Strengthen D.U.C.K.: Governance, Assurance, and Real-World Adoption

TL;DR

This proposal aims to strengthen the D.U.C.K. knowledge base and governance framework to enhance its real-world applicability and long-term sustainability. Currently, D.U.C.K. operates as an open community-driven initiative without a dedicated organizational and governance structure. The first version was collaboratively developed with contributions from node operators and industry experts.

The next 6-month phase will focus on four key areas:

  1. Governance & Coordination – Establish a formal governance model and structured foundation to ensure D.U.C.K.’s longevity.
  2. Content Expansion & Industry Alignment – Strengthen D.U.C.K.’s depth and applicability by integrating insights from established risk and assurance experts from globally recognized firms, alongside contributions from Web3 professionals and industry leaders, all while fostering greater community engagement.
  3. Framework Enablement – Operationalize assurance and review processes, increase visibility and adoption through strategic marketing efforts and leverage co-marketing support from a Big Four audit firm.
  4. Real-World Integration – Drive adoption by enabling D.U.C.K. to be used in assurance frameworks and technical audits by leading professional services firms, helping to set industry-wide standards for node operation risk management.

Recap & Motivation

Since its launch in April 2024, the initial version of D.U.C.K. has successfully established a strong foundation with its core components. We have documented 77 risks within a comprehensive risk framework, defined 27 mitigations and 36 controls dimensions in the knowledge base, and developed more than 20 templates within the Communication Toolkit. The initiative has attracted over 230 visitors from 40 different countries, and the D.U.C.K. community has grown to 56 members across approximately 15 node operators.

However, D.U.C.K. remains an open, community-driven initiative without a dedicated organizational and governance structure, leading to challenges in maintaining and expanding its relevance. The absence of defined roles and responsibilities for updates, outreach, and further development limits its potential for real-world application and puts its long-term sustainability at risk.

To address this, we propose a 6-month initiative that will:

  • Establish a formal governance model for long-term sustainability
  • Transition D.U.C.K. into a structured foundation or non-profit to ensure its maintenance and adoption
  • Expand the knowledge base with risk and assurance contributions from industry leaders.
  • Position D.U.C.K. as a recognized assurance and risk management framework, enabling its use in technical audits and assurance engagements with a Big Four firm, helping to set industry-wide best practices
  • Attract more industry players and institutions, further increasing D.U.C.K.’s credibility and contributing to a more robust staking landscape overall as stated in [Hasu’s GOOSE Submission].

Additionally, a Big Four audit firm and Lionscraft are co-investing in this initiative by contributing resources beyond the grant request. They are seeking only partial cost coverage, with the Big Four audit firm providing resources and intending to provide co-marketing support as part of the outreach efforts. This demonstrates investment into the success of the project and willingness to share risk, as they themselves expect to benefit from the audits.

Workstreams / Deliverables

Our proposal outlines four workstreams:

Delivery Approach

The current proposal requests funding for 6 months of manpower required for execution.

After the kick-off, three key workstreams lay the foundation: Governance & Coordination, which establishes governance structures and fosters long-term sustainability, Content Expansion & Industry Alignment, which develops relevant content and aligns the resources with assurance industry standards and practices, and Framework Enablement, which provides required processes for the operationalization of the framework. The Assurance Upgrade milestone ensures readiness for implementation and is targeted for release around EthCC8.

After completion of the Assurance Upgrade, the focus shifts to Real-World Implementation, where content and processes will be put into practice in collaboration with one to five node operators (to be determined). To bootstrap these initial assurance reviews, we propose to allocate funds to the “D.U.C.K. Funding Launch for Audit Participants” (DUCK FLAP) grant pool. The funds aim to support early adopting Node Operators by covering up to 50% of the assurance review cost and the use of funds will be aligned with Lido NOM representatives. The Final Release delivers a fully operational and sustainable solution.

A follow-up proposal will be submitted later to request funding for the DUCK FLAP grant pool, which will be used from month 4 onwards to defray the audit costs for early adopters.

  • A Big Four audit firm will be the IT Auditor for these audits
  • The fund will help validators/organizations that choose to undergo an audit as part of early adoption

To accomplish the deliveries, we propose to create three teams with expertise in the required fields. The Delivery team is leading the resource creation by coordinating and supporting the other teams as well as delivering governance and outreach activities. The Assurance team is contributing to risk and assurance related components of the delivery. The Node Operators team is providing infrastructure and operational insights as well as expertise contributions.

The detailed work breakdown for the different workstreams is as follows:

Delivery Team

The Delivery Team is responsible for producing the required deliverables and ensuring that all content is presented accurately and timely, driving the initiative towards its objectives. It consists of members of Lionscraft, who were previously coordinating the development of the D.U.C.K. Alpha Release Initiative, assurance experts from a Big Four firm, and volunteering Node Operators.

Fees & Payment

The total funding request for the 6 months period is $75,200.00, payable in DAI. The proposed payment structure involves an initial 50% ($37,600.00) payment to commence the work. At the release of the “Assurance Upgrade”, the Lido DAO NOM workstream will determine if the deliverables have been achieved in quantity and quality and, if that is the case, proceed with the payment of the remaining 50% ($37,600.00).

For the “D.U.C.K. Funding Launch for Audit Participants” grant pool, an additional funding request in the range of $100,000.00 will be announced after evaluation of the complexity of the initial assurance review test cases with Node Operators.

All payments will be made to this Ethereum address:

eth:0x1b28728B06BEEd3a5363DA146B59dB372bbAd047

5 Likes

Really happy to see this proposal land on the forum.

I’ve been following the journey of D.U.C.K. since the early days, and it’s awesome to see how much it grew in the previous phase—and how clearly this next phase builds on that foundation. The fact that a Big Four audit firm is getting involved is a big deal. It gives node operators a way to show, in a credible and transparent way, that they’re actively managing the risks that matter—based on input from peers and some of the top operators in the space. That kind of assurance framework could really raise the bar across the ecosystem.

Would love to see this approved and definitely support it.

3 Likes