Phase 0: Initial Scoping and Discussion with Delegates (16 hours) — already completed

Phase 1: Research Past Attacks (16 hours)

• Research past historic attacks on other DAOs
  • Types of attacks
  • Potential responses/mitigations/defenses by DAOs

Phase 2: State of ARB Governance (60 hours)

• Understand how governance works (proposal, quorum) and how past attacks are relevant to Arbitrum
• Map out ARB ownership: How is the votable ARB split? Long-term ownership.
• How does ARB inflation impact votable ARB supply and token ownership? Understand how many ARB tokens received from incentives, unlocks, grants are sold
• Historical voter turnout: Do we see any trends?

Phase 3: Deep Analysis of Attack Vectors (80 hours)

• For each attack vector (DeFi, Agency Governance, Bribes, CEX, restaking…):
  • What is the cost of carrying out an attack? How does this cost move through time? How can it be tracked?
  • What are the potential levers to increase the attack cost?

Phase 4: Solution Analysis (80 hours)

• Investigate how the quorum can be made dynamic and follow a formula
• Investigate the possibility of activating the ARBs owned by treasury impact on quorum
• How can we counteract attacks, poison pills, give more ARB to users
• Investigate the role of Security Council in securing the vault

Phase 5: Report Writing and Discussion with Delegates (40 hours)

• Adjust the report based on delegates' feedback

Estimate Cost:

Total Estimated Hours: 292 hours

Estimated Hours Break-up:

• Mid Researcher: 194 hours