This page outlines our implemented protocols for timely response to urgent matters in the Threshold DAO Committee, like bug bounties security reports and time-sensitive multisig transactions. It ensures the DAO's operational efficiency and security while recognizing the global distribution of our 9 members (6 paid, 3 volunteers). The goal is to balance responsiveness with member well-being and anonymity.

TC Comments on requirements :

Johns suggested validating person reporting bug i.e 2 sources Discord and Telegram to confirm person reporting bug is genuine and has not been compromised.

Purpose

This protocol provides guidelines for handling urgent matters requiring multisig action within 12/24/48 hours(TBD), such as verified bug bounties or exploits. It addresses our global time zones (Americas, Europe, Asia,Australia) and multisig types.

Definitions

• Urgent Matter: Any issue requiring multisig action within 12/24/48 hours, such as verified bug bounties or exploits.
• On-Call Rotator?: A subset of members assigned to monitor and respond during a rotation period.
• Multisig Thresholds: 5/9 for treasury management across chains; 6/9 for smart contract ownership purposes (e.g., pause or upgrade actions).

Roles and Responsibilities

We've designed this for autonomous DAO operations without a dedicated coordinator. All tasks are shared via collaborative tools (auto-reminders in calendars). The system could run on self-assignment and peer accountability, in case of a bug report or urgent matter posted in the critical Telegram channel, any available member self-assigns by updating the shared calendar, which auto-triggers updates/notifications to others via integrated email or PagerDuty.

• All Members:

  • Maintain access to approved alert channels and respond within 2 hours if notified (acknowledging receipt and availability to sign). This 2-hour response window is enforced to ensure we're never more than 2 hours away from mobilizing signers, even accounting for sleep schedules (global coverage means someone is always awake).
  • To enforce the 2-hour response: Acknowledge alerts promptly via the tool's features ("ack" in PagerDuty or reply in Telegram).
  • Adjust personal schedules for on-call shifts (avoid shifts during sleep/vacation); self-notify the group 24 hours ahead via the shared calendar if away or embarking a long flight or unnavailable signer.
  • Gas Requirements: Maintain a minimum gas balance in signing wallets.(TBD) The DAO reimburses via a monthly transaction.

• On-Call Team (TBD):

  • 4 members per weekly rotation (at least 3 paid), selected to cover major time zones.
  • Rotation Management : Use the shared Google Calendar or Notion database for self-signups.

  Assignments are posted 2 weeks in advance via auto-reminders (Google/Zapier?)

  Paid members prioritize ~70% of shifts; volunteers opt-in. In case of an urgent bug report posted in the critical Telegram channel, any member can self-assign or update the calendar on-the-fly (i.e add themselves as a potential signer), triggering auto-updates to all via email integration or PagerDuty sync.

Alert and Notification System

Focus should be on simple, automated tools for redundancy. Setups are complete and shared: Access is distributed so any member can maintain them.

• Primary Channels:
  • Telegram Notifications: Primary for all-members alerts and incident posting. Bug reports posted here allow any member to self-assign/update the calendar, which auto-sends email/PagerDuty updates.
  • Email Alerts: To all for high-urgency, via dedicated inbox (urgent@thresholddao.com) with forwards and "[URGENT]" subjects. Integrated with calendar for auto-emails on updates (Google Apps Script or Zapier).
• Autonomous Enhancements:
  • Automate with Zapier: Connect Telegram posts → Update calendar → Trigger PagerDuty/email to members. ( To be explored for tests )
  • Anonymity-friendly: Session Messenger as backup (no phone numbers, encrypted) for chats.

Response Process

1. Intake: Submit urgent reports via post directly in the critical Telegram channel. First member seeing alert triggers event in Google Calendar to all/on-call team.