Update The System - Secure The Treasury Funds to Multi-sig Wallet - Phase 1

Proposal Name: Secure Transition of Funds to Multisig Wallet - Phase 1

Proposal Category: Process

Abstract

Indeed, it’s time to update the system in our DAO. This proposal seeks to establish a secure, efficient, and clear process for the Apecoin DAO to take custody of 1% of the funds currently held at Coinbase, and transfer them to a multi-sig wallet controlled by the five members of the Special Council and the three members of the Governance Working Group. The goal is to ensure that this transition is done with the utmost security and in accordance with best practices. This proposal only covers the initial transfer of 1% of the funds. A subsequent proposal will be required for the transfer of the remaining funds.

Boring Security, an ApecoinDAO-funded proposal (AIP-133), will audit this proposal and supervise the implementation process to ensure best security practices are followed. Their role is particularly vital given the risks associated with keeping funds in centralized entities like Coinbase, which are facing increasing scrutiny from legal institutions.

Benefit to ApeCoin Ecosystem

The successful implementation of this proposal will bring several key benefits to the ApeCoin ecosystem:

  1. Enhanced Security: By moving funds to a multi-sig wallet, the DAO will significantly increase the security of its assets. The requirement for multiple signatures for any transaction reduces the risk of unauthorized access and fraudulent transactions. Regular audits and the guidance of Boring Security will further bolster the security measures in place.

  2. Greater Control: The transfer of funds from a centralized entity like Coinbase to a multi-sig wallet increases the DAO’s control over its assets. This move aligns with the principles of decentralization and self-custody, central tenets of the ApeCoin ecosystem.

  3. Increased Transparency: The use of a multi-sig wallet allows for greater transparency in the management and movement of funds. Every transaction will require the approval of multiple signers, making the process more open and accountable.

  4. Risk Mitigation: The plan to gradually transfer the funds, beginning with 1% and reevaluating at each step, allows the DAO to mitigate risks associated with the transition. This cautious approach ensures that any potential issues can be identified and addressed early in the process, without endangering a large portion of the funds.

  5. Legal Compliance: With legal institutions increasingly scrutinizing centralized entities like Coinbase, moving funds to a multi-sig wallet can help ensure that the DAO stays ahead of any potential legal issues.

  6. Community Trust: By taking these steps to secure and decentralize the DAO’s funds, the proposal also serves to enhance trust within the ApeCoin community. Demonstrating that the management of funds is taken seriously and handled in a secure and transparent manner can contribute to increased confidence and participation in the DAO.

  7. Faster Funding of Proposals: By having the funds in the DAO’s control, the speed at which approved proposals can be funded is likely to increase. This can lead to quicker implementation of initiatives, thereby accelerating the growth and development of the ApeCoin ecosystem.

Motivation

With the funds currently held at Coinbase, the DAO is exposed to risks associated with centralized entities, including potential legal actions and the lack of full control over its assets. This proposal seeks to rectify this issue and enable the DAO to better protect and manage its assets, in line with the DAO’s principles of transparency, decentralization, and self-custody.

Rationale

A multi-sig wallet offers multiple layers of security for the DAO’s funds and ensures that no single person has control over the assets. This transition aligns with the DAO’s goals of decentralization and security. It also provides a more transparent and accountable system for fund management.

This is where the DAO assets are as of the moment writing this proposal

We pay large amounts of fees to Coinbase as included in the latest APE FOUNDATION

TRANSPARENCY REPORT

Currently, we are incurring costs while placing ourselves under the control of a single entity. This centralized entity could potentially be shut down or have its assets, including our treasury, frozen by a single court order in one jurisdiction. This represents a considerable risk to our operations and financial security.

Specifications

The process of transition will involve these steps:

  1. Transition Planning: The Special Council and Governance Working Group will jointly plan the transition process hand by hand with Boring Security. This will include identifying the necessary steps, determining the sequence of these steps, and setting timelines for each step. Boring Security will audit the plan and provide feedback.

  2. Wallet Setup: A multi-sig wallet will be set up with the five members of the Special Council and the three members of the Governance Working Group as signers. Boring Security will supervise the setup to ensure it is secure and follows best practices and has 2 keys for the wallet held by them making it 5 SC - 3 WGS - 2 Boring Security, totaling 10 keys.
    After establishing the treasury working group successfully 3 more signers for stewards of that group will be added, totaling 13 keys, further discussion will be opened then.

When the treasury working group is active we can discuss further more about how to work with stewards of that working group, but the urgency for this proposal can’t wait as we have the DAO in a vulnerable position with the current practices.

  1. Fund Transfer: A test transfer of 10,000 Apecoin will be conducted. If successful, the remainder of the 1% of the funds will be transferred from the Coinbase account to the multi-sig wallet in a controlled and secure manner within a week of the test transaction. Boring Security will oversee the transfer and provide guidance to ensure it is done securely.

The process will also include several safeguards to mitigate risks:

  • Multiple Signatures: Any transaction will require the approval of at least 5 - 6 out of 10 signers. This prevents any single person from unilaterally making transactions and adds an extra layer of security.

  • Regular Audits: The DAO will conduct regular audits of the wallet to ensure its security and the accuracy of its records. Boring Security will conduct these audits or provide guidance on best practices for conducting them.

  • Backup Plans: Contingency plans will be in place in case of emergencies, such as a signer losing access to their private keys. Boring Security will provide guidance on creating these plans.

As an author of AIP I want to be involved in the meetings regarding executing this proposal as much as possible as a community member that will make sure to carry this forward with care and a neutral perspective.

Steps to Implement

  1. Formally request Boring Security to audit this proposal and provide feedback on it.

  2. Identify and invite the five Special Council members and three Governance Working Group stewards to be signers.

  3. Set up the multi-sig wallet with the supervision of Boring Security.

  4. Plan and schedule the transition of 1% of the funds from Coinbase to the multi-sig wallet.

  5. Conduct the test transfer of 10,000 Apecoin and, if successful, proceed with the remainder of the 1% transfer within a week. This will be done under the supervision of Boring Security.

  6. Set up regular audits and contingency plans with guidance from Boring Security.

Timeline

This proposal will be implemented within 60 days of its approval, to allow for thorough planning, setup, and transition. The test transfer of 10,000 Apecoin will take place within 60 days of the proposal’s approval, and the remaining transfer to complete the 1% will occur within a week of the successful test transfer.

A subsequent proposal for the transfer of an additional amount of the funds (approximately 10%) will be submitted by me within two months of the completion of the 1% transfer but before the end of the third month. If I fail to do so Boring Security will lead the initiative completely from there, the ultimate goal is to have transferred 80% of the funds within a maximum period of 1 year 6 months as a maximum deadline but can be done before that, with a reevaluation at each step and any party that delays this proposal execution after it gets approved will be held accountable from the community, the time window offered is more than enough to arrange meetings and open dialogue with the necessary people to get it done.

Overall Cost

The implementation of this proposal will have minimal direct costs, primarily associated with the transaction fees for transferring the funds. However, the DAO should consider allocating a budget for potential audits and security measures, as well as any fees associated with Boring Security’s services.

(It can be zero cost if AIP133 can cover this initiative, I would appreciate your feedback on this point and all of the proposal put together)

( This comment is reserved for future notes )

( This comment is reserved for future notes ) 2

( This comment is reserved for future notes ) 3

Always love the passion, Zack! A few general comments for consideration I’ve provided even prior to being on SC…

a) Institutional custody fees should definitely be reduced but the security it provides over assets for certain risks will always be unmatched (for example against the $5 wrench attack)

b) there are significant legal and tax considerations for both individuals and organizations as a whole

c) the community can always ask for grants to manage its own funds (eg Treasury Working Group and more upcoming)

Last, in case it has been lost in the shuffle - it’s been mentioned on spaces that Ape Foundation has been actively working in diversifying the treasury to different custodians and jurisdictions. This includes fee reduction. An update on this is coming in the near future.

11 Likes

Solid commentary. Great to see SC members active. This proposal is important and I am supportive

4 Likes

Thank you @Zack74eth for coming up with this idea and putting up a detailed proposal.

I must admit that as soon as I went through your proposal, I was against it as I thought Coinbase provides good security, albeit, at high fees, but, I decided to do a bit of research prior to responding. Thankfully, I did.

I read the ‘Ape Foundation Transparency Report’ and sub para 2.1.1 had this

On reading that sub para in the report, my idea to keep the funds at Coinbase was strengthened, but I went to the Coinbase Legal/Insurance link indicated in the footnote and I realized that it is not 100% safe with them.

Quoting the line “In case of a covered security event, we will endeavor to make you whole; however, total losses may exceed insurance recoveries so funds may still be at risk.” from the Coinbase site shows that there is considerable risk (at least in my degen opinion).

Based on the above, I totally support your proposal. That said, I think you should consider this input by @BoredApeG prior to finalizing your AIP.

Thank you

3 Likes

Insurance usually never covers the total value of lost assets. So, yes, in the event of a loss of assets, some value would be lost. But the bigger issue is regulatory enforcement which could result in the freeze of assets at any time and for any reason. Even temporary action in this regard could be detrimental to the DAO.

3 Likes

security is everything, especially in the blockchain, congratulations for the incredible text

3 Likes

Hi @Zack74eth ,

Your topic will be moving to the AIP Draft phase in less than 24 hours. Are you content with the feedback received or do you wish to extend community discussion for another 7 days?

If we do not hear from you within 48 hours after your topic closes, your topic will be moved straight to the AIP Draft process.

We look forward to hearing from you.

-12GAUGE

1 Like

This topic was automatically closed after 7 days. New replies are no longer allowed.

Hi @Zack74eth ,

Thank you for your ideas [and the ApeCoin DAO community for the thoughtful discussions]. A moderator will get in touch with the author to draft the AIP in the appropriate template. Once the AIP is drafted and meets all the DAO-approved guidelines, the proposal will be posted on Snapshot for live official voting at: Snapshot

Follow this Topic as further updates will be posted here in the comments. @Zack74eth please see your messages for the next steps.

-12GAUGE

1 Like

Hi ApeCoin DAO Community,

This Topic has been rejected based on the DAO-approved guidelines due to no response in the last 30 days. The Topic may be submitted again by any user and upon approval, will be open for 7 days for community discussions.

This Topic will move and remain in the Withdrawn AIPs category.

-@Facilitators