This proposal seeks DAO approval to reimburse LinkPool for $200,000 incurred in private and public audits necessary to enable native LINK staking withdrawals for the stake.link protocol. These audits were critical to the security and functionality of the protocol and ensure users can withdraw staked LINK directly from Chainlink Staking contracts without relying solely on Priority Pool liquidity and the stLINK/LINK Liquidity Pool on Curve Finance.
The $200,000 requested from Core Contributors will come in the form of the SDL token with commitments to not be sold in secondary markets for a period of at least 6-9 months minimum.
The $200,000 will be denominated in SDL at the time of the SLURP’s passage by the stake.link DAO Council.
Rationale
The audits were essential to the long-term security and usability of stake.link, providing the following key benefits:
Native Withdrawal Capability: Enables users to withdraw LINK directly from staking contracts, bypassing reliance on Priority Pool and Curve liquidity.
Enhanced User Experience: Safeguards against periods of depleted Priority Pool liquidity, ensuring uninterrupted user access to their staked assets.
Rigorous Security Assurance: The audits were conducted by Cyfrin, a leading audit firm headed by ex-Chainlink Labs’Patrick Collins, and its competitive audit platform CodeHawks, ensuring the highest standards of security for a complex and mission-critical contract.
During a period of ~3 months in 2024, the Priority Pool had no liquidity, leaving users reliant on external liquidity pools such as the stLINK/LINK pool on Curve Finance. While the Priority Pool periodically replenishes and often fully depletes shortly after, native withdrawals provide an essential fail-safe for future scenarios.
Specification
Audit Costs:
Total: $200,000 in the SDL token (does not include labor costs of contract development by LinkPool engineers and senior leadership).
Firms: Cyfrin and CodeHawks.
Timeline:
Costs incurred between Q3 and Q4 2024.
Reimbursement Terms:
$200,000 to be reimbursed from the DAO Treasury within 30 days of proposal approval.
Conclusion
Approving this proposal ensures fair compensation to LinkPool for its significant investment in enabling critical functionality for the stake.link protocol and further bolstering its brand of refined Chainlink Staking. Native LINK staking withdrawals enhance the protocol’s long-term viability and protect against potential risks tied to depleted Priority Pool liquidity.
We look forward to discussion on this proposal and thank everyone for your patience on the development, audits, and implementation of Native Staking Withdrawals which are expected to be fully deployed by no later than the middle of January.
First and foremost, I want to express my appreciation for the team’s dedication and hard work on advancing stake.link. The introduction of native LINK staking withdrawals is a significant milestone that will greatly enhance the protocol’s functionality and user experience. However, the reimbursement request outlined raises critical questions about financial governance, resource allocation, and transparency. Below, I offer a detailed response.
1. Treasury Sustainability and SDL Reimbursement
The proposal requests reimbursement in SDL tokens for audit costs, with the assurance that the SDL tokens will not be sold in secondary markets for at least 6–9 months. While this demonstrates a commitment to preserving token value, several key considerations arise:
Why SDL Over USDC? The treasury holds both SDL tokens and 250,000 USDC from the OTC sale in SLURP-27. Opting for SDL tokens instead of USDC impacts treasury dynamics differently, particularly given the significant reduction in SDL reserves (from 40.91M SDL in July 2023 to 25.15M SDL today). Why was SDL chosen, and does this align with long-term treasury strategy?
Market Impact Risks: While the lockup period mitigates immediate sell pressure, it does not eliminate concerns about the potential future impact on SDL token value. More clarity on how this decision aligns with the protocol’s broader financial goals would strengthen the proposal.
2. Core Contributor Allocation and Operational Budget
In SLURP-8, the community approved SDL tokenomics with a specific allocation for core contributors:
The audit for native LINK staking withdrawals, a critical protocol feature, should reasonably fall under this operational budget. While it is acknowledged that audit costs can be difficult to predict, proactive planning could have mitigated the need for retroactive reimbursement. If costs exceeded the annual allocation:
Why wasn’t supplemental funding requested earlier? Engaging the community in advance would have ensured alignment and avoided governance friction.
How was the 1M SDL operational budget utilized? Transparency on this allocation is essential for the community to evaluate the necessity of additional funding.
3. Audit Cost Transparency
Audit costs are notoriously hard to estimate, particularly for complex features like native withdrawals. However, transparency is key to maintaining community trust and ensuring alignment on financial decisions. The SLURP-34 proposal should provide:
A full breakdown of audit expenses incurred for native LINK staking withdrawals, including firm-by-firm cost details (e.g., Cyfrin and CodeHawks).
An explanation of any unexpected increases in costs and how similar issues can be addressed in the future through better planning.
This transparency is crucial for the community to make an informed decision on the reimbursement proposal and to identify areas where cost management can improve.
4. The Role of the MetisEDF Grant
In SLURP-28, the team announced securing 1,500 METIS tokens from the Metis Ecosystem Development Fund (MetisEDF) to support auditing costs for native LINK staking withdrawals and native Metis staking deployments.
This was a celebrated win for offsetting operational expenses. SLURP-34’s request for an additional $200,000 raises key questions:
How were the 1,500 METIS tokens allocated? Were they fully or partially used for auditing, and if not, why?
Why was the MetisEDF grant insufficient? If it didn’t cover audit costs, why wasn’t this communicated earlier?
Without clear accounting, this overlap creates the perception of duplicative funding, which undermines trust.
5. The High Priority and Long Development Journey of Withdrawals
Native LINK staking withdrawals are undeniably a high-priority feature. The feature’s development over the past year reflects its complexity and importance to the protocol. The audits conducted by Cyfrin, CodeHawks and others (?) are critical for ensuring security and usability. The proposal highlights key benefits:
De-risking liquidity shortages: Withdrawal functionality protects users from reliance on Priority Pool or Curve liquidity.
User confidence: Audits safeguard user funds and enhance protocol reliability.
The high priority of withdrawals justifies the costs incurred. However, prioritization demands proactive financial planning. The extended timeline should have provided ample opportunity to estimate costs and address budgetary shortfalls in advance.
6. Constructive Path Forward
To address SLURP-34 and strengthen governance moving forward, I propose the following steps:
Provide Detailed Transparency:
A breakdown of the 1M SDL operational budget from SLURP-8, detailing how it was used and why additional funding is needed.
A report on the allocation and usage of the 1,500 METIS tokens from the MetisEDF grant, explaining any gaps.
A full breakdown of audit costs for native LINK staking withdrawals.
Clarify SDL Reimbursement Strategy:
Explain why SDL tokens were chosen for reimbursement instead of USDC. What impact will this decision have on treasury dynamics and token value?
How will the 6–9 month lockup period mitigate potential risks to SDL markets, and are there additional safeguards planned?
Improve Audit Cost Planning:
Establish baseline cost estimates and thresholds for audits of core protocol features.
Propose supplemental funding to the DAO in advance if costs exceed thresholds.
Strengthen Treasury Stewardship:
Reserve the DAO treasury for strategic, forward-looking initiatives while ensuring operational expenses are primarily managed through core contributor allocations.
Limit retroactive funding requests to exceptional circumstances.
Enhance Communication:
Commit to engaging the community early for major expenses. Transparent and timely proposals help build trust and ensure alignment with the community’s priorities.
Final Thoughts
The stake.link core team has demonstrated exceptional dedication and perseverance in advancing the protocol. Native LINK staking withdrawals represent a significant improvement for the protocol and its users, and the audits conducted were essential to ensuring their security and success. However, the retroactive nature of this reimbursement request highlights areas where governance and financial planning can be improved.
By addressing these concerns and committing to more proactive communication and planning, stake.link can continue to thrive as a community-driven and resilient protocol. Thank you for your hard work, and for taking the time to consider this feedback thoughtfully.
Hey Ari, to answer the main questions in your thoughtful response.
Using USDC is more preferable for smaller reoccurring expenses as it lowers operational burden of paying for occurring expenses, versus requiring to sell SDL on market every time monthly expenses occur.
To pay for the audit expenses originally, LinkPool had to swap LINK to stables which removes significant amount of upside potential for LinkPool’s balance sheet, to which SDL restores it.
The core contributor allocation isn’t for operational expenses, it’s for staff incentives. Having healthy staff incentives means the DAO & LinkPool can be competitive in hiring in a job market in which pretty much all companies offer healthy token packages to attract talent.
Using the core contributor allocation for this provides the opposite incentive, ultimately meaning the more they work the less potential there is for staff incentive.
In an industry of ultra-competitiveness in regards to audits and negotiated rates that may differ between projects, the firms we use will not want to see those rates public as it causes complications and will weaken relationships we have with the great partners that we have.
I mentioned this in Telegram, but the high-level breakdown of the 200k is as follows:
140k for two private audits and the competitive audit for native withdrawals, including the Metis withdrawal implementation
60k for the most recent private audit booked after a late issue was found
There is no issue of planning here, we’re talking reimbursement of around 6 months of audit expenses. These are not increased costs, rather just expected audit costs (cheaper than the wider market in general) for contract changes that are high in complexity.
As voted on the SLURP changing incentives within the METIS ecosystem, we will no longer be seeking to incentivise LINK/wstLINK on the Metis network which was one of the terms of the 1,500 METIS in the grant proposal. This means we are no longer getting that grant.
I’m going to be honest regarding this point and the general theme of the reply. If quotes and rates that auditors provide us are made public and need to be approved through the DAO, the following will happen:
We will lose audit slots
We will no longer get preferential rates
Firms will be less likely to work with us
I understand and appreciate the community in general aren’t privy to how these relationships are formed and built with services firms, as why would you, but having strong audit partners is a must and they’re in high-demand as slots are fought over with auditors often being booked up for the next 2-3 months.
To give the most recent example, with the 60k audit for the late issue that was found, we managed to reach out to a firm we’ve used before and get a preferential slot for the audit to be completed by the end of the month. This audit will be performed with an auditor who has already reviewed our codebase before, so they have full context. For security, speed and cost all of this is vital and believe me when I say that we always aim to get the lowest rates because LinkPool is fronting the cash to begin with that has large impact to the business in general.
I will always seek to be as transparent as possible, as it what I personally believe with how this DAO should operate. Although, there has to be an aspect of understanding with some shrouding of the audits because it ultimately is best for the speed of how we work and the fundamental security of the protocol.