Summary
Aragon, after consulting with numerous curators, token holders, and the Morpho Association, is requesting funding for the development of trustless-guardians on Morpho Vaults V2. When completed, depositors will have a better user experience in their access-control as optionally provided to them via curators, enhancing security by ensuring depositors have ultimate veto power over changes to the vaults they use.
Motivation
With the release of Morpho Vaults V2, an update to the current trustless-guardian system is required and curators and depositors are interested in giving liquidity providers more control over vaults using Aragon. These “DAOs”, governed by LP token holders are seen as “critical” in creating more secure decentralized access-control.
The current guardian DAO design requires the LP tokens to be wrapped in a token wrapper contract at the time that a proposal is created. This would make a more proactive shared Owner role moot.
To make the LP DAOs more flexible for its participants, it’s recommended for Aragon to build a LockToVote plugin in lieu of making changes to the protocol or receipt LP token for V2. This would provide Morpho Vaults the option for more resilient access-control and increase security for Depositors.
Because the action to lock and vote requires knowledge that a proposal exists, a notification system is also proposed.
Background
Aragon’s governance contracts prevent double voting by using snapshots (“checkpoints”) of voting power taken at the block in which the proposal was created. For a token to be natively governance compatible, it must support the IVotes interface.
- Morpho LP tokens do not natively support IVotes.
- When Aragon governance contracts are deployed, they automatically detect this and deploy a new wrapper contract with IVotes that holders can use to wrap the token.
- When a proposal is made within the Aragon DAO, at the moment the proposal is created, a snapshot is taken.
- Any LP token holder who was not wrapped at the time the proposal was created is not included in the snapshot and therefore cannot vote.
Problems:
- There’s a tension between effective LP governance requiring tokens to be constantly wrapped and being able to use the LP token in DeFi; can’t do both at the same time.
- Poor UX and the inability to know when a proposal is going to be created makes this tension worse.
- These problems would force Curators to participate and effectively run the LP DAO, defeating the intention.
Recommendation
Phase 1: LockToVote
To avoid ”double voting”, a token can be either locked or wrapped. For this reason, we have ideated a new governance plugin dedicated to these kinds of use cases that lets token holders lock and vote at any time, even if they were not locked at the block the proposal was created. An example of this is Lido’s upcoming Optimistic Dual Governance where stETH can be locked to vote.
- Here is our concept of a LockToVote plugin:
- When a proposal is created, no snapshot is created.
- Anyone can lock any number of LP tokens, and it remains locked until the proposal (or proposals) they have voted on ends.
- Their voting power is based on their amount of locked tokens, and they can continue to lock additional tokens to increase their voting power as the proposal is active.
Advantages:
- This allows LP token holders to lock on an as needed basis, and therefore participate in DeFi, rather than keep their tokens wrapped in perpetuity.
- New features such as slashing could eventually be added.
- Easier participation makes it more likely that depositors can effectively use their tokens to prevent malicious or mistaken behavior by a vault curator
To note:
- The LocktoVote plugin UI will be permissioned for a minimum of 1 year only allowing Morpho Curators and those who are not deemed a direct competitor to Morpho to use. Any direct competitors who want to specifically use the LocktoVote plugin may request access in which case Aragon will reach out to the Morpho DAO to clarify permissions, or not, under certain conditions.
Phase 2: Notifications
To enable depositors to know when a change in a vault is being proposed they have to be alerted to it. In order to decrease overhead and miscommunication we recommend an opt-in notification to be sent to depositors via email or Telegram when this event occurs.
- When someone connects their wallet to a Morpho Guardian in the Aragon UI, they have the option of adding an email or Telegram username, and indicate which events they would like to receive notifications for.
- The Aragon indexer will listen to events emitted by the relevant DAO contracts.
- A backend service will automatically send an alert to the users who have opted in.
Proposed Budget
The following table provides a detailed breakdown of the requested funding.
| Item | Description | Cost |
|---|---|---|
| Phase 1 | ||
| Plugin | A governance plugin that allows an LP token holder to deposit and vote to stop double counting | $15,000 |
| UI Implementation | Seamless integration into the UI, including backend & indexer work | $48,000 |
| Phase 2 | ||
| Notifications | Depositors can sign-up to receive a notification via email or telegram (Tbd) for when changes happen to a vault and they have an ability to veto | $15,000 |
| Total | $78,000 in $MORPHO |
*To calculate the number of MORPHO tokens, we will use the time-weighted average price per token, as reported by CoinGecko, over the 7-day period immediately preceding the proposal passing.|
Team
Aragon has been providing open source onchain governance software since 2017. Steakhouse, Mev Capital, Llamarisk, Hyperithm, & RE7 have been utilizing Aragon’s trustless Guardians for their Morpho vaults for over one year which secures roughly $700 million + in TVL.
Conclusion
The risk of user-error, smart-contract vulnerabilities, and hacks in general continues to grow, putting our entire industry at risk. This couldn’t be more clear than the recent SAFE hack which saw over $1 billion stolen from Bybit.
Morpho has done an incredible job building a secure and immutable protocol, but there are always risks to mitigate at the social and governance layer. Improving the Guardian setup on Morpho reduces risk, as an opt-in, for Curators and Depositors. It also has the benefit of being an added value proposition for Morpho users as governance is separated from the Morpho token and depositors who have more control over securing their funds. There are no cons to improving access-control and decreasing risk for such a small cost.