In the light of recent events and market conditions, it seems logical to add some new requirements for selecting new platforms which we make AMO for them. The following requirements are the first items that we want to vote for:
Main requirements:
- The project should be open-sourced
- The project has been audited
- The project should have a bug bounty program
Other requirements suggested by the community:
- The team should be doxed
- The team should state any involvement they have had in other projects (at the team or advisor level)
- All project owned wallet addresses should be supplied
This list can be updated/extended based on community inputs during the discussion period.
Poll:
- Add new requirements for snapshot proposal posting
- Do nothing
3 Likes
Add new requirements for snapshot proposal posting
Yes, we want to do that here. do you have any suggestions for requirements?
Strongly disagree with the team should be doxed as a hard requirement. There’s lots of credible non-doxed teams I’d be fine with Frax partnering with.
I’d even say “over-doxing”, ie the project has a huge “the team” section on its landing page with everyone in suits and links to linkedin profiles is more of a red-flag.
I’m actually not sure I agree with any of these as a hard requirement. I’d agree open sourcing is generally good as is having a bug-bounty program but I’m not sure these are deal breakers in every case, especially the bug bounty one. To me these are better as guidelines or best practices.
2 Likes
I agree with @JJJJJJJJ on this. I strongly disagree with these requirements.
I would like to understand where these requirements are coming from. Have we been scammed by a team and we need to put new requirements in place to protect us?
These new requirements feel like a knee-jerk reaction to the macro events which are impacting the market today.
Doxxed Teams: Many founders choose to remain anonymous for both privacy and security purposes. There are countless examples of successful platforms and protocols where the team is anonymous.
Audits: The vast majority of scams in this space come from malicious developers or the lack of developers for a project (e.g. see the hyped NFT projects which have reveals that end up being blank NFTs). Being audited != being safe. In fact, most audits only serve the purpose of enriching the auditor (high 5-figure / low 6-figure cost on audits) vs. being useful for a project.
Open-Source: Not sure if this requirement makes sense. We are investing in the partnership and in the people/team that are associated with the partnership. Whether it’s open-source or not shouldn’t be part of our investment criteria.
I’m struggling to understand how this new criteria benefits us. If you have examples of how this criteria could have helped protect us from a bad investment, then let’s discuss that.
Thanks for your comment here, as I mentioned in the post these are suggestions and we want to come up with a list of items that our community thinks are important for our partners to have. Also, I agree that these could be guidelines or best practices and teams would be required to include information about them within their proposal.
Thanks for your comment, before I start I just want to clarify three things:
First, with this proposal, we don’t want to change the nature of Frax’s open and comprehensive partnership attitude, but we want to design the best proposal (help them put the right terms in their proposal) for them by understanding the condition of the project.
Second, another point that maybe was not clear in the main post is that in this proposal/discussion we want to find the best requirements for projects that propose AMO development + minting frax into their protocol.
Third, this proposal aims to find ways to minimize the protocol risk of our AMO’s liquidities.
Now let’s discuss each of mentioned items:
Doxxed Teams: I totally agree that we should allow founders to choose to remain anonymous, but I think they should state that fact in their proposal.
Audits: I agree that audits are expensive but they remove the risk of common bugs and expected/known attacks. and I agree that it shouldn’t be a deal-breaker but then in case of a lack of audit, the proposal should be conditional and AMO should be deployed after an audit (Also it can be part of the deal that frax pays full / half of the audit expenses)
Open-Source: I think open source projects fix vulnerabilities and release patches and new versions a lot faster. Also, our team can review their code. but I am not strong on this in general.
Let me know what you think about it.