Hi all. Here’s an early pre-pre-proposal feedback thread for a Protocol Security SPE. While there are a number of members in the Livepeer ecosystem with deep expertise on the onchain Livepeer protocol smart contracts, there are currently some gaps in terms of a dedicated and mobilized team with certain responsibilities around the protocol that are necessary to keep pushing it forward. The aim of this SPE is to use public goods funding from the Livepeer treasury to address this, to ensure that the protocol remains stable and secure, while also innovating as necessary, over time.
When formed, this SPE can continue to come back to the treasury for funding for additional initiatives, described later on, but for the first proposal, I suggest the following be the scope. This SPE should be responsible for:
- Running, funding, and being the first responders to the Livepeer protocol bug bounty program as run on Immunefi.
- Designing and implementing the mechanism to decentralize the security committee into community governed control.
- Serve as core protocol development group for some minor protocol bug fixes and improvements to support Livepeer AI.
Bounty Program
The Immunefi bounty program has been an invaluable tool for the ecosystem, as it has incentivized white hat hackers to responsibly find and report exploits, allowing the security committee to take action to prevent user value before the bugs could be found and exploited by hackers. In cases this has kept the protocol live and saved millions of dollars of LPT value. However it comes at a cost. Livepeer Inc spends $50-100K/year on these incentives and bounties. And team members have to spend time reviewing and triaging reports, whether valid or not. This is the perfect opportunity to put public goods funding to use to spin up more experts on the Livepeer protocol and continue to fund these incentivizes that protect so much of the token holder value. I suggest this SPE take over as training up and staffing the first responders to these reports, in the form of smart contract security focused developers who get deeply familiar with the inner workings of the Livepeer protocol and surrounding tooling.
Decentralizing the security committee
Livepeer has a security committee which was ratified by the community in an early LIP vote. This community executes on chain proposals as voted, and is the first line of defense in terms of bug fixes and protecting user value when protocol bugs and exploits are found and reported. However one of the important steps on the decentralization roadmap is to actually make the control of this security committee more decentralized within the community and tokenholder’s hands. The simplest way to do this would be for the signing addresses on the security committee to be addable or removable via protocol governance. This could go a long way in the sustainability, decentralization, and unstoppability of the protocol, and is a relatively straightforward on chain mechanism that needs to be implemented, tested, and brought through the governance process. Whether that’s the mechanism that the community chooses or not, it would be natural that the SPE consisting of protocol security experts would lead the charge in implementing, and perhaps participate as security committee members.
Core protocol development
There are a number of small to medium nice-to-have items that the protocol could benefit from in the short term, especially as we enter the era of Livepeer AI. For example:
- Low impact or griefing bug fixes
- Job type metadata in PM tickets so we know what job types are getting paid out
- Onchain registration of AI pipelines so that we there is room for experimentation around tapping into value flows to pipeline authors
As this SPE’s members ramp up on their protocol expertise, tackling the authorship, testing, and auditing of these sorts of improvements will be very valuable. They need to be undertaken with security in mind, and will help build the muscle in protocol upgrades that are necessary for bigger projects in the future.
Future efforts
While the priorities are listed above, this SPE can also come back for further funding in future proposals for efforts such as the following:
- Security audits
- Core development on major protocol upgrades
- Onchain integrations into other protocols and chains
One way of looking at this SPE is as a core development team in the ecosystem focused solely on the protocol smart contracts. Security work goes hand in hand with development here, due to the critical nature of the onchain contracts.
Potential SPE Members
I suggest this team start out with one lead and two security minded smart contract developers.
- The lead will be responsible for the outcomes of the SPE, the project management, communication, transparency, first-response commitment, funding, and administration. They’ll liaise with the community, prioritize the work of the SPE, and deliver on results.
- The (minimum) 2 developers will be responsible for developing the technical-level protocol and security expertise, responding to and triaging immunefi bounties, working on the core development roadmap across both the security committee governance and the bug fix/minor improvement roadmap.
I believe that in this first milestone, responsiveness and accountability when needed is more important than overall time spent on Livepeer. I don’t think it’s a fulltime job to be a first responder to immunefi bounties, and I don’t think the development burden of the first milestone tasks require fulltime work either. I think the types of profiles who would be well suited here would be some of the successful bug-bounty reporters who are experts on the protocol already, audit team members who routinely understand and audit smart contract code. There are many firms out there who take on these projects, and could probably staff a couple team members at a limited # of hours per month, who would be available to do the triage-bug-fix-firedrills as needed, and compensated via the SPE funds. The lead would find and negotiate and administer payments, learning over time what the SPE needs to meet the security requirements of Livepeer.
Summary
In short, this has long been a bit of a gap in the ecosystem, and public goods funding presents the perfect opportunity to move this forward, strengthen the security of the protocol, and accelerate core development at the smart contract level. What do you think?
Based on feedback, we can start looking for a lead, who can take the above ideas and feedback and craft it into a pre-proposal.