Hi everyone, I’m Jack from Authio.
Authio has submitted a proposal to engage the Aragon Network as security partner (per the AA wishlist) under AGP-18 which will be on the ballot for Vote #1 on January 24th.
We will be hosting an AMA call on January 19th at 15:00 UTC where ANT voters or anyone else are invited to ask us questions. We will post details to join the call on Twitter and aragon.chat. Hope to see you there!
The following post is intended to inform the Aragon community about some aspects of the philosophy and approach we think is needed to secure application-based decentralized organizations like the Aragon Network.
Narrowing the Scope of Responsibility
The role of a security auditor is not only to prevent the exploitation of technical vulnerabilities in a given application.
The role of an auditor should also be to ensure a given application behaves in alignment with canonical commitments made to users by the project team regarding intended product behavior.
In other words, does a given application actually do what the people who wrote it say?
Does it work how they say? Will its behavior reasonably satisfy what users have been lead to expect?
If properly signaled, the results of an audit can educate users about the content of smart contracts they may interact with and enable them to screen adverse selection when they otherwise could not.
Or better yet, if users demand misalignments be signaled by auditors, some malicious or incompetent actors will screen themselves out of dapp development all together.
Unfortunately, users have no way to collectively represent themselves to participate in commerce with an auditor.
Users can fall victim to moral hazards of the project team who must engage with the auditors on their behalf.
This means the fee that would ideally be paid directly to the auditor by the users (collectively the highest risk party) is instead controlled by the project team.
Moral hazards can be exacerbated when auditing engagements are done under restrictive non-disclosure agreements.
The combination of misaligned economic incentives and restrictive legal agreements can effectively create a monopoly of information around vulnerable properties of a smart contract by constraining the auditor’s ability to signal information pertinent to users.
Without aligned incentives and proper signaling, the utility audits provide for user screening of adverse selection is negligible.
If users do not have a way to organize and represent themselves in an engagement with an auditor formal mechanisms to protect their interests are severely limited.
Users are the Client
The Aragon community has fostered an ethos and built tools that empower users to manage the Aragon Network as the final decision maker.
That means users have a way to organize and interface directly with security auditors thus disintermediating the project team.
This direct DAO<>Auditor relationship can bring about a shift from potentially conflicted responsibility to unequivocal allegiance to the user.
The users are the auditor’s client, not the project team.
For a security partner to successfully integrate into Aragon’s community, they must be an independent but culturally, politically, and technically knowledgeable partner to ensure new features are functionally sound and aligned with user expectation.
The world has seen loose regulation for independent auditors play out before in the financial accounting industry.
Following the Enron debacle, the Sarbanes-Oxley Act instantiated conditions and regulations for financial auditors and companies to prevent conflicts of interest.
Many of the same social forces (information asymmetry, incentives/pressures, opportunities, attitudes/rationalization) that drive malfeasance in financial accounting can exist between project teams and auditors, especially over long term engagements.
The security partner should be cognizant of these forces and participate in methods of self regulation.
Methods to mitigate these forces could include:
- User delegated expert committee to curate candidates and oversee the work of the auditor
- Create audit reporting standards and procedure for disclosure of audit findings to project teams and users
- Define rules for relationships between auditors and project teams to prevent conflicts of interest
The Importance of Self Regulation
As much as people like to see Aragon as an untouchable super-jurisdiction, virtually all of the world’s population are national citizens, subject to legal jurisdictions that influence their behavior.
This is true for users, project teams, and auditors.
Poorly regulated security activity on the Aragon Network that leads to financial losses for national citizens introduces exposure to legal regulation.
The western allied nations many auditors are based in could, at a minimum, coordinate to regulate smart contract security firms and practices.
Given the track record of national governments’ attempts to regulate technology, the outcome of such an effort could have an indeterminate negative effect on Ethereum’s young security industry.
Aragon will make an example for how decentralized organizations manage security risk and its critical for the future of decentralized application governance that Aragon sets the right example.
Including users in security governance could change the way applications are built as we know it.
Imagine if Facebook users made decisions about Facebook’s security this way:
- There wouldn’t be incomprehensible “user agreements” to justify unscrupulous new features that jeopardize user security because the users propose and vote on the “user agreements” amongst themselves.
- Security professionals, who often care most about the users, will have the freedom and mandate to protect users first.
Strict prefigurative embodiment of values or modes of operation described in this post may be detrimental to a DAO if applied too early. DAOs have barely entered their pioneering era and still require management by founding members or other vital stewards to lay the foundation for long term success.