What is a protocol treasury?
Treasuries are pools of cryptoassets which are used to fund public goods, or services for a specific blockchain-based project or protocol. They effectively operate as a ‘budget’ to further develop the offering and can be made up of a mix of the project’s own tokens, stablecoins and other cryptoassets. These funds are usually controlled by the project’s DAO (decentralised autonomous organisation) [which is often neither decentralised, nor autonomous but perhaps can at least be described as an organisation — which isn’t always a good thing when it comes to legal responsibility for token holders!) and the treasury is used to fund this DAO related activity.
Treasury Source of Wealth
The funds can be raised via a number of ways; creating a token for the project, seeking donations from the wider ecosystem, taking a percentage cut of activity from the network, or from external fundraising.
Some examples of treasury source of wealth are:
- Lido Finance: The liquid staking service generates funds for its treasury by splitting the 10% staking reward between node operators and the treasury.
- Decentraland: The popular metaverse sends 2.5% of sales from OpenSea and the Decentraland Marketplace into the treasury.
- Optimism: A layer 2 scaling solution for Ethereum which is directing the sequencer fee to a treasury which will fund public goods. This sequencer is responsible for ordering transactions and committing them to Ethereum.
- Arbitrum: Another layer 2 ecosystem, but which takes a different approach to filling up the treasury coffers. After the project launched, they did an airdrop for its ARB token, which saw a spike in price above $1.60 but which has now settled to around $1. As The arbitrum treasury is 100% ARB tokens, its current value stands at over $3.6billion.
Treasury Token Holdings
However, where a treasury consists predominantly of own tokens there is a risk that any decrease in the perceived value of the project could lead to a reduction in price for the token, or visa versa, and therefore a reduction in available funds from the treasury. As such, most projects will aim to split their treasury value across a number of different tokens — thereby diversifying and aiming to reduce the risk of a specific token pulling the value down.
One example of diversification is MakerDAO who’s community of token holders voted to cut UDSP holdings in the treasury from $500m to $0 in an effort to improve capital efficiency, and following regulator related activity against Paxos earlier in the year. Back in 2022 the community voted to allocate $500m of reserves to US treasuries and bonds in an effort to diversify holdings outside of pure crypto allocations. This has since increased to over $1b with much of the move diversifying out of USDC due to previous depegging events and concerns around censorship due to the ‘blacklister’ functionality which allows Circle, the issuer of USDC, to freeze funds if directed by law enforcement.
The challenges of significant own token backed treasuries can be seen with Near who had $1.1billion worth of funds in their reserves at the end of Q1 2023 but just $900m by the end of the next quarter, led by a notable reduction in the NEAR price which made up sizeable portion of their treasury.
Treasuries Spending
Many treasuries are used to fund public goods on their respective or related networks. Some examples of this are the $2m which was handed out to 39 academic Ethereum projects in July last year, the $5.3m of grants to Aave related projects and the 166 projects which have received grants from the Algorand Foundation’s treasury.
In addition, these treasuries can be used to pay members of the DAO or other people and companies for services related to the project. This could be for short term or one off pieces of work, or even longer running roles: https://daomatch.xyz/jobs
These funds could also be used to pay for related infrastructure, tooling and software which is used by the project in their line of business.
The above operational expenses are usually listed by DAO or project in real time stats or periodic reports.
One other use of treasury funds has been to make users whole after a hack. Curve Finance saw a $62m exploit and whilst they did see a portion of the funds returned by the hacker, they decided to use treasury coffers to make any users whole. Users who lost funds in the Rari Capital hack also (eventually) saw the same situation. So treasury funds are also being used as a backstop to losses in an attempt to give users confidence in case the dApp is exploited.
One further use of treasury funds but which sees a return rather than a net outflow, is staking. Many projects will stake the native assets in the treasury as a low risk way to earn yield for future activities.
Treasuries and Trust
One important factor for treasuries is the concept of trust — what’s to stop someone running off with the millions, or even billions, in the treasury?!
There are a few factors which DAOs and projects deploy to try to protect what can be a huge honeypot for attackers.
Transparency is a key element to help ensure trust in treasury management with many DAOs and projects releasing periodic transparency reports or real time monitoring and tracking for treasury funds.
Near releases quarterly Transparency Reports which shows a breakdown of treasury funds per asset as well as an analysis into the blockchain’s strategic performance and progress. Mantle, one of the largest treasuries in the ecosystem, has a website which details the current position of all treasuries as well as a list of all related transactions into or out from the reserves and linked proposals to showcase why the transaction was authorised.
Key management can be a contentious situation with some projects opting to have an elected collective who have control over treasury funds. One such case was the Wonderland DAO which found itself as headline news in early 2022 when it was revealed by online sleuth ZachXBT that a treasury holder had lied about his identity and was in fact the co-founder of defunct exchange QuadringaCX (who’s founder mysteriously died whilst in India and was the only holder of the exchange’s private keys — leading to a $250m hole). The community swiftly voted to remove him and the DAO control was eventually handed over to the community.
An alternative to this approach is that many treasuries are controlled by their respective DAOs which enables anyone with the governance token to vote on how funds are spent. However there have been documented cases where bad actors have infiltrated DAOs and, either quickly or over time, manipulated the communities or proposals to syphon treasury funds.
One such example was in May this year where an attacker submitted a proposal to the Tornado Cash DAO but which contained a code function that granted them fake votes and allowed them access to hundreds of ETH and hundreds of thousands of the native token TORN. Another example last year saw almost $500m of funds stolen from the Build Finance treasury where an attacker put forward and voted for their own proposal, and since there weren’t sufficient countervotes, drained funds. These governance style attacks, also known as hostile takeover attacks, are particularly effective against DAO controlled treasuries with low voting turnouts or with cheaper governance tokens, since the attacker is able to amass a controlling vote.
One notable treasury attack earlier this year was not the fault of poor key management or a governance attack — instead it involved a spreadsheet! The PeopleDAO hack in March this year saw an ingenious hacker enter a row in the project’s googlesheets-held payroll but made it invisible so it was only discovered when the 76ETH payout was processed. This therefore bypassed the DAO’s multi-sig wallet signer set up and cold storage of the funds and showcases the fragility in allowing anyone to simply enter their requested payroll payment!
Treasuries will continue to be a key source of funding and risk for many projects, DAO controlled or otherwise, and with total treasuries now standing at over $20billion it’s no wonder criminals see them as an attractive attack point: https://deepdao.io/organizations
Originally published at https://www.linkedin.com.
