Lido Explained: Dual Governance

On April 11, 2024, Lido Ecosystem Grants Organisation (LEGO) released a design & implementation proposal for Dual Governance. Let’s figure out what exactly it is and why is it so important for the development of Lido!

The Idea of Dual Governance

Imagine you’re holding stETH but don’t have any LDO tokens, which are needed to participate in the governance of the Lido DAO. Let’s also consider the unlikely scenario where LDO holders collectively approve a proposal that harms the interests of stETH holders, or the proposal is an attempt at hacking (like in the Tornado Cash incident). This type of risk is collectively known as protocol governance risk. Let’s explore why it’s something that can’t be ignored.

There is a kind of social contract between LDO holders and stETH holders about how the Lido protocol should operate, where stETH holders can’t influence governance decisions without having LDO tokens.

Dual Governance rethinks the system described above and aims to reduce Lido protocol governance risks for stETH holders. It introduces additional powers for stETH holders, allowing them to protect their assets from unfavorable or malicious board decisions in a timely manner.

What is Dual Governance Trying to Achieve?

1. Give stakers a way to credibly signal their disagreement with LDO holders and the commitment to leave the protocol if LDO holders don’t cooperate in resolving the incentives conflict.
2. Allow for the possibility of negotiation and de-escalation between stETH and LDO holders.
3. Introduce an extended timelock on DAO decisions that can be triggered by an active minority of stakers and prolonged as more stakers participate.
4. Improve foot voting efficiency by allowing stakers to exit the protocol without being subject to new and pending DAO decisions.
5. Don’t overburden users with governance decisions

Let’s see what innovations Dual Governance has introduced and how stETH holders can now influence DAO decision-making.

Two-Phased Veto

In case of contentious issues, a small group of proactive stETH holders can now raise the alarm in the community and impose a veto right on the controversial proposal. This triggers a Cooldown mode in the DAO, during which the execution of any proposals is frozen, and a Dynamic Timelock is activated, which increases as more stETH holders join the veto.

The first phase begins when a dissenting quorum of 5% is reached, which extends the voting time enough for holders to potentially gather a 15% quorum. Once this level is achieved, a final veto is placed on the proposal.

However, users also have the option to vote for an anti-veto, which can decrease the proportion of veto votes.

Additionally, between the first and second phases, all dissenting users will have enough time to completely withdraw their funds from the protocol.

Foot Voting

The architecture of Dual Governance is based on the principle that regardless of the majority opinion and the content of the proposals being considered, all dissenting stETH holders have a guaranteed right to withdraw their funds before the proposals are executed.

• In a happy scenario, users can impose a veto but revoke it after the conclusion of negotiation and de-escalation processes.
• In an unhappy scenario, stETH holders can delay the execution of DAO decisions until their complete withdrawal and exit are finalized.

Once the DAO allows users to complete their exit, the protocol will exit the Cooldown state and can reconsider the controversial proposals.

Dynamic Timelock

A Timelock is essentially a voting period during which holders can vote for or against a proposal, and during which the proposal cannot be executed.

The use of a modification such as Dynamic Timelock is justified by the need to provide the disputing parties with enough time to either resolve the conflict or withdraw their funds from the protocol: a classic timelock does not consider the context and may be insufficient.

If the veto is still in effect at the end of the minimum timelock, the extended timelock will last long enough to increase the likelihood that the dispute will be resolved either positively or negatively.

However, in both cases, after the end of the timelock, the DAO will exit the Cooldown mode and continue its normal operations.

Committees

While dual governance needs to cover any DAO decision that can potentially affect users of the protocol, it does not cover emergency actions triggered by time-scoped circuit-breaker multisigs and contracts. There are 3 such committees:

Gate Seal committee

• It is a 3/6 multisig that automatically expires in case of non-use. At any time, the DAO can vote to appoint a new Gate Seal committee with a new expiration date.
• It has the power to pause stETH to ETH withdrawals for a predetermined amount of days. You can think of it as a safeguard against a withdrawal vulnerability being exploited by an attacker.
• The pause lasts for x days or, in the case that DAO decisions are blocked by stETH holders, until the execution of DAO decisions is unblocked.

Tiebreaker committee

• Under very specific conditions, this committee executes decisions that were proposed and approved by LDO holders but subsequently blocked by stETH holders.
• It is a more complex multisig, designed for maximum security and wider ecosystem alignment: It is expected to composed of 3 or 4 sub-committees.
• Each of these subcommittees represents a distinct interest group within the ecosystem. Any decision it makes needs to be approved by a majority (2/3 or 3/4) of sub-committees.

Margin of safety committee

• The margin of safety committee is a temporary multisig which effectively has the power to revert Lido governance back to it’s current state (i.e pre dual governance).
• It exists primarily to protect from zero-day vulnerabilities in dual governance. The plan is to have a generous bug bounty to encourage responsible disclosure. It will be dissolved once this bounty program comes to an end.

To read more about the solution itself use the following sources:

1. Dual Governance: An Overview
2. Lido dual governance explainer (research distillation)
3. Dual Governance: design and implementation proposal
4. dual-governance/docs/specification.md at develop · lidofinance/dual-governance