Fund notional to work on the Cosmos Hub

This is funding for maintenance of the variety described here for 3 years from the date of passage.

Summary

Notional is requesting funding of 40,000 Atoms per year, for 3 years, for Hub maintenance and incident response. In return for this payment, Notional will monitor the Cosmos Hub for potential vulnerabilities on a 365/24/7 basis. When we become aware of an ongoing vulnerability, we will coordinate with relevant teams (SDK, IBC, Comet/Tendermint, Cosmos Hub), and work to produce a patch. We will then assist in rolling these patches out to validators to resolve the incident as soon as possible.

We will also advise core teams if we notice issues in upcoming releases which could cause safety or liveness problems, and assist them to resolve the issues.

We will write a monthly report on our activities so that the community has insight into them and can keep us accountable. Since the funding will be disbursed on a vesting basis, the amount can always be adjusted by governance, adding even more accountability to the arrangement.

Here are some incidents and potential incidents we helped resolve or prevent in the past:

  • We reported and helped fix an ICA issue affecting Quicksilver on the hub in the fall of 2022.
  • We reported Golang version mismatches that can cause apphash errors
  • We’ve worked on improving archive node sync speed and proper upgrade procedure
  • We reported and fixed Cosmos Hub and Cosmos-SDK CI Systems that reported as passed no matter what
  • We report, helped fix, and helped distribute fixes for CPU usage spikes that resulted in the discovery of a potential exploit in Comet / Tendermint P2P

We cannot and will not disclose security items until they are fixed, so we will rely on teams like ICF, Informal, IG, Iqlusion, Strangelove and Binary Holdings to confirm for the community that we are actively working in that space.

We also continuously work to improve and develop the systems we work with, including Tendermint/Comet, Cosmos-SDK, IBC, and the Cosmos Hub. Members of the ICF and its TAB have recognized that our contributions to the stack from a technical perspective are substantial. Here are some examples of the development work we have been doing. We’ll keep making improvements like these as we find things to improve and as time allows:

What we aren’t doing

  • We are not asking for product ownership of any of the above named repositories, the current product owners are excellent.
  • We are not implying that we will not seek funding for specific initiatives that go beyond the scope of maintenance.
  • We are not expressing to the community that we can find or solve every possible issue in security.

Recipient

We think it is essential for accountability and good governance that community pool funding recipients such as ourselves are given their funding in a vesting form for ongoing services. However, due to some technical limitations it is not possible to send funds directly from the community pool to a vesting account. For this reason, the funding will first go to prominent community members on a multisig who will then transfer it directly to a vesting account controlled by Notional.

Community members will create a 2/3 single use multisignature wallet to receive funding and share the address with the community. The funds will only be in this multisig for a few hours until the signers transfer them to our vesting account where they will be released over the term of our work.

The signers will be community members with the needed experience. This is a single-use multisig account composed of community members.

  • CryptoCrew
  • Rarma
  • cryptocito

From there, the atoms will be transferred to a multisig continuous vesting account with signers from our team.

  • Khanh Nguyen
  • Jacob Gadikian
  • Lit
  • Vuong Nguyen
  • Long Mai

If the community feels displeased with Notional’s work, they should create a governance proposal to claw back the unvested portion.

Oversight and reporting

We will regularly update work status on our notion page continuously and do monthly and quarterly reporting. In the case of material events in the Cosmos that require urgent tactical response, Notional will endeavor on a best effort basis to provide updates within 24/48 hours of work being completed or as soon as practical or feasible once the bugs are patched here:

For work that affects security, we will report privately in the channels that we have established to the product owners of the repositories mentioned, we feel communication is key for an efficient process.

We invite any technical organization with sufficient technical capabilities to contact us during the course of this proposal to be formally listed as participating in oversight.

These organizations include but are not limited to:

Founding Orgs:

  • Interchain Foundation
  • Allinbits, inc

Prominent technical orgs:

  • Informal Systems
  • Iqlusion
  • Strangelove Ventures
  • Binary Builders

Validators with high technical capability:

  • CryptoCrew

Amount

120,000 atoms, to be vested in a continuous vesting account for 3 years.

4 Likes

Hey

Might be a dumb question but :

Why not applying to the upcoming grant program once it’s live ?

Btw : congrats for the way this proposal is written.

2 Likes

I think this needs some more specificity on what to expect? Is it only monitoring for security issues and contributing to patching those?

2 Likes

After the community pool is increased from 2% to 10%, there will be a very special phenomenon.

That is, every team wants a proposal and asks for funds from the community pool.

They all want a lot of money, and they want it every year.

This is the misfortune of the cosmos hub pool.

The suggestion should be to establish the COSMOS ecological safety committee DAO.

Offer bounties to teams that help resolve security issues or discover vulnerabilities.

I support this proposal. I haven’t always gotten along with Jacob on Twitter, but his team at Notional have done a very good job informing us and teams around the ecosystem of potential problems across the stack.

Additionally, this proposal is breaking new ground for increased accountability of teams receiving grants. The money will be going into a vesting account and will be paid out over 3 years instead of being paid out in a single lump sum. The team also commits to publishing monthly updates detailing their work. The Informal team and other teams that Notional interacts with can then confirm these updates.

If Notional ever stops providing value, a signaling proposal can be introduced to claw back the funds. I would support this if it were necessary.

5 Likes

This is indeed a way better approach compared to an earlier thread. I very much agree that teams contributing to the Hub should be rewarded properly. And, if a team receives a payment in a form like it is proposed now, it should be excluded from the Tech Support sections of the delegations from the ICF. For me it would be a no-go to have AND a delegation for their contributions to the code AND a payment. That would be an OR scenario (which would also free up delegations to smaller contributors to have a shot at getting some pay via commissions as well). Can this be added in the proposal @LitBit? If so, then it is a go for me; unless question below can be answered :slight_smile:

What I am curious about; why is this coming from the community pool and not from the relevant companies behind the Hub being responsible for maintaining and developing the code? I once understood they have vast amounts of ATOM as well, which is why I believe that those ATOMs should be directed to funding teams working on the codebase.

And that the community pool can be used as it was meant in ATOM2.0 to fund new projects as a bootstrapping funding.

Thank you Tom,

afaik the grant programme will not be ready for a while and we very much want to appeal to the community direct. We have been carrying out work which hasn’t been funded a for a while now, just isn’t sustainable for us to do that any longer.

Thank you for your support Jehan.

Thanks for the support Tim.

A proposal can be made for that in the future, so very much up to the community.

Scope is redundant with the mandate to maintain the hub falling under the purview of ICF. Please seek funding from ICF.

1 Like

Generally support this proposal. It is a far more acceptable alternative to the previous proposal draft posted here, which I could not support. I’d say though that I would prefer to see the prop based on 1-year funding with the option for Notional to return for further funding annually rather than the community funding 3-years up front.

2 Likes

I agree that this proposal is a much better alternative to the previous one, and generally support it.

I do have a logistical question, similar to what @JD-Lorax mentioned.

  • Why request a lump sum if 67% of the ATOM will not be accessible for a year or more?

Might a better approach be to use a signaling proposal (and be explicit that it is a signaling proposal) to gauge the Hub community’s willingness to compensate Notional with the equivalent of ~$500,000 per year for three years, with the ATOM funding amount dependent on the USD value of ATOM at mm/dd/yy date.

The benefits of this process would be (in order of importance):

  • It defaults to choice rather than negative action, which is preferable over long time-periods. ie:
    • If Notional is not performing, then block their next proposal.
    • Rather than: If Notional is not performing, undergo a highly contentious process to alter the funding amount of their wallet.
  • It protects Notional in the case of price drops, and benefits the community pool in case of price increases
  • It reduces the security concerns around maintaining a 3/5 multi-sig for three years (though this could be mitigated if vesting tools launch and the multi-sig can just send the funds there to vest automatically)
  • It still establishes a plan that can be roughly budgeted into longer-term community pool budgeting, and still reassures notional in regards to future expectations

None of that is to cast doubt on Notional’s work, internal security practices, or the value they provide.


What’re your opinions on the benefit of the currently outlined process vs. the one I proposed @LitBit ?

2 Likes

I support this proposal, those involved in development and maintenance etc should be paid for their work. It would be unfortunate to see them leave the ecosystem for another because of a lack of recognition from the community.

1 Like

notional is cool. just saying

1 Like

What is the logic behind the selection of the validator listed in the oversight section and would it be better to have a more diverse group?

1 Like