The Beanstalk Community Multisig (BCM) custodies ownership of the Beanstalk contract. The BCM has the exclusive ability upgrade Beanstalk. In the future, it is expected that BIPs will remove governance entirely, revoking these abilities from the BCM.
Beanstalk Community Multisig Safe address: 0xDd5b31E73dB1c566Ca09e1F1f74Df34913DaaF69
The Beanstalk contract is guarded by a 5-of-9 multisig. This means any changes to the Beanstalk contract must be approved by at least 5 of the 9 signers.
Publius currently holds 1 of the 9 keys on the BCM. The identities of the remaining signers are anonymous per #anonymous-signers.
See the BCM Verification page for more information on how the BCM is verifying transactions.
07/20/24
07/26/24
05/30/24
10/04/24
10/02/24
05/30/24
07/25/24
10/04/24
10/05/24
Signers hashes are published from 0x925753106fcdb6d2f30c3db295328a0a1c5fd1d1, the address that Publius used to deploy Beanstalk on August 6, 2021.
A robust decentralized governance mechanism must balance the principles of decentralization with resistance to attempted protocol changes, both malicious and ignorant, and the ability to quickly adapt to changing information. In practice, Beanstalk must balance ensuring sufficient time for all ecosystem participants to consider a Beanstalk Improvement Proposal (BIP) with the ability to be quickly upgraded in cases of emergency.
Prior to Beanstalk’s April 17, 2022 exploit, Beanstalk Improvement Proposals (BIPs) were entirely on-chain and autonomous. However, after the exploit, Beanstalk was Paused and the ability to propose BIPs on-chain halted. Until governance is removed entirely, BIPs will be voted on off-chain via Snapshot and will be executed on-chain by the Beanstalk Community Multisig (BCM). Stalkholders are able to vote on BIPs via Snapshot.
BIPs are proposed on the Beanstalk DAO Snapshot page. Stalkholders can vote on BIPs on the Beanstalk UI Governance page. Past BIPs can be read here.
Anyone can become a Stalkholder and participate in Beanstalk governance by Depositing whitelisted assets in the Silo to earn Stalk.
A Stalkholder’s voting power is proportional to their Stalk balance relative to the total Stalk supply. Any Stalkholder can vote For or Against on any BIP. A Stalkholder's vote for a given proposal is counted as their Stalk at the beginning of the Voting Period that still exists. Stalkholders have the ability to delegate their vote to any other user.
Any Stalkholder that owns more than 0.1% of total outstanding Stalk can submit a BIP per the #bip-proposal-process. The submitter of a BIP must still own more than 0.1% of Stalk at the end of the Voting Period for the BIP to be able to pass.
The Voting Period opens when the Snapshot proposal for a BIP can be voted on and ends 7 days later or when it is committed with a supermajority.
If at the end of the Voting Period:
Less than or equal to one-third of the total outstanding Stalk, plus the amount of Stalk voting Against, is voting For, it fails, or
More than one-third of the total outstanding Stalk, plus the amount of Stalk voting Against, is voting For, or more than half of total outstanding Stalk is voting For, it passes.
If at any time 24 hours or more after the beginning and before the end of the Voting Period more than two-thirds of the total outstanding Stalk is voting in favor of the BIP, the BCM can execute the BIP on-chain.
Beanstalk governance is designed to move slow and steady. When trying to become an issuer of money, the potential for rapid monetary policy changes is unattractive. By requiring more than one-third of Stalk to vote in favor of a BIP for it to pass, it is quite difficult for a BIP to pass. Therefore, unless the proposed change is significantly preferred by Stalkholders, it is unlikely to pass.
In case of a particularly dangerous vulnerability to Beanstalk, the BCM can Pause Beanstalk without a Snapshot. You can read more about which actions the BCM can take without a Snapshot proposal here. The Beanstalk DAO can also Pause Beanstalk via BIP.
When Paused, Beanstalk does not accept a gm
function call. Once Unpaused, the gm
function can be called at the beginning of the next hour.
The BCM address has the exclusive and unilateral ability to Pause or Unpause Beanstalk, and commit a BIP. In the future, it is expected that BIPs will remove governance entirely, revoking these abilities from the BCM. You can read more about the BCM here.
The Beanstalk Immunefi Committee (BIC) has the exclusive ability to determine the categorization and payout of bug bounties in accordance with the bug bounty program structure approved by the DAO. BIC members serve as signers on the BICM. The BICM is deployed using Safe. Its m-of-n configuration is currently 4-of-7 on Arbitrum.
See BIC Process for more information.
Beanstalk Community Multisig Safe address: 0x390b023d316c2e92dd96A9bcC7fAe8dB12A2fBC1
The current BICM signers are as follows, in no particular order:
aloceros
Brean
Chaikitty
deadmanwalking
funderberker
mod323
pizzaman1337
The following Farmers serve as backups for the BICM, in no particular order:
uncoolzero
MrMochi
guy
Rotating members (to a backup member listed here) on the BIC requires a majority vote of the BIC, for which a Snapshot proposal is not necessary.
Total to Whitehats: 1,536,350 Beans
Total to Immunefi: 138,335 Beans (excluding the annual Immunefi subscription fee beginning after BIP-41)
Remaining in Immunefi Vault: 2,447,000 Beans
Bugs found: 21
7,500
750
11,000
1,100
181,850
18,185
10,000
1,000
100,000
-
10,000
1,000
1,100,000
110,000
1,000
100
1,000
100
1,000
100
50,000
5,000
10,000
1,000