Retroactive Grant for blockful's Security Work

Summary

This proposal requests a retroactive payment of $150,000 USDC to blockful for governance security work performed on behalf of Shutter DAO 0x36 between early 2025 and March 2026. This includes vulnerability discovery, responsible disclosure, smart contract development, a third-party smart contract security audit, architecture and design of several solutions, tests and simulation, mitigation coordination, as well as the Anticapture platform integration, and its use monitoring the risk over the period between identification and solution.

The Security Council proposal has been approved and executed. The veto guard and 2-day timelock are now active.

Motivation

In early 2025, blockful identified a critical governance vulnerability in Shutter DAO 0x36: the cost to capture the DAO through governance (approximately $150K to reach quorum) was significantly lower than the treasury value (~$6M in stablecoins at the time), creating a ~45x ROI attack vector. The combination of a 1 SHU proposal threshold, zero voting delay, no timelock, and no proposal rate limiting made this attack both economically rational and operationally feasible.

blockful chose to protect the DAO through a responsible process: private disclosures, monitoring signals of emerging exploitation for more than a year, development of a defense system ready to act in case of emergency before any attacker could, and a coordinated mitigation that neutralized the threat without ever taking or damaging the controls of the Shutter DAO 0x36’s treasury.

This proposal seeks fair compensation for the work delivered.

Scope of Work

Vulnerability Discovery & Disclosure

• Identified the governance capture vulnerability through the Anticapture framework
• Mapped the full attack path and validated feasibility through controlled simulation on forked governance contracts
• Tested token accumulation (2.2M SHU acquired in 3 days, without price impact) to confirm the attack was operationally practical. Since then the token dropped 30%, which makes it even cheaper to execute.
• Evaluated and discarded a white-hat capture approach due to legal risk and operational complexity
• Disclosed the risk privately to Shutter community members; following this disclosure, a consolidation of approximately 60 million SHU into a single defense wallet took place, the largest delegation in the DAO

Advisory & Coordination

• Advisory from security and ecosystem specialists over the engagement period: private disclosures to Shutter community members, conversations with ecosystem-wide participants without naming the DAO, in-person discussions at conferences, and eventual coordination with aligned delegates willing to execute the mitigation
• Continuous governance monitoring through the Anticapture dashboard throughout the period

Anticapture Platform Integration

• Integrated Shutter into the Anticapture platform, including infrastructure costs (servers and RPC nodes) and product development to support Shutter-specific governance visualization
• This integration was built and maintained throughout the engagement to enable continuous monitoring and readiness to defend against abnormal token accumulations
• Anticapture integration for other DAOs has been priced at $50K–$100K depending on governance structure similarity;

Smart Contract Development

• Designed and built the SecurityCouncilAzorius guard contract
• IGuard-compatible with the Azorius governance module, featuring proposal-level and transaction-hash-level veto, multicall batching, ownership rotation, and disabled renounce
• Full documentation: governance parameters, integrations and addresses, operations runbook, security properties
• Deployment scripts and verification-focused test suites (unit, lifecycle, invariants)
• Open source

Third-Party Security Audit

• blockful reached and secured for a third-party security audit
• Cyfrin executed the audit to contribute on the preventive action
• Audit returned only informational findings, all addressed
• Audit report published in the repository

Emergency Coordination & Execution

• Coordinated the mitigation with a small group of aligned delegates under operational security constraints
• Prepared all communication artifacts in advance and released them simultaneously with the proposal submission
• Managed the full responsible disclosure sequence: private disclosure, fix development, audit, mitigation submission, public disclosure
• The Security Council proposal passed and was executed successfully. The veto guard and 2-day timelock are now active.

Post-Mitigation: Public Dashboard & Security Advisory

• Made the Shutter governance dashboard on Anticapture publicly available, giving open access to holders and delegates views, voting power monitoring, activity feeds, and a governance voting interface
• Published advisory on governance parameter hardening (proposal threshold increase, proposer balance threshold, rate limiting, execution window extension, voting delay)
• Advising the community on implementation priorities as security and ecosystem specialists
• Governance parameter hardening proposals are being developed separately and will be scoped independently

Rough estimate of time dedicated from our team on all scope above is around ~400 hours + infrastructure cost.

Specification

• Payment token: USDC
• Amount: 150,000 USDC
• Recipient: blockful (address to be provided for formal on-chain proposal)

Pricing Context

• This amount reflects market rates for a full governance security engagement from discovery through remediation.
• It is well below the standard bug bounty in case of a real incident (10% of affected funds, ~$300k in this case).
• Shutter had no bug bounty program. blockful acted without any guarantee of compensation, investing it’s own resources to prioritize safety.

Resources

• Security Disclosure: Shutter DAO 0x36: White Hat Governance Security Response
• Forum Post: Emergency Governance Hardening — Attack Prevention

Submitted by blockful - governance security for Ethereum.

Exocortex GmbH would like to thank Blockful for their work in strengthening Shutter DAO 0x36 against governance attacks. The introduction of additional safeguards and the broader focus on security are definitely valuable and help contribute to the long-term robustness of the Shutter Network. We also recognize that setting up something like a Security Council in a high-stakes environment takes real effort and coordination.

That said, we don’t support the retroactive grant in its current form.

1. The work wasn’t requested or approved in advance by Shutter DAO 0x36. While proactive contributions can absolutely be valuable, retroactive funding at this scale should come with a clearer mandate or some form of prior alignment.

2. Although the work improved the security posture of Shutter DAO 0x36, it didn’t directly prevent a governance attack. Instead, it introduced additional safeguards and mechanisms that may reduce risk going forward. We think that distinction is important when weighing the impact against the size of the requested grant.

3. The way the Security Council was implemented effectively limited Shutter DAO 0x36’s ability to properly evaluate or opt out of the solution. In practice, rejecting the implementation wasn’t really a viable option. That raises some concerns for us around process and governance norms.

4. Blockful has already gained significant visibility and reputational upside from this work. We think this kind of intangible benefit should also be taken into account alongside any financial compensation.

But we’re open to supporting a significantly smaller grant.

Thanks for the reply, Loring. I’d like to add some context and share some thoughts.

I suggest delegates reflect on these 3 questions when voting on this proposal

1. Was Shutter DAO vulnerable to a complete treasury drain?
2. If yes, how much is this information worth (for malicious actors, for the team building the protocol, for investors)?
3. What example/precedent do we want to set for the ecosystem, what incentives do we want to have for actors to prefer a responsible disclosure and fix the vulnerability, rather than exploiting it?

Adding more colors which might help to answer those questions:

The value starts at the disclosure

The final deliverables (the guard contract, the audit, the coordination) aren’t the totality of the work, i’s just the last phase.

The core value of this engagement begins with the intelligence itself. blockful has spent more than 2 years (at the moment of writing) building the Anticapture framework: the methodology, the monitoring infrastructure, and the expertise to detect governance capture vulnerabilities across the Ethereum ecosystem.

That framework identified, in early Q1 2025, that Shutter DAO 0x36 could be captured for approximately $200k against a treasury worth more than $6M at the time (by exploiting the implementation as mentioned in the post-mortem of the whitehat action). A 30x ratio. Disclosed privately to the core team (brainbot).

The evidence of that value is that the core team acted on it:

• Between March 11 and March 14, 2025 we acquired around $15k in SHU on the open market to validate how feasible it was for an attacker to accumulate voting power quickly (balance history).
• On March 14, we had a call with Loring walking through the attack path and the simulation results.
• On March 18, approximately 60 million SHU linked to brainbot were consolidated into a single wallet, becoming the largest delegate in the DAO (delegation history). Four days between the call and the largest defensive delegation in the DAO’s history. It is hard to argue the threat was not significant enough to warrant compensation when the response to being informed was to mobilize that much voting power within days.

Why the 60M delegation wasn’t enough

The consolidation was a first step, but structurally fragile, and we said so at the time. A single defense wallet is a single point of failure. A spam proposal strategy can exhaust even a well resourced defender, since the attacker needs one proposal to pass while the defender must vote no on every single one. Leaking or losing the key of a wallet holding that much voting power would itself be an extinction event for the DAO. The defense was stronger than before, but it replaced one fragile configuration with another. The Bybit attack and most recent Resolv and Drift attacks are a perfect example of how we cannot underestimate these vectors.

That is why the work continued. Over the following months we designed, built, and audited a proper remediation: the Security Council guard, a 2 day timelock, and the coordination required to deploy them without exposing the vulnerability during the voting window. The result is a defense that does not depend on one person being online, one key being safe, or one wallet voting on every proposal.

On the work not being “requested or approved in advance”

Responsible disclosure does not work on a procurement timeline. We shared pricing with the team, had multiple conversations and working sessions over the months that followed to discuss possible solutions, and made clear from early on that we would be requesting retroactive funding for the work if we ended up executing the mitigation ourselves. A path through established funding channels did not materialize, so we continued with the work at our own expense to make sure the vulnerability was closed.

On the implementation “limiting the DAO’s ability to opt out”

Any mitigation that modifies governance rules only takes effect after it passes and executes, which means the DAO is fully exposed during the voting window under the old rules. We designed the guard because it is the one mechanism that provides retroactive protection: once proposed, it can neutralize attack proposals created after the inevitable disclosure that comes with showing the solution.. A public forum debate before deployment would have been an invitation to any attacker monitoring this space.

The code is open source, the Cyfrin audit is public, and the guard’s capabilities are deliberately limited. It can only veto. It cannot submit proposals, change parameters, or touch the treasury.

On “reputational upside” as compensation

This was real work. Reputation does not pay salaries, does not pay for the servers that kept the Anticapture monitoring dashboard running for over a year, does not pay for the tooling, and does not cover the opportunity cost of a team redirected from other paid engagements.

We also chose the path with the least visibility. We evaluated a white hat capture (buying 30M SHU, moving admin control to a multisig with delegates) and rejected it because it carried legal risk, could have damaged Shutter’s brand and would be more costly for the treasury. If the framing is that intangible benefit should be counted against the financial ask, we actively gave up the version of this work that would have generated the most visibility.

For scale, the full $150k request is roughly two thirds of what brainbot was receiving in a single month from this DAO before the grant was reduced. Less than a single month of the existing core team’s recurring compensation, to cover over a year of proactive governance security work, the Anticapture platform integration (priced at $50k to $100k for other DAOs), 400+ hours of specialized engineering and coordination, and the mitigation that closed a $6M+ exposure.

Beyond the numbers, this is also about incentives and precedent. If Ethereum-aligned organizations want researchers to act in the interest of the ecosystem, they need to make that behavior rational and sustainable. Compensating proactive security work is a concrete way a DAO can reinforce those values in practice.

This is the equivalent of saying “brainbot should receive less because of the reputation they get for building Shutter". It’s unfair and it’s not how it works.

On the amount, and the precedent

When an attack happens and a treasury gets drained, teams pray the attacker will accept a 10% bounty to return the funds. That is the scenario everyone fears, and the one the industry has implicitly accepted as the price of getting lucky. But the teams who prevent that scenario from happening are told their work was not pre-approved, was not direct enough or that there was no bug bounty.

If proactive security only gets compensated after disaster strikes, the rational move for the next researcher who finds a critical vulnerability is to walk away, or worse. That is not the incentive structure this ecosystem should be building.

If the attack had been executed instead of prevented, there would not be $150k left to discuss. There would be nothing.

We stand behind the $150k request. It is fair, well documented, and well below what this engagement would cost at market rates, or what it would have cost the DAO if someone malicious had found this first.

When a mechanic finds a crack in an engine turbine and grounds the plane, they are not paid less because the engine didn’t fail mid-flight. The crack was real, the work was real, and the outcome is that the plane is safe.