stFLIP is a Liquid Staking Token that also has veto rights on governance proposals.
The Future of LST Governance
stFLIP is both an LST and also a governance token, this means the larger the holding of stFLIP, the bigger say you'll get on proposals. StakedFLIP is the first LST to have rights in governance - it is super innovative. This ensures that holders and users remain in control of the protocol.
When the governance multisig signers submit proposals, they correspond on the backend to Gnosis Safe transactions. Such proposals can then be either approved or vetoed by stFLIP holders.
These proposals are optimistic, meaning that they succeed by default (unless quorum is met and they are vetoed).
Let’s Get Technical: How Might a Proposal Work in Practice?
A governance multi-sig signer uses the Gnosis Safe to initiate a DeFi transaction. This produces a transaction hash that identifies the action to be approved or rejected by the other multisig owners.
3/5 of these multisig owners must sign the transaction for it to be approved to the next stage.
After those signatures are collected, anyone can call the governance contract with either ‘addTransaction’ or ‘propose’, with arguments (address teamSafe, TxHashArgs calldata args, bytes calldata signatures) to begin this onchain governance. The team is incentivized to do so because they cannot execute any Gnosis Tx without the governance contracts’ approval.
stFLIP holders then have window of time where they can vote to veto this proposal, this window will depend on the nature of the proposal. It can be anywhere from 2 to 14 days.
If no quorum is met during the voting window, or there are more ‘for’ than ‘against’ votes on the proposal by the end, the proposal can effectively pass. Anyone can then call execute() to call safe.approveHash() from the governance contract under the hood. This provides the needed approval from the governance contract, which will allow the initial gnosis transaction to be executed.
If quorum is met and there are more ‘against’ than ‘for’ votes. The proposal gets vetoed by anyone calling the GovernanceContract.rejectTransaction(address teamSafe, uint256 nonce). This will cause the governance contract to sign a zero eth transfer gnosis transaction with the same nonce. Safe owners can then sign the same tx in the gnosis UI using the “replace transaction” functionality.
Safe owners can then execute the zero eth transfer, incrementing the nonce. The original transaction can never be executed, because there is no approval from the governance contract and the nonce has moved on, invalidating the original tx.