Schedule 3: ZKsync Security Council

1. Overview

  1. The Security Council is a governance body designed to safeguard the security of the ZKsync protocol (ZKsync ERA, ZK Chains, and other components of ZKsync) and components of the ZKsync ecosystem governed by Protocol Governor proposals.

  2. The Security Council consists of a minimum of nine (9) technical experts ("Security Council Members") who are Signers (as defined in the Overview) of a multisig wallet ("Security Multisig") that has the power to perform certain standard and emergency actions (Emergency Responses) related to the ZKsync protocol as part of the ZKsync governance system.

  3. Legal obligations of Security Council Members are governed by (1) contractual agreements entered into between the Security Council Members and the ZKsync Security Council Foundation; and (2) the bylaws of the ZKsync Security Council Foundation (to which the Security Council Members agree to be bound).

2. Emergency Responses

  1. Power to freeze

    1. The Security Council has the power to freeze the ZKsync protocol, or parts thereof, for various periods of time, in response to imminent or active security threats, such as critical bugs or exploits, that could jeopardize the integrity of the ZKsync protocol.

    2. A Soft Freeze, which initiates a freeze for twelve (12) hours, requires approval from three (3) Security Council Members.

      1. The signature threshold for a Soft Freeze (between one (1) and nine (9) Signers) may be adjusted at the sole discretion of Security Council Members, with the approval of nine (9) Signers on the Security Multisig.

    3. A Hard Freeze, which initiates a freeze for seven (7) days, requires approval from nine (9) Security Council Members.

    4. While the ZKsync protocol is frozen, an upgrade to address the threat may be passed as an Emergency Upgrade.

    5. After a Soft Freeze and/or a Hard Freeze has been initiated, an Emergency Upgrade must be passed before any subsequent freezes may be initiated.

  2. Emergency Upgrade

    1. Any Security Council Member may initiate an Emergency Upgrade without the express approval of the Token Assembly in response to a security threat.

    2. In order to pass an Emergency Upgrade, approval is required from Emergency Upgrade Multisig (i.e., nine (9) Signers on the Security Multisig, along with five (5) Signers on the Guardian Multisig, and three (3) Signers on the ZKsync Foundation Multisig.

3. Non-Emergency Actions

  1. If a Protocol Governor proposal is approved by Delegates, the proposal progresses to a three (3) day Timelock Period during which time Guardians can exercise an Offchain Veto of the proposal ("Offchain Veto Period").

  2. If Guardians exercise their veto during the Offchain Veto Period, with a minimum of five (5) Guardians transmitting an offchain signed statement to the ZKsync Security Council Foundation stating they are exercising their veto power, the Security Council shall abstain from approving the Protocol Governor proposal in the Risk Review Period.

    1. With approval from any two (2) individual Guardians, the Offchain Veto Period may be extended from three (3) days to seven (7) days, if the extension is executed in the first three (3) days of the Offchain Veto Period.

  3. If Guardians do not exercise their veto during the Offchain Veto Period, the proposal will progress to a 30-day period that commences at the end of the Offchain Veto Period, during which time the proposal must be approved by either the Security Council or Guardians in order to progress ("Risk Review Period").

  4. It is the responsibility of the Security Council to evaluate all Protocol Governor proposals that progress to the Risk Review Period, provided the Guardians have not exercised their Offchain Veto Power on a given proposal.

  5. The signing threshold for the Security Multisig to approve a Protocol Governor proposal during the Risk Review Period is nine (9) Signers on the Security Multisig.

  6. Upon reaching the signing threshold of the Security Multisig, approval of the Protocol Governor proposal by the Security Council may be executed immediately, progressing the proposal to the 24-hour Timelock Period before execution.

  7. If the Security Council, for any reason, is unwilling or unable to approve a Protocol Governor proposal during the Risk Review Period, Guardians can approve the Protocol Governor proposal during this period, and execution (with Timelock Period) of this approved proposal will be initiated at the end of the 30-day Risk Review Period.

4. Security Council Membership

  1. Selection of Security Council Members

    1. The initial Security Council Members are selected by the Governance Lead of the ZKsync Association.

  2. Term

    1. Security Council Members will serve on the Security Council until they are removed or replaced.

  3. Removal of Security Council Members

    1. A Protocol Governor proposal, approved by Delegates, is required to remove a Security Council Member from the Security Council as a Signer of the Security Multisig.

    2. In exceptional circumstances, a Security Council Member may be removed from the Security Council and Security Multisig by an Emergency Upgrade, which requires the approval of the Emergency Upgrade Multisig.

  4. Replacement and Addition of Security Council Members

    1. The Board of the ZKsync Security Council Foundation will recommend candidates to replace any Security Council Members that have been removed from the Security Council and Security Multisig, and may use the GovOps Governor as part of this process.

    2. A Protocol Governor proposal, approved by Delegates, is required to be passed in order to add new Security Council Members to the Security Multisig.

    3. In exceptional circumstances, where there is a security threat and the period of time required to submit a Protocol Governor proposal is considered by Guardians to put the Mission of the ZK Credo at risk, Security Council Members may be added to the Security Council and Security Multisig by an Emergency Upgrade, which requires the approval of the Emergency Upgrade Multisig.

Last updated