Welcome back for issue 44 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen.
This week we cover a governance bug discovered in Uniswap proposal 8, plus brief updates from the governance ecosystem.
Uniswap Resolves Governance Upgrade Bug
TL;DR: Proposal 8, which upgraded governance contracts, contained an undiscovered flaw which could have prevented proposals from executing properly.
Governance changes are some of the most critical upgrades for defi protocols, as governance contracts control all of the other admin privileges and upgrade paths available to the protocol. In the past week, Uniswap faced a close call where their governance upgrade almost caused significant issues.
Proposal 8 upgraded Uniswap governance from Governor Alpha to Governor Bravo, a newer version of the contract developed by the Compound community. Governor Bravo offers easier upgradability for governance in the future without requiring contract migrations, along with a few other user experience and safety features.
The proposal received broad support from voters, but despite the high visibility a bug was able to slip into production.
In this case, the governor contract was initialized with incorrect variables, which would have rendered the first 8 proposals submitted to the new contract invalid. Luckily, submitting 8 placeholder proposals was able to resync the “proposal count” and “initial proposal count” values to allow future proposals to execute properly.
While this bug was resolved without further issues, it points towards the importance of code reviews for governance proposals. In a worst case scenario, faulty proposals could lock governance and render protocol admin privileges and funds inaccessible. And while one might expect large holders and funds to independently check upgrades, in truth many of these actors lack the capacity and direct incentives to undertake deeper reviews. Protocols may consider retaining auditors or hiring an in-house dev team to provide an additional layer of security for critical code changes.
Uniswap Labs faces SEC investigation:
Fei Protocol moves towards broader liquidity incentives with optimistic governance approval:
Index Coop votes on a framework for submitting proposals in underlying governance systems:
Gauntlet seeks feedback from the Aave community on preferred risk exposures:
Aave @AaveAaveAn ARC has been created by @inkymaze from @gauntletnetwork with three distinct levels of preferred risk tolerance for Aave V2 👻 Proposal here: https://t.co/3s1FepiFhh Snapshot open: https://t.co/mBJnkUYWE6
Analyst DAO seeks to connect defi and web 3 focused analysts with opportunities:
Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at firstname.lastname@example.org