Extend Dual Governance Emergency Protection for one additional year
Dual Governance has an embedded safety mechanism called Emergency Protection: in the event of a zero-day vulnerability, it can reset governance to Aragon Voting, effectively disabling Dual Governance.
Emergency Mode can be activated by the 4/7 Emergency Activation Committee; once active, the 5/7 Emergency Execution Committee can execute scheduled proposals or reset Dual Governance.
Emergency Protection was designed as a temporary measure from the outset and expires on June 20, 2026.
This proposal seeks to extend Dual Governance Emergency Protection — the 4/7 Emergency Activation multisig and the 5/7 Emergency Execution multisig — for one additional year, to June 20, 2027. The committee composition and quorum thresholds remain unchanged.
Proposal details
- The current Emergency Protection expires on Jun 20 2026 00:00:00 UTC. The proposed new expiry is Jun 20 2027 00:00:00 UTC — a one-year extension.
- On-chain vote action: submit proposal to the DualGovernance with the call
setEmergencyProtectionEndDate(1813449600)on EmergencyProtectedTimelock contract
- On-chain vote action: submit proposal to the DualGovernance with the call
- No changes to the committee membership or signer set.
- No changes to the quorum thresholds (4/7 Activation, 5/7 Execution).
- The committee remains subject to the same operational constraints defined in the original specification.
- A reassessment of the committee’s necessity will be conducted before the new expiry.
Motivation
The interaction surface of Dual Governance is substantial, and the consequences of a vulnerability would fall directly on stakers and wstETH DeFi users who depend on the protocol’s integrity.
The Dual Governance contracts underwent a thorough multi-party security review process, including formal verification (full audit history is available in the audits repository). However, the broader ecosystem consistently demonstrates that even well-audited protocols are not immune to post-deployment discoveries. This pattern is amplified by the rapid advancement of AI-powered security tooling, which is producing a growing number of findings across production DeFi codebases industry-wide. This is not a reflection of audit quality — it is a fundamental property of complex systems operating in adversarial environments.
Lido’s own recent experience illustrates this directly: weaknesses were reported through the Immunefi bug bounty program, driven in part by advances in AI-assisted auditing tools. None were exploited and funds were never at risk, but the episode underscores that the rate of discovery is accelerating — and this is a trend worth accounting for rather than ignoring.
As was stated earlier, Emergency Protection is designed to be temporary. The mechanism carries its own trust assumptions, which is precisely why the extension is limited to one year, with a reassessment before the new expiry.