RiskDAO: Our Vision for Active Protocol Governance
TL;DR:
- RiskDAO is a steward of risk management practices and DeFi stability, with a proactive approach to identifying and closing attack vectors before they get exploited.
- The contributor base has expanded rapidly from its founding group and comprises deep technical and financial expertise.
- RiskDAO has delivered significant thought leadership for lending protocol’s risk management practices, including dashboards, risk simulations, security audits and proactively detecting critical bugs.
- As a next step in the RiskDAO’s mission, we are planning to become active governance participants. This will allow us to have a bigger say in risk management and identify potential attack vectors proactively together with protocol core teams.
Our Core Values
RiskDAO is here to serve DeFi: We want to see the space grow and flourish and provide valuable insights and tools to make protocols more resilient and trustworthy.
- Rigorous risk frameworks: RiskDAO members think critically about risk factors and attack vectors of DeFi lending protocols. Among other things, we have developed a bad debt dashboard that sheds light into risk management practices of major lending protocols. We will apply this mindset to each and every governance discussion.
- Hands on technical knowledge of the DeFi Protocols: RiskDAO consists of both risk analysts and smart contract developers. Some of the smart contract developers have deep understanding of critical system components of leading DeFi lending protocols and previously spotted flaws in some of these systems.
- Proactive approach: We think proactively, simulate and analyze potential bugs and exploit vectors before they arise. We don’t want to be called in when it’s too late, but rather point out potential issues before they arise. A recent example is the bug exposure for Moonwell cToken market.
- Open source & Collaborative: We work in public and publish code and findings accordingly. We employ a highly collaborative approach with protocols and teams.
- Diverse contributor base: We are an international community of contributors with a diverse skill set and have capabilities in smart contract programming, risk analyses, financial services and governance.
- Accountability and responsibility: We are fully committed to serving the best interests and needs of protocols, its token holders and community. We want to drive protocol growth, whilst minimizing risks to the protocol.
- DeFi native: RiskDAO is set up specifically to make users more knowledgeable about how lending markets work, and the risks involved.
Our Contributions So Far
Since its inception, RiskDAO has mostly done commissioned work and participated in bug bounties. Our clients’ feedback was incredibly positive, helping developer teams and protocols to advance their thinking about risk vectors.
We were also able to contribute to user education around risks, by developing a bad debt dashboard that unearthed bad risk management practices of a handful of protocols. These insights help users make better decisions and steer clear of poorly managed platforms.
We have significant expertise in the following areas:
- Risk analysis & simulation
- Security audits
- Dashboards
- Parameter settings
- Liquidation processes
- Flashloan attacks
and more…
Members of RiskDAO have been working closely with protocol teams and communities. We have received tremendous feedback in the process.
We were also able to Identify issues/problems/attack vectors before they arose, thus throwing protocols a safety net before things got critical.
Contributions across DeFi:
- Bad debt & ETH depegging dashboards
- Risk parametrization risk analysis for Vesta Finance
- Market price analysis for multi-layer DeFi scheme
- Liquidation events simulator
- Aurigami Dashboard
- Moonwell bug bounty
- Joint research with Myso Finance
- Vesta Finance risk simulation
Where We Want To Go
We see ourselves as long-term stakeholders of DeFi protocols. We aim to actively steer the future direction of protocols, not as external consultants, but as governance participants.
We are noticing again and again that protocol core teams appreciate external opinions, but sometimes fall short of taking appropriate action to safeguard against potential attacks and exploits. Being involved in protocol governance would give the RiskDAO a stronger say and signaling power in identifying, discussing, and fixing attack vectors.
We keep seeing situations where attack vectors are known but not closed due to lack of resources or a misunderstanding of urgency.
Having RiskDAO involved in protocol governance not only benefits the protocol itself but also signals to tokenholders and community members that rigorous risk standards are applied.
Our Governance Involvement So Far
Governance is a nascent topic in Web3 and protocols are experimenting with different approaches to find the one that fits best.
One approach that’s gaining traction involves protocol Delegates who vote on behalf of tokenholders. DeFi blue-chip protocol MakerDAO is one such DAO where a group of Delegates votes on critical matters. The voting power is a result of the number of $MKR delegated by tokenholders.
RiskDAO has recently become a Recognized Delegate at MakerDAO which is the first active governance position. MakerDAO’s systemic relevance to DeFi lending as well as previous interactions by RiskDAO contributors provided compelling reasons to become actively involved.
Contributions delivered to MakerDAO by RiskDAO contributors:
- Tracking MakerDAO’s bad debt in the Bad debt dashboard.
- B.Protocol team alerted about low dust levels for ETH-A collateral, and provided a detailed analysis, which consequently led to a decision to increase the dust level.
- B.Protocol’s front end features an interface to the MakerDAO vault system.
- B.Protocol submitted a collateral on-boarding MIP with an implementation of an alternative liquidation mechanism for MakerDAO.
- The La Tribu dev team intensively worked on FEI<>DAI integration when it was contributing to the Tribe DAO.
- B.Protocol did a security audit for a MakerDAO’s smart contract module.
- In his previous position in 2018, a team member of B.Protocol integrated Kyber Network DEX to aggregate Oasis DEX order book for DAI/ETH orders.
How We Operate
As a Service DAO, we are composed of contributors with different skill sets. We appoint one representative to act on the RiskDAO’s behalf in governance forums and discussions. However, the representative cannot decide on his/her own. Ongoing discussions, polls and votes are internally discussed before any action is taken.
The RiskDAO has a 2 of 3 multisig to ensure that no individual contributor can hijack our governance involvement.
Conclusion
RiskDAO is ready for the next step in our mission of making DeFi more resilient. We have proven our commitment to proper risk management frameworks and thinking. We have a contributor base that is perfectly suited to actively participate in protocol governance. RiskDAO identifies, publicly debates, evaluates feedback and suggests actions to avoid costly attacks and exploits.
Thus, we are now actively reaching out to protocols and teams to understand how far our governance involvement is beneficial.
