As Blockchains Push Toward Decentralization, These People Serve as Ultimate Guardians
Trust the humans.
That principle stands at the core of a new trend in the blockchain industry, where overseers of various networks are establishing groups of people to help steer protocol changes and ensure security.
The goal of these “protocol councils,” sometimes called “security councils,” is to nudge the nascent networks toward increasing decentralization, by gradually removing them from under the control of their original developers. Before cutting the cord completely, where the networks essentially run automatically, or subject to some sort of democratic process, the thinking is that a panel of well-meaning humans can serve as the ultimate guardians – able to step in quickly when emergencies arise, or providing the final sign-off on major protocol changes.
One can be forgiven for the cynicism: Aren’t these distributed ledgers supposed to decentralize everything? There’s also sighs (or even groans) over the observation that the blockchain industry already is filled with groups of people, seemingly created out of thin-air, that often have very little purpose other than for members to brag that they are on some kind of board.
The projects argue that these protocol councils are a necessity as the industry matures.
Polygon, the Ethereum layer-2 network, has a 13-person “Protocol Council.” Arbitrum, another major Ethereum-focused layer-2, has a “Security Council,” while Optimism also has a “Security Council.”
“This is a necessary evil,” Mehdi Zerouali, the director of Sigma Prime, a blockchain security firm, said in an interview. He serves on Polygon’s council. “Obviously we’re still trusting that group of 13 people not to collude. I could potentially be pulling off like this campaign where I’m like, reaching out privately, and then convincing everyone to sneak in a bug and sharing the proceeds with them. That is a risk.”
“This is why those 13 people are public facing people that have a strong reputation in the Ethereum space that are already trusted by Ethereum users,” Zerouali added.
Polygon formed its protocol council in October, with the express mandate to oversee any major or emergency changes to the core protocol. The members on the team are leading figures in the Ethereum ecosystem, and are tasked with executing “the community-led process to initiate future upgrades,” according to a blog post.
Those tasks are really broken down into two types of scenarios: first, regular protocol upgrades, such as adding new or removing features to the blockchain; and second, if there is an immediate threat to the protocol itself; in those situations, the group can bypass the traditional governance framework.
For non-emergency updates, the council follows similar processes as other protocols. On Polygon, anyone can submit a Polygon Improvement Proposal (PIP), which then goes through a governance and community process. Once consensus is reached, members of the council, the “signers,” are responsible for triggering the change.
That’s done through a multi-signature safe, a type of crypto wallet that requires several private keys to sign off in order for smart contracts to perform certain tasks. During a regular protocol change, Polygon needs seven of the 13 members to sign off, while in an emergency, they need 10 council members.
“Our responsibility is making sure that the governance proposals are matching the specification, making sure that what we’re about to push to the chain is exactly what’s been described in the PIP,” Zerouali said. “And then once we’re comfortable with that, there’s a bit of due diligence that’s involved for the 13 parties. And once the 13 parties are OK with what they’ve seen, then, you know, it’s about approving a specific transaction through a safe multisig.”
The goal for this council is to be an interim step toward decentralization – in having the protocol control itself through code, running automatically as it were – in keeping with the will of a community of network users.
Having the councils is akin to using “training wheels,” Georgios Konstantopoulos, chief technology officer at the crypto-focused venture capital firm Paradigm, told CoinDesk in an interview. They’re “something that you use to prevent something bad from happening.”
“Ethereum consensus is controlled by code. We have the Beacon Chain and it took us seven years to fully get there,” said Jerome de Tychey, the creator of EthCC and another member of Polygon’s protocol council. “So I guess it will take less than that for Polygon to reach that kind of maturity.”
Arbitrum’s security council is made up of 12 members, who are elected through the Arbitrum DAO. The council is divided into two groups, and every six months, elections are held to fill those seats. According to a blog post from the Arbitrum DAO, no more than three candidates from the same organization can sit on the security council at the same time.
Optimism’s security council also operates in a similar vein to Polygon’s. According to a blog post, Optimism’s security for its mainnet is also dependent on a multisig (multi-signature) wallet, though Optimism stated that members on the council who have access to the multisig are anonymous. “Members are anonymous in order to make the multisig more difficult to compromise.”
The councils are touted as an alternative to other governance structures short of full decentralization, such as the “foundations” that oversee many blockchain projects.
“On other protocols, you still have the foundation, controlling close to 100% of the governance of the protocol. L2s, where I guess the security model is very explicit: We trust the foundation,” Zerouali said. “That foundation can potentially be acting in ways that aren’t necessarily aligned with its community.”
The other end of the spectrum is where the protocols are resilient and robust when it comes to bugs or protocol changes. “This is a utopia, as of today, particularly when we deal with ZK technology that’s relatively new, untested, and certainly hasn’t gone through the test of time over the past few years,” Zerouali said.
“That side of the spectrum is not really an option for ZK protocols, zkEVMs, at the moment, just because of A) the very high risk of code bugs to be introduced on various different layers, the provers, the sequencers, the contracts themselves, and B) the need for constant upgrades.” These elements of the blockchain architecture could be prone to failure.
“So for emerging L2 technologies, like Optimism, Arbitrum, zkEVMs, when they go live, they go live on something that has been battle tested, but not battle tested to be in the wild, with tons of different things,” de Tychey told CoinDesk.
“That’s why those technologies tend to rely on councils to provide insight on taking care of different things that maybe the implementers didn’t think of, or finger pointing on incentive directions that weren’t weren’t explored a part of the audits of the new implementation, and so on,” de Tychey said.