|
| 1 | +# Governance |
| 2 | + |
| 3 | +Governance is a program the chief purpose of which is to control the upgrade of other programs through democratic means. |
| 4 | +It can also be used as an authority provider for mints and other forms of access control as well where we may want |
| 5 | +a voting population to vote on disbursement of access or funds collectively. |
| 6 | + |
| 7 | +## Architecture |
| 8 | + |
| 9 | +### Accounts diagram |
| 10 | + |
| 11 | + |
| 12 | + |
| 13 | +### Governance Realm account |
| 14 | + |
| 15 | +Governance Realm ties Community Token Mint and optional Council Token mint to create a realm |
| 16 | +for any governance pertaining to the community of the token holders. |
| 17 | +For example a trading protocol can issue a governance token and use it to create its governance realm. |
| 18 | + |
| 19 | +Once a realm is created voters can deposit Governing tokens (Community or Council) to the realm and |
| 20 | +use the deposited amount as their voting weight to vote on Proposals within that realm. |
| 21 | + |
| 22 | +### Program Governance account |
| 23 | + |
| 24 | +The basic building block of governance to update programs is the ProgramGovernance account. |
| 25 | +It ties a governed Program ID and holds configuration options defining governance rules. |
| 26 | +The governed Program ID is used as the seed for a [Program Derived Address](https://docs.solana.com/developing/programming-model/calling-between-programs#program-derived-addresses), |
| 27 | +and this program derived address is what is used as the address of the Governance account for your Program ID |
| 28 | +and the corresponding Governance mint and Council mint (if provided). |
| 29 | + |
| 30 | +What this means is that there can only ever be ONE Governance account for a given Program. |
| 31 | +The governance program validates at creation time of the Governance account that the current upgrade authority of the program |
| 32 | +taken under governance signed the transaction. |
| 33 | + |
| 34 | +Note: In future versions, once allowed in solana runtime, the governance program will take over the upgrade authority |
| 35 | +of the governed program when the Governance account is created. |
| 36 | + |
| 37 | +### How does authority work? |
| 38 | + |
| 39 | +Governance can handle arbitrary executions of code, but it's real power lies in the power to upgrade programs. |
| 40 | +It does this through executing commands to the bpf-upgradable-loader program. |
| 41 | +Bpf-upgradable-loader allows any signer who has Upgrade authority over a Buffer account and the Program account itself |
| 42 | +to upgrade it using its Upgrade command. |
| 43 | +Normally, this is the developer who created and deployed the program, and this creation of the Buffer account containing |
| 44 | +the new program data and overwriting of the existing Program account's data with it is handled in the background for you |
| 45 | +by the Solana program deploy cli command. |
| 46 | +However, in order for Governance to be useful, Governance now needs this authority. |
| 47 | + |
| 48 | +### Proposal accounts |
| 49 | + |
| 50 | +A Proposal is an instance of a Governance created to vote on and execute given set of changes. |
| 51 | +It is created by someone (Proposal Admin) and tied to a given Governance account |
| 52 | +and has a set of executable commands to it, a name and a description. |
| 53 | +It goes through various states (draft, voting, executing) and users can vote on it |
| 54 | +if they have relevant Community or Council tokens. |
| 55 | +It's rules are determined by the Governance account that it is tied to, and when it executes, |
| 56 | +it is only eligible to use the [Program Derived Address](https://docs.solana.com/developing/programming-model/calling-between-programs#program-derived-addresses) |
| 57 | +authority given by the Governance account. |
| 58 | +So a Proposal for Sushi cannot for instance upgrade the Program for Uniswap. |
| 59 | + |
| 60 | +When a Proposal is created by a user then the user becomes Proposal Admin and receives an Admin an Signatory token. |
| 61 | +With this power the Admin can add other Signatories to the Proposal. |
| 62 | +These Signatories can then add commands to the Proposal and/or sign off on the Proposal. |
| 63 | +Once all Signatories have signed off on the Proposal the Proposal leaves Draft state and enters Voting state. |
| 64 | +Voting state lasts as long as the Governance has it configured to last, and during this time |
| 65 | +people holding Community (or Council) tokens may vote on the Proposal. |
| 66 | +Once the Proposal is "tipped" it either enters the Defeated or Executing state. |
| 67 | +If Executed, it enters Completed state once all commands have been run. |
| 68 | + |
| 69 | +A command can be run by any one at any time after the `instruction_hold_up_time` length has transpired on the given command. |
| 70 | + |
| 71 | +### SingleSignerInstruction |
| 72 | + |
| 73 | +We only support one kind of executable command right now, and this is the `SingleSignerInstruction` type. |
| 74 | +A Proposal can have a certain number of these, and they run independently of each other. |
| 75 | +These contain the actual data for a command, and how long after the voting phase a user must wait before they can be executed. |
| 76 | + |
| 77 | +### Voting Dynamics |
| 78 | + |
| 79 | +When a Proposal is created and signed by its Signatories voters can start voting on it using their voting weight, |
| 80 | +equal to deposited governing tokens into the realm. A vote is tipped once it passes the defined `vote_threshold` of votes |
| 81 | +and enters Succeeded or Defeated state. If Succeeded then Proposal instructions can be executed after they hold_up_time passes. |
| 82 | + |
| 83 | +Users can relinquish their vote any time during Proposal lifetime, but once Proposal it tipped their vote can't be changed. |
| 84 | + |
| 85 | +### Community and Councils governing tokens |
| 86 | + |
| 87 | +Each Governance Realm that gets created has the option to also have a Council mint. |
| 88 | +A council mint is simply a separate mint from the Community mint. |
| 89 | +What this means is that users can submit Proposals that have a different voting population from a different mint |
| 90 | +that can affect the same program. A practical application of this policy may be to have a very large population control |
| 91 | +major version bumps of Solana via normal SOL, for instance, but hot fixes be controlled via Council tokens, |
| 92 | +of which there may be only 30, and which may be themselves minted and distributed via proposals by the governing population. |
| 93 | + |
| 94 | +### Proposal Workflow |
| 95 | + |
| 96 | + |
0 commit comments