[SCP-TBD] Handover of account ownership and administration to the DAO

Summary

The Fox Foundation currently administers several accounts on behalf of the DAO. Where possible, the Foundation would like to turn these accounts over to be fully controlled by trusted DAO members. This will not impact billing in any manner, but will be a step toward moving the DAO towards retaining more control of the related accounts and the Foundation relinquishing control and responsibilities.

Abstract

The Fox Foundation will create and fund a 1password account to store credentials to the below enumerated accounts. The 1password account will be paid for by the Fox Foundation for one year and access to the 1password account will be delegated to the signers of the Shapeshift DAO’s multisig and any workstream leader that has tenure greater than 1 year. The Fox Foundation will retain access to any paid account solely for billing purposes and will relinquish any oversight or administrative roles otherwise associated with the accounts.

Motivation

To continually move the Shapeshift DAO towards self sufficiency and the eventual wind down of the Fox Foundation.

Specification

The following accounts will be transferred to the full control of the DAO:

  1. Npmjs
  2. shapeshiftdao
  3. shapeshiftoss
  4. Twitter
  5. Facebook
  6. Instagram
  7. Medium
  8. YouTube
  9. Sprout Social
  10. Notion
  11. Weglot
  12. Fleek
  13. WalletConnect
  14. previously approved by governance, but still awaiting their gnosis safe integration, expected early next year.

The following accounts will be retained by the foundation for now:

  1. Cloudflare
  2. Apple App store
  3. Google Play store
  4. AWS
  5. GoDaddy
  6. TechGDPR
  7. CoinGecko
  8. Infura
  9. Autopilot

Any changes to the accounts in the DAO’s control that will impact billing or costs will need to be pro-actively communicated to the Foundation who will retain the right to approve or reject the requested changes. Any costs that arise from unauthorized changes will be reimbursed by the DAO directly back to the Foundation in USDC within 30 days.

Additional access needed for DAO contributors will be the responsibility of the trusted DAO members who are owners of the 1password vault. While trusted DAO members will be responsible for granting community members user-level access to any of these services, Sensitive Credentials should never be shared outside of the group. Sensitive Credentials are defined as any account which has permission to revoke or change access of other DAO members, and which control a system or service that falls into one or more of these categories:

  • Ability to move DAO funds
  • Ability to present any cryptocurrency addresses to any user

Ability to rewrite content on ShapeShift properties (i.e. shapeshift.com

  • domain or similar)
  • Ability to speak to the world on behalf of the DAO (i.e. Twitter, Facebook, etc.)

To minimize the risk of accounts being compromised, each Trusted DAO member will be responsible for adhering to the Password guidelines found here.

Benefits

  • Move the DAO one step closer to self sufficiency
  • Additional decentralization of control away from a corporate entity
  • Allows the DAO to experience any complications that arise from this set up with relatively low risk to see if another solution is needed.

Drawbacks

  • Additional administrative burden on trusted workstream leaders and multisig signers
  • DAO would be financially responsible if changes are made without communication with the foundation or maliciously by a bad actor.