Grant Misuse Reporting Process

Index

Optimism Grant Misuse Reporting Process

In decentralised ecosystems it can be hard to stay on top of Grant usage and milestone execution. It is important that grant recipients are accountable to the Collective in order for Optimism to maintain a sustainable & healthy governance system.

As the Optimism ecosystem expands there will be (and has been) a growing need to be able to find, track and call out these Grant Misuses. This process is intended to help the reporting community members (”Reporters”) to come forward with objective evidence based reports of Grant misuses in a safe and objective way.

This is the first iteration of this process, and the process will evolve with each season (much like everything else) to support the Optimism Collective’s needs.

What is the Grant Misuse Reporting Process?

Reporters reveal information about or bring attention to potential misuse of Collective Grants.

These Reports ARE anonymous. Reporters need to use accounts that are not associated with their real identity (Reporters are responsible for maintaining their own anonymity). Reports and evidence provided should be trustless. The Reporter should be inconsequential to the report as the evidence provided should be undeniable.

In line with this, only onchain actions can be reported through this process (see Validation Requirements). If you are looking to report someone for non Grant related offchain behaviour, please see the Rules of Engagement.

Where a Report is determined to be valid and enforceable, the penalty will be for both the Project (team or dapp) and the founding members listed in the Grant to be recorded in a public “Misuse Reports Database” labeled under the severity of Misuse (see Definitions). This will allow Delegates, Badgeholders & Citizens to make informed decisions on future grants.

Definitions

For the purpose of this process we use the following definitions:

  • Team: The group, individual or project team that received the Grant.
  • Commitment: The agreement or formal representations and public commitments the Team used to receive granted tokens or be allocated tokens (see Scope of Process).
  • Misuse: In this process, the term “misuse” is defined in levels of severity, starting from least severe to the most. Misuse must be in relation to a Commitment. Only Grants made from March 2023 onward can be reported in this system.
    • Failure to meet Critical Milestones: The Grants Council is responsible for checking critical Milestone completions. As such, failure to meet Milestones is NOT in scope of misuse. The sole exception to this are Season 4 Missions (which are out of scope for the Grants Council), which may be reported for “Missing Milestone(s)”.
    • Breaking Commitments: Using tokens differently from Commitments is against the grant policies.
      • Minor violations: Where meaningful, good faith steps have been taken to execute on the Commitments consistent with their spirit, but Commitments are still breached, the Grantee has committed a “minor violation” — i.e., a mild deviation on the specified execution plan.
        • An example of this could look like changing execution plans (in line with the spirt of Commitments) but without approval from the Collective or the applicable Committee. A specific example could be changing the mechanism for sending tokens out in a user incentive campaign (like changing the number of users in a program, or the criteria for a competition, in a way that is still in line with the goal of the associated Commitments).
      • Severe violations: The scope of severe Commitment violations should be limited to the following:
        • Taking no action towards using tokens as defined in the associated Commitments (according to the timeline specified in the Commitment, or after 6 months).
        • Using tokens for actions well outside of the scope of the associated Commitments. Actions that constitute “well outside the scope” are actions that were not defined in the Commitments, or are substantial and impactful deviations from the specified execution plan in the Commitments.
          • A specific example could be changing the target, so if the grant was originally targeting end users but is now being used for a partnership, or was originally for development of a feature or integration but the grant is now being used for user incentives.
        • Using bots or other manipulative means to fulfil Milestones, or otherwise inflate metrics or mislead the Collective in terms of the Teams progress towards execution.
    • No Sale Violation: Violation of the no sale policy, from the date of implementation (March 2023) forward. Please see the “No Sale Policy” in the Grant Policies for specifics.
    • Scamming or Rugs: There are a few definitions of scamming:
      • Note that scams or rugs MUST have received or applied for a Grant from The Optimism Collective to be covered under this process. See “Report Criteria” for more info.
      • Scamming users, or using tokens to scam users. Scamming meaning taking user or Collective assets without providing advertised services, or taking more assets than agreed on (also called “draining” a wallet).
      • Applying for a Grant/Mission with a fake project or team, impersonating a team and other activity taken to intentionally mislead the Collective or community (e.g: serial scammers).

Scope of Process

This Reporting Process only covers grants made, and corresponding tokens allocated, by the Optimism Token House. For example, RetroPGF recipients are currently outside the scope of this process (in their capacity as such). The scope may expand to include other programs in the future.

Report Criteria

The following criteria set aims to ensure reports are relevant to the ecosystem, while balancing potential process abuse or spam.

  1. The project, individual, or accused action MUST have taken place on the Optimism network AND with tokens granted by the Optimism Token House.
    1. While scams and other abuses, wherever they may take place, are regrettable, this Reporting Process is not designed to capture everything all at once.
  2. The Grant Misuse amount in question MUST be equal to or more than 50k OP or $50k USD if not denominated in OP.
    1. This minimum is for the amount that has been misused, not the total grant amount. Handling Reports is a time consuming process and should be taken seriously, given it may involve accusations that go to the reputation and credibility of a grant recipient.
  3. The activity MUST have taken place onchain, AND be provable onchain.
    1. Reports need to meet a high level of objective proof. Sadly, off chain activities are incredibly difficult to prove in a trustless manner, and introduce significant amounts of subjectivity. Note that additional offchain evidence (such as messages) can be used to supplement a claim, but the main evidence for a claim MUST be onchain.
  4. Information provided MUST be publicly verifiable.
    1. If you do submit screenshots of messages, one should be able to verify it. For example, a screen shot of a Discord server messages are verifiable, DM messages are not.
  5. The action MUST have taken place in the last 12 months.
    1. Reports should be lively. Reports on Grant Misuse activities that took place far in the past can create uncertainty and duplication, while bogging down the Report evaluation system.
  6. The action MUST not already have an active or already reviewed Report.
    1. If there is an existing Report please add your evidence to that report. New reports on existing topics will get rejected.
    2. If the matter being Reported has already been reported and resolved (regardless of the outcome), the matter will be considered “closed” for the purposes of this process, and cannot be reopened by a new Report.

Grant Misuse Report Process

Note: Keep in mind that this Reporting process does not protect you against any legal commitments (such as confidentiality) or obligations (not to defame) that you may have in the context of the information you choose to submit in your Reports.

Process Overview

  1. The Report is posted in the Governance Form under “Grant Misuse Reports”. The Report will be unlisted (private) for a maximum of 3 days while it is checked.
    1. During this Hold Period (the first 3 days after the report is submitted) the report is checked and the accused is attempted to be notified.
      1. Report Checking: The report MUST conform to the template provided in this document. Reports that do not follow the template will be rejected irrespective of report validity. Reports can be resubmitted to conform with the template.
      2. Accused notification: During the Hold Period the accused will be sent the report and given opportunity to respond on the forum. This window of time closes irrespective of if the accused reads the communication. Accused will be notified via a reasonable medium (i.e email, Discord, Discourse, etc, whatever communication line was provided in the original Grant) by an official Optimism account.
  2. Report posted publicly.
    1. After the Hold Period the report is filed publicly in the governance forum under the “Grant Misuse Reports” section.
  3. The Report is validated publicly over a maximum of 6 weeks (see Report Validation for details).
    1. During the Validation phase the Reporter may be asked to provide further detail or clarify points. This MUST all happen publicly. Attempts to DM the Reporter will be considered as acting with hostility. In turn, the Reporter may NOT DM the accused, as this will also be seen as acting with hostility.
    2. Hostility towards or attacks against a good faith Reporter will be considered a Severe Violation of the Rules of Engagement and may result in the infringer’s removal from Optimism platforms. See the Rules of Engagement for more info.
  4. Outcome of a report.
    1. If the report is validated, the Team (group, individual or project team that received the grant) are added to the “Misuse Reports Database”.
    2. If the report fails validation the report is noted as invalid, but no further action is taken against the team or Reporter and nothing is added to the database.

Considerations When Making a Report

The process for submitting a Report is relatively straightforward.

Create a doc with the template provided later in this document. Ensure every claim has a transaction or supplementary evidence, and that your report follows the Report Criteria, and meets the specified Misuse Definition. Make sure your report is clear and as simple to follow as possible.

All reports posted in the reporting section will be hidden by default. You are responsible for maintaining your own anonymity, so ensure you are on the correct account BEFORE posting.

If your post does not comply with the guidelines or template it will be removed during the Hold Period, and you will be notified. You are free to update the report in line with the feedback you receive and resubmit.

Report MUST be factual. Do not editorialize with opinions, subjective statements, or derogatory adjectives. Reports that contain inflammatory language or unsubstantiated claims do not meet the guidelines and will be removed. Accusations and discussions around the report should ONLY happen on the post on the governance forum. Discussions in other platforms (such as Discord) can be seen as harassment or intimidation and may constitute a violation of the Rules of Engagement.

Protection for Involved Parties

Reporters

Reporters should be available to answer questions during the verification phase. Reporters are only expected to respond to public requests for information, and are encouraged to report harassment (both public and private) immediately.

Any harassment of a good faith reporter will be treated as a Severe Violation of the Rules of Engagement and may result in the harassers’ removal from all Optimism platforms.

Should the accused reach out to the Reporter directly, the accused will immediately be in violation of the Rules of Engagement (see Intimidation) and will result in their suspension from all Optimism platforms. This will happen regardless of if the accused has responded to the report yet.

Accused

The accused party or project will be notified of the Report before it goes public. The accused will have the Hold Period to pull together a response, or counter evidence. This window of time closes irrespective of if the accused reads the communication. Accused will be notified via a reasonable medium (i.e email, Discord, Discourse, etc) by an official Optimism account.

Note that the accused may not attack or even address the reporter, and are ONLY allowed to respond to the evidence provided. Accused may ONLY refer the the reporter as “the Reporter”.

The accused will be notified once the Hold Period is completed, so that they may have the opportunity to be the first response to the Report.

Note that the response can only respond to the evidence or narrative provided in the Report. If a response attacks or addresses the reporter (see reporter protections) the response will be removed, and the accused may be suspended from all Optimism platforms.

NumbaNERDs

Any attempts to DM the NumbaNERDs from either the Reporter or Accused (or associated team) will be considered harassment. All communication MUST happen through the public post and address evidence directly.

Report Validation

Reports are validated by the NumbaNERDs (a collective of contributors focused on analytics).

To disprove or invalidate provided transaction evidence one must prove:

  • The claim misrepresents what happens in the transaction or the transaction had been approved by governance. I.e: if funds are withdrawn from an address but this was a governance approved withdrawal and not a rug.
  • That the provided transaction(s) are not related to the claim or are described in a way that mislead readers as to the nature of the transaction. I.e: the transaction provided is an NFT transfer not a funds transfer.
  • The amount in question is found to be below the required minimum. I.e: The report misrepresented the total amount in question.
  • The Report does not meet any of the standards laid out in the Report Criteria.

Anyone can post evidence to prove or disprove elements of a report, however only NumbaNERDs can ultimately Validate or Invalidate a claim. Supporting evidence can be disproven, however this will not get a report invalidated.

Validation requirements

  1. A GovNERD will ensure the report follows the template, does not contain inflammatory language, and is not a duplicate report.
    1. If the Report is invalid, the reporter will be notified.
    2. If the Report is valid, an Optimism admin will notify the accused from an official account.
    3. Is the claim labeled correctly? i.e if it is “Scams & Rugs” does it fit the definition?
  2. At least 3 NumbaNERDs will independently verify the onchain transactions & evidence to ensure it supports the claims being made.
    1. Is the amount in question reaching the required minimums? (see report Criteria)
    2. Does the evidence support the claim? Is there enough onchain data to back up the claim?
  3. If the claim is Valid the govNERDs will play the administrative role of adding the Report to the Database. If the claim is invalid, no action is taken.

Verification of a report cannot take longer than 6 weeks in order to limit the process to a reasonable amount of time. If at the end of the 6 weeks a report is not Validated OR Invalidated, it is archived as “Undecided” and will not be added to the database.

Whether a report is Valid, Invalid or Undecided, a new report CANNOT be made for the same misuse. If new evidence is discovered, it can be submitted to the existing report. This will reopen (or extend) the review period by 3 weeks in which the new evidence can be reviewed. If the report is found Invalid or Undecided after this 3 week period the matter is considered settled and cannot be reopened.

Reports in the database will not be removed as there is no direct consequence of being listed in the database (it does not result in an automatic future grant freeze, for example). Rather this database alerts governance participants to consider the reports when making future grant decisions.

Grant Misuse Report Template

Grant Misuse Report Template

Before filling out a Report please make sure you have read and understand the “Report Criteria” as well as “Protections for Involved Parties” and “Definitions”. Reports submitted that fail to meet the required criteria will be removed.

Accusation:

What Misuse the Accused is being accused of.

I.e:

Misuse: Violating the No Sale rule on tokens received from the Projects Grant proposal (link to proposal).

Total Amounts:

For ease of verification, the total amount of tokens or funds in question.

I.e:

Total token/funds involved: 100,000.00 OP from Token House Grant (linked to grant application).
Total grant amount misused: 75,000.00 OP Sold for USDC (TX 20 JAN 2023).

OR

Total token/funds involved: $ 65,000.00 USDC of stolen user funds
Total token/funds misused: $ 65,000.00 USDC user funds stolen (funds were stolen in a complex batch of transactions listed below).
Breakdown of misused token/funds:
$2,000.00 taken from liquidity pool through admin withdrawal: TX on 20 JAN 2023
etc…

Note that the use of the $ is prohibited in connection with “OP.” See Important Term documentation for more information.

Summary:

A summary of the activity. This should be a concise description of WHAT the involved parties are accused of as well as the main evidence of the claim. Try keeping this under 1000 words.

I.e:

The project “Proj3ct” received a Grant from the Token House (TX on the 20 OCT 2023) with the following objectives: “Increase usage on “Proj3ct” through a user generated content competition”.
However, “Proj3ct” misused their grant by violating the “No Sale rule”.
After “Proj3ct” received their tokens they transfered them to Coinbase over 3 transactions (TX 22 OCT 2023, TX 25 OCT 2023, TX 29 OCT 2023). Each time the address received USDC (TX 22 OCT 2023, TX 25 OCT 2023, TX 29 OCT 2023).
When community members asked about these transactions, the team attacked them personally (see supplementary evidence 5).

Summaries should be:

  1. Clear, easy to follow and contain all the essential information, such as:
    • What the accused had agreed to do in their Commitment.
    • What the specific misuse was.
    • The main evidence of the misuse claim (with transactions, times & dates provided in UTC). Please write out months as 3 letters: DD MMM YYYY. Do NOT use DD.MM.YY or MM.DD.YY formats to avoid confusion.
  2. Not contain any personal attacks against the accused, nor make any unsubstantiated claims about the projects or its team.

Involved Parties:

The offending address(es).

Link between project and address(es) should ALWAYS start with the address provided in the Commitment or other provided addresses in the Commitment.

Links between individuals and addresses MUST be undeniable (i.e an ENS name as their handle, using the address to apply for Grants in an ecosystem, etc).

If you do not have ONLY onchain evidence of a link between an individual and the address(es) then refrain from making this link. Please exercise extreme caution when linking identities to address, as you are still bound by the DOXXing definitions and consequences in the Rules of Engagement. Reports that DOX anyone will be censored (to remove identifying information). If unsure if the information is DOXXing, use the handles/identities used in the gov forum, or simply refer to addresses.

I.e:

0x123… → Address provided by “Proj3ct” in their Grant application.
0x321… → Address that received the USDC. Address is suspected to be @fred42 as the ENS name is fred42.eth, which is also associated with a twitter account by the same name. This is also their handle in the Optimism Governance forum used to post their Commitment.

Timeline of events:

What happened? This should be the bulk of your report. This should have a step by step timeline of what happened, and link directly to transactions. Try keeping each line item down to a single action. Multiple actions in a step may make the report difficult to follow. Format:

Time:
Description:
Transaction:
(optional) Supplemental Evidence:

I.e:

02:34 20 MAY 2023 UTC
Address 0x123… initiated a withdraw on project “Proj3ct” for $1 of their pools liquidity. This is testing the admin withdraw function.
Transaction link.

02:36 20 MAY 2023 UTC
Address 0x123… initiated a withdrawal for $65,000.00 of user provided pool liquidity.
Transaction link.

02:38 20 MAY 2023 UTC
The funds are moved into a Coinbase CEX account. The address is then shortly funded with USDC.
Transaction to CEX.
Transaction sending USDC.

Supplemental Evidence:

Evidence that is 1) publicly accessible, and 2) supports your timeline of events.

For example, a Tweet from a community member asking about funds moving. This could also be links to previous cases of fraud by mentioned individuals. Only if absolutely necessary should DMs or non-public information be provided. All supplementary evidence must contain a link and a screenshot.

SE 1:

I.e:

SE 1: Tweet from community member asking where the funds have gone.
Link to tweet.
Screenshot:

17 Likes

:fire: :fire: :fire: :fire: :fire: :fire: :fire: :fire: :fire: :fire: :fire: :fire:

@vonnie610 you did a WONDERFUL job!

1 Like

I have a concern with this part. It seems like it invites fraud. With this information, someone could intentionally undershoot the minimum value of 50k repeatedly in order to get away with misuse. A couple of suggestions:

  • only publicize the fact that there is a minimum value, and not the value itself (so a fraudster can’t reasonably predict the minimum)
  • commit to assessing a small percentage of reports below the minimum by chance. Thus, there’s still a chance that reports below the minimum get verified. You could even scale this chance by the value. So, for example, if the reported misused value is 40,000, then the chance it gets investigated is 80%, versus a value of 10,000 resulting in a 20% chance (arbitrary numbers for the purpose of example).
6 Likes

I’m assuming the report is posted by the anonymous reporter? Who confirms that the report has been received and how does the reporter know if the hold period as started? If the hold period starts immediately upon being posted (presumably by the reporter), what happens if the people checking the report neglect to do so within 3 days?

Who assigns the numbanerds to a report? Or do they assign themselves voluntarily? If the latter, what happens if no numbanerds volunteer?

2 Likes

I echo some of the concerns raised by @chaselb on the amount brought up for the following reasons:

  1. Sharing the exact amount publicly, does allow for parties interested in committing fraud to do so just under that amount or for lesser amounts to get away with it.

  2. The current Mission Request to fund Builder Grants states that each grant will be exactly 50k OP, this means that according to the Grant Misuse amount stated above, effectively, all Builder Grants for Season 5 would be out of scope, unless the sold amount exceeds 50k USD or 100% of the grant in OP (which would be highly unlikely).
    2.1 In this instance if the violation is for the sale of the tokens, would the violation be counted for the sale of X OP tokens or the reception of X USD? Because one could leave room for inclusion into the process and the other won’t.

Could this mean that Builder Grants in Season 5 may be more vulnerable to Misuse?

In a similar light, in the current Mission Request for Growth Grants, for a violation to proceed, 1/3 of the grant would have to be Misused:

Based on this data, it would seem to me that the threshold is really high and. for this season, is more prone to disincentive the reporting of misused grants.

It would be good to understand what was the logic to choose 50k OP. Was this amount chosen considering what the amounts to be funded in the Grants and Mission Requests in Season 5 would be? Or based on historical data?

My second concern is bringing in the NumbaNERDs as report validators, considering the NumbaNERDs are only paid per task (an amount that has been voiced to be under market).

In terms of incentives:

  1. What would be the incentives to encourage NumbaNERDs to take on the validation of reports?
  2. Would NumbaNERDs be exposed to be bribed to invalidate a claim? Will it be public which NumbaNERD reviewed what? It would appear its best to keep their identities private.
  3. How could we ensure NumbaNERDs have the right economic incentives to avoid becoming vulnerable to bribery?
3 Likes

The Builder’s grants have a 12-month lock period and the OP distribution is done after they confirm all their critical milestones to be completed. Given that these grants have a 12-month lock period the no-sale rule does not apply to them. Context here:

2 Likes

In growth grants, the first Unlock it’s about 40% of the total amount. Most of the Growth grants go for 150.000 OP wich means the first unlock is 60.000 OP and they are all considered part of the Misuse report process.

I assumed “Grant Misuse” means the total amount granted and not just the total amount received so far. Meaning every Growth grant would be included in this rule.

2 Likes

Is there any compensation for reporters? Not advocating for it but curious abt the thinking behind why or why not

EDIT: because @Gonna.eth is ribbing me in DMs for this, I’m going to clarify: i was intiially interested in the question not because I’d like bounties (i’ve been doing this stuff without expectation of compensation for well over a year now) but because i don’t want to be the only one doing this kind of work

9 Likes

Thanks for the explanation @Gonna.eth, I was trying to verify if the projects receive the funds and soft commit to no selling or if they were locked in a wallet inaccessible to them similar to Missions but couldn’t find the detail.

With the information you provided and the information below, it seems that only Growth/Experiment Grants would be in scope for this process correct?

I still believe the amounts are really high for this to be put effectively to use or to encourage reporters to flag inconsistencies and to encourage oversight by third parties in the misuse of grants. So knowing why the threshold was chosen would be useful.

Would there be an encouraged process for reports that are below the 50k? Say 45k or 20k?

1 Like

That’s about 20k OP today.

1 Like

USD. Below the 50k USD.

1 Like

@Hirangi_Pandya & I have put together the Infographic to understand the Grant Misuse Reporting Process in a different manner than the write-up.

Thanks @vonnie610 for the wonderful reaction and encouragement to post it here.

PDF Link

5 Likes

Amazing @Chain_L Just amazing.

Very actionable and much easier to grasp the changes for us learners who prefer a more visual lesson.

Cheers!

1 Like

Hi all!

Thank you for taking the time to engage with this process and ask questions! I’ve got answers for y’all, but please keep in mind that this is only the first iteration of this process. In line with the rest of Governance, we are trying not to over-correct for problems that don’t exist yet.

With that out of the way, lets dive in!


Misuse Minimum

The context for the minimum comes in three forms: historical context, the energy and time required to handle reports and spam prevention.

Historical Context

The historical context is that most of the misuses we have uncovered have been larger (80k+ OP).

Report Processing

Processing a single report will realistically take 20 - 50 hours of govNERD & NumbaNERD time. That does not include all the hours of community members helping in investigations. Even with very conservative incentives this effort will compound quickly.

We have to balance short term accountability with remaining focused on our long term goals. Conducting investigations is time, labor, and focus intensive and takes away from the Collective applying that time, labor, and focus towards achieving out Collective Intents.

Spam Prevention

Having a high minimum prevents scam reports, as it is much easier to verify that 50k OP was misused than a 2k OP was misused. Having a low minimum makes it easier for spammers to make fake reports that are harder to verify.

Misuse Minimums does not mean no accountability!

Our Collective energy should be focused on designing a system to limit the potential for misuse (for example: Trust Tiers, reporting requirements & the Milestones and Metrics Grant Council sub-committeee) rather than expending valuable time and resources policing misuse after the fact.

Future iterations

If we run into multiple instances in which accountability was prevented due to the minimum, we will re-evaluate whether a minimum is warranted and/or set at an appropriate level.

Incentives for involved parties

Reporters

There will be an opertunity for reporters to apply for RetroPGF.

NumbaNERDs

NumbaNERDs get incentivised proactively through Mission proposals and retroactively through retroPGF. Review work completed by NumbaNERDs for Misuse Reports will be included in the NumbaNERD RetroPGF Collection application.

If after this season (S5) we find this is not a strong enough incentive, we may introduce further incentives (such as a grant). However, second-order effects of these incentives would need to be carefully designed around (for example, the grant should not incentivise numbaNERDs to Validate all reports).


Let me know if this does not answer any specific questions, or if you have more feedback.

As always, stay optimistic!

Why don’t you guys make grant misuse as a tender? All lawyers in the US and worldwide will be happy to find those persons if you provide them with closed info about projects and the people behind them(from KYC). You can build up it like an actual tender with bids for this job where all people will post their % to get a case from you.
So, basically, you can incentivize people to file the Report, like @jackanorak mentioned above, and you can attract actual lawyers to those cases.

Over incentivising reporting could result in a hostile environment for projects. We’d need to run and observe how this reporting process plays out for a while before adding proactive incentives. Additionally, our goal is not to sue projects, but increasing transparency in the DAO around grant efficacy.

A retroPGF application for reporters allows Badgeholders to asses the impact of the report retroactively, which prevents a lot of the weird up front incentive issues.

As I said in my earlier post, if it does not prove to be enough we can revisit the incentives once we have more data about how it plays out.

1 Like

Just for the record:

The Code of Conduct Council, who validate and approve Grant Clawbacks (as part of the Grant Misusage process), do have actual lawyers on the Council.

Members of this Council were elected by the full token house, and not selected by the Foundation or a subset of the community, and in turn were partially incentivised to apply to be members of the Council by a stipend being offered, which may be considered similar to a tender (especially when combined with the token house election).

1 Like