Thanks @amanwithwings for facilitating this conversation.
Wave 1 of OBRA did see greater participation early on with participation waning toward the end of Wave 1, with SAFE delegates less active than they were in the beginning (broadly speaking). The Strategy Steering Committee should be able to make the process more efficient, better track process, and hold grantees accountable in a way that is more difficult for DAO participants to do. Looking forward to Wave 2!
Thoughts on Wave 1 Retrospective
With that said, I read through the retrospective and came to similar conclusions as others:
- Strategy 5: Increase governance participation. While this received the most interest and a significant amount of grants were awarded, these initiatives haven’t resulted in increased governance participation. I’d rather deprioritize this strategy and let the existing grantees create awareness about their output from Wave 1. Allocating more funding here when we haven’t seen results would be unwise. Increased governance participation would be great, but throwing more money behind it doesn’t make sense right now.
- Strategy 1: Research and implement Safe token utility. I haven’t see any deliverables from this strategy that have moved SAFE token utility forward to date. If additional funding is made available in Wave 2, it would be preferable if a tighter scope was defined, so we can attract grantees who are working in the same direction. Figuring out how we define SAFE utility is important, but I believe the scope for this strategy should be well defined.
- Strategy 4: Research decentralization of Safe tech stack. In light of the Bybit hack and other attacks targeting Safe signers, I think focusing on alternative decentralized frontends should be a major focus in Wave 2. Prioritizing grants that provide decentralized solutions for different audiences (i.e., retail and enterprise audiences) would be preferred.
That’s my primary feedback on the previous strategies. I was happy to see the Wildcard strategy act as a catch-all. If Strategy 2: Foster module ecosystem receives additional funding, it should be mandated that any grantee has to provide documentation to help signers verify what the module does and if it requires a delegate call, what behaviour to expect when simulating that transaction. Given the advice shared about delegate calls on Safe transactions, improving documentation to help signers verify transactions that involve a delegate call would be a major improvement for many Safe signers in our ecosystem.
Important Initiatives for Wave 2
There are many ways to tackle improved security within the Safe ecosystem. By making this a primary focus in Wave 2, we can strengthen the Safe community and set the onchain standard, as Safe has done many times before.
As others have noted, decentralization and security should be a core focus in Wave 2. If Safe is going to see mainstream adoption, we need to simplify the process of verifying what people are signing.
Creating a new strategy centred around security or folding security into Strategy 4 with additional funding would be ideal. This can include scope to build tooling to allow signers to verify transactions outside of the official Safe app, allocating funding to subsidize audit costs, bootstrapping bug bounty programs for the module ecosystem built on Safe, defining a standard OpSec process/certification for enterprise Safe signers, etc.
I also agree with @1a35e1 that fallback critical infra should be an important focus in Wave 2.
I’m keen to hear what other Safe Guardians have to say on how we can bring security improvements to the Safe ecosystem, as well.