Ironwood

by Drosera

Empower best-in-class risk management for SAFE builders asset managers

Previous Discussion

Provide links to any relevant previous discussion

Role Based Access Control Pilot

Abstract

Provide a brief summary of your initiative

Previously intended as a proposal for Obra, this is a proposal to integrate Drosera decentralized incident response via a Safe Zodiac Module. Codenamed Ironwood and developed as a public good, our solution will allow for Safe builders and users to operate on Ethereum with better security and scale.

For aligned strategies, this proposal would have covered the following strategy goals of Obra:

Strategy 2: Foster Module Ecosystem

Strategy 3: Increase awareness of Safe Ecosystem

Strategy 4: Research decentralization of Safe tech stack

Funding request:

What resources are being requested from SafeDAO in USDC?

150.000 USDC

Relation to budget:

State the requested funding as a percentage of the total initiative budget (e.g. if you ask for 50k for Strategy 1: 25%)*

Historically this proposal would have been allocated under Obra, but as Obra is currently paused, we have decided to take this to the DAO as a separate initiative.

Metrics and KPIs:

Which metrics and KPIs will the initiative be measured against?*

1. Increase in TVL in Safes with Roles Mod (Roles) enabled
2. Increase recognition of Safe as being capable of institutional grade risk management
3. Increase in Total number of Safes with Trap Enhanced Roles enabled
4. Increase in developer engagement with Roles

Initiative description:

What is the initiative about?

Ironwood–the Defense Layer for Safe

Real-Time Protection for On-Chain Assets in Safe

Drosera provides a suit of powerful smart contracts on Ethereum that do many things including mitigate on-chain risk events in real-time. Our solution stands apart by avoiding transaction censorship, preserving DeFi composability and maintaining protocol sovereignty.

1322×1004 29.1 KB

Advanced Risk Protection

Our technology allows builders to proactively automate security measures, safeguarding against:

• Smart Contract Vulnerabilities: Immediate protection against exploits and security breaches
• Macroeconomic Threats: Defense against asset decompositions such as de-pegs
• Dependency Failures: Protection from disruptions to bridges, oracles, and other critical infrastructure
• Continuous Monitoring: 24/7 real-time blockchain surveillance with proprietary risk detection
• Rapid Implementation: Deployable within 24 hours for immediate protection

Strategic Partnership with Safe & Gnosis Guild

In collaboration with Gnosis Guild, Drosera proposes the Ironwood trapset to extend Safe’s core functionality by developing specialized mods for integration within the Zodiac modular tool suite. This partnership will:

1. Expand the toolset available to vault operators and asset managers using Safe
2. Enhance Safe’s visibility as an institutional-grade custody solution
3. Increase Safe wallet TVL through native integration of Drosera Traps with the Roles Mod

Our implementation enables Safe owners to deploy customized Traps that continuously monitor positions and automatically execute capital withdrawals when risk events are detected.

With this modification any user or builder on Safe will be able to operate on Ethereum with a decentralized response system, that they can configure on top independently of Drosera, inc., with tools that can even potentially prevent recent pitfalls in social engineering risk management in the Safe ecosystem.

Development Timeline

The project is scheduled to commence during the June sprint or 4 weeks after ratification of this proposal and will be completed following the Drosera mainnet launch. The duration is initially slated to last 16 weeks, but we may come back to the DAO for extensions in the event more features are requested, or if technical hurdles emerge in developing a best-in-class product for the Safe community.

Proven Effectiveness

Drosera allows for anyone to build off-chain smart contracts with just solidity, this means we can prove how a Drosera Trap triggers by creating Forge tests to simulate scenarios. We have prepared a set of examples showing how users can detect scenarios related to exploits, risk, or anything. These examples show Drosera Traps being used for the Nomad hack, Inverse finance hack, Euler hack, Prisma hack, and a few others. With Drosera integration, every Safe user gains access to institutional-grade risk management for their DeFi activities.

Here is the example repo showing simulations with Drosera.

Drosera reactive smart contracts have other use cases. We’ve created a chess game to be able to showcase these capabilities at chess.drosera.io.

Here is how this game works:

1. Chess moves are proposed on-chain (on Ethereum)
2. Instead of validating each move on-chain (which would be extremely gas-intensive)
3. Drosera traps operate off-chain to validate moves in solidity/EVM
4. Operators in the trap network reach consensus about move validity
5. Only the validated result is pushed back on-chain

This architecture gives you the security and permanence benefits of blockchain while avoiding the prohibitive gas costs that would come with doing all chess move validation directly on-chain.
Below is a diagram showing an example of how Drosera Traps can be used with the Euler exploit:

666×1346 42.6 KB

Current status:

Does the offering (product/service) already exist or is the funding used to create it?

Currently no. This proposal was initially slated to be part of Obra, but with the closure of the funding, and in consultation with Gnosis Guild, we choose to take this approach instead, going directly to the DAO for the immediate benefit to the community.

Risks:

What risks does the initiative entail?

The obvious risks involved are implementation and execution risks. Given our years of experience building in the security space and the years of Gnosis Guild developing secure Zodiac modules, we find these risks minimal.

Additionally, all incident response actions performed by a Drosera Trap are verifiable due to Drosera’s use of RiscZero’s zkVM to prove that an incident occurred based on the solidity implementation of the Drosera Trap.

Timeline and milestones:

Provide a detailed timeline or roadmap, include key milestones

Initiative lead:

Who is the accountable initiative lead? (individual or organization)

Drosera Network with support from Gnosis Guild

Team:

How many individuals in total will be working on this initiative and what role do they have? Please provide a brief background of the team members, highlighting their relevant experience and expertise.

Drosera, inc. would assign one product specialist and two engineers to this initiative expected to last 16 weeks.

Here is the biography of Drosera, inc.’s founding team:

Fernando Reyes Jr. (FDR) Founder & CEO

Fernando is a decorated U.S. Army Cyber Command veteran and NSA-trained cyber operator with expertise in threat emulation and malware reverse engineering. A graduate of MIT’s Cybersecurity program, he’s served as CISO and Security Advisor for over 50 DeFi protocols across EVM, Dotsama, Cosmos, and Solana. He’s built security programs that have protected over $100B in assets and driven $5M+ in revenue, making him a leading force in crypto cybersecurity.

Samuel Glenn (Boba) Co-founder & CTO

Sam brings 7 years of experience in GPS and embedded hardware from Rockwell Collins, Collins Aerospace, and BAE Systems, where he led critical military software projects. He entered crypto in 2017 and built an advanced flashloan arbitrage bot during DeFi Summer. Sam later transitioned into engineering internal monitoring and detection systems across Ethereum, Dotsama, and Cosmos, combining precision engineering with deep blockchain expertise.

Jacob Veal (Kratos) Founding Engineer

Jacob is a seasoned crypto engineer with 5+ years of experience. At BitGo, he led R&D initiatives and helped integrate MetaMask Institutional. He also spearheaded the Harbor wallet, targeting DeFi and NFT markets, and developed advanced MEV/arbitrage algorithms. A multiple-time ETHGlobal bounty winner, Jacob brings deep technical expertise and a strong product-driven mindset to the team.

Additional support/resources:

Are there any resources (non-financial) requested from the Safe Ecosystem Foundation or the core contributors?

None

Implementation dependencies:

Does the implementation of this initiative require any prior changes in the current governance processes, e.g., updates to the governance framework, or have any other dependency? If yes, please specify these. Note that the funding of the initiative will be dependent on the approval and (if needed) successful implementation of such necessary governance modifications or any other dependency.

This proposal has no dependencies.

Hey @zeroknowledgeGC, welcome to the forum! Really exciting to see this proposal - I think it is headed in a positive direction overall. However, I doubt if it makes sense for SafeDAO to fund this right now.

I do think that this service has the potential to evolve into something valuable with a successful business model. People will pay for added security. I would urge you to explore that option and if it still needs a grant, make payments contingent on KPIs. A payment structure to develop something without downside or upside on how that product performs is not good incentive alignment. Especially from the DAO’s PoV, Drosera is still very new and we do not have any data points on how user-friendly this set up is going to be in practice or how much demand it’ll generate. Clearer demand signals and higher justification needs to be present as this ask is outside of DAO programs and their mechanisms for guidance and quality control does not directly apply.

Secondly, I also don’t think its good timing for the DAO to fund another improvement on top of Roles. Gnosis Guild is just wrapping up an OBRA initiative on user-friendly role generation (as you also linked in your proposal). Doubling down on a product/direction requires a strong signal from the community and I think we should wait for that before allocating more capital in the same direction.

The budget breakdown is also pretty very weak imo. Going through your docs, I fail to see why setting up custom Traps through Roles should cost 150,000 USDC to develop. Isn’t the whole point of Drosera making it easier to build something like this?

Thank you for your prompt and thoughtful response to our grant proposal. I genuinely appreciate your critique and feedback, as this is precisely the value of open source governance—allowing proposals to undergo public rigor and analysis before the community makes its decision through voting.

I’d like to address the points you raised while clarifying some aspects of our proposal:

There is significant demand for robust monitoring solutions in the Safe ecosystem. Currently, Safe users who want proper monitoring must resort to centralized services costing a minimum of $30,000 per year. These solutions require asset holders to place substantial trust in centralized monitoring providers—something that runs counter to the ethos of decentralization that Safe represents.

Our proposal would deliver a basic monitoring solution available out-of-the-box for all Safe users. This would be a public good, accessible to anyone using Safe, not just those who can afford expensive centralized monitoring services.

A key differentiator of Drosera’s approach is that our monitoring contracts are deployed verified. Unlike centralized solutions, our verified and composable approach allows Safe builders to enhance or modify our solution without our involvement or knowledge. You can immediately verify the effectiveness of our solution, and we would welcome a contingency clause in the grant stipulating that any solution developed for the Safe community must be formally verified as effective.

While Drosera may be new as a product, we already have over 20,000 builders deploying traps in our Ethereum testnet solution at app.drosera.io, with significant growth expected in the coming months. Our team brings the engineering rigor of former U.S. Military engineers, and we’re backed by Greenfield Capital—a principal backer of Gnosis Safe.

One of Drosera’s founders previously established Groom Lake, which has conducted asset recovery and prevention operations against the Lazarus Group annually. We’ve experienced firsthand how extraordinarily expensive and difficult recovery operations can be, which is precisely why Drosera was built—to prevent these incidents from happening in the first place.

Our proposal centers on developing basic monitoring capabilities available out-of-the-box for any Safe user, enabled via Zodiac with a simple button click. This solution was requested by the community to be a DAO proposal, embodying the collaborative spirit of open source development.

Regarding the budget, our request was based on thorough resourcing estimates, though we’re certainly open to reducing scope if needed. The critical point is that once developed, the community will have this solution as a public good.

I strongly believe we should move forward with a vote sooner rather than later. As assets in Safe continue to appreciate in value, they become increasingly attractive targets for entities like the Lazarus Group, who won’t wait for governance processes to conclude before striking again.

Ultimately, we believe in the wisdom of the collective. We’ve presented our proposal with transparency and good faith, and we’re comfortable letting the community decide whether this security enhancement represents a worthwhile investment for the ecosystem’s future. After all, that’s the beauty of decentralized governance—the power to prioritize resources lies with those who have the most at stake.

Which DAO do you mean?

That’s a typo should the solution was requested by the community to be a DAO proposal.

The ability to monitor and immediately respond to onchain risks, in an automated and institutional-grade way, would be a huge unlock for the Safe ecosystem.

Gnosis Guild is happy to support Drosera’s decentralized and real-time risk management infrastructure. We’ll advise on the Zodiac Roles integration to ensure Drosera traps can execute securely permissioned transactions.

As a guardian with sufficient voting power, I believe this proposal is ready to move to a vote!

Thank you for presenting on the governance call yesterday! After some internal discussions within SEF, I’m posting here a few questions we’d like more clarity on:

1. First is a general remark on Drosera’s infancy. The product is still in testnet, and we do not have any data on its performance or ease of use in a high-stakes situation. As Drosera has not been stress-tested yet, we wonder whether this is good timing, especially as the requested budget is significant.

2. There is a lack of clarity on the actual deliverables and the assumptions made around them.

   From the proposal text, the deliverable appears to be a Zodiac module. How was this decision made versus a Safe App? Given the present usage metrics as well as Zodiac’s UX, whom does the Drosera team believe is the right user profile for the module? Will the solution allow users to create custom traps or enable predefined traps? If yes, what market research has Drosera done to decide which traps are useful for which Safe users?

   We see a ton of assumptions made here without any data being shared.

3. We see no plausible reason why this initiative cannot be scaled down by an order of magnitude. This would allow Drosera to focus on a highly useful trap while affording SafeDAO time to judge the efficiency of the solution.

   Note that the DAO does not have a BD/marketing team to increase the usage of Drosera’s solution, nor is it fair to pass on that responsibility to Safe Labs. As the one pitching this initiative, it is Drosera’s responsibility to both build it and increase its adoption. However, the grant is structured in a way that does not incentivize user growth.

4. How does the DAO judge whether or not this initiative was successful?

   Given Drosera makes trap building easy, and Zodiac makes module building easy, we do not understand why $150k is needed for dev work. We would even advise making the entire payout contingent on KPIs — for example, $10k for every $10M in assets and 1000 users protected by the traps. Even then, Drosera would only need to protect $150 M worth of assets to access the $150k grant amount, which is a fraction of the total TVL on Safe.

Thank you for taking the time to review our proposal and share your concerns. I appreciate the thoughtful questions, and I’d like to address each of your points directly:

On Drosera Being “New”

While Drosera is indeed a newer protocol, we’re leveraging state-of-the-art technology and are backed by the same investors who supported Safe. The “newness” concern reminds me of asking whether you’d decline to fly an F-35 over an F-22 simply because it’s newer - sometimes cutting-edge technology represents genuine advancement.

More importantly, we take security extremely seriously. By launch, we will have undergone 5 comprehensive audits with some of the most reputable firms in the web3 space. This isn’t typical for most projects, but we’re determined to offer the highest quality and security standards to the community from day one.

On Proposal Goals and Audience

You raise an excellent point about balancing sophistication with usability. We will leverage Zodiac’s technology as a key primitive to enabling our build-out for Safe. Our goal is to build a comprehensive front-end solution designed for widely applicable use cases.

Our vision is simple: every entity and person that uses Safe for their money (including ourselves!) should be able to use this protection. We understand that sophisticated users will naturally want more customizability, and we’ll provide that. However, we’re also committed to offering standard security use cases out-of-the-box for everyday users.

This includes ready-made protections against recent exploits that have affected Safe users - making institutional-grade security accessible to everyone, not just technical experts.

On Ownership and Benefit Distribution

I think my words during our call may not have come across clearly, so let me clarify: Safe DAO will absolutely be able to reap the rewards from this build-out. However, the benefits extend beyond just the DAO - multiple teams in the Safe Ecosystem will benefit from this work.

Our work will be a public good for Safe, owned by the DAO. Drosera, as a venture-backed company (backed by the same investors who support Safe), will continue to enhance and develop the product. This creates a sustainable model where the DAO owns the foundational technology while ensuring ongoing development and support.

On Value and Community Choice

We believe that having better security out-of-the-box for the Safe community is genuinely priceless. Our private discussions with stakeholders have been encouraging, showing strong interest in developing these nuanced security tools.

The best metric for success will be the number of traps deployed - this directly reflects community adoption and value creation. We’re flexible on scope and happy to scale down our proposal and resources if the community prefers a more conservative approach. However, we’ve also heard feedback that the DAO should be more aggressive in enabling innovations like this.

Ultimately, this choice should belong to the community. We’re presenting what we believe is a compelling opportunity to give every Safe user access to institutional-grade risk management, but we respect whatever decision the DAO makes.