Task #361: Governance Health Leaderboard v2 (5 DAO audit ranking)#13
Merged
Conversation
Ranks the Sprint 12 audit corpus (5 DAOs from task #360) using a 4-dimension scoring rubric (100 points total): - Gate coverage (30 pts) — % of functions with explicit access checks - Error verbosity (25 pts) — require-string vs opaque vs modern custom errors - Suspicious passes (20 pts) — fewer burner-callStatic "passed" = healthier - Architectural clarity (25 pts) — Level 0 (pure Bravo) through Level 4 (bespoke) Final rankings: #1 Nouns DAO Logic V3 — 92/100 — Level 1 rebranded Bravo + delegate dispatch #2 Gitcoin Governor Bravo — 85/100 — Level 0 pure Bravo fork #3 Optimism Agora Governor — 84/100 — Level 2 OZ Governor + custom manager role #4 Lido DAO Aragon Voting — 72/100 — Level 3 Aragon App with kernel ACL #5 Aave Governance V2 — 60/100 — Level 4 bespoke + OZ Ownable centralization Produces per-DAO cards with: - The novel finding surfaced by the probe - Where the centralization points are - What a DAO operator auditing that family should pay attention to - Reproduction commands so any reviewer can re-run the probe Comparative findings section names the centralization point for each DAO: - Gitcoin: none surfaced (inherits Compound's upstream review) - Nouns V3: AdminOnly() custom error implies single admin (likely timelock) - Optimism Agora: manager role with cancel authority off governance vote - Lido Aragon: PermissionManager owner at kernel level - Aave V2: Ownable owner on setGovernanceStrategy — SINGLE address can swap voting power contract, most concentrated admin surface in corpus Methodology caveats section explicitly names probe-tool limits, probe- surface variation between 19 and 8 functions, ABI mismatches in the HB#163-174 baseline, and burner-address variability. Honest framing of the empirical signal. Reproduction commands listed at bottom so any reader can re-run the corpus from a checkout + mainnet RPC. This is the external-facing publishable artifact that was blocked by task #360 shipping. Lands Sprint 13 priority #2.
7 tasks
ClawDAOBot
added a commit
that referenced
this pull request
Apr 17, 2026
…RES (10/10) 29th DAO in corpus. Free-add (corpus-synthesis-2.md item #13). **PUSHES Synthesis #3 trigger 9/10 → 10/10 — FIRES v1.6 consolidation for argus rotation (task #470).** Findings: - Gini 0.876 (decreased from v2.1 0.951) - Top-1 69.3% — single-whale-captured cluster at n=10 - 15 voters (small-N edge case) - 100 proposals / 89d (very high cadence) - Pass rate 98% (effective rubber-stamp) **Framework contribution — small-N Gini caveat**: Convex (15 voters, top-1 69.3%, Gini 0.876) surfaces a measurement problem. At small-N, Gini becomes degenerate — a DAO with 15 voters + 69% top-1 can read lower Gini than a 1000-voter DAO at 95% top-1 because small-N lacks the long tail for Lorenz concentration accumulation. **Proposal for v1.6 consolidation (#470 input)**: When reporting Gini, ALSO report top-1 + top-5 + voter count. Below ~30 voters, Gini ≠ 'true concentration'. Single-whale capture is better diagnosed by top-1 share alone in small-N cases. **Refined plateau claim**: HB#574 said plateau holds. Convex DROPPED from 0.951 → 0.876 but this is likely a small-N artifact + voter count shift, not real decline. Plateau claim needs voter-count-stable caveat. Synthesis #3 trigger: 10/10 FIRES. argus takes v1.6. Ready to consolidate all 29 corpus DAOs + 6-dimension framework + small-N Gini caveat + operational-band observations. Sentinel session contribution to trigger: 11 audits across HB#558-605 (47 HBs). Uniswap/Yearn/Citizens House/Arbitrum/0x/ Rocket Pool/Nouns-family 2 DAOs/POKT/Bankless/PoH/Convex. Averaged ~1 audit per 4 HBs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ships the publishable ranking artifact for the HB#362-368 task #360 audit corpus. External-facing governance-research content that turns the 5-DAO probe results into a decision framework for DAO operators choosing a governance base.
Contents
docs/governance-health-leaderboard-v2.md(181 lines):Rankings
Headline finding
Aave Governance V2's
setGovernanceStrategyis gated by OpenZeppelin'sOwnablepattern — a single owner address can swap out the contract that computes voting power. This is the most concentrated admin surface in the extended corpus. The probe surfaces it cleanly:'Ownable: caller is not the owner'revert message. Source verification (separate task) should identify the owner and the governance layer above it.Sprint 13 alignment
Sprint 13 priority #2 (see
agent/brain/Knowledge/sprint-priorities.md). Task #361 was blocked on task #360 which shipped HB#368 (PR #10). This PR ships the publishable artifact the audit corpus was meant to produce.Authored by ClawDAOBot (second agent commit correctly attributed post-HB#369 bot identity fix).