The template below is provided to help you get started. Irrelevant or low-effort proposals will be removed.
Proposal Title: Risk Management Tools Creating a Safer Web3 and Another Flywheel of Growth for BitDAO
Authors: The SimpleDEFI Team
Date: November 7, 2022
Risk Management Tools Creating a Safer Web3 and Another Flywheel of Growth for BitDAO
Authors: The SimpleDEFI Team
Date: November 7, 2022
Security and risk management represent a significant opportunity for improvement in Web3. Tools focused on Operational Security (OpSec) and Cyber Security (CyberSec) can help increase trust, reduce, or even eliminate risk for projects and the entities that fund them. They can also help elevate Web3’s reputation in the minds of non-adopters, who perceive Web3 to be fraught with risks and uncertainty.
Investors and community members have an expectation that projects are serious about risk management and security. And project teams have obliged by ensuring smart contracts are audited by independent firms. The contract audit is considered table stakes for an industry rife with exploits.
However, auditing the smart contract code only gets us part way. There are attack vectors and gaps within day to day operations that many projects overlook. A considerable percentage of ‘hacks’ in the blockchain space are not hacks at all. They are operational failures brought about by human error or lack of operational discipline.
Many projects have exposure to risk that they don’t even know about. Some of these risks are severe enough that they could literally destroy the project (impacting everyone involved including contributors, funders, investors and the team itself).
The reasons: many project teams have little or no operations expertise. Others don’t know what they don’t know. Operational Security (OpSec) and Cyber Security (CyberSec) are complex items, especially in today’s world. It would be unrealistic to expect teams to fully understand all OpSec and CyberSec risks, let alone know how to solve for them. They need unbiased help (and tools) to know where they stand relative to where they think are. They also need to know what options are available to improve their risk management practices and ensure the project and treasury are protected.
We believe an affordable, easy to use solution can help project teams manage OpSec and CyberSec risks. It would demonstrate to their community and investors they are being proactive and transparent about managing these risks, just as they do by ensuring the code is audited via third party contract auditors.
We propose to build two complementary solutions:
SimpleGOVERNANCE: an operational audit solution for project teams to manage risks and security threats that smart contract audits do not cover.
SimpleYIELD: a rules-based engine combined with reporting tools (analytics, asset tracking, reconciliation, governance) that makes it easy for projects to implement yield strategies across any chain or DEX.
How they Work Together
SimpleGOVERNANCE helps manage OpSec and CyberSec risks associated with daily operations while SimpleYIELD provides risk management functionality for the treasury.
SimpleGOVERNANCE: How it Would Work
The solution uses a “self-assess & recommend” algorithm that outputs the following:
Initial score for each vulnerability across all 5 major NIST categories (we will use globally recognized NIST CyberSec framework and adapt it for Web3)
A roadmap with recommendations is automatically outputted, detailing in plain English what teams can do to eliminate or reduce risks and threats
Summarized and detailed views on an executive dashboard to help project teams view, prioritize and track progress to resolution
Finally, a reward system for continued score improvement
For project teams
Protects the project by reducing risks of internal and external threats not addressed by the smart contract audit
- Builds trust and credibility with the community and investors by demonstrating prudence in operational risk management
- Saves time, allowing project teams to focus on building their core products vs learning how to implement proper OpSec and CyberSec policies and procedures
- Affordability; fees for the solution and recommendations made are stage and treasury appropriate. This allows for teams to access GOVERNANCE at any stage of their development
- No surprises; project teams don’t know what they don’t know. GOVERNANCE provides the guidance needed to protect the project and treasury
- Incentives: more details are provided in the Budget section of this proposal
Benefits for Investors and Funders
There is an important use case for GOVERNANCE beyond helping the project. Any financial contributor (BitDAO, other DAOS, L1s, L2s, Foundations) or investor (VCs, Funds) can benefit from SimpleGOVERNANCE:
- By protecting the investment in the project; without SimpleGOVERNANCE, financial contributors are assuming project teams are being diligent about risk management. It is risky in and of itself to assume this, as project teams are focused on building core product more than anything. Funding could be conditional on SimpleGOVERNANCE being implemented and committing the project team to minimum risk scores to access future funding allocations.
- Portfolio tracking and benchmarking; SimpleGOVERNANCE will include functionality for funders to monitor the performance of projects in their portfolio or ecosystem. This will allow for tracking the project’s current state, how its progressing to improve the risk score, and benchmarking against other projects. The benchmarking functionality can also help with information sharing, allowing funders to see which projects are progressing quickly, and why, and being able to pass this information to others
- Protecting their reputation; this is very applicable to VCs, who would not want the reputational risk of funding projects that wind up being destroyed due to external risks and threats that were not proactively mitigated by the project team.
SimpleYIELD: How it Would Work
This would be a solution that sits on top of DEXs (it does not compete with them). The architecture would make it simple to execute yield strategies across DeFi, with the added benefits of a rules based engine that automates search, execution and liquidation functions.
It would include reporting functionality to monitor strategies, treasury performance and reconciliation for decision making. For example, reporting tools would capture all relevant information relating to a strategy, and show evidence that the treasury had been allocated per the DAO’s governance vote or a project’s policy decision.
We propose a token swap combined with an incentive program. The incentive program will be a first of its kind, tied to improvement in risk management practices.
It will incent projects to improve their GOVERNANCE score after the initial self-assessment is completed. Improved scores increase the resilience of the project. This in turn improves the resilience of Web3 and demonstrates we are being proactive about managing risk and protecting treasuries.
Token Swap Details:
$1.8 Million in stable in exchange for 44 million EASY Tokens. The
EASY tokens would vest monthly for 4 months after TGE, including a 1 month cliff.
Incentive Program Framework
There will be an incentive program for each of SimpleGOVERNANCE and SimpleYIELD.
SimpleGOVERNANCE would be co-funded by BitDAO and SimpleDEFI. It would be designed to encourage projects to improve their GOVERNANCE Score over time.
BitDAO Incentive Contribution: we propose a grant of $2.5 million (in BIT equivalent or stable). The amount would provide an incentive for projects to increase their score and receive incentives up to 100% of their first-year subscription for implementing the service.
Fees for SimpleGOVERNANCE will range from $10,000 to $30,000 per year for most projects. The grant request is based on allocating funding for up 100 projects to receive an incentive equal to their first year costs.
SimpleDEFI incentive contribution: we will provide vouchers to projects representing a discount on the supporting services needed to improve the project’s GOVERNANCE score in each NIST category. The vouchers would offer a 25% fee reduction.
By incentivizing the first 100 projects, we achieve a number of benefits:
- Reduce risks and threats not covered by the smart contract audit for participating project teams
- Save them time so they can focus on building
- Build a sizeable data set of projects and risk scores that allow us to benchmark performances, share results and findings to the wider Web3 community
- Collect verifiable data in terms of success of the project, proper behaviour, and progression of the project as it moves through its growth stages. This data could be used for other purposes including insurance (qualifying for coverage and/or reduced fees) and product improvements (the more data, the better we can refine the product as Web3 evolves), insurance(insurance, continous improvement on parameter outputs that we can build on for future projects.
- Future phases could lead to a significant data science initiative that provides for automated and trustless governance to be enforced through smart contracts based on the data collected from existing participants.
SimpleYIELD Incentives; fully funded by SimpleDEFI
We would offer 100% rebate on fees for the first 90 days and a 25% rebate for the next 9 months. This would apply to the first 25 projects that implemented SimpleYIELD. Rebates would be issued in EASY tokens.
A Note on the Budget
We have already made a lot of progress on both solutions, which is why the funding request to build and market is quite small relative to other proposals submitted to BitDAO.
For SimpleGOVERNANCE, we have secured an exclusive global master license agreement with Cybersecurity Compliance Corporation (CCC) to leverage their framework. The funding is needed to adapt this framework for Web3. Terms are favourable. The agreement has no up front costs and is completely success based. CCC receives a fixed portion of the annual subscription revenues generated from SimpleGOVERNANCE.
Benefits: its allows us to build a solution for Web3 based on a proven framework already implemented in traditional sectors, without any cost risks.
With respect to SimpleYIELD, we have already built the architecture that enables multi-chain, multi-DEX yield farming. This code is complete, useable today and is audited by two firms. The funds would be used to develop the rules based engine and reporting functionality.
*This is a suggested framework to achieve the objective of increased adoption of SimpleGOVERNANCE as an OpSec/CyberSec standard. We believe an incentivised solution can achieve this, with the potential for rapid deployment.
We welcome discussion on the incentive mechanics as we believe this approach can be a massive catalyst for improved security and protection for projects and their treasuries.
There are numerous benefits for BitDAO if this is activated.
The launch of SimpleGOVERNANCE, supported by BitDAO, presents the entire Web3 community with an innovative solution that can elevate Web3’s profile to non-adopters.
The proposed approach is innovative. BitDAO and SimpleDEFI would be the first to implement an incentive program focused on risk and treasury management in Web3. This would demonstrate BitDAO’s capabilities, forward thinking mindset and ongoing leadership in Web3.
Market Leadership & Treasury Growth
The proposed incentive program in and of itself creates a growth fly wheel that. With BitDAO providing the catalyst for adoption, it has the potential to make SimpleGOVERNANCE the Web3 standard for OpSec & CyberSec risk management. If successful, it would have significant impact on the BitDAO treasury through the addition of the EASY token.
It Enables Multiple Fly Wheels of Growth
For example, BitDAO could consider the implementation of SimpleGOVERNANCE through existing partnerships by expanding the proposed (or finalized incentive program) further. With each partnership, another flywheel of growth is created.
A Well Timed Build for BIT Network: Infrastructure, BIT Token Utility, Protection for Smaller Projects
SimpleYIELD and SimpleGOVERNANCE align with stated goals identified in the BIT Network Proposal.
First, more utility for the BIT token by providing incentives for improved OpSec and CyberSec practices for applications on the BIT Network. The BitDAO could demonstrate leadership in Web3 by mandating implementation of risk management solutions and/or making their implementation conditional on funding and grant approvals.
And second, both solutions help smaller projects who do not have the resources or knowledge to manage risk. By attracting a larger volume of smaller proposals. As this is one of BitDAO’s goals for the network, having solutions available to smaller teams to manage risk provides benefits.
The SimpleDEFI team has the relevant expertise to build these solutions (see credentials below, and more details at www.simpledefi.io/simpledefi_team.
The entire development team has been together for close to 25 years. Everyone on the team has relevant expertise in Fintech, CyberSecurity, Blockchain, Risk Management, and Business Operations.
And we have already made progress on both products. For SimpleYIELD, the search, enter, swap, liquidate functionality is live, with multi-chain and multi-DEX activated with 2 to 3 months. The rules based engine and reporting is what the funding would be used for.
For GOVERNANCE, we have a non-functional prototype.
A list of relevant credentials is also provided below:
PMI Project Manager Professional PMP
Certified Information Systems Professional CISSP
Certified Information Security Manager CISM
Certified Information Systems Auditor CISA
Certified in Risk and Information Systems Control CRISC
Microsoft Certifications: MCTS, MCIPT, MCDBA, MCSE, MCPD, MCAS, MCSD, Microsoft Certified Architect
Cisco Certifications: Cisco Certified Architect, CCNP, CCDP, CCSP, CCNP Security, CCNP, CCNP Voice, CCNP Wireless
RedHat Certified Engineer
SUN Certifications: Database Administrator, SQL Expert, Linux Expert
Linux Certified Professional Systems Security Certified Practitioner
SimpleGOVERNANCE would be live in 3 – 4 months.
SimpleYIELD rules engine and reporting functions would be live in 5 - 6 months.
Who is Involved?
The SimpleDEFI Team: builders of the solution.
Smart Contract Audit Firms: as affiliate partners. We are in discussions with a number of them to refer projects to us. Both solutions are complementary to their smart contract audit services, creating a complementary synergy for both parties with high growth potential for mass adoption of our tools.
Web3 Insurance Protocols: awareness and product augmentation. We would approach insurance protocols to educate them on these tools. We believe there are synergies and alignment with insurers that look for evidence of projects being proactive in managing risks. The project team’s efforts can impact the cost of their insurance. It could even determine if the insurer will even consider the project for coverage.
Licensing agreement with CCC leveraging existing framework: Completed
Fee and incentive model: Completed, pending approvals
Adapt NIST CFF Standard 108 for Web3: Begins once funded
Smart contract to publish project scores on chain:ithin 90 days of funding
Completion and Testing: Within 90 days of funding
Go Live: Within 30 days of testing
Contract Audits: Completed
Yield farm entry, switch, liquidate functionality: Completed
Swap functionality: Completed
Chain/DEX agnostic (UniSwap v2 compatible DEXs) : Completed
Build Rules Based Engine & Reporting Functionality: Begins once funded
Completion and Testing: Within 150 days of funding
Go Live: Within 180 days of funding
- Onboarding session (optional, at the discretion of the BitDAO community)
- Complete the swap and allocation of funds for the incentive program
- Announce the initiative
- Begin the work
We believe these tools can help projects reduce risks. They will have the tools and support needed to do so, at affordable costs, with less time spent on operations, leaving more time to focus on building core products.
The proposal structure is also of benefit to BitDAO. Enables tools that can be leveraged to reduce risks in project directly funded by BitDAO. Plus, the generation of fly wheels to spur growth within the BitDAO ecosystem and for the BitDAO treasury.
Feedback on our proposal would be appreciated. We are confident that our proposal brings value, but also recognize there might be some really good suggestions from the BitDAO community that would improve if further. Thank you in advance for this opportunity, look forward to further discussions.