Thanks for the reply, Loring. I’d like to add some context and share some thoughts.
I suggest delegates reflect on these 3 questions when voting on this proposal
- Was Shutter DAO vulnerable to a complete treasury drain?
- If yes, how much is this information worth (for malicious actors, for the team building the protocol, for investors)?
- What example/precedent do we want to set for the ecosystem, what incentives do we want to have for actors to prefer a responsible disclosure and fix the vulnerability, rather than exploiting it?
Adding more colors which might help to answer those questions:
The value starts at the disclosure
The final deliverables (the guard contract, the audit, the coordination) aren’t the totality of the work, i’s just the last phase.
The core value of this engagement begins with the intelligence itself. blockful has spent more than 2 years (at the moment of writing) building the Anticapture framework: the methodology, the monitoring infrastructure, and the expertise to detect governance capture vulnerabilities across the Ethereum ecosystem.
That framework identified, in early Q1 2025, that Shutter DAO 0x36 could be captured for approximately $200k against a treasury worth more than $6M at the time (by exploiting the implementation as mentioned in the post-mortem of the whitehat action). A 30x ratio. Disclosed privately to the core team (brainbot).
The evidence of that value is that the core team acted on it:
- Between March 11 and March 14, 2025 we acquired around $15k in SHU on the open market to validate how feasible it was for an attacker to accumulate voting power quickly (balance history).
- On March 14, we had a call with Loring walking through the attack path and the simulation results.
- On March 18, approximately 60 million SHU linked to brainbot were consolidated into a single wallet, becoming the largest delegate in the DAO (delegation history). Four days between the call and the largest defensive delegation in the DAO’s history. It is hard to argue the threat was not significant enough to warrant compensation when the response to being informed was to mobilize that much voting power within days.
Why the 60M delegation wasn’t enough
The consolidation was a first step, but structurally fragile, and we said so at the time. A single defense wallet is a single point of failure. A spam proposal strategy can exhaust even a well resourced defender, since the attacker needs one proposal to pass while the defender must vote no on every single one. Leaking or losing the key of a wallet holding that much voting power would itself be an extinction event for the DAO. The defense was stronger than before, but it replaced one fragile configuration with another. The Bybit attack and most recent Resolv and Drift attacks are a perfect example of how we cannot underestimate these vectors.
That is why the work continued. Over the following months we designed, built, and audited a proper remediation: the Security Council guard, a 2 day timelock, and the coordination required to deploy them without exposing the vulnerability during the voting window. The result is a defense that does not depend on one person being online, one key being safe, or one wallet voting on every proposal.
On the work not being “requested or approved in advance”
Responsible disclosure does not work on a procurement timeline. We shared pricing with the team, had multiple conversations and working sessions over the months that followed to discuss possible solutions, and made clear from early on that we would be requesting retroactive funding for the work if we ended up executing the mitigation ourselves. A path through established funding channels did not materialize, so we continued with the work at our own expense to make sure the vulnerability was closed.
On the implementation “limiting the DAO’s ability to opt out”
Any mitigation that modifies governance rules only takes effect after it passes and executes, which means the DAO is fully exposed during the voting window under the old rules. We designed the guard because it is the one mechanism that provides retroactive protection: once proposed, it can neutralize attack proposals created after the inevitable disclosure that comes with showing the solution.. A public forum debate before deployment would have been an invitation to any attacker monitoring this space.
The code is open source, the Cyfrin audit is public, and the guard’s capabilities are deliberately limited. It can only veto. It cannot submit proposals, change parameters, or touch the treasury.
On “reputational upside” as compensation
This was real work. Reputation does not pay salaries, does not pay for the servers that kept the Anticapture monitoring dashboard running for over a year, does not pay for the tooling, and does not cover the opportunity cost of a team redirected from other paid engagements.
We also chose the path with the least visibility. We evaluated a white hat capture (buying 30M SHU, moving admin control to a multisig with delegates) and rejected it because it carried legal risk, could have damaged Shutter’s brand and would be more costly for the treasury. If the framing is that intangible benefit should be counted against the financial ask, we actively gave up the version of this work that would have generated the most visibility.
For scale, the full $150k request is roughly two thirds of what brainbot was receiving in a single month from this DAO before the grant was reduced. Less than a single month of the existing core team’s recurring compensation, to cover over a year of proactive governance security work, the Anticapture platform integration (priced at $50k to $100k for other DAOs), 400+ hours of specialized engineering and coordination, and the mitigation that closed a $6M+ exposure.
Beyond the numbers, this is also about incentives and precedent. If Ethereum-aligned organizations want researchers to act in the interest of the ecosystem, they need to make that behavior rational and sustainable. Compensating proactive security work is a concrete way a DAO can reinforce those values in practice.
This is the equivalent of saying “brainbot should receive less because of the reputation they get for building Shutter". It’s unfair and it’s not how it works.
On the amount, and the precedent
When an attack happens and a treasury gets drained, teams pray the attacker will accept a 10% bounty to return the funds. That is the scenario everyone fears, and the one the industry has implicitly accepted as the price of getting lucky. But the teams who prevent that scenario from happening are told their work was not pre-approved, was not direct enough or that there was no bug bounty.
If proactive security only gets compensated after disaster strikes, the rational move for the next researcher who finds a critical vulnerability is to walk away, or worse. That is not the incentive structure this ecosystem should be building.
If the attack had been executed instead of prevented, there would not be $150k left to discuss. There would be nothing.
We stand behind the $150k request. It is fair, well documented, and well below what this engagement would cost at market rates, or what it would have cost the DAO if someone malicious had found this first.
When a mechanic finds a crack in an engine turbine and grounds the plane, they are not paid less because the engine didn’t fail mid-flight. The crack was real, the work was real, and the outcome is that the plane is safe.