How the Oversight Committee Protects Vendors and Treasury Funds
1. Oversight Committee
Each Treasury Reserve Contract can, as needed, be permissioned independently. Each action outlined above is subject to a required multi-signature to enact. These actions can also be permissioned individually or in groupings. As stated, the Vendor Contracts associated with a Treasury Contract inherit these permissions. Permissions can only be set when creating the Treasury Contract.
As the administrator, Intersect may legally require sole accountability for specific actions, such as Pause and Resume; however, Intersect, as practically possible and feasible, will continue to investigate the decentralization of additional controls for future implementations. Additional keys may be added for redundancy.
As mentioned previously, the oversight is a check and balance on Intersect's administrative duties rather than a hands-on vendor of proposal management. All of the smart contract permissions require Intersect to initiate the action through its various key configurations, and then the oversight provides a check and balance. Actions initiated by oversight members do not meet the required permissions, meaning they cannot unilaterally make changes to Intersect-administered contracts. Ultimately, when designing oversight committee permissions, a balance must be struck between legal requirements, functionality, simplicity, and scalability.
2. Smart Contract Permission Rationale
Initially, the smart contract permissions – Fund, Modify, Disperse, and Reorganize – will require additional signatures from the oversight committees before being used by Intersect. Effective oversight ensures that Intersect acts appropriately as an administrator, with checks and balances, rather than direct oversight of individual proposals.
This ensures that Intersect only creates smart contracts for vendors and proposals that DReps have approved in the corresponding info and governance actions. Multi-signatories will be required to initially fund these smart contracts. Oversight also protects proposal benefits or outcomes from diminishing over time due to poor change control or modifications to vendor contracts. Modify controls also requires oversight.
Secondly, should Intersect be required to use the Disperse or Reorganise action, multiple signatories will be needed to approve such an action. The process will ensure that appropriate reason and rationale are provided and that Intersect is not acting unilaterally.
The remaining smart contract permissions currently need to reside with Intersect as the administrator to ensure that the liability of Intersect and the Oversight Committee is managed appropriately. Additional rationale and explanation are provided below.
Fund - This permission allows the creation of a Vendor Contract. Oversight ensures that this Vendor Contract aligns with the original scope and value of the DRep-approved governance action. Intersect initiates the action as the administrator, which is then cross-checked and approved by oversight.
Modify - This permits a change to a Vendor Contract. Oversight ensures that any modified data is correct, consistent and that explanations have been attached as metadata . Intersect initiates a change request as the administrator, and then it is approved by oversight. The vendor must also sign a consent form to proceed with this action.
Disburse - This action allows funds to be removed from a smart contract. If required, this action is initiated by Intersect as the administrator but requires approval from oversight before it is enacted.
Pause and Resume - Following off-chain processes to verify the completeness of milestones and delivery, Intersect, at its discretion, may pause and resume vendor payments as necessary. Where applicable, rationale can be provided as metadata.
SweepTreasury - This action is also enacted via a configurable timeout at an agreed-upon period after the treasury reserve contract has been completed. However, as the administrator, Intersect can undertake this action sooner should the need arise. It is permissioned at a higher level due to the potential effect it may have, effectively ensuring it is operated by two-person control to prevent erroneous actions.
Reorganize - This administrative action is undertaken by Intersect and requires oversight to checks before enactment, administering back-end management of the UTXOs which underpin the smart contracts. This permission does not affect funds.
3. Role and responsibilities of the Oversight Committee
The role of the Oversight Committee (OC) is to provide a check and balance on Intersect as an Administrator. The Oversight Committee is narrowly responsible for specific data assurance tasks as described below. All other permissions regarding any smart contracts and their functions are and will continue to be held by Intersect at all times. The OC should consist of at least 5 and at most 7 members, balancing the potential for conflicts of interest versus operational cost. Any OC member may withdraw from the role at any time. Intersect, acting reasonably and in the best interest of the Cardano Community may also remove a member of the OC. In the instance a member of the OC is removed or leaves, Intersect will work expeditiously to replace the removed member.
Intersect retains all liability for the vendor proposals contracts, including the responsibility of pausing and resuming all milestone payments. Nothing in this framework or the actions it envisages will transfer any of Intersect’s responsibility or liability to the OC.
Intersect and the members of the OC acknowledge that the OC is still a fairly new role within Intersects’ treasury withdrawal administration processes. As a result, it is to be expected that changes will be required moving forward. Intersect and the OC members will act in utmost good faith to work together to ensure solutions to any change requests. The OC will be notified of any changes to this framework via email; and where necessary meetings shall be held to discuss the changes. Oversight Committee members term is that of the Expiry of the Treasury Reserve Contract associated.
4. Oversight Committee Members’ Conflict of Interest
OC members should avoid any situations that could reasonably be seen as a conflict of interest with their Assurance Task — for example, also acting as a vendor in a PSSC — by disclosing and stepping back from decisions when possible and being open about any such situations.
Fund
Intersect
Yes
Yes
No
Modify
Intersect
Yes
Yes
Yes
Disburse
Intersect
Yes
Yes
Sometimes
Pause
Intersect
No
Yes
No
Resume
Intersect
No
Yes
No
SweepTreasury
Intersect
No
Yes
No
Reorganize
Intersect
Yes
No
No
5. Smart Contract Configuration
There are two types of smart contracts initially designed for managing treasury funds: a Treasury Reserve Contract (TRSC) and a Vendor Contract (PSSC), which are associated to a TRSC.
TRSCs hold funds withdrawn from the Cardano treasury
PSSCs hold funds intended for a specific vendor, for a specific project
Where practically possible Intersect will configure only one TRSC for its Administration role, and all PSSCs associated with that TRSC inherit the respective TRSC’s permissions, as described below.
Should additional TRSCs be required, the identical OC configuration will be configured for such TRSCs. The OC will be consulted on the creation of any additional TRSCs.
Smart Contract Actions and Permissions
In total, the two contracts allow for 13 separate actions, of which 7 are permissioned in the context of the Oversight Committee framework:
TRSC Fund - Vendor payment - Funding a project for a vendor with a set of delivery milestones
TRSC Disperse - Disbursing funds to an arbitrary address and datum
TRSC Sweep - Returns funds held at the treasury contract back to the cardano treasury (before contract expiry)
TRSC Reorganize - Send from and to treasury contract - for actions such as splitting and merging UTxOs
PSSC Pause - Pauses a specific milestone for a vendor, preventing it from being claimed in case of a dispute of delivered work
PSSC Resume - Resuming a paused milestone, after the dispute has been resolved
PSSC Modify - Modifying a project, with a vendors permission, to restructure the milestones or pay funds back to the treasury script
In all cases, actions must be initiated by Intersect. In the cases of Fund, Modify, Disburse, Pause, Resume and Sweep, Intersect has implemented a two step process where administration key(s) are used to initiate or create actions, but they will also require Senior Leadership Team (SLT) Key(s) as part of the permission set. This effectively adds two person control within the administrator as additional checks and balances on internal processes.
Overview of possible Actions and required thresholds per entity:
TRSC Fund
2 of 3
1 of 2
2 of 5
TRSC Disperse
2 of 3
ALL (2 of 2)
3 of 5
TRSC Sweep
1 of 3
1 of 2
Not required
TRSC Reorganize
2 of 3
Not required
3 of 5
PSSC Pause
2 of 3
1 of 2
Not required
PSSC Resume
2 of 3
1 of 2
Not required
PSSC Modify
2 of 3
1 of 2
2 of 5
A full description of the smart contracts can be found here, and a full description of the permission configurations can be found here.
Navigate to Your Support Center
Explore the Vendor, Assurer, and Community Support Centers to begin your journey.
Key Areas in this space
Last updated