Security Council

Overview

The primary goal of the Scroll Security Council is to safeguard the security, integrity, and efficient operations of the Scroll zkEVM rollup. The Security Council acts as a decentralized governance body, overseeing protocol upgrades, emergency responses, and other critical decisions impacting the Scroll ecosystem. It acts as an 9/12 multisig and safeguards the protocol using certain Emergency and Non-Emergency permissions:

1. Non-emergency protocol upgrades
   • Includes routine software and protocol upgrades, routine maintenance, and other parameter adjustments.
   • At inception, these upgrades are executed manually. Non-emergency upgrades are almost always voted on first via the governance process. Then, pending a successful vote, the Security Council executes these protocol upgrades manually.
2. Emergency protocol upgrades
   • The Security Council can skip the governance process to make an emergency upgrade to the protocol. They would then be required to report on this activity after-the-fact to the community.
   • These situations might include (but are not limited to) any incidents that may impact the security or liveness of the Scroll chain that require protocol upgrades.
3. Full admin controls over the governance system
   • The Security Council serves as the admin to the Governance contracts, meaning that they have the ability to change almost anything in the governance process to ensure the correctness / safety of Scroll governance. Read more about the Governance admin in Governance Process .

Responsibilities & Accountability

Security Council members shall have these general responsibilities:

• Approve and implement protocol upgrades as directed by governance.
• Act promptly during security threats to safeguard the Scroll protocol.
• Work with development teams and other stakeholders for smooth execution of tasks.
• Conduct regular rehearsals for new ceremonies and protocol upgrades, coordinated by the Up Labs team.
• Exercise emergency powers to initiate emergency upgrades.

In addition, these are measures to ensure accountability of the Security Council:

• Regular evaluations of member performance based on adherence to responsibilities and overall contribution.
• Transparent reporting on actions taken during emergencies.
• Proving continued access to keys and active participation through periodic liveness checks.

Security Council Membership

Security Council is intended to be comprised of 12 participants — each a signatory in the 9/12 multisig, with no more than 2 persons from the same or affiliated organization. Members have been thoughtfully selected for their (1) technical competency (and proficiency in rollup and Scroll technology), (2) reputation as trusted individuals/entities with demonstrated alignment with Scroll’s vision, (3) geographic diversity, and (4) aligned incentives (i.e. no conflicts of interest).

The members of the Security Council are divided into two cohorts, Cohort A and Cohort B. Cohort A shall have an initial term of 18 months, with subsequent terms of 12 months each. Cohort B shall have an initial term and subsequent terms of 12 months each.

At the end of term of each Cohort, the members of that Cohort may be re-appointed and new members may be appointed by Scroll Foundation. During the term of the Cohort, members of the Security Council may be removed by Scroll Foundation, where it is deemed necessary to safeguard the best interest of the Scroll DAO and Scroll Foundation.

The initial members of the Security Council are listed as follows.

Cohort A

• Haichen Shen (Up Labs): co-founder of Up Labs, leading the design and development of Scroll protocol and zkEVM circuits.
• L2BEAT: a leading research and analytics platform that offers in-depth analysis analysis on security, risks, and adoption of Ethereum L2 protocols and bridges, and advocates for higher security standards across the L2 ecosystem.
• OpenZeppelin: a leading provider of comprehensive security solutions, offering battle-tested solidity libraries, auditing services, and automated security tools to blockchain applications. They have audited Scroll’s bridge and rollup smart contracts.
• Péter Garamvölgyi (Up Labs): the protocol lead of Up Labs, leading the protocol design and node implementation of Scroll protocol.
• Yoav Weiss (Ethereum Foundation): a security researcher at the Ethereum Foundation, has been actively contributing to the Ethereum ecosystem since 2017, including account abstraction (ERC-4337), OpenGSN, Layer 2 security, etc.
• Zellic: the security firm with deep expertise in blockchain security and cryptogrpahy, led by the best hackers in the world; also a founding member of the Security Alliance (SEAL). They have audited Scroll’s smart contracts and zero-knowledge circuits.

Cohort B

• 0xRajeev (Secureum): founder of Secureum and TrustX where he dedicates his time to scaling Ethereum security. During his 25 years in the security industry, he previously worked as a security researcher at Spearbit and collaborated with many leading security projects.
• Fredrik Svantes (Ethereum Foundation): the Protocol Security Research Team Lead at the Ethereum Foundation, experienced in red and blue teams, building and running a SOC, as a security architect, and as a CISO.
• Gauntlet: the leading model provider in crypto, building optimization data-driven strategies for tokens, protocols, and chains.
• Lefteris Karapetsas (Rotki): founder of rotki and a seasoned blockchain developer, known for his contributions to Ethereum’s early Solidity and core client development, the DAO, and the Raiden Network.
• Leo Alt (Powdr): co-founder of Powdr Labs and former formal verification lead at the Ethereum Foundation, specializing in security and performance.
• Shield3: a security and compliance platform dedicated to strengthening the security foundation of Web3 organizations through comprehensive incident response preparation; a founding member of the Security Alliance (SEAL) where they deliver customized security wargames and simulations.