Resolving an operator or validator misconduct accusation on-chain is a difficult task that involves many assumptions. If the arbitration protocol used breaks or the integration implemented by Lido is abused in any way, it's desirable that the Lido DAO has a way of maintaining sovereignty regarding these resolutions—especially in the early stages before the dispute-resolution mechanism’s maturity and soundness have been ascertained. In this note, we explore how Lido DAO can intervene in the arbitration integration if needed.
We remark that any ruling intervention capability by the DAO should be temporary, in order to avoid governance overhead. Once the system is working correctly and seems secure, the goal would be to remove the failsafe mechanism from it to keep it as decentralized and autonomous as possible.
Moreover, while the failsafe mechanism is active:
Recall from Kleros 2.0 that Kleros utilizes an architecture described by ERC-792, where there is a separation of roles between an Arbitrator contract (which is the Kleros court itself) and an Arbitrable contract (which is the application that will receive the rulings — in this case, a Lido contract).
Figure 1. Class diagram of the ERC-792 standard. Source: Kleros documentation.
In few words, an Arbitrable contract needs to be able to request the creation of disputes to an external Arbitrator contract (e.g. Kleros) using the createDispute function while also providing a rule function to which the Arbitrator will later send the ruling of the dispute.
It's 100% up to the Arbitrable to decide under what conditions a dispute is created, what is done while waiting for a ruling, and what happens after a ruling is given. This means that the Arbitrable can unilaterally adjust part of the Arbitrable<>Arbitrator integration on the fly by:
Additionally, the Arbitrable should follow the ERC-1497 standard, which allows appending a contract agreement (a.k.a. MetaEvidence or policy) to each dispute. Arbitrators are expected to judge disputes according to the MetaEvidence, which is also in full control of the Arbitrable.