The Watchdog: Arbitrum DAO's Grant Misuse Bounty Program

Description

Abstract

The Arbitrum DAO has allocated over 422m ARB tokens across various initiatives, including incentive programs, grants, investment vehicles, and service providers, amounting to a total spend in the nine-figure USD range. While these allocations have driven significant growth and innovation, there has been minimal oversight or review of how these funds are ultimately used, and no system currently exists to incentivize the identification and reporting of fund misappropriation. Although three instances of misuse have been uncovered, it is likely that additional cases remain undetected.

In response, Entropy Advisors proposes the establishment of a grant misuse bounty program dubbed “The Watchdog” to incentivize the identification and reporting of misused DAO-allocated funds. The program would utilize an incentive mechanism to reward community contributors and investigators who submit verifiable reports of misappropriation. If the proposal passes a temperature check, Entropy will manage a selection process to determine a suitable platform to host the Watchdog program.

Motivation and Rationale

By offering financial rewards for valid reports of misappropriation, there will be a stronger motivation for community members to contribute skills or information that aid in identifying misconduct in the DAO. Today, the identification of wrongdoing can result in retaliation, unnecessary friction within the DAO, and other negative externalities for the investigators. Moreover, with no incentive to bring forth allegations, it is unlikely that most community members would do so. The Watchdog program creates a decentralized force of accountability, augmenting the DAO’s capacity to detect abuse that would likely otherwise go unnoticed while protecting the submitter from repercussions.

Arbitrum DAO’s successful identification of misappropriated funds, whether by a service provider, protocol, grant recipient, or anyone else that receives funds from Arbitrum DAO has two large benefits:

1. The DAO (mainly through the Foundation, as it has done so in the past) may be able to recapture some of the funds. This could involve legal avenues, smart contract enforcement (clawbacks / stream stopping), or community pressure.
2. The evidence can be used to identify possible improvement opportunities in the underlying programs and make more informed decisions surrounding the recognized bad actors in the future.

Other benefits include a mechanism for malicious action deterrence and bringing sophisticated onchain sleuths into the DAO.

Just the existence of a transparent and well-publicized bounty program will likely deter some malicious actors from misusing DAO funds in the first place. Knowing that the community has the tools and incentives to identify misallocation increases the risk of exposure for those who might consider abusing the DAO’s trust. Recipients of DAO funds will need to think twice before acting maliciously or in a way that doesn’t align with the DAO’s strategic objectives, rules, and the broader interests of Arbitrum.

By allowing anyone to submit evidence-based reports of misuse anonymously, the program empowers the entire Arbitrum and crypto ecosystem to take an active role in maintaining the financial health and integrity of the Arbitrum DAO. We hope this fosters a culture of vigilance, good intentions, and accountability while bringing white-hat actors into the ecosystem.

Specifications

The Watchdog program will extend to ALL DAO-funded initiatives including end recipients of other programs such as the Questbook Domain program, Stylus Sprint, Arbitrum Foundation grants, and the incentives programs. The process for rewarding those who successfully identify fund misuse will start with a temporary solution utilizing a small committee of reviewers with a long-term plan for the program to eventually fall under OpCo, if and when it is stood up.

Entropy proposes the following definition of misuse of funds:

Any action or inaction by a recipient of DAO-allocated funds that directly violates the stated terms, objectives, agreement, or overall spirit of the allocation under which those funds were provided.

Misuse definitions and examples below are included solely as a point of reference for the DAO and all decisions surrounding severity will be at the full discretion of the committee:

• Low: Cases where there is minor misuse of DAO-allocated funds with limited impact on the DAO’s overall financial health, reputation, or strategic goals.
  • Example: A Questbook domain allocator accidentally sent a double payment for a milestone and the recipient did not report it.
  • Example: A grant recipient uses a portion of the funds for unauthorized purposes, such as non-DAO-aligned marketing, travel, or administrative overhead not included in the grant proposal.
• Medium: Cases involving significant misuse of DAO-allocated funds that impact the DAO’s resources or strategic goals, but where the misuse is still recoverable, or partial results have been delivered.
  • Example: An incentive program recipient uses funds in a way that does not benefit end users, but is a step away from outright theft and fraud.
  • Example: A grant recipient diverts a significant portion of the funds (e.g., 50k+ ARB) to unrelated projects or personal use.
• High: Cases involving large-scale, deliberate misuse of DAO-allocated funds.
  • Example: A fund-recipient fabricates deliverables to obtain funds without working on the approved project, then disappears with the entire grant.
  • Example 2: Theft or unauthorized transfers, such as if MSS members purposefully diverted funds to a recipient not eligible.

The workflow for Watchdog reports will be as follows:

1. Report Submission

• Anyone (watchers) can identify potential misuse of funds that originated from the DAO and submit an evidence-based report to a designated section on a to-be-determined bounty platform. Throughout the entire process, the identity of the submitter will remain private. As detailed further in step 3, the report will only be made public to the DAO in the instance that attempts at backchannel communications with the alleged party fail and a DAO ban is constituted or on a case-by-case basis where the committee deems it prudent to make the DAO aware of the misuse.
• Reports will follow a standard template to help streamline the review process and collect the initial necessary information.

2. Review Process

• A whitelisted group of three DAO-associated reviewers will have the ability to review the submitted reports. We propose the group of initial reviewers to comprise the Arbitrum Foundation, Entropy Advisors, and the elected Research Member of the ARDC. This structure minimizes the operating costs of the program until OpCo is stood up., Entropy and the Arbitrum Foundation will be waiving payment as reviewers. The ARDC Research Member will be paid at their stated hourly rate, with funds coming from the ARDC V2 budget. We anticipate the review process for a Watchdog report to take a minimal amount of hours.
• The three reviewers will discuss reports and, if required, contact the concerned party for clarifications. If two or more reviewers agree (at their discretion) that the submission is based on substance and misuse has occurred, the watcher(s) will receive the bounty. The reviewers will also determine the level of severity of the misuse (Low, Medium, High), which will impact the bounty reward as outlined in step 4.
• In the case that 2 or more reviewers deem there has been fund misuse, the Arbitrum Foundation will open up private channels of communication with the concerned party and attempt to get the funds back for the DAO.
• Reviewers are required to abstain from specific review processes if a conflict of interest (COI) is identified. If two or more reviewers have an identified COI, the reviewers will identify two external parties who don’t have COIs and have the capabilities to review the report. If the report is made public, the reviewers’ identified COIs will be published at the same time. To reduce the need for an additional election process and budgeted compensation, Entropy suggests utilizing the soon-to-be-elected Domain Allocators from the D.A.O. program, MSS members, and the other ARDC V2 members for the short list of trusted community members to step in if multiple COIs exist.

3. DAO Forum & Snapshot Voting

• If all attempts at backchanneling are failed, the report will be posted to the forum with all the watcher’s personal and identifiable information redacted in the version posted publicly. On a case by case basis, the committee may decide to post a summary of the report to inform the DAO of the misuse. Otherwise individual reports will not be posted to the forum directly. It is Entropy’s belief that in instances of low misuse, it is unwise to subject teams to public scrutiny for what could be a common or minor error.
• The DAO will vote via Snapshot on whether or not the violation constitutes a DAO ban. Delegates can reference the Furucombo instance as an example.
• The Foundation will determine in which instance of legal recourse is viable. This will be dependent on the size of funds involved in the misuse and legal jurisdiction of the accused party.

4. Reward Mechanism

• If the review committee deems a report valid at their discretion, they will deem what level of misuse. A certain level of subjectivity has been introduced due to the wide range of programs that the Watchdog program will cover. A mix of factors will be taken into account the level of severity. These include, but are not limited to the total amount of funds involved, how the funds were used (ex. simple error or intentional fraud), if the misuse is rectifiable, and/or the level of damage to the Abitrum ecosystem/brand.
  • Low: 1k ARB base payout + 5% of recovered funds capped at an additional $10k
  • Medium: 10k ARB base payout + 5% of recovered funds capped at an additional $20k
  • High: 30k ARB + 5% of recovered funds capped at an additional $100k
• A fixed reward has been included to ensure that an incentive always exists for community members and individuals to submit reports. The base payouts denominated in ARB will come from the approved Watchdog budget.
• If recaptured funds are denominated in a volatile asset, the maximum reward awarded to the watcher will be calculated as the 30D TWAP of the underlying asset on the day the transfer is made. For clarity, the reward is still paid out in the recovered asset.
• While anyone is encouraged to submit reports, only watchers that complete a KYC with the Foundation will be eligible for rewards.
• The program will run until the 400K ARB is exhausted from valid misuse reports. Once 100k ARB remains, a proposal will be put forward to the DAO to extend the budget or shut down the program.

We believe that this mechanism is optimal for the time being, but if/once OpCo is stood up, the program could be moved into its domain. If done so, the reviewer and voting mechanism would likely need to be restructured.

The expectation will be that 6 months post program launch, Entropy Advisors will raise a subsequent vote to the DAO in order to gauge the program's success. At this point the DAO can determine if the program should continue in its current state, be moved under OpCo if or when it is stood up, or if the program should be discontinued. Entropy will provide a retrospective report near the end of the 6-month trial to help the DAO evaluate the successfulness of the program. The report will summarize the received misuse cases along with data such as total amount of misuse, severity breakdowns, and amount of ARB recovered.

Steps to Implement: RFP Process

It will be necessary to create a secure platform where community members or contributors can privately submit their reports. This will ensure confidentiality and data security for all parties involved. With the requirements resembling a bug bounty program, we imagine that an existing platform can quickly build the necessary portal. If the proposal passes a temperature check, Entropy will directly contact potential providers and solicit bids that will be publicly posted in a dedicated subcategory in the forum. Delegates will have visibility into the bids, but Entropy will conduct negotiations, select the provider, and present a summary of the rationale to the DAO prior to the proposal moving to Tally. Unless the DAO feels strongly about being involved in the selection process, our team views this as the simplest and quickest route to choosing a provider. The Arbitrum Foundation will serve as the counterparty for the agreement.

Entropy refrained from setting a maximum budget at this stage as to not publicly signal to interested providers what amount the DAO would be willing to pay. Additionally, depending on whether the portal needs to be built from scratch or simply added to an existing platform, the costs may vary greatly.

Budget

In total 400,000 ARB + the necessary amount of ARB for the selected bounty platform (determined by RFP process) will be sent to a new MSS multisig in order to facilitate the program.

• 400,000 ARB available to reward valid Watchdog reports.
• Amount of ARB necessary to build and host the Watchdog program. To be determined through a RFP process.

Timeline

December 20th: Forum post January 16th-23rd: Snapshot vote January 24th : Procurement process begins TBD: Onchain Vote TBD: Program is launched

Voting Options

With the RFP process happening pre-Tally ratification, the Snapshot vote will be subjected to the non-constitutional quorum requirements of 3% of the votable token supply with a simple majority of votes in favor/abstain.

It will be a basic vote with FOR, AGAINST, and ABSTAIN as the three options.

Conflicts of Interest

Outside of being placed as one of the three reviewers, Entropy does not have any other conflicts of interest to disclose as part of this proposal.