe around June onwards, depending on how things went. And I just wanted to get an idea. You don't have to say anything. Now either, you can just reply in the signal chat, if you want. If there are any things that people are thinking of that we as a council should do kind of meet, as I don't know, just like standards or requirements before we progress to that level, or that phase? Or if there are any gaps in kind of like our current procedure that we should think about before we get to that point. Ale 01:51 Yeah, I have two things that I would recommend to optimism and an open to discussion with the council. So the first thing is that I am very familiar with this kind of protocol upgrades from the technical side, right. And I feel like there's too much margin of error, like, there are things that can be done to do everything in a single transaction that changes itself, that checks itself. Sorry. So for example, in an upgrade, you're like deploying different contracts and connecting the wires between the contracts. And there is a way to have all those wires in a bundle, right? You just make one connection, right? And you use like an intermediary like multicore contract or something like that. And then, after the connection is made, you check the the internal connections, for example, if if you connect like a new registry contract that has addresses of other contracts, you make like a test call to that module on the system. So it's very technical. But basically, I think that it can be more food be made more foolproof. And the second thing is, I kind of feel like we're kind of blind signing in a way we check the data, right, we check the numbers, but that's all we do. We don't have an understanding of a deeper understanding of what's going on. And I understand that that's very hard to acquire from the council. But I do think that we could have like, a couple of people in in each upgrade, that have a better idea to be voluntaries. Like everyone's signing by once in a while you have a bigger responsibility of understanding things a little bit deeper in the technical way. Yeah, those are my two suggestions. Alisha 04:11 Yeah, that's a great. And just to draw on the second point, especially, do you imagine that say, out of, you know, 13 signers, every signing? There are three people nominated to kind of deep dive on the upgrade itself, and kind of be that objective check on what is actually happening is, would those three, or will those volunteers be expected to just kind of figure it out themselves based on like, the information in the form and things or would we have an expectation that would be webs would, I don't know, kind of walk us through the process or whoever the proposer is. Ale 04:52 Yeah, that's why I imagine it like we have one walkthrough to help us verify today. To, but it could be a similar format that that helps us understand what's changing in the protocol. Yeah. Alisha 05:08 Okay. Great. Any comments? Anyone else on the call about what I just said? Or anything else? Mariano 05:17 Yeah, just the fact that. Yeah, that pattern of having the within the same smart contract bundle, having to check the effects of whatever the upgrade is doing. When the Yeah, some sanity checks and everything on sale, if anything happens within that. I know it adds complexity to every update an upgrade, but I mean, I see a lot of projects using that. So it wouldn't be a good addition. Okay. Okay. Alisha 05:57 Robert0, do you have any given you like the experience? Do you have any comments? Or suggestions that you think could be implemented going forward? Roberto 06:09 No, not really, I don't have actually have a lot of experience in kind of security, upgrade policies and so on. So things seem reasonable to me, let me I mean, a little a little involved, but it's similar to what we've been doing internally at Coinbase. So, Alisha 06:22 yeah, okay, cool. Great. Okay, that's amazing. And two really actionable points that I can take away and communicate to the foundation, and just governance in general. And then the only one other thing I want to just raise is, so when you sign on as a signer, and you enter a contract, you are basically doing it as an independent contractor. And so the term of your contractors, cohort, A or B is 12 months or 18 months. And there's an expectation that you are like a super human, or not human, and that you're expected to be basically accountable every day of the week, 365 days a year. And I know we had a little bit of a tweak to regular protocol, upgrade signings couple of months ago now probably, which is it, we will try to coordinate signings for regular upgrades starting on Monday, Tuesday or Wednesday. So the three day signing period in like, during the weekdays, generally. And that means that if, hopefully, if there's anything that happens in a weekend, you know, is an like an emergency situation. But I just wanted to get an idea of like how you guys are feeling about the demands of just like being available all the time being in range with Wi Fi, and all that sort of stuff? Is it reasonable to kind of build in some sort of like, leave or offgrid period of time. Just because especially given that most of you are individuals, that might mean that you're travelling for 30 hours nonstop during signing period, or you just want to go hiking for three days or you know, there are these like really basic things that I don't think we our internal operating procedures cover. Because at the moment, the only options, you're either available to sign or you resign. Which feels a bit too drastic to me, but I just wanted to get a tape check on what you think about that. Mariano 08:27 In my case, I don't think I've ever Yeah, I don't remember ever having this sort of thing. Like being properly introduced, you know, like a service level agreement, kind of thing between a council and the signer. For the most part, it's been really like ad hoc, like you said, it's like, Hey, I'm gonna be on a long flight. And I might not have internet or I'm not travelling with with my ledger, things like that. I'm always open to, you know, making this sort of things better, because it will not only be good for optimism, but for probably every you're a project that has something like this, which is almost everybody. So I don't have an answer right now. But I'm willing to, you know, explore with everybody to see how we can, you know, make this process a little bit better. In my case, like right now, so I pretty much have access all the time. So it's not that concerning. But, you know, for example, last month, I didn't have access to my PC, right, and I couldn't sign on my Mac. So I had to download a virtual machine instal Linux on it and like eventually I got it going. But yeah, so those kinds of situations as well. I don't know, it's a good conversation to have, but I'm having actual answers. Roberto 10:11 Yeah, for me personally, rarely offline for more than, say 24 hours. So I haven't really given it a lot a lot, to be honest. But if I were to be, you know, maybe going on an off grid trip or something, it would be helpful, I guess, to have an option for dealing with it. Alisha 10:36 Yeah, so I've had a couple of signers communicate that they may be trying to coordinate travel or trips with months of notice. And so I was thinking that as long as we have kind of quorum plus one at a 75%. Like quorum, right, then it means that, you know, basically, two people at any given time could not sign a particular upgrade. And if we're able to just like communicate that and we have noticed, then we can work around it. It doesn't have to be anything too crazy, but I just want to cover it so that maybe in the procedures so that it doesn't. Yeah, I just think this is such a high quality group of signers, but it's an optimism is best interest to try to retain the talent in this council and to, like, ensure that we have procedures that contribute to the longevity of a council. Ale 11:38 Yeah, like, the guy said, like, I don't have a problem being available whenever I'm connected to the internet, which is most of the time, but I do like to have the option of doing like a health retreat or whatever, that it's basically connecting with other things. So see, I think that's important to systematise in some way. Alisha 12:08 Cool, okay. I have nothing else does anyone else wanna raise anything that's on my mind? Nope. Cool. Okay, well, that is everything for me. I guess. See you in the call next month. And if there's anything else keep an eye on signal time you guys already. Thank you. Ale 12:33 Thank you, Alisha. Bye, guys. Take Mariano 12:35 Take care everybody.