Platform: Code4rena
Start Date: 03/08/2023
Pot Size: $90,500 USDC
Total HM: 6
Participants: 36
Period: 7 days
Judge: 0xean
Total Solo HM: 1
Id: 273
League: ETH
Rank: 20/36
Findings: 1
Award: $85.11
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: catellatech
Also found by: 0xSmartContract, 0xnev, K42, MSK, Sathish9098, berlin-101, hals, kodyvim, yixxas
The ArbitrumDAO (owners of ARB token) should rank above the security council in terms of privileges granted but there seems to be a power imbalance here once the security council members are elected.
Similar to how in a business, the shareholders gets to vote on and decide the CEO of the company who is responsible for managing the company, and the CEO, while he gets to decide business objectives and how the entire business is run, can always be replaced or removed by the shareholders.


In our governance system, it does appear to function very similarly since the ArbitrumDAO has the power to remove elected members of the security council via voting. But at the same time, the security council gets to initiate any emergency proposal, bypassing any kind of approval from the ArbitrumDAO. This effectively means that the security council has more power than the ArbitrumDAO.
While I do understand the importance of an emergency proposal for when security breaches of the protocol happen and a seemingly low risk of 9 out of 12 trusted members of the council to not turn rogue, the impact should it happens seem too severe. The security council can completely destroy the entire value preposition of the ARB token (the shareholders).
It is a dilemma as we want to achieve balance in risk vs reward. The benefits derived from being able to enact emergency proposals in times of need are significant hence we likely do not want to compromise on the ability of the security council to take immediate actions.


My suggestion here would be to further stricten the criteria for nominees to be eligible. Currently, I believe the nominees have to be vetted by the Arbitrum Foundation and receive at least 0.2% of the votable tokens to pass the nominee stage. To further tighten this, we can enforce that eligible nominees should hold a certain % of the ARB tokens (they must be shareholders themselves) to further disincentive them from going rogue. Considering that we are only electing 12 members, it is unlikely that such an implementation will result in a lack of nominees.


I am a firm believer of the incentive/disincentive based systems for the long term. Security council members who they themselves own a stake in the protocol will be less likely to turn rogue and take extra steps for the longevity of the protocol.
8 hours
#0 - c4-judge
2023-08-18T23:49:29Z
0xean marked the issue as grade-c
#1 - yixxas
2023-08-21T13:57:01Z
Hi @0xean, I would like to understand why this was marked as grade-c.
I tried my best to write my analysis in a way in which it can be beneficial for the protocol. I wrote my thoughts specifically for the rules governing and around the security council (which is the entire scope of the audit).
In fact, issue #97 is currently accepted as a medium severity issue despite this being the current implementation specification. If 9/12 security council members decides to collude and add a removed member that was voted out, they can definitely do much more than that. The fact that they can pass any emergency proposal means they can undermine any DAO votes anyway. This is by design.
#2 - 0xean
2023-08-22T12:25:03Z
These grades are not used for scoring and are being deprecated with only advanced-analysis being used in the future.
I will upgrade this, but it has no effect on anything.
#3 - c4-judge
2023-08-22T12:25:07Z
0xean marked the issue as grade-b