Please refer to the full proposal text on the SafeDAO forum. Some parts may have been removed to fit within the character limit on Snapshot.
Title:
[SEP #25] [OBRA] Palmera Module: Hierarchical Structure
Authors:
@andyp
Created:
2024-04-17
Abstract
The Palmera Module enables organizations, DAOs, and developers, using multiple Safes, to enhance their on-chain operations by facilitating the creation of customizable and flexible hierarchical structures. It democratizes access to on-chain decisions through a delegation structure, wherein upper Safes have configurable rights over subordinate Safes. This proposal is for funding an audit competition for Palmera Module smart contracts by Hats Finance based on their 100% payment by results mechanism.
Aligned strategy
Which pre-approved strategy is this initiative driving forward?
[Strategy 2] Foster module ecosystem
Funding request
What resources are being requested from SafeDAO in USDC?
Palmera asks for $30k funding to conduct an audit competition on Hats Finance protocol to ensure the safety and security of the Palmera on-chain module by using a crowd audit competition. We are allocating $5k to compensate two lead auditors, with each receiving $2.5k. Their task will be to meticulously review every line of our smart contract code to ensure its robustness and security. The remaining $25k will be used as the total bounty for the public audit competition, which might attract up to 800 independent security researchers.
Upfront funding
Indicate if upfront funding is needed. Refer to 'Payout’ under Get funding from SafeDAO for lump sum payment options.
Not applicable.
Relation to budget
State the requested funding as a percentage of the total initiative budget (e.g. if you ask for 50k for Strategy 1: 25%)
$30k constitutes 10% of the total initiative budget.
Metrics and KPIs
Which metrics and KPIs will the initiative be measured against?
- Increase the number of Super Safes created.
- Improve the management of multi-Safe smart accounts.
- Attract more organizations with complex treasury management systems to the Safe ecosystem.
- Increase module adoption.
Initiative description
What is the initiative about?
The Palmera Module has been developed as a common good, contributing to the Safe ecosystem. Palmera Module introduces customizable and flexible hierarchical structures for on-chain operations, enhancing governance and operational efficiency through delegated access and compartmentalized control. This delegation structure allows upper Safes configurable rights over subSafes, streamlining decision-making processes across managing multiple Safes smart wallets.
Traditional fund management often suffers from a flat account hierarchy leading to complex management systems that are not on-chain. The Palmera Module addresses this point by enabling an on-chain structured and layered approach to account management, which is key for a better organization that requires a clear delineation of authority and responsibilities of each Safe.
Current Safe Module
Safe Modules are smart contracts that introduce additional functionalities to Safe contracts, offering features like daily spending allowances and social recovery options. They operate by separating module logic from Safe’s core contracts, requiring owner confirmations for modifications.
Key Advantages for the Safe Ecosystem
- Customizable Hierarchical Safes Structures: It facilitates the creation of customized governance models adapted to the organization’s needs, promoting efficiency and scalability.
- Decentralized Decision-Making: Democratizes on-chain decisions by empowering subordinate Safes with specific delegated rights, enhancing operational flexibility.
- Security Enhancements: Introduces a secure, compartmentalized approach to Safe management, reducing the risk of unauthorized transactions and enhancing overall ecosystem security.
Roles Within the Palmera Module
- Root Safe: Acts as the top-level authority with comprehensive control over the entire hierarchy, capable of adding or removing any entity and modifying the structure as needed.
- Super Safes and Subsafes: Define a parent-child relationship, where Super Safes have administrative rights over their direct Subsafes, allowing for layered access and control.
- Optional Roles: Provide flexibility to assign specific capabilities such as transaction execution or owner management without granting full administrative rights, tailored to organizational requirements.
Contribution to the Growth of the Safe Ecosystem
- Compatibility: Introduces new functionalities while maintaining compatibility with existing Safe standards, encouraging broader adoption.
- Community Engagement: Offers new tools for developers and organizations; the Palmera Module stimulates community engagement and developer activity within the Safe ecosystem.
- Market Competitiveness: Enhances the Safe ecosystem for existing and prospective users by providing advanced and flexible solutions for on-chain governance and operations.
Use Cases of the Palmera Module
- DAO Management: A DAO can use the Palmera Module to establish a governance framework where each group or subgroup controls its own Safe. This allows for localized decision-making while aligning with the DAO’s governance and objectives. For instance, a marketing group can manage its funds and approve related expenditures within pre-defined limits. Additionally, the clawback functionality of the module allows for the retraction of funds from these subgroups if mismanagement happens or if strategic priorities shift, ensuring more control and flexibility.
- On-chain organization Treasury Management: organizations can leverage the Palmera Module to create a hierarchical financial structure where the central treasury Safe oversees subsidiary Safes assigned to different departments or projects. This structure enables departments to operate independently but within the constraints set by the central treasury, optimizing budget allocations and financial oversight.
- Startup Ecosystem Support: Startups within an incubator can be structured using the Palmera Module to allow each entity to manage its operations while the parent Safe, controlled by the incubator, retains oversight and the ability to claw back funds if necessary. This setup supports autonomous growth with safeguarded risk management.
- Educational Grant Distributions: Educational institutions can use the Palmera Module to manage and distribute grant money to different research departments. Each department’s Safe can autonomously handle day-to-day expenses while the main administrative Safe retains the authority to review and manage overall spending, ensuring funds are used appropriately and efficiently.
- CD Pipeline Integration: Developers can use the Palmera Module to facilitate smart contract deployments. This ensures that deployments and updates are managed through controlled, traceable, and secure workflows, enhancing operational efficiency and reliability in software development processes.
Interested Parties
For the Palmera Module, we have spoken with multiple projects, like Toku and alloc8, that have demonstrated interest. These projects were looking for:
- A way to encapsulate risk for contract management.
- Use transactions on behalf of a batch call to multiple Safes (i.e., you go through the multisig process on the root Safe that is a batch call that creates transactions for multiple child safes).
- The possibility of a delegation structure to partition treasury for small funds.
The purpose of the proposal is to acquire funding to be used as the bounty for the audit competition to be conducted on Hats Finance in order to make sure that the on-chain module will be free of bugs and vulnerabilities.
Additional resources:
A Brief Background for Hats Finance Audit Competitions:
Hats audit competitions are revolutionizing the world of Web3 security, offering a dynamic, cost-effective, and time-efficient solution for smart contract auditing. By transforming the traditional auditing approach, they ensure enhanced security through a community-driven process. With audit competitions, projects retain full control over your budget, attract top auditing talent, and gain valuable insights from the Web3 community, all while preparing your project for a robust and secure launch. Hats audit competitions work on a simple yet powerful model — rewarding results, not efforts. The project teams allocate budgets according to the severity level of potential vulnerabilities. The budget is retained if no flaws are found. It’s a model that ensures projects pay only for value added to your project, giving you confidence in your investment.
Current status
Does the offering (product/service) already exist or is the funding used to create it?
The Palmera Module has been developed and is ready for a security audit before its official release and deployment. The only part missing before a safe and secure launch is the code audit. The requested funding will create the on-chain audit competition vault on Hats protocol. As a decentralized, on-chain, transparent security protocol, Hats Finance requires the total audit competition bounty to be deposited to the relevant audit competition vault before the competition’s launch.
Risks
What risks does the initiative entail?
The only foreseeable risks for this initiative are the smart contract risks. However, Hats Finance, having gone through 6 audits + audit competitions and ongoing bug bounty, has been live for more than 2 years and used by more than 80 projects so far. Even SafeDAO has a bug bounty of $100k (externally up to $1m) on Hats Finance. Accordingly, we assume that Hats Finance has a robust, secure and battle-tested protocol.
Timeline and milestones
Provide a detailed timeline or roadmap, include key milestones
| Milestone |
Description |
Duration |
| 1. Setting up the audit competition vault and promoting it to the security researchers |
Palmera will set up the audit competition vault as described in the proposal and help Hats Finance promote it the security researcher for maximum participation |
1 week |
| 2. The competition process |
Palmera team will review, classify and label the submissions, and answer the questions of security researchers in the process |
2 weeks |
| 3. Preliminary winners announcement and dispute period |
The winners with valid submissions at the audit competition will be announced and the dispute period will start |
2 weeks |
| 4. Initiating the payout and receiving the audit report |
The winners list be prepared and a split contract will be created on Hats dapp |
1 week |
Initiative lead
Who is the accountable initiative lead? (individual or organization)
Palmera is the initiative lead. Palmera was founded in June 2022 by Andy and Jose, who have been active participants in the Safe ecosystem. Palmera is a comprehensive management platform tailored to the needs of organizations, DAOs, and individuals in Web3. It enables visualization and management of multiple Safes and treasury operations from a single platform.
Team
How many individuals in total will be working on this initiative and what role do they have? Please provide a brief background of the team members, highlighting their relevant experience and expertise
Palmera Module was developed by four members of Palmera.
- Andy, Founder of Palmera, has already established and sold a company specializing in solving repetitive operational tasks for Web3 companies.
- Jose, Founder of Palmera, has constructed proprietary multisig wallets for one of the largest crypto banks in Switzerland : AMINA , responsible for over 1 billion in assets.
- Alfredo, Senior Blockchain Specialist: With over 15 years of experience in software engineering and architecture, Alfredo excels in his specialized role as a Senior Blockchain Specialist, dedicating 5 years to the development of Ethereum-based smart contracts for various startups.
- Cristian, Blockchain Developer: Cristian brings 2 years of experience in developing and testing smart contracts, complemented by a year as a front-end developer specializing in Web3 integrations.
The Audit will be provided by Hats Finance, consisting of ETH and security OGs.
Additional support/resources
Are there any resources (non-financial) requested from the Safe Ecosystem Foundation or the core contributors?
None.
Implementation dependencies
Does the implementation of this initiative require any prior changes in the current governance processes, e.g., updates to the governance framework, or have any other dependency? If yes, please specify these. Note that the funding of the initiative will be dependent on the approval and (if needed) successful implementation of such necessary governance modifications or any other dependency.
No changes in the current governance structure and processes are required.
Link to stage 0 (discussion): https://forum.safe.global/t/discussion-obra-palmera-module-hierarchical-structure/5068?u=andyp
