cosmos

Prop 104: Fund notional to work on the Cosmos Hub

This is funding for maintenance of the variety described here for 3 years from the date of passage.

Summary

Notional is requesting funding of 40,000 Atoms per year, for 3 years, for Hub maintenance and incident response. In return for this payment, Notional will monitor the Cosmos Hub for potential vulnerabilities on a 365/24/7 basis. When we become aware of an ongoing vulnerability, we will coordinate with relevant teams (SDK, IBC, Comet/Tendermint, Cosmos Hub), and work to produce a patch. We will then assist in rolling these patches out to validators to resolve the incident as soon as possible.

We will also advise core teams if we notice issues in upcoming releases which could cause safety or liveness problems, and assist them to resolve the issues.

We will write a monthly report on our activities so that the community has insight into them and can keep us accountable. Since the funding will be disbursed on a vesting basis, the amount can always be adjusted by governance, adding even more accountability to the arrangement.

Here are some incidents and potential incidents we helped resolve or prevent in the past:

We reported and helped fix an ICA issue affecting Quicksilver on the hub in the fall of 2022. We reported Golang version mismatches that can cause apphash errors We’ve worked on improving archive node sync speed and proper upgrade procedure We reported and fixed Cosmos Hub and Cosmos-SDK CI Systems that reported as passed no matter what We report, helped fix, and helped distribute fixes for CPU usage spikes that resulted in the discovery of a potential exploit in Comet / Tendermint P2P https://github.com/informalsystems/tendermint/releases/tag/v0.34.25

We cannot and will not disclose security items until they are fixed, so we will rely on teams like ICF, Informal, IG, Iqlusion, Strangelove and Binary Holdings to confirm for the community that we are actively working in that space.

We also continuously work to improve and develop the systems we work with, including Tendermint/Comet, Cosmos-SDK, IBC, and the Cosmos Hub. Members of the ICF and its TAB have recognized that our contributions to the stack from a technical perspective are substantial. Here are some examples of the development work we have been doing. We’ll keep making improvements like these as we find things to improve and as time allows:

https://nvlabs.notion.site/Interchain-Foundation-81c2e013f10a44e8a94701f5f97e9c7d

What we aren’t doing We are not asking for product ownership of any of the above named repositories, the current product owners are excellent. We are not implying that we will not seek funding for specific initiatives that go beyond the scope of maintenance. We are not expressing to the community that we can find or solve every possible issue in security.

Recipient

We think it is essential for accountability and good governance that community pool funding recipients such as ourselves are given their funding in a vesting form for ongoing services. However, due to some technical limitations it is not possible to send funds directly from the community pool to a vesting account. For this reason, the funding will first go to prominent community members on a multisig who will then transfer it directly to a vesting account controlled by Notional.

Community members will create a 2/3 single use multisignature wallet to receive funding and share the address with the community. The funds will only be in this multisig for a few hours until the signers transfer them to our vesting account where they will be released over the term of our work.

The signers will be community members with the needed experience. This is a single-use multisig account composed of community members.

CryptoCrew Rarma stakecito

multisig wallet - cosmos1u69e8tsq3h3q3alqrdv333hvzazdfn5aeq9svw

From there, the atoms will be transferred to a multisig continuous vesting account with signers from our team.

Khanh Nguyen Jacob Gadikian Lit Vuong Nguyen Long Mai

If the community feels displeased with Notional's work, they should create a governance proposal to claw back the unvested portion.

Oversight and reporting We will regularly update work status on our notion page continuously and do monthly and quarterly reporting. In the case of material events in the Cosmos that require urgent tactical response, Notional will endeavor on a best effort basis to provide updates within 24/48 hours of work being completed or as soon as practical or feasible once the bugs are patched here:

https://nvlabs.notion.site/Interchain-Foundation-81c2e013f10a44e8a94701f5f97e9c7d

For work that affects security, we will report privately in the channels that we have established to the product owners of the repositories mentioned, we feel communication is key for an efficient process. We invite any technical organization with sufficient technical capabilities to contact us during the course of this proposal to be formally listed as participating in oversight.

These organizations include but are not limited to:

Founding Orgs: Interchain Foundation Allinbits, inc Prominent technical orgs: Informal Systems Iqlusion Strangelove Ventures Binary Builders Validators with high technical capability: CryptoCrew Amount 120,000 atoms, to be vested in a continuous vesting account for 3 years.

Voting

By voting YES, you indicate support for funding Notional's Work on the hub.

By voting NO, you do not support and refuse to fund the Notional's Work on the hub.

By voting ABSTAIN, you formally decline to vote either for or against the proposal but want to contribute to the quorum.

A NoWithVeto, indicates that you consider this proposal malicious or harmful and would like to see depositors penalized by revocation of the deposit, which contributes towards an automatic ⅓ veto threshold.