TLDR
Asking for 88,750 USDC to audit the upgrade with Sherlock.
Context
Several months ago we discussed the idea of client incentives (temporarily named protocol rewards at some point); the sense we got from the DAO was a hell yeah, so we went and built a V1 of this new protocol piece.
We are planning to propose an upgrade that adds client incentives V1 into the Nouns protocol. In the linked V1 blog post we review the goals for this feature, the scope of this version, and some key design decisions. We also link to the technical spec on our github.
Scope Summary
We’re upgrading the DAO logic contract to V4:
- Propose and vote functions now accept an optional client ID parameter that Nouns frontends can populate with their ID.
- The DAO records which client ID contributed which interaction; this data is used in the Rewards contract to allocate financial rewards to clients.
We’re upgrading the AuctionHouse logic contract to V2:
- The bidding function accepts an optional client ID parameter, and winning bids’ client IDs are captured in the AuctionHouse state, to be used by the Rewards contract.
- We’re now capturing settlement history onchain, i.e. who won each auction and the winning bid ETH value.
- The above changes serve the Rewards contract with essential information for calculating client rewards, which are all configured as percentages of auction revenue in the relevant timeframe.
We’re adding the new Rewards contract:
- It serves as an NFT contract, allowing clients to mint their client NFT and use that token ID as their client ID in all Nouns interactions that support rewards (bids, proposals, votes).
- It calculates rewards and maintains reward balances per client ID.
- It allows the DAO to approve or disapprove client IDs to withdraw their rewards, giving the DAO basic spam control, while allowing clients to permissionlessly accrue potential rewards.
- We’re choosing to fund this contract via DAO proposals so that any risk in this contract is capped to its balance and not the DAO’s treasury.
All the changes can be seen in PR#826.
Audit Plan
Solimander has already done a deep review.
The next step is a 12-day audit with Sherlock, led by hyh (#4 on Sherlock’s leaderboard, #6 on code4rena’s leaderboard), and a lead auditor in the big V3 audit done by Spearbit.
The 12-day audit will cost 83,750 USDC: 67,000 (Rewards) + 16,750 (20% Sherlock Fee). We are also allocating 5,000 USDC for reviewing potential fixes after the audit (500 USDC x 10 hours).
Total USDC requests: 88,750 USDC.
Transactions
We’re trying something new: instead of transferring the funds to our multisig, we are creating an approval for our multisig to spend the amount of USDC we’re asking directly from the treasury. We think it’s an interesting experiment in how to give the DAO more control over its allocated funds, instead of funding multisigs and later coordinating to get excess funds back.
The single transaction in this proposal is approving the verbs multisig to spend up to 88,750 USDC from the treasury.
This approach can leave unused approval. To properly close the loop we will transfer the remaining allowance from the treasury back to itself, to zero out our allowance.
Next Steps
We’re hoping this audit funding proposal succeeds. Once it does we will book the audit as soon as possible.
Once we’re done fixing any issues and reviewing the fixes, we will put up the upgrade proposal which will:
- Upgrade AuctionHouse.
- Upgrade the DAO.
- Send initial funds to a verbs-controlled wallet, from which we will later fund the rewards contract.
Once the upgrade proposal executes we will deploy the rewards contract and fund it.