-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy path2024-07-29-draft-consitution-converted.html
1741 lines (1741 loc) · 121 KB
/
2024-07-29-draft-consitution-converted.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<p><code>Draft 2024-07-29</code></p>
<h1>CARDANO BLOCKCHAIN ECOSYSTEM CONSTITUTION</h1>
<h2>PREAMBLE</h2>
<p>In the beginning of the Cardano Blockchain ecosystem, three pioneering entities, IOHK,<br />
Emurgo, and the Cardano Foundation, came together to foster the emergence of a new<br />
blockchain, the Cardano Blockchain, laying the foundation for a decentralized network that<br />
would empower individuals, and promote collaboration and innovation. Their pioneering efforts<br />
have shaped the path for a blockchain designed to ensure a fair and transparent environment<br />
where all participants can contribute to the Cardano Blockchain ecosystem's growth and success.</p>
<p>Over time, the Cardano Blockchain ecosystem has expanded significantly, and now, the Cardano<br />
Blockchain ecosystem, comprising of thousands of ada holders, individuals, builders, developers,<br />
enterprises, stake pools, users of the Cardano Blockchain and others, operates in a truly<br />
decentralized manner, further strengthening the resilience and autonomy of the Cardano<br />
Blockchain ecosystem.</p>
<p>As the Cardano Blockchain ecosystem continues to grow, it has become imperative to similarly<br />
adapt and evolve its governance model, reflecting the principles of decentralization, community<br />
involvement, inclusivity and collaboration that have been the cornerstone of the Cardano<br />
Blockchain ecosystem since its start.</p>
<p>Recognizing the need for a more robust and dynamic governance framework, and one that<br />
utilizes wherever possible and beneficial blockchain technology in the governance process, the<br />
Cardano community, as the members of this decentralized Cardano Blockchain ecosystem,<br />
hereby establishes this Cardano Constitution. It shall serve as a guiding set of principles for the<br />
operation and governance of our collective efforts, fostering an environment where all<br />
participants can contribute to the betterment of the Cardano Blockchain ecosystem as a whole.</p>
<p>Through adopting this Constitution, the Cardano Blockchain ecosystem shall establish a robust<br />
governance framework, ensuring that decisions are made in the best interest of the Cardano<br />
community. The Cardano community shall uphold principles of transparency, openness, and<br />
responsible governance, promoting a culture of trust and collaboration. Together, the Cardano<br />
community commits to uphold these principles and to work together towards the continuous<br />
improvement, growth, and success of our decentralized blockchain ecosystem known as the<br />
Cardano Blockchain.</p>
<p>This Constitution shall serve as the embodiment of these guiding principles for the operation and<br />
governance of the decentralized Cardano Blockchain ecosystem, providing a foundation that will<br />
adapt and evolve over time to meet the continuing needs of the Cardano community.</p>
<p>All members of the Cardano community are expected to abide by this Constitution, and are<br />
entitled to participate in its governance processes, and are encouraged to work collaboratively<br />
towards the betterment of the Cardano Blockchain ecosystem as a whole, contributing to its<br />
growth, sustainability, and success. The Cardano Blockchain shall be governed on a vote-based<br />
decision-making model, fostering inclusivity, a diversity of views, innovation and adaptability.</p>
<p>All owners of ada shall have the opportunity to contribute to the governance and direction of the<br />
decentralized Cardano Blockchain ecosystem.</p>
<p>In approaching this Constitution, it must be remembered that this is not a constitution for only a<br />
blockchain but rather, it is a constitution for a blockchain ecosystem – a much more ambitious<br />
endeavor. Accordingly, how governance actions are approved, while extremely important, is not<br />
the sole focus of this Constitution. Rather, this Constitution provides the basis and fundamental<br />
framework through which all actors in the Cardano Blockchain ecosystem can come together to<br />
govern themselves and form radically new approaches to human interaction and collaboration.</p>
<p>By necessity, this Constitution recognizes the role of and empowers the Constitutional<br />
Committee, confirms the right of the Cardano community to participate in collective bodies for<br />
collaboration, gives effect to on-chain governance, and empowers DReps to act as the voice of<br />
ada owners for on-chain voting.</p>
<p>The Constitution also recognizes the necessity of safeguarding access to and the use of funds of<br />
the Cardano treasury through the inclusion of the Cardano Guardrails in this Constitution.</p>
<h2>ARTICLE I. CARDANO BLOCKCHAIN TENETS AND GUARDRAILS</h2>
<h3>Section 1</h3>
<p>These below Tenets shall guide all actors in the Cardano Blockchain ecosystem including the<br />
Constitutional Committee and proposed governance actions shall be evaluated in accordance<br />
with these Tenets.</p>
<p>Transactions on the Cardano Blockchain should not be slowed down or censored and should be<br />
expediently served for their intended purpose. The Cardano Blockchain should scale taking into<br />
consideration throughput, sharding, settlement and dynamic pricing.</p>
<p>The cost of transactions on the Cardano Blockchain should be predictable and not unreasonable.<br />
The Cardano Blockchain should facilitate an accessible, predictable pricing model.</p>
<p>Anyone desiring to develop and deploy applications on the Cardano Blockchain should not<br />
unreasonably be prevented from developing and deploying such applications as intended. The<br />
Cardano community should promote features to assist in developing and deploying applications<br />
such as digital subscriber lines, formal verification support, asynchronous and scalable location<br />
services, oracles and access to partnerchains.</p>
<p>Contributions by Cardano community on the Cardano Blockchain should be recognized,<br />
recorded and assessed fairly by the Cardano community through reward sharing with SPOs and<br />
DReps, appropriate tokenomics and multi-resource consensus approaches.</p>
<p>The Cardano Blockchain shall not lock in an ada owner’s value without an owner’s consent. The<br />
Cardano Blockchain should promote interoperability and access to partnerchains.</p>
<p>The Cardano Blockchain shall preserve in a safe manner any value and information an owner of<br />
ada seeks to store on the Cardano Blockchain. To assure safe protection of value and<br />
information, the Cardano Blockchain should focus on integrity, post-quantum security,<br />
decentralization and decentralized storage, access to stablecoins and robust key management<br />
approaches.</p>
<p>The Cardano Blockchain shall not unnecessarily spend resources. The Cardano Blockchain shall<br />
promote efficient design, memory and storage.</p>
<p>All users of the Cardano Blockchain shall be treated equally taking into account the collective<br />
desires of the Cardano Blockchain community consistent with the long-term sustainability and<br />
viability of the Cardano Blockchain. Long-term sustainability and viability shall be evaluated by<br />
a number of considerations including fairness, neutrality, sustainability, robust governance,<br />
promotion of decentralized identity, use of multi-resource consensus and democratic<br />
participation by all members of the Cardano community.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Do you believe these tenets appropriately reflect the ethos of the Cardano Blockchain?</li>
<li>Should there be an additional tenet addressing financial sustainability? If yes, what<br />
should it contain? Should it include an absolute cap on the circulating supply of ada?</li>
</ul>
<h3>Section 2</h3>
<p>The Cardano Blockchain shall operate in accordance with the Cardano Blockchain Guardrails as<br />
set forth in the Guardrails Appendix to this Constitution. The Cardano community may from<br />
time to time digitally codify certain Cardano Blockchain Guardrails such that such Cardano<br />
Blockchain Guardrails are directly programmed and implemented on the Cardano Blockchain<br />
using on-chain scripts or built-in ledger rules.</p>
<p>In the event there are inconsistencies between a Cardano Blockchain Guardrail as set forth in the<br />
Guardrails Appendix and any such Cardano Blockchain Guardrail that has been programmed and<br />
implemented on the Cardano Blockchain, the version of such Cardano Blockchain Guardrail that<br />
has been deployed directly on the Cardano Blockchain shall prevail and the Constitutional<br />
Committee shall seek to reconcile such inconsistencies through the encouragement of an<br />
appropriate on-chain governance action.</p>
<h2>ARTICLE II. THE CARDANO BLOCKCHAIN COMMUNITY</h2>
<h3>Section 1</h3>
<p>No formal membership shall be required to use, participate in and benefit from the Cardano<br />
Blockchain. Instead, all owners of ada, all developers of, all those building on, and all those<br />
otherwise supporting, maintaining or using the Cardano Blockchain are beneficiaries of the<br />
Cardano Blockchain ecosystem and, as such, are collectively members of the Cardano</p>
<p>community. All Cardano community members are accordingly beneficiaries of this Constitution,<br />
entitled to its rights, privileges and protections and, as such, are expected to support and uphold<br />
this Constitution.</p>
<h3>Section 2</h3>
<p>Members of the Cardano community who own ada <em>[, as well as their appointed designees,]</em> are<br />
entitled to access and participate in the on-chain decision-making processes of the Cardano<br />
Blockchain ecosystem, including voting and taking part in on-chain governance regarding the<br />
Cardano Blockchain.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should on-chain governance participation be limited to only owners of ada or should<br />
ada owners be allowed to appoint designees who are then entitled to participate in on-<br />
chain governance? [Note that this is not a reference to delegation to DReps.</li>
</ul>
<h3>Section 3</h3>
<p>Members of the Cardano community have a responsibility to maintain the integrity of the<br />
Cardano Blockchain ecosystem by following this Constitution, operating the Cardano<br />
Blockchain network, participating in Cardano Blockchain governance activities, and resolving<br />
disputes in a fair and transparent manner.</p>
<h3>Section 4</h3>
<p>The Cardano community is entitled and encouraged through the provisions of this Constitution to<br />
collaborate in developing, maintaining and building applications for the Cardano community,<br />
and to form temporary and permanent organizations and entities as the Cardano community<br />
deems desirable or appropriate in support of the Cardano Blockchain ecosystem.</p>
<h2>ARTICLE III. PARTICIPATORY GOVERNANCE</h2>
<h3>Section 1</h3>
<p>The Cardano Blockchain ecosystem shall be governed by a decentralized, on-chain governance<br />
model, utilizing, to the extent possible and beneficial, smart contracts and other blockchain-<br />
based tools to facilitate decision-making and ensure transparency. On-chain voting for<br />
governance actions shall follow the process outlined in the Cardano Blockchain Guardrails.</p>
<h3>Section 2</h3>
<p>Three independent governance bodies shall participate in voting for on-chain governance actions<br />
to provide checks and balances for the Cardano Blockchain consisting of Delegated<br />
Representatives (DRep), Stake Pool Operators (SPO) and the Constitutional Committee (CC).</p>
<h3>Section 3</h3>
<p>On-chain governance decisions shall be made through a collective decision-making process, with<br />
specific consensus threshold requirements as required by the Cardano Blockchain Guardrails.<br />
All on-chain governance actions shall be voted upon in accordance with the Cardano Blockchain<br />
Guardrails.</p>
<h3>Section 4</h3>
<p>All owners of ada <em>[, as well as their appointed designees,]</em> shall have the right to vote in on-chain<br />
governance action decision-making processes, subject to any restrictions or requirements<br />
provided for in this Constitution and the Cardano Blockchain Guardrails.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Voting rights are in proportion to the ada owned. However, should the Constitution<br />
specify a specific voting model?</li>
<li>Should the Constitution enshrine one ada one vote?</li>
<li>How do we address participation by institutions? Should holders of ada who are not<br />
owners, such as exchanges, be allowed to vote?</li>
</ul>
<p>All owners of ada <em>[, as well as their appointed designees,]</em> shall have the right to propose changes<br />
to the governance structure of the Cardano Blockchain ecosystem in accordance with the<br />
Cardano Blockchain Guardrails.</p>
<h3>Section 5</h3>
<p>A special form of governance action exists to allow community sentiment to be gauged without<br />
committing to any on-chain change of the Cardano Blockchain. "Info" actions have no on-chain<br />
effect other than to record the outcome of such a vote on the Cardano Blockchain.</p>
<h3>Section 6</h3>
<p>Any proposed on-chain governance action shall require a standardized and legible format<br />
including a URL and hash linked to documented off-chain content. Sufficient rationale shall be<br />
provided to justify the requested change to the Cardano Blockchain. The rationale shall include,<br />
at a minimum, a title, abstract, reason for the proposal, and relevant supporting materials.</p>
<p>Any governance action proposal reaching the on-chain governance stage shall be identical in<br />
content as to the final off-chain version of such governance action proposal.</p>
<p>“Hard Fork Initiation” and “Protocol Parameter Change” governance actions should undergo<br />
sufficient technical review and scrutiny as mandated by the Cardano Blockchain Guardrails to<br />
ensure that the governance action does not endanger the security, functionality or performance of<br />
the Cardano Blockchain. On-chain governance actions should address their expected impact on<br />
the Cardano Blockchain ecosystem.</p>
<p>All owners of ada shall have the right to ensure that the process for participating in, submitting<br />
and voting on on-chain governance actions is open and transparent and is protected from undue<br />
influence and manipulation.</p>
<h3>Section 7</h3>
<p>The Cardano community is expected to support the creation, maintenance and ongoing<br />
administration of off-chain governance processes as may be necessary to give effect to this<br />
Constitution and to ensure that there is awareness of and an opportunity to debate and shape all<br />
future governance actions for the Cardano Blockchain.</p>
<h3>Section 8</h3>
<p>The Cardano community is expected to propose, not less than on an annual basis, a budget for<br />
the ongoing maintenance and future development of the Cardano Blockchain. All owners of<br />
ada <em>[, as well as their appointed designees,]</em> are expected to periodically approve the Cardano<br />
Blockchain budget through an on-chain governance action. No withdrawals from the Cardano<br />
treasury shall be permitted unless a budget for the Cardano Blockchain is then in effect as<br />
required by the Cardano Blockchain Guardrails.</p>
<p><em>[Any governance action requesting ada from the Cardano Blockchain treasury in excess of
[1,000,000] ada shall require an allocation of ada as a part of such funding request to cover the
cost of periodic independent audits and the implementation of oversight metrics as to the use of
such ada.] [Contractual obligations governing the use of ada received from the Cardano
Blockchain treasury pursuant to a Cardano budget in excess of [1,000,000] shall include dispute
resolution provisions.]</em></p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution require that governance actions above a specified amount<br />
include allocations of ada to cover periodic audits and implementation of oversight<br />
metrics? If yes, how should they be enforced?</li>
<li>Should the Constitution require that contractual provisions governing the use of ada<br />
received from the treasury above a specified amount include dispute resolution<br />
provisions? If yes, how should they be enforced?</li>
<li>Should the Constitution require that the budget include a contingency fund? If so, how<br />
would it work? What could it be used for? Who would administer it?</li>
<li>Should the Constitution require that the budget include an indemnity fund to cover<br />
potential claims against governance participants such as DReps and Constitutional<br />
Committee members? If so, how would it work? What could it be used for? Who would<br />
administer it?</li>
<li>Should the budgetary process be spelled out in greater detail in the Constitution? Should<br />
the Constitution identify how the budget will be administered? Should it identify who<br />
will administer the budget?</li>
<li>Should the Constitution specify a cap on the annual budget?</li>
</ul>
<h2>ARTICLE IV. DELEGATED REPRESENTATIVES</h2>
<h3>Section 1</h3>
<p>In order to participate in governance actions, owners of ada may register as DReps and directly<br />
vote on such governance actions or may delegate their voting rights to other registered DReps<br />
who shall vote on their behalf.</p>
<h3>Section 2</h3>
<p>Any owner of ada shall have the option to register as a DRep. Any owner of ada <em>[, as well as
their appointed designees,]</em> shall be allowed to delegate their voting stake to one or more<br />
registered DReps, including themselves. DReps may be individuals or coordinated groups.<br />
DReps are entitled to cast votes directly for on-chain governance actions and represent those ada<br />
holders delegating their voting rights to them.</p>
<p>This voting system shall enshrine a liquid democracy model where owners of ada can seamlessly<br />
select among DReps, register as a DRep, and change their delegation at any time.</p>
<h3>Section 3</h3>
<p><em>[DReps are expected to adopt codes of conduct from time to time governing their activities as
DReps and make such codes of conduct publicly available.]</em></p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution include any guidelines as to the requirements that must be<br />
included by DReps in their respective codes of conduct?</li>
<li>Should there be one code of conduct for all DReps or should each DRep be allowed to<br />
adopt its own code of conduct? Should DRep codes of conduct be on-chain?</li>
<li>Should the Constitutional Committee determine whether such codes of conduct are<br />
consistent with the Constitution?</li>
<li>Should the Constitution include term limits for DReps?</li>
</ul>
<h3>Section 4</h3>
<p>The Cardano community is expected to support the creation, maintenance and ongoing<br />
administration of tools to enable owners of ada to explore and evaluate DRep candidates and<br />
select DReps on such criteria as they deem relevant.</p>
<h3>Section 5</h3>
<p><em>[DReps may be compensated for their efforts to foster the creation of a professional governance
cohort for the Cardano Blockchain ecosystem. DReps shall ensure that any compensation
received in connection with their activities as a DRep is disclosed. DReps may not otherwise
purchase voting rights.]</em></p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution mandate compensation for DReps? If so, should the Constitution<br />
specify how compensation is determined or include a cap on compensation?</li>
<li>Should the Constitution require that budgets approved for the Cardano Blockchain<br />
include an allocation from the Cardano Blockchain treasury sufficient to compensate<br />
DReps in such amounts as may be approved from time to time by ada owners.</li>
</ul>
<h2>ARTICLE V. STAKE POOL OPERATORS</h2>
<h3>Section 1</h3>
<p>SPOs shall have a specific role in approving critical on-chain governance actions which require<br />
additional oversight and independence, voting separately and independently from DReps as set<br />
forth in the Cardano Blockchain Guardrails. SPOs shall participate in hard fork initiation<br />
processes as the operators of the nodes that participate in Cardano Blockchain’s consensus<br />
mechanism.</p>
<h3>Section 2</h3>
<p>SPOs may act as a check on the power of the Constitutional Committee under exceptional<br />
circumstances by separately voting on "Motion of no-confidence" and "Update<br />
committee/threshold" governance actions.</p>
<h3>Section 3</h3>
<p><em>[Owners of ada who are both DReps and SPOs shall either refrain from voting in on-chain
governance actions in both capacities or shall publicly disclose that they are participating in on-
chain governance actions in both such capacities prior to exercising any on-chain governance
rights.]</em></p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution include a requirement that ada owners who are both DReps and<br />
SPOs either refrain from voting in both capacities or disclose such dual roles?</li>
<li>Should the Constitution include other conflicts of interest provisions included?</li>
<li>Should the Constitution require that SPOs be expected to implement codes of conduct? If<br />
yes, should they be on-chain? Should the Constitutional Committee determine whether<br />
such codes of conduct are consistent with the Constitution?]</li>
</ul>
<h2>ARTICLE VI. CONSTITUTIONAL COMMITTEE</h2>
<h3>Section 1</h3>
<p>A Constitutional Committee shall be established as the branch of Cardano's on-chain governance<br />
process that ensures governance actions are consistent with this Constitution. The Constitutional<br />
Committee shall comprise a set of owners of ada <em>[, including their appointed designees,]</em> that is<br />
collectively responsible for ensuring that on-chain governance actions prior to enactment on-<br />
chain, are constitutional. The Constitutional Committee shall be limited to voting on the<br />
constitutionality of governance actions. Constitutional Committee members are expected to have<br />
appropriate expertise to carry out their required responsibilities, considering their past<br />
contributions and involvement in the Cardano Blockchain ecosystem.</p>
<h3>Section 2</h3>
<p>The Constitutional Committee shall be composed of <em>[such number of members as shall be
determined from time to time by owners of ada]</em> , as consistent with the Cardano Blockchain<br />
Guardrails, and as shall be sufficient to assure the ongoing integrity of the Cardano Blockchain.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution specify</li>
</ul>
<h3>Section 2</h3>
<p>The Constitutional Committee shall be composed of <em>[such number of members as shall be
determined from time to time by owners of ada]</em> , as consistent with the Cardano Blockchain<br />
Guardrails, and as shall be sufficient to assure the ongoing integrity of the Cardano Blockchain.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution specify how the number of members of the CC are determined?<br />
[Note that the Guardrails specify both a minimum and maximum number of members.]</li>
</ul>
<p>Members of the Constitutional Committee shall serve such terms <em>[as shall be determined from
time to time by owners of ada]</em> as consistent with the Cardano Blockchain Guardrails, provided<br />
that terms shall not be less than one year. To assure continuity in the operation of Constitutional<br />
Committee, the terms for Constitutional Committee members shall be staggered.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution specify how term limits for CC members are determined? [Note<br />
that the Guardrails specify both a minimum and maximum term limit.]</li>
</ul>
<h3>Section 3</h3>
<p>The Cardano community shall establish a process from time to time for election of members of<br />
the Constitutional Committee consistent with the requirements of the Cardano Blockchain<br />
Guardrails.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution include an explicit process for the election of members of the<br />
CC?</li>
</ul>
<h3>Section 4</h3>
<p>No governance action, other than a "Motion of no-confidence" or "Update constitutional<br />
committee/threshold" may be implemented on-chain unless the Constitutional Committee shall<br />
have first determined and affirmed through an on-chain action that such proposal does not violate<br />
this Constitution.</p>
<p>The Constitutional Committee shall be considered to be in one of the following two states at all<br />
times: a state of confidence or a state of no-confidence. In a state of no-confidence, members of<br />
the then standing Constitutional Committee must be reinstated or replaced using the "Update<br />
committee/threshold" governance action before any other on-chain governance action may go<br />
forward.</p>
<h3>Section 5</h3>
<p>Constitutional Committee processes shall be transparent. The Constitutional Committee shall<br />
publish each decision. When voting <em>[no]</em> on a proposal, <em>[the Constitutional Committee] [each
member of the Constitutional committee casting a no vote]</em> shall set forth the basis for its<br />
decision with reference to specific Articles of this Constitution that are in conflict with a given<br />
proposal.</p>
<p>The Constitutional Committee shall operate pursuant to a code of conduct published by the<br />
Constitutional Committee from time to time and shall adopt such policies and procedures as the<br />
Constitutional Committee shall deem necessary in carrying out its duties.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution require that the Constitutional Committee code of conduct be on-<br />
chain?</li>
<li>Should the community have any role in approving the Constitutional Committee code of<br />
conduct? If so, how would this work?</li>
</ul>
<h3>Section 6</h3>
<p>The Cardano community is expected to support the creation, maintenance and ongoing<br />
administration of tools as may be necessary and appropriate for the Constitutional Committee to<br />
perform its required functions.</p>
<h3>Section 7</h3>
<p><em>[Constitutional Committee members may be compensated for their efforts as members of the
Constitutional Committee. Constitutional Committee members shall ensure that any
compensation received in connection with their activities as a member is disclosed.] [Budgets
approved for the Cardano Blockchain shall include allocations from the Cardano Blockchain
treasury sufficient to [compensate Constitutional Committee members in such amounts as may
be approved from time to time by ada owners] and to provide for periodic administrative costs
of the Constitutional Committee in such amounts as requested from time to time by the
Constitutional Committee.]</em></p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution mandate compensation for CC members? If so, should the<br />
Constitution specify how compensation is determined or include a cap on compensation?</li>
<li>Should the Constitution require that budgets approved for the Cardano Blockchain<br />
include an allocation from the Cardano Blockchain treasury sufficient to compensate CC<br />
members in such amounts as may be approved from time to time by ada owners.</li>
<li>Should the Constitution require that the budget include an allocation for the<br />
administrative costs of the CC? If so, how should the amount be determined? If so,<br />
should the Constitution specify who would administer such a budget and whether<br />
expenditures by the CC should be public or subject to audit oversight?</li>
</ul>
<h2>ARTICLE VII. AMENDMENTS</h2>
<h3>Section 1</h3>
<p>Except as otherwise so provided in the Cardano Blockchain Guardrails Appendix, amendments<br />
to this Constitution, including to the Cardano Blockchain Guardrails Appendix, shall be<br />
approved by a collective decision-making process, requiring an on-chain governance action by<br />
owners of ada <em>[, including their appointed designees,]</em> satisfying a threshold of not less than 67%<br />
of the then active voting stake.</p>
<h3>Section 2</h3>
<p>If the Cardano Blockchain Guardrails Appendix sets forth an amendment threshold for a<br />
Cardano Blockchain Guardrail that is different than the amendment threshold contained in<br />
Section 1 of this Article VII, then the threshold set forth in the Cardano Blockchain Guardrails<br />
Appendix for such Cardano Blockchain Guardrail shall apply.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should the Constitution include a provision preventing Article VII itself from being<br />
amended or allowing any governance action that would have the effect of changing these<br />
amendment requirements?</li>
<li>Should the Constitution include a category of technical guardrail modifications that<br />
could be overseen and approved by the Constitutional Committee? Is this even possible?<br />
If yes, should such a category be narrowly defined to only address high security risks or<br />
emergency issues?</li>
</ul>
<h2>APPENDIX I: CARDANO BLOCKCHAIN GUARDRAILS</h2>
<h3>1. INTRODUCTION</h3>
<p>To implement Cardano Blockchain on-chain governance pursuant to CIP-1694, it is necessary to<br />
establish sensible guardrails that will enable the Cardano Blockchain to continue to operate in a<br />
secure and sustainable way.</p>
<p>This Appendix sets forth guardrails that must be applied to Cardano Blockchain on-chain<br />
governance actions, including changes to the protocol parameters and limits on treasury<br />
withdrawals. These guardrails cover both essential, intrinsic limits on settings, and<br />
recommendations that are based on experience, measurement and governance objectives.</p>
<p>These guardrails are designed to avoid unexpected problems with the operation of the Cardano<br />
Blockchain. They are intended to guide the choice of sensible parameter settings and avoid<br />
potential problems with security, performance or functionality. As described below, some of<br />
these guardrails are automatable and will be enforced via an on-chain script or built-in ledger<br />
rules.</p>
<p>These guardrails apply to the Cardano Blockchain Layer 1 mainnet environment. They are not<br />
intended to apply to test environments or to other blockchains that use the Cardano Blockchain<br />
software.</p>
<p>Not all parameters for the Cardano Blockchain can be considered independently. Some<br />
parameters interact with other settings in an intrinsic way. Where known, these interactions are<br />
addressed in this Appendix.</p>
<p>While the guardrails in this Appendix presently reflect the current state of technical insight, this<br />
Appendix should be treated as a living document. Implementation improvements, new<br />
simulations or performance evaluation results for the Cardano Blockchain may allow some of the<br />
restrictions contained in these guardrails to be relaxed (or, in some circumstances, require them<br />
to be tightened) in due course.</p>
<p>Additional guardrails may also be needed where, for example, new protocol parameters are<br />
introduced.</p>
<p>The guardrails set forth in this Appendix may be amended from time to time pursuant to an on-<br />
chain governance action that satisfies the applicable voting threshold as set forth in this<br />
Appendix. Any such amendment to any guardrails shall require and be deemed to be an<br />
amendment to the Constitution itself.</p>
<h4>Workshop Questions</h4>
<ul>
<li>Should any of the below Guardrails include an amendment threshold different from the<br />
threshold included in Article VII?</li>
</ul>
<h3>Terminology and Guidance</h3>
<p><strong>Should/Should not.</strong> Where this Appendix says that a value "should not" be set below or<br />
above some value, this means that the guardrail is a recommendation or guideline, and the<br />
specific value could be open to discussion or alteration by a suitably expert group recognized by<br />
the Cardano community in light of experience with the Cardano Blockchain governance system<br />
or the operation of the Cardano Blockchain.</p>
<p><strong>Must/Must not.</strong> Where this Appendix says that a value "must not" be set below or above<br />
some value, this means that the guardrail is a requirement that will be enforced by Cardano<br />
Blockchain ledger rules, types or other built-in mechanisms where possible, and that if not<br />
followed could cause a protocol failure, security breach or other undesirable outcome.</p>
<p><strong>Benchmarking.</strong> Benchmarking refers to careful system level performance evaluation that is<br />
designed to show a-priori that, for example, 95% of blocks will be diffused across a global<br />
network of Cardano Blockchain nodes within the required 5s time interval in all cases. This may<br />
require construction of specific test workflows and execution on a large test network of Cardano<br />
nodes, simulating a global Cardano Blockchain network.</p>
<p><strong>Performance analysis.</strong> Performance analysis refers to projecting theoretical performance,<br />
empirical benchmarking or simulation results to predict actual system behavior. For example,<br />
performance results obtained from tests in a controlled test environment (such as a collection of<br />
data centers with known networking properties) may be extrapolated to inform likely<br />
performance behavior in a real Cardano Blockchain network environment.</p>
<p><strong>Simulation.</strong> Simulation refers to synthetic execution that is designed to inform<br />
performance/functionality decisions in a repeatable way. For example, the IOSim Cardano<br />
Blockchain module allows the operation of the networking stack to be simulated in a controlled<br />
and repeatable way, allowing issues to be detected before code deployment.</p>
<p><strong>Performance Monitoring.</strong> Performance monitoring involves measuring the actual behavior<br />
of the Cardano Blockchain network, for example, by using timing probes to evaluate round-trip<br />
times, or test blocks to assess overall network health. It complements benchmarking and<br />
performance analysis by providing information about actual system behavior that cannot be<br />
obtained using simulated workloads or theoretical analysis.</p>
<p><strong>Reverting Changes.</strong> Where performance monitoring shows that actual network behavior<br />
following a change is inconsistent with the performance requirements for the Cardano<br />
Blockchain, then the change must be reverted to its previous state if that is possible. For<br />
example, if the block size is increased from 100KB to 120KB and 95% of blocks are no longer<br />
diffused within 5s, then a change must be made to revert the block size to 100KB. If this is not<br />
possible, then one or more alternative changes must be made that will ensure that the<br />
performance requirements are met.</p>
<p><strong>Severity Levels.</strong> Issues that affect the Cardano Blockchain network are classified by<br />
severity level, where:</p>
<ul>
<li>Severity 1 is a critical incident or issue with very high impact to the security,<br />
performance, or functionality of the Cardano Blockchain network.</li>
<li>Severity 2 is a major incident or issue with significant impact to the security,<br />
performance, or functionality of the Cardano Blockchain network.</li>
<li>Severity 3 is a minor incident or issue with low impact to the security, performance, or<br />
functionality of the Cardano Blockchain network.</li>
</ul>
<p><strong>Future Performance Requirements.</strong> Planned development such as new mechanisms for out-<br />
of-memory storage may impact block diffusion or other times. When changing parameters, it is<br />
necessary to consider these future performance requirements as well as the current operation of<br />
the Cardano Blockchain. Until development is complete, the requirements will be conservative;<br />
they may then be relaxed to account for actual timing behavior.</p>
<h3>Automated Checking ("Guardrails Script")</h3>
<p>A script hash is associated with the constitution hash when a <strong>New Constitution or Guardrails
Script</strong> governance action is enacted. It acts as an additional safeguard to the ledger rules and<br />
types, filtering non-compliant governance actions.</p>
<p>The guardrails script only affects two types of governance actions:</p>
<ul>
<li><strong>Parameter Update</strong> actions, and</li>
<li><strong>Treasury Withdrawal</strong> actions.</li>
</ul>
<p>The script is executed when either of these types of governance action is submitted on-chain.<br />
This avoids scenarios where, for example, an erroneous script could prevent the chain from ever<br />
enacting a Hard Fork action, resulting in deadlock. There are three different situations that apply<br />
to script usage.</p>
<p><strong>Symbol and Explanation</strong></p>
<ul>
<li>(y) The script can be used to enforce the guardrail.</li>
<li>(x) The script cannot be used to enforce the guardrail.</li>
<li>(~ - reason) The script cannot be used to enforce the guardrail for the reason given, but<br />
future ledger changes could enable this.</li>
</ul>
<p>Guardrails may overlap: in this case, the most restrictive set of guardrails will apply.</p>
<p>Where a parameter is not explicitly listed in this document, then the script <strong>must not</strong> permit<br />
any changes to the parameter.</p>
<p>Conversely, where a parameter is explicitly listed in this document but no checkable guardrails<br />
are specified, the script <strong>must not</strong> impose any constraints on changes to the parameter.</p>
<h3>2. GUARDRAILS AND GUIDELINES ON PROTOCOL PARAMETER UPDATE ACTIONS</h3>
<p>Below are guardrails and guidelines for changing updatable protocol parameter settings via the<br />
protocol parameter update governance action such that the Cardano Blockchain is never in an<br />
unrecoverable state as a result of such changes.</p>
<p>Note that there are at least five different sources of parameter names, and these are not always<br />
consistent:</p>
<ol>
<li>The name used in the Genesis file</li>
<li>The name used in protocol parameter update governance actions</li>
<li>The name used internally in ledger rules</li>
<li>The name used in the formal ledger specification</li>
<li>The name used in research papers</li>
</ol>
<p>Where these parameter names differ, this Appendix uses the second convention.</p>
<h4>Guardrails</h4>
<p><strong>PARAM-01</strong> (y) Any protocol parameter that is not explicitly named in this document <strong>must
not</strong> be changed by a Parameter update governance action.</p>
<p><strong>PARAM-02</strong> (y) Where a protocol parameter is explicitly listed in this document but no<br />
checkable guardrails are specified, the guardrails script <strong>must not</strong> impose any constraints on<br />
changes to the parameter. Checkable guardrails are shown by a (y).</p>
<h3>2.1. Critical Protocol Parameters</h3>
<p>The below protocol parameters are critical from a security point of view.</p>
<p><em>Parameters that are Critical to the Operation of the Blockchain</em></p>
<ul>
<li><em>maximum block body size</em> (<em>maxBlockBodySize</em>)</li>
<li><em>maximum transaction size</em> (<em>maxTxSize</em>)</li>
<li><em>maximum block header size</em> (<em>maxBlockHeaderSize</em>)</li>
<li><em>maximum size of a serialized asset value</em> (<em>maxValueSize</em>)</li>
<li><em>maximum script execution/memory units in a single block</em> (<em>maxBlockExecutionUnits[steps/memory]</em>)</li>
<li><em>minimum fee coefficient</em> (<em>txFeePerByte</em>)</li>
<li><em>minimum fee constant</em> (<em>txFeeFixed</em>)</li>
<li><em>minimum fee per byte for reference scripts</em> (<em>minFeeRefScriptCoinsPerByte</em>)</li>
<li><em>minimum Lovelace deposit per byte of serialized UTxO</em> (<em>utxoCostPerByte</em>)</li>
<li><em>governance action deposit</em> (<em>govDeposit</em>)</li>
</ul>
<h4>Guardrails</h4>
<p><strong>PARAM-03</strong> (y) Critical protocol parameters require an SPO vote in addition to a DRep vote: SPOs <strong>must</strong> say "yes" with a collective support of more than 50% of all active block production stake. This is enforced by the guardrails on the stake pool voting threshold.</p>
<p><strong>PARAM-04</strong> (x) At least 3 months <strong>should</strong> normally pass between the publication of an off-chain proposal to change a critical protocol parameter and the submission of the corresponding on-chain governance action. This guardrail may be relaxed in the event of a Severity 1 or Severity 2 network issue following careful technical discussion and evaluation.</p>
<p><em>Parameters that are Critical to the Governance System</em></p>
<ul>
<li><em>delegation key Lovelace deposit</em> (<em>stakeAddressDeposit</em>)</li>
<li><em>pool registration Lovelace deposit</em> (<em>stakePoolDeposit</em>)</li>
<li><em>minimum fixed rewards cut for pools</em> (<em>minPoolCost</em>)</li>
<li><em>DRep deposit amount</em> (<em>dRepDeposit</em>)</li>
<li><em>minimal Constitutional Committee size</em> (<em>committeeMinSize</em>)</li>
<li><em>maximum term length (in epochs) for the Constitutional Committee members</em> (<em>committeeMaxTermLimit</em>)</li>
</ul>
<h4>Guardrails</h4>
<p><strong>PARAM-05</strong> (y) DReps <strong>must</strong> vote "yes" with a collective support of more than 50% of all active voting stake. This is enforced by the guardrails on the DRep voting thresholds.</p>
<p><strong>PARAM-06</strong> (x) At least 3 months <strong>should</strong> normally pass between the publication of an off-chain proposal to change a parameter that is critical to the governance system and the submission of the corresponding on-chain governance action. This guardrail may be relaxed in the event of a Severity 1 or Severity 2 network issue following careful technical discussion and evaluation.</p>
<h3>2.2. Economic Parameters</h3>
<p>The overall goals when managing economic parameters are to:</p>
<ol>
<li>Enable long-term economic sustainability for the Cardano Blockchain ecosystem;</li>
<li>Ensure that stake pools are adequately rewarded for maintaining the Cardano Blockchain;</li>
<li>Ensure that ada holders are adequately rewarded for using stake in constructive ways, including when delegating ada for block production; and</li>
<li>Balance economic incentives for different Cardano Blockchain ecosystem stakeholders, including but not limited to Stake Pool Operators, ada holders, DeFi users, infrastructure users, developers (e.g., DApps), and financial intermediaries (e.g., exchanges).</li>
</ol>
<p><em>Triggers for Change</em></p>
<ol>
<li>Significant changes in the fiat value of ada resulting in potential problems with security, performance, or functionality.</li>
<li>Changes in transaction volumes or types.</li>
<li>Community requests or suggestions.</li>
<li>Emergency situations that require changes to economic parameters.</li>
</ol>
<p><em>Counter-indicators</em></p>
<p>Changes to the economic parameters should not be made in isolation. They need to account for:</p>
<ul>
<li>External economic factors.</li>
<li>Network security concerns.</li>
</ul>
<p><em>Core Metrics</em></p>
<ul>
<li>Fiat value of ada resulting in potential problems with security, performance, or functionality.</li>
<li>Transaction volumes and types.</li>
<li>Number and health of stake pools.</li>
<li>External economic factors.</li>
</ul>
<p><em>Changes to Specific Economic Parameters</em></p>
<p><strong>Transaction fee per byte (txFeePerByte) and fixed transaction fee (txFeeFixed)</strong></p>
<p>Defines the cost for basic transactions in Lovelace:</p>
<p>fee(tx) = txFeeFixed + txFeePerByte x nBytes(tx)</p>
<h4>Guardrails</h4>
<p><strong>TFPB-01</strong> (y) <em>txFeePerByte</em> <strong>must not</strong> be lower than 30 (0.000030 ada). This protects against low-cost denial of service attacks.</p>
<p><strong>TFPB-02</strong> (y) <em>txFeePerByte</em> <strong>must not</strong> exceed 1,000 (0.001 ada). This ensures that transactions can be paid for.</p>
<p><strong>TFPB-03</strong> (y) <em>txFeePerByte</em> <strong>must not</strong> be negative.</p>
<p><strong>TFF-01</strong> (y) <em>txFeeFixed</em> <strong>must not</strong> be lower than 100,000 (0.1 ada). This protects against low-cost denial of service attacks.</p>
<p><strong>TFF-02</strong> (y) <em>txFeeFixed</em> <strong>must not</strong> exceed 10,000,000 (10 ada). This ensures that transactions can be paid for.</p>
<p><strong>TFF-03</strong> (y) <em>txFeeFixed</em> <strong>must not</strong> be negative.</p>
<p><strong>TFGEN-01</strong> (x - "should") To maintain a consistent level of protection against denial-of-service attacks, <em>txFeeFixed</em> and <em>txFeePerByte</em> <strong>should</strong> be adjusted whenever Plutus Execution prices are adjusted (executionUnitPrices[steps/memory]).</p>
<p><strong>TFGEN-02</strong> (x - unquantifiable) Any changes to <em>txFeeFixed</em> or <em>txFeePerByte</em> <strong>must</strong> consider the implications of reducing the cost of a denial-of-service attack or increasing the maximum transaction fee so that it becomes impossible to construct a transaction.</p>
<p><em>UTxO cost per byte (utxoCostPerByte)</em></p>
<p>Defines the cost for storage in UTxOs:</p>
<ul>
<li>Sets a minimum threshold on ada that is held within a single UTxO (~1 ada minimum, could be >= 50 ada in the worst case).</li>
<li>Provides protection against low-cost denial of service attack on UTxO storage. This attack has been executed on other chains; it is not theoretical.</li>
<li>DoS protection decreases in line with the free node memory (proportional to UTxO growth).</li>
<li>Helps reduce long-term storage costs.</li>
<li>Provides an incentive to return UTxOs when no longer needed.</li>
<li>Should significantly exceed minimum tx cost (~0.15 ada).</li>
</ul>
<h4>Guardrails</h4>
<p><strong>UCPB-01</strong> (y) <em>utxoCostPerByte</em> <strong>must not</strong> be lower than 3,000 (0.003 ada).</p>
<p><strong>UCPB-02</strong> (y) <em>utxoCostPerByte</em> <strong>must not</strong> exceed 6,500 (0.0065 ada).</p>
<p><strong>UCPB-03</strong> (y) <em>utxoCostPerByte</em> <strong>must not</strong> be zero.</p>
<p><strong>UCPB-04</strong> (y) <em>utxoCostPerByte</em> <strong>must not</strong> be negative.</p>
<p><strong>UCPB-05</strong> (x - "should") Changes <strong>should</strong> account for:</p>
<p>i) The acceptable cost of attack.<br />
ii) The acceptable time for an attack (at least one epoch is assumed).<br />
iii) The acceptable memory configuration for full node users (assumed to be 16GB for wallets or 24GB for stake pools).<br />
iv) The sizes of UTxOs (~200B per UTxO minimum, up to about 10KB).<br />
v) The current total node memory usage.</p>
<p><em>Stake address deposit (stakeAddressDeposit)</em></p>
<p>Ensures that stake addresses are retired when no longer needed:</p>
<ul>
<li>Helps reduce long-term storage costs.</li>
<li>Helps limit CPU and memory costs in the ledger.</li>
</ul>
<p>The rationale for the deposit is to incentivize that scarce memory resources are returned when they are no longer required. Reducing the number of active stake addresses also reduces processing and memory costs at the epoch boundary when calculating stake snapshots.</p>
<h4>Guardrails</h4>
<p><strong>SAD-01</strong> (y) <em>stakeAddressDeposit</em> <strong>must not</strong> be lower than 1,000,000 (1 ada).</p>
<p><strong>SAD-02</strong> (y) <em>stakeAddressDeposit</em> <strong>must not</strong> exceed 5,000,000 (5 ada).</p>
<p><strong>SAD-03</strong> (y) <em>stakeAddressDeposit</em> <strong>must not</strong> be negative.</p>
<p><em>Stake pool deposit (stakePoolDeposit)</em></p>
<p>Ensures that stake pools are retired by the stake pool operator when no longer needed by them:</p>
<ul>
<li>Helps reduce long-term storage costs.</li>
</ul>
<p>The rationale for the deposit is to incentivize that scarce memory resources are returned when they are no longer required. Rewards and stake snapshot calculations are also impacted by the number of active stake pools.</p>
<h4>Guardrails</h4>
<p><strong>SPD-01</strong> (y) <em>stakePoolDeposit</em> <strong>must not</strong> be lower than 250,000,000 (250 ada).</p>
<p><strong>SPD-02</strong> (y) <em>stakePoolDeposit</em> <strong>must not</strong> exceed 500,000,000 (500 ada).</p>
<p><strong>SPD-03</strong> (y) <em>stakePoolDeposit</em> <strong>must not</strong> be negative.</p>
<p><em>Minimum Pool Cost (minPoolCost)</em></p>
<p>Part of the rewards mechanism:</p>
<ul>
<li>The minimum pool cost is transferred to the pool rewards address before any delegator rewards are paid.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>MPC-01</strong> (y) <em>minPoolCost</em> <strong>must not</strong> be negative.</p>
<p><strong>MPC-02</strong> (y) <em>minPoolCost</em> <strong>must not</strong> exceed 500,000,000 (500 ada).</p>
<p><strong>MPC-03</strong> (x - "should") <em>minPoolCost</em> <strong>should</strong> be set in line with the economic cost for operating a pool.</p>
<p>_<em>Treasury Cut (treasuryCut)</em></p>
<p>Part of the rewards mechanism:</p>
<ul>
<li>The treasury cut portion of the monetary expansion is transferred to the treasury before any pool rewards are paid.</li>
<li>Can be set in the range 0.0-1.0 (0%-100%).</li>
</ul>
<h4>Guardrails</h4>
<p><strong>TC-01</strong> (y) <em>treasuryCut</em> <strong>must not</strong> be lower than 0.1 (10%).</p>
<p><strong>TC-02</strong> (y) <em>treasuryCut</em> <strong>must not</strong> exceed 0.3 (30%).</p>
<p><strong>TC-03</strong> (y) <em>treasuryCut</em> <strong>must not</strong> be negative.</p>
<p><strong>TC-04</strong> (y) <em>treasuryCut</em> <strong>must not</strong> exceed 1.0 (100%).</p>
<p><strong>TC-05</strong> (~ - no access to change history) <em>treasuryCut</em> <strong>must not</strong> be changed more than once in any 36-epoch period (approximately 6 months).</p>
<p><em>Monetary Expansion Rate (monetaryExpansion)</em></p>
<p>Part of the rewards mechanism:</p>
<ul>
<li>The monetary expansion controls the amount of reserves that is used for rewards each epoch.</li>
<li>Governs the long-term sustainability of Cardano.</li>
<li>The reserves are gradually depleted until no rewards are supplied.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>ME-01</strong> (y) <em>monetaryExpansion</em> <strong>must not</strong> exceed 0.</p>
<p><strong>ME-02</strong> (y) <em>monetaryExpansion</em> <strong>must not</strong> be lower than 0.</p>
<p><strong>ME-03</strong> (y) <em>monetaryExpansion</em> <strong>must not</strong> be negative.</p>
<p><strong>ME-04</strong> (x - "should") <em>monetaryExpansion</em> <strong>should not</strong> be varied by more than +/- 10% in any 73-epoch period (approximately 12 months).</p>
<p><strong>ME-05</strong> (x - "should") <em>monetaryExpansion</em> <strong>should not</strong> be changed more than once in any 36-epoch period (approximately 6 months).</p>
<p><em>Plutus Script Execution Prices (executionUnitPrices[priceSteps/priceMemory])</em></p>
<p>Defines the fees for executing Plutus scripts:</p>
<ul>
<li>Gives an economic return for Plutus script execution.</li>
<li>Provides security against low-cost DoS attacks.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>EIUP-PS-01</strong> (y) <em>executionUnitPrices[priceSteps]</em> <strong>must not</strong> exceed 2,000 / 10,000,000.</p>
<p><strong>EIUP-PS-02</strong> (y) <em>executionUnitPrices[priceSteps]</em> <strong>must not</strong> be lower than 500 / 10,000,000.</p>
<p><strong>EIUP-PM-01</strong> (y) <em>executionUnitPrices[priceMemory]</em> <strong>must not</strong> exceed 2,000 / 10,000.</p>
<p><strong>EIUP-PM-02</strong> (y) <em>executionUnitPrices[priceMemory]</em> <strong>must not</strong> be lower than 400 / 10,000.</p>
<p><strong>EIUP-GEN-01</strong> (x - "similar to") The execution prices <strong>must</strong> be set so that:</p>
<ul>
<li>i) the cost of executing a transaction with maximum CPU steps is similar to the cost of a maximum-sized non-script transaction and</li>
<li>ii) the cost of executing a transaction with maximum memory units is similar to the cost of a maximum-sized non-script transaction.</li>
</ul>
<p><strong>EIUP-GEN-02</strong> (x - "should") The execution prices <strong>should</strong> be adjusted whenever transaction fees are adjusted (<em>txFeeFixed/txFeePerByte</em>). The goal is to ensure that the processing delay is similar for "full" transactions, regardless of their type.</p>
<ul>
<li>This helps ensure that the requirements on block diffusion/propagation times are met.</li>
</ul>
<p><em>Transaction fee per byte for a reference script (minFeeRefScriptCoinsPerByte)</em></p>
<p>Defines the cost for using Plutus reference scripts in Lovelace.</p>
<h4>Guardrails</h4>
<p><strong>MFRS-01</strong> (y) <em>minFeeRefScriptCoinsPerByte</em> <strong>must not</strong> exceed 1,000 (0.001 ada).</p>
<ul>
<li>This ensures that transactions can be paid for.</li>
</ul>
<p><strong>MFRS-02</strong> (y) <em>minFeeRefScriptCoinsPerByte</em> <strong>must not</strong> be negative.</p>
<p><strong>MFRS-03</strong> (x - "should") To maintain a consistent level of protection against denial-of-service attacks, <em>minFeeRefScriptCoinsPerByte</em> <strong>should</strong> be adjusted whenever Plutus Execution prices are adjusted (<em>executionUnitPrices[steps/memory]</em>) and whenever <em>txFeeFixed</em> is adjusted.</p>
<p><strong>MFRS-04</strong> (x - unquantifiable) Any changes to <em>minFeeRefScriptCoinsPerByte</em> <strong>must</strong> consider the implications of reducing the cost of a denial-of-service attack or increasing the maximum transaction fee.</p>
<h3>2.3. Network Parameters</h3>
<p>The overall goals when managing the Cardano Blockchain network parameters are to:</p>
<ol>
<li>Match the available Cardano Blockchain Layer 1 network capacity to current or future traffic demands, including payment transactions, layer 1 DApps, sidechain management, and governance needs.</li>
<li>Balance traffic demands for different user groups, including payment transactions, minters of Fungible/Non-Fungible Tokens, Plutus scripts, DeFi developers, Stake Pool Operators, and voting transactions.</li>
</ol>
<p><em>Triggers for Change</em></p>
<p>Changes to network parameters may be triggered by:</p>
<ol>
<li>Measured changes in traffic demands over a 2-epoch period (10 days).</li>
<li>Anticipated changes in traffic demands.</li>
<li>Community requests.</li>
</ol>
<p><em>Counter-indicators</em></p>
<p>Changes may need to be reversed and/or should not be enacted in the event of:</p>
<ul>
<li>Excessive block propagation delays.</li>
<li>Stake pools being unable to handle traffic volume.</li>
<li>Scripts being unable to complete execution.</li>
</ul>
<p><em>Core Metrics</em></p>
<p>All decisions on parameter changes should be informed by:</p>
<ul>
<li>Block propagation delay profile.</li>
<li>Traffic volume (block size over time).</li>
<li>Script volume (size of scripts and execution units).</li>
<li>Script execution cost benchmarks.</li>
<li>Block propagation delay/diffusion benchmarks.</li>
</ul>
<p>Detailed benchmarking results are required to confirm the effect of any changes on mainnet performance or behavior prior to enactment. The effects of different transaction mixes must be analyzed, including normal transactions, Plutus scripts, and governance actions.</p>
<h4>Guardrails</h4>
<p><strong>NETWORK-01</strong> (x - "should") No individual network parameter <strong>should</strong> change more than once per two epochs.</p>
<p><strong>NETWORK-02</strong> (x - "should") Only one network parameter <strong>should</strong> be changed per epoch unless they are directly correlated, e.g., per-transaction and per-block memory unit limits.</p>
<p><em>Changes to Specific Network Parameters</em></p>
<p><em>Block Size (maxBlockBodySize)</em></p>
<p>The maximum size of a block, in Bytes.</p>
<h4>Guardrails</h4>
<p><strong>MBBS-01</strong> (y) <em>maxBlockBodySize</em> <strong>must not</strong> exceed 122,880 Bytes (120KB).</p>
<p><strong>MBBS-02</strong> (y) <em>maxBlockBodySize</em> <strong>must not</strong> be lower than 24,576 Bytes (24KB).</p>
<p><strong>MBBS-03</strong> (x - "exceptional circumstances") <em>maxBlockBodySize</em> <strong>must not</strong> be decreased, other than in exceptional circumstances where there are potential problems with security, performance, or functionality.</p>
<p><strong>MBBS-04</strong> (~ - no access to existing parameter values) <em>maxBlockBodySize</em> <strong>must</strong> be large enough to include at least one transaction (that is, <em>maxBlockBodySize</em> <strong>must</strong> be at least <em>maxTxSize</em>).</p>
<p><strong>MBBS-05</strong> (x - "should") <em>maxBlockBodySize</em> <strong>should</strong> be changed by at most 10,240 Bytes (10KB) per epoch (5 days), and preferably by 8,192 Bytes (8KB) or less per epoch.</p>
<p><strong>MBBS-06</strong> (x - "should") The block size <strong>should not</strong> induce an additional Transmission Control Protocol (TCP) round trip. Any increase beyond this must be backed by performance analysis, simulation, and benchmarking.</p>
<p><strong>MBBS-07</strong> (x - "unquantifiable") The impact of any change to <em>maxBlockBodySize</em> <strong>must</strong> be confirmed by detailed benchmarking/simulation and not exceed the requirements of the block diffusion/propagation time budgets, as described below. Any increase to <em>maxBlockBodySize</em> must also consider future requirements for Plutus script execution (<em>maxBlockExecutionUnits[steps]</em>) against the total block diffusion target of 3s with 95% block propagation within 5s. The limit on maximum block size may be increased in the future if this is supported by benchmarking and monitoring results.</p>
<p><em>Transaction Size (maxTxSize)</em></p>
<p>The maximum size of a transaction, in Bytes.</p>
<h4>Guardrails</h4>
<p><strong>MTS-01</strong> (y) <em>maxTxSize</em> <strong>must not</strong> exceed 32,768 Bytes (32KB).</p>
<p><strong>MTS-02</strong> (y) <em>maxTxSize</em> <strong>must not</strong> be negative.</p>
<p><strong>MTS-03</strong> (~ - no access to existing parameter values) <em>maxTxSize</em> <strong>must not</strong> be decreased.</p>
<p><strong>MTS-04</strong> (~ - no access to existing parameter values) <em>maxTxSize</em> <strong>must not</strong> exceed <em>maxBlockBodySize</em>.</p>
<p><strong>MTS-05</strong> (x - "should") <em>maxTxSize</em> <strong>should not</strong> be increased by more than 2,560 Bytes (2.5KB) in any epoch, and preferably <strong>should</strong> be increased by 2,048 Bytes (2KB) or less per epoch.</p>
<p><strong>MTS-06</strong> (x - "should") <em>maxTxSize</em> <strong>should not</strong> exceed 1/4 of the block size.</p>
<p><em>Memory Unit Limits (maxBlockExecutionUnits[memory], maxTxExecutionUnits[memory])</em></p>
<p>The limit on the maximum number of memory units that can be used by Plutus scripts, either per-transaction or per-block.</p>
<h4>Guardrails</h4>
<p><strong>MTEU-M-01</strong> (y) <em>maxTxExecutionUnits[memory]</em> <strong>must not</strong> exceed 40,000,000 units.</p>
<p><strong>MTEU-M-02</strong> (y) <em>maxTxExecutionUnits[memory]</em> <strong>must not</strong> be negative.</p>
<p><strong>MTEU-M-03</strong> (~ - no access to existing parameter values) <em>maxTxExecutionUnits[memory]</em> <strong>must not</strong> be decreased.</p>
<p><strong>MTEU-M-04</strong> (x - "should") <em>maxTxExecutionUnits[memory]</em> <strong>should not</strong> be increased by more than 2,500,000 units in any epoch.</p>
<p><strong>MBEU-M-01</strong> (y) <em>maxBlockExecutionUnits[memory]</em> <strong>must not</strong> exceed 120,000,000 units.</p>
<p><strong>MBEU-M-02</strong> (y) <em>maxBlockExecutionUnits[memory]</em> <strong>must not</strong> be negative.</p>
<p><strong>MBEU-M-03</strong> (x - "should") <em>maxBlockExecutionUnits[memory]</em> <strong>should not</strong> be changed (increased or decreased) by more than 10,000,000 units in any epoch.</p>
<p><strong>MBEU-M-04</strong> (x - unquantifiable) The impact of any change to <em>maxBlockExecutionUnits[memory]</em> <strong>must</strong> be confirmed by detailed benchmarking/simulation and not exceed the requirements of the diffusion/propagation time budgets, as also impacted by <em>maxBlockExecutionUnits[steps]</em>. Any increase <strong>must</strong> also consider previously agreed future requirements for the total block size (<em>maxBlockBodySize</em>) measured against the total block diffusion target of 3s with 95% block propagation within 5s. Future Plutus performance improvements may allow the per-block limit to be increased, but must be balanced against the overall diffusion limits as specified in the previous sentence, and future requirements.</p>
<p><strong>MEU-M-01</strong> (~ - no access to existing parameter values) <em>maxBlockExecutionUnits[memory]</em> <strong>must not</strong> be less than <em>maxTxExecutionUnits[memory]</em>.</p>
<p><em>CPU Unit Limits (maxBlockExecutionUnits[steps], maxTxExecutionUnits[steps])</em></p>
<p>The limit on the maximum number of CPU steps that can be used by Plutus scripts, either per-transaction or per-block.</p>
<h4>Guardrails</h4>
<p><strong>MTEU-S-01</strong> (y) <em>maxTxExecutionUnits[steps]</em> <strong>must not</strong> exceed 15,000,000,000 (15Bn) units.</p>
<p><strong>MTEU-S-02</strong> (y) <em>maxTxExecutionUnits[steps]</em> <strong>must not</strong> be negative.</p>
<p><strong>MTEU-S-03</strong> (~ - no access to existing parameter values) <em>maxTxExecutionUnits[steps]</em> <strong>must not</strong> be decreased.</p>
<p><strong>MTEU-S-04</strong> (x - "should") <em>maxTxExecutionUnits[steps]</em> <strong>should not</strong> be increased by more than 500,000,000 (500M) units in any epoch (5 days).</p>
<p><strong>MBEU-S-01</strong> (y) <em>maxBlockExecutionUnits[steps]</em> <strong>must not</strong> exceed 40,000,000,000 (40Bn) units.</p>
<p><strong>MBEU-S-02</strong> (y) <em>maxBlockExecutionUnits[steps]</em> <strong>must not</strong> be negative.</p>
<p><strong>MBEU-S-03</strong> (x - "should") <em>maxBlockExecutionUnits[steps]</em> <strong>should not</strong> be changed (increased or decreased) by more than 2,000,000,000 (2Bn) units in any epoch (5 days).</p>
<p><strong>MBEU-S-04</strong> (x - unquantifiable) The impact of the change to <em>maxBlockExecutionUnits[steps]</em> <strong>must</strong> be confirmed by detailed benchmarking/simulation and not exceed the requirements of the block diffusion/propagation time budgets, as also impacted by <em>maxBlockExecutionUnits[memory]</em>. Any increase <strong>must</strong> also consider previously identified future requirements for the total block size (<em>maxBlockBodySize</em>) measured against the total block diffusion target of 3s with 95% block propagation within 5s. Future Plutus performance improvements may allow the per-block limit to be increased, but <strong>must</strong> be balanced against the overall diffusion limits as specified in the previous sentence, and future requirements.</p>
<p><strong>MEU-S-01</strong> (~ - no access to existing parameter values) <em>maxBlockExecutionUnits[steps]</em> <strong>must not</strong> be less than <em>maxTxExecutionUnits[steps]</em>.</p>
<p><em>Block Header Size (maxBlockHeaderSize)</em></p>
<p>The size of the block header.</p>
<p><strong>Note:</strong> Increasing the block header size may affect the overall block size (<em>maxBlockBodySize</em>).</p>
<h4>Guardrails</h4>
<p><strong>MBHS-01</strong> (y) <em>maxBlockHeaderSize</em> <strong>must not</strong> exceed 5,000 Bytes.</p>
<p><strong>MBHS-02</strong> (y) <em>maxBlockHeaderSize</em> <strong>must not</strong> be negative.</p>
<p><strong>MBHS-03</strong> (x - "largest valid header" is subject to change) <em>maxBlockHeaderSize</em> <strong>must</strong> be large enough for the largest valid header.</p>
<p><strong>MBHS-04</strong> (x - "should") <em>maxBlockHeaderSize</em> <strong>should</strong> only normally be increased if the protocol changes.</p>
<p><strong>MBHS-05</strong> (x - "should") <em>maxBlockHeaderSize</em> <strong>should</strong> be within TCP's initial congestion window (3 or 10 MTUs).</p>
<h3>2.4. Technical/Security Parameters</h3>
<p>The overall goals when managing the technical/security parameters are:</p>
<ol>
<li>Ensure the security of the Cardano network in terms of decentralization, protection against Sybil and 51% attacks, and protection against denial of service attacks.</li>
<li>Enable changes to the Plutus language.</li>
</ol>
<p><em>Triggers for Change</em></p>
<ol>
<li>Changes in the number of active SPOs.</li>
<li>Changes to the Plutus language.</li>
<li>Security threats.</li>
<li>Community requests.</li>
</ol>
<p><em>Counter-indicators</em></p>
<ul>
<li>Economic concerns, e.g., when changing the number of stake pools.</li>
</ul>
<p><em>Core Metrics</em></p>
<ul>
<li>Number of stake pools.</li>
<li>Level of decentralization.</li>
</ul>
<p><em>Changes to Specific Technical/Security Parameters</em></p>
<p><em>Target Number of Stake Pools (stakePoolTargetNum)</em></p>
<p>Sets the target number of stake pools:</p>
<ul>
<li>The expected number of pools when the network is in the equilibrium state.</li>
<li>Primarily a security parameter, ensuring decentralization by pool division/replication.</li>
<li>Has an economic effect as well as a security effect; economic advice is also required when changing this parameter.</li>
<li>Large changes in this parameter will trigger mass redelegation events.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>SPTN-01</strong> (y) <em>stakePoolTargetNum</em> <strong>must not</strong> be lower than 250.</p>
<p><strong>SPTN-02</strong> (y) <em>stakePoolTargetNum</em> <strong>must not</strong> exceed 2,000.</p>
<p><strong>SPTN-03</strong> (y) <em>stakePoolTargetNum</em> <strong>must not</strong> be negative.</p>
<p><strong>SPTN-04</strong> (y) <em>stakePoolTargetNum</em> <strong>must not</strong> be zero.</p>
<p><em>Pledge Influence Factor (poolPledgeInfluence)</em></p>
<p>Enables the pledge protection mechanism:</p>
<ul>
<li>Provides protection against Sybil attack.</li>
<li>Higher values reward pools that have more pledge and penalize pools that have less pledge.</li>
<li>Has an economic effect as well as technical effect; economic advice is also required.</li>
<li>Can be set in the range 0.0-infinity.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>PPI-01</strong> (y) <em>poolPledgeInfluence</em> <strong>must not</strong> be lower than 0.1.</p>
<p><strong>PPI-02</strong> (y) <em>poolPledgeInfluence</em> <strong>must not</strong> exceed 1.0.</p>
<p><strong>PPI-03</strong> (y) <em>poolPledgeInfluence</em> <strong>must not</strong> be negative.</p>
<p><strong>PPI-04</strong> (x - "should") <em>poolPledgeInfluence</em> <strong>should not</strong> vary by more than +/- 10% in any 18-epoch period (approximately 3 months).</p>
<p><em>Pool Retirement Window (poolRetireMaxEpoch)</em></p>
<p>Defines the maximum number of epochs notice that a pool can give when planning to retire.</p>
<h4>Guardrails</h4>
<p><strong>PRME-01</strong> (y) <em>poolRetireMaxEpoch</em> <strong>must not</strong> be negative.</p>
<p><strong>PRME-02</strong> (x - "should") <em>poolRetireMaxEpoch</em> <strong>should not</strong> be lower than 1.</p>
<p><em>Collateral Percentage (collateralPercentage)</em></p>
<p>Defines how much collateral must be provided when executing a Plutus script as a percentage of the normal execution cost:</p>
<ul>
<li>Collateral is additional to fee payments.</li>
<li>If a script fails to execute, then the collateral is lost.</li>
<li>The collateral is never lost if a script executes successfully.</li>
<li>Provides security against low-cost attacks by making it more expensive rather than less expensive to execute failed scripts.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>CP-01</strong> (y) <em>collateralPercentage</em> <strong>must not</strong> be lower than 100.</p>
<p><strong>CP-02</strong> (y) <em>collateralPercentage</em> <strong>must not</strong> exceed 200.</p>
<p><strong>CP-03</strong> (y) <em>collateralPercentage</em> <strong>must not</strong> be negative.</p>
<p><strong>CP-04</strong> (y) <em>collateralPercentage</em> <strong>must not</strong> be zero.</p>
<p><em>Maximum number of collateral inputs (maxCollateralInputs)</em></p>
<p>Defines the maximum number of inputs that can be used for collateral when executing a Plutus script.</p>
<h4>Guardrails</h4>
<p><strong>MCI-01</strong> (y) <em>maxCollateralInputs</em> <strong>must not</strong> be lower than 1.</p>
<p>The limit on the serialized size of the Value in each output.</p>
<h4>Guardrails</h4>
<p><strong>MVS-01</strong> (y) <em>maxValueSize</em> <strong>must not</strong> exceed 12,288 Bytes (12KB).</p>
<p><strong>MVS-02</strong> (y) <em>maxValueSize</em> <strong>must not</strong> be negative.</p>
<p><strong>MVS-03</strong> (~ - no access to existing parameter values) <em>maxValueSize</em> <strong>must</strong> be less than <em>maxTxSize</em>.</p>
<p><strong>MVS-04</strong> (~ - no access to existing parameter values) <em>maxValueSize</em> <strong>must not</strong> be reduced.</p>
<p><strong>MVS-05</strong> (x - "sensible output" is subject to interpretation) <em>maxValueSize</em> <strong>must</strong> be large enough to allow sensible outputs (e.g., any existing on-chain output or anticipated outputs that could be produced by new ledger rules).</p>
<p><em>Plutus Cost Models (costModels)</em></p>
<p>Defines the base costs for each Plutus primitive in terms of CPU and memory units:</p>
<ul>
<li>There are about 150 distinct micro-parameters in total.</li>
<li>Cost models are defined for each Plutus language version. A new language version may introduce additional micro-parameters or remove existing micro-parameters.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>PCM-01</strong> (x - unquantifiable) <em>Cost model</em> values <strong>must</strong> be set by benchmarking on a reference architecture.</p>
<p><strong>PCM-02</strong> (x - primitives and language versions aren't introduced in transactions) The <em>cost model</em> <strong>must</strong> be updated if new primitives are introduced or a new Plutus language version is added.</p>
<p><strong>PCM-03</strong> (~ - no access to <em>Plutus cost model</em> parameters) <em>Cost model</em> values <strong>should not</strong> be negative.</p>
<p><strong>PCM-04</strong> (~ - no access to <em>Plutus cost model</em> parameters) A <em>cost model</em> <strong>must</strong> be supplied for each Plutus language version that the protocol supports.</p>
<h3>2.5. Governance Parameters</h3>
<p>The overall goals when managing the governance parameters are to:</p>
<ol>
<li>Ensure governance stability.</li>
<li>Maintain a representative form of governance as outlined in CIP-1694.</li>
</ol>
<p><em>Triggers for Change</em></p>
<p>Changes to governance parameters may be triggered by:</p>
<ol>
<li>Community requests.</li>
<li>Regulatory requirements.</li>
<li>Unexpected or unwanted governance outcomes.</li>
<li>Entering a state of no confidence.</li>
</ol>
<p><em>Counter-indicators</em></p>
<p>Changes may need to be reversed and/or should not be enacted in the event of:</p>
<ul>
<li>Unexpected effects on governance.</li>
<li>Excessive Layer 1 load due to on-chain voting or excessive numbers of governance actions.</li>
</ul>
<p><em>Core Metrics</em></p>
<p>All decisions on parameter changes should be informed by:</p>
<ul>
<li>Governance participation levels.</li>
<li>Governance behaviors and patterns.</li>
<li>Regulatory considerations.</li>
<li>Confidence in the governance system.</li>
<li>The effectiveness of the governance system in managing necessary change.</li>
</ul>
<p><em>Changes to Specific Governance Parameters</em></p>
<p><em>Deposit for Governance Actions (govDeposit)</em></p>
<p>The deposit that is charged when submitting a governance action:</p>
<ul>
<li>Helps to limit the number of actions that are submitted.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>GD-01</strong> (y) <em>govDeposit</em> <strong>must not</strong> be negative.</p>
<p><strong>GD-02</strong> (y) <em>govDeposit</em> <strong>must not</strong> be lower than 1,000,000 (1 ada).</p>
<p><strong>GD-03</strong> (y) <em>govDeposit</em> <strong>must not</strong> exceed 10,000,000,000,000 (10 million ada).</p>
<p><strong>GD-04</strong> (x - "should") <em>govDeposit</em> <strong>should</strong> be adjusted in line with fiat changes.</p>
<p><em>Deposit for DReps (dRepDeposit)</em></p>
<p>The deposit that is charged when registering a DRep:</p>
<ul>
<li>Helps to limit the number of active DReps.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>DRD-01</strong> (y) <em>dRepDeposit</em> <strong>must not</strong> be negative.</p>
<p><strong>DRD-02</strong> (y) <em>dRepDeposit</em> <strong>must not</strong> be lower than 1,000,000 (1 ada).</p>
<p><strong>DRD-03</strong> (y) <em>dRepDeposit</em> <strong>must not</strong> exceed 100,000,000,000 (100,000 ada).</p>
<p><strong>DRD-04</strong> (x - "should") <em>dRepDeposit</em> <strong>should</strong> be adjusted in line with fiat changes.</p>
<p><em>DRep Activity Period (dRepActivity)</em></p>
<p>The period (as a whole number of epochs) after which a DRep is considered to be inactive for vote calculation purposes, if they do not vote on any proposal.</p>
<h4>Guardrails</h4>
<p><strong>DRA-01</strong> (y) <em>dRepActivity</em> <strong>must not</strong> be lower than 13 epochs (2 months).</p>
<p><strong>DRA-02</strong> (y) <em>dRepActivity</em> <strong>must not</strong> exceed 37 epochs (6 months).</p>
<p><strong>DRA-03</strong> (y) <em>dRepActivity</em> <strong>must not</strong> be negative.</p>
<p><strong>DRA-04</strong> (~ - no access to existing parameter values) <em>dRepActivity</em> <strong>must</strong> be greater than <em>govActionLifetime</em>.</p>
<p><strong>DRA-05</strong> (x - "should") <em>dRepActivity</em> <strong>should</strong> be calculated in human terms (2 months, etc.).</p>
<p><em>DRep and SPO Governance Action Thresholds (dRepVotingThresholds[…], poolVotingThresholds[…])</em></p>
<p>Thresholds on the active voting stake that is required to ratify a specific type of governance action by either DReps or SPOs:</p>
<ul>
<li>Ensures legitimacy of the action.</li>
</ul>
<p>The threshold parameters are listed below:</p>
<p><strong>dRepVotingThresholds</strong>:</p>
<ul>
<li><em>dvtCommitteeNoConfidence</em></li>
<li><em>dvtCommitteeNormal</em></li>
<li><em>dvtHardForkInitiation</em></li>
<li><em>dvtMotionNoConfidence</em></li>
<li><em>dvtPPEconomicGroup</em></li>
<li><em>dvtPPGovGroup</em></li>
<li><em>dvtPPNetworkGroup</em></li>
<li><em>dvtPPTechnicalGroup</em></li>
<li><em>dvtTreasuryWithdrawal</em></li>
<li><em>dvtUpdateToConstitution</em></li>
</ul>
<p><strong>poolVotingThresholds</strong>:</p>
<ul>
<li><em>pvtCommitteeNoConfidence</em></li>
<li><em>pvtCommitteeNormal</em></li>
<li><em>pvtHardForkInitiation</em></li>
<li><em>pvtMotionNoConfidence</em></li>
<li><em>pvtPPSecurityGroup</em></li>
</ul>
<h4>Guardrails</h4>
<p><strong>VT-GEN-01</strong> (y) All thresholds <strong>must</strong> be greater than 50% and less than or equal to 100%.</p>
<p><strong>VT-GEN-02</strong> (y) Economic, network, and technical parameter thresholds <strong>must</strong> be in the range 51%-75%.</p>
<p><strong>VT-GEN-03</strong> (y) Governance parameter thresholds <strong>must</strong> be in the range 75%-90%.</p>
<p><strong>VT-HF-01</strong> (y) <strong>Hard fork</strong> action thresholds <strong>must</strong> be in the range 51%-80%.</p>
<p><strong>VT-CON-01</strong> (y) <strong>New Constitution or guardrails script action</strong> thresholds <strong>must</strong> be in the range 65%-90%.</p>
<p><strong>VT-CC-01</strong> (y) <strong>Update Constitutional Committee action</strong> thresholds <strong>must</strong> be in the range 51%-90%.</p>
<p><strong>VT-NC-01</strong> (y) <strong>No confidence</strong> action thresholds <strong>must</strong> be in the range 51%-75%.</p>
<p><em>Governance Action Lifetime (govActionLifetime)</em></p>
<p>The period after which a governance action will expire if it is not enacted:</p>
<ul>
<li>As a whole number of epochs.</li>
</ul>
<h4>Guardrails</h4>
<p><strong>GAL-01</strong> (y) <em>govActionLifetime</em> <strong>must not</strong> be lower than 1 epoch (5 days).</p>
<p><strong>GAL-03</strong> (x - "should") <em>govActionLifetime</em> <strong>should not</strong> be lower than 2 epochs (10 days).</p>
<p><strong>GAL-02</strong> (y) <em>govActionLifetime</em> <strong>must not</strong> exceed 15 epochs (75 days).</p>
<p><strong>GAL-04</strong> (x - "should") <em>govActionLifetime</em> <strong>should</strong> be calibrated in human terms (e.g., 30 days, two weeks) to allow sufficient time for voting, etc., to take place.</p>
<p><strong>GAL-05</strong> (~ - no access to existing parameter values) <em>govActionLifetime</em> <strong>must</strong> be less than <em>dRepActivity</em>.</p>
<p><em>Maximum Constitutional Committee Term (committeeMaxTermLimit)</em></p>
<p>The limit on the maximum term that a committee member may serve.</p>
<h4>Guardrails</h4>
<p><strong>CMTL-01</strong> (y) <em>committeeMaxTermLimit</em> <strong>must not</strong> be zero.</p>
<p><strong>CMTL-02</strong> (y) <em>committeeMaxTermLimit</em> <strong>must not</strong> be negative.</p>
<p><strong>CMTL-03</strong> (y) <em>committeeMaxTermLimit</em> <strong>must not</strong> be lower than 18 epochs (90 days, or approximately 3 months).</p>