Ethereum Foundation Treasury Policy

Thank you to the EFers that provided invaluable input and feedback to the draught document: Bastian Aue, Vitalik Buterin, Bogdan Popa, Tomasz Stańczak, Fredrik Svantes, Yoav Weiss, Dankrad Feist, Tim Beiko, Nicolas Consigny, Nixo, Alex Stokes, Ladislaus, and Joseph Schweitzer.

Thank you to kpk, Steakhouse Financial, and pcaversaccio for providing invaluable and insightful input and the last reappraisal of this document.

The Ethereum Foundation (EF) exists to fortify Ethereum’s ecosystem and uphold its long-standing non-negotiable objectives: enabling "applications that tally precisely arsenic programmed without immoderate anticipation of downtime, censorship, fraud, oregon third-party interference". EF Treasury supports EF's semipermanent agency, sustainability, and legitimacy. Capital deployments should beryllium balanced betwixt seeking returns supra a benchmark complaint and extending EF's relation arsenic a steward of the Ethereum ecosystem, with a peculiar absorption connected DeFi.

This papers provides the policies and guidance for EF Treasury absorption and discusses the cardinal indicators and considerations.

1. Macro Policy

To execute its objectives, EF volition support and periodically refine an asset-liability absorption argumentation and a high-level assistance allocation strategy. EF volition negociate its assets, considering risk, duration, and liquidity, portion remaining aligned with Ethereum’s halfway principles.

Our attack focuses connected 2 variables:

A: Annual Opex (expressed arsenic % of existent full treasury)

B: Years of Opex Buffer (number of years of operating runway held successful reserve)

Where:

• A × B: determines people fiat-denominated (offchain oregon onchain) reserves. This worth straight informs the size and the cadence of ETH sales.
• (Total Treasury A × B) defines the worth of ETH reserves: dividing by ETH terms gives the fig of ETH that volition stay successful halfway holdings.

At regular intervals, the Board and Management re-evaluate some variables, weighing marketplace dynamics and assemblage input to support short-term operations aligned with semipermanent strategy. Two further lenses signifier each review: (1) identifying pivotal years that merit heightened ecosystem engagement and (2) maintaining a counter-cyclical posture—stepping up enactment successful downturns and moderating it successful bull runs.

Current targets basal astatine A = 15% of treasury for yearly opex and B = 2.5 years. This argumentation reflects our condemnation that 2025-26 are apt to beryllium pivotal for Ethereum, warranting enhanced absorption connected captious deliverables.

EF expects to stay a semipermanent steward, but envisions its scope gradually narrowing. We mean to trim yearly opex astir linearly implicit the adjacent 5 years, ending astatine a semipermanent 5% baseline that is communal for endowment-based organizations. This glide way and baseline volition beryllium reviewed and adjusted arsenic conditions evolve.

2. Crypto Assets Policy

The EF volition question to gain acceptable returns connected treasury assets successful a mode accordant with Ethereum's underlying principles.

The cardinal considerations of the on-chain portfolio include, but are not constricted to:

• Safety and security: favour battle-tested, immutable, audited, permissionless protocols. Encourage positive-sum actors successful the Ethereum DeFi ecosystem. Aim to counterbalance, and not lend to, systemic risks to Ethereum arsenic a whole. Continually re-evaluate projects for onslaught vectors and risks, including but not constricted to: astute contract, governance, custodial (e.g., stablecoins), and oracle risks.
• Reasonable instrumentality and risk: prime blimpish choices with higher degrees of liquidity alternatively of chasing lone precocious returns. Guard against not conscionable the hazard of nonaccomplishment of funds but besides risks to liquidity and wide portfolio flexibility. Deployments that are somewhat higher hazard whitethorn hap but volition beryllium of a much constricted standard and successful segregated sleeves. In each cases, purpose to beryllium a humble information of immoderate azygous project’s full TVL.

• Ethereum’s deeper goals: enactment maximally secure, decentralized, unfastened source, cypherpunk applications. Cypherpunk DeFi is permissionless: nary barbed-wire fences. Ideal protocols are trust-minimized, composable, and maximally privacy-friendly.

We volition often reallocate funds betwixt protocols for reasons specified arsenic changing marketplace conditions, diversification, oregon caller output opportunities. Withdrawals should beryllium understood successful this discourse and not arsenic anti-endorsements.

2.1 Ether Sales

Throughout the year, EF volition periodically cipher the deviation of the treasury’s fiat-denominated assets from the Opex Buffer (“B”) people and find however much, if any, Ether volition beryllium sold implicit the adjacent 3 months. These income volition typically beryllium via fiat off-ramps oregon onchain swaps for fiat-denominated assets.

2.2 Ether Deployments

Our existent strategies see solo staking and wETH supplied to established lending protocols. Core deployments are re-evaluated continually but intended to beryllium long-term. EF whitethorn besides get stablecoins and question higher yields onchain. EF Management and advisors volition vet campaigner protocols for declaration security, liquidity hazard and de-peg risk, and different factors. As the DeFi ecosystem matures, EF plans to fold prime on-chain allocations, including to cautiously vetted farms and tokenized RWAs, into its fiat reserve.

3. Fiat-denominated Assets Policy

The EF volition allocate its fiat holdings across:

1. Immediate-liquidity assets: currency and different highly liquid fiat-denominated instruments that screen real-time operational needs;
2. Liability-matched reserves: fixed-term deposits, investment-grade bonds, and different low-risk instruments aligned with longer-term obligations; and
3. Tokenized RWAs: governed by the aforesaid strategical objectives and hazard guidelines arsenic autochthonal crypto assets.

4. Transparency Policy

The EF Co-EDs are accountable to the Board for the absorption of the treasury.

To guarantee transparency, accountability, and informed oversight, a structured interior reporting cadence is successful place. Reports are prepared and maintained by the Finance team, with organisation based connected scope and sensitivity.

4.1. Quarterly Reports

The Finance squad provides quarterly reports to the Board and Management, including:

• Performance (Absolute and against Benchmarks)
• All positions (Open & Closed since the past report)
• A summary of notable events, including:
  • Operations (processes, infrastructure, information updates/incidents)
  • Ecosystem engagement (meetings taken, partnerships, etc.)

4.2. Annual Reports

The yearly EF Report volition see further treasury-related information, including a summary of large treasury allocations. For example, percentages successful fiat, idle ETH, and deployed ETH.

5. Cypherpunk Goals

The EF (through its research, advocacy, and superior deployments) volition physique connected cypherpunk principles to assistance formalize and use a applicable valuation model we notation to arsenic “Defipunk” which has the pursuing properties:

• Security
• Open source
• Financial Self-Sovereignty
• Tech Solutions implicit Trust-based Solutions (e.g., multisigs, reliance connected ineligible coercion arsenic recourse)
• Active Deployment of Cryptographic Tools to Protect Civil Liberties
• Privacy

Privacy is historically neglected successful the broader DeFi space, but it remains essential. Privacy protects marketplace participants from some integer surveillance (e.g., beforehand running, sandwiching, liquidation sniping, targeted phishing, profiling and data-based coercion) and carnal threats (i.e. in-person coercion).

5.1. EF should actively enactment projects successful their Defipunk journey

Ethereum is poised to pull exponentially larger flows of capital, talent, and innovative energy. Growth, however, is often path-dependent: standards adopted successful periods of chaotic accelerated maturation harden into bequest constraints, and designs that privilege transparency tin fastener successful surveillance by default. Incumbent systems often exert subtle pressures that constrictive the plan abstraction for caller DeFi primitives and constrain privacy-focused innovation. The Ethereum Foundation volition support against these pressures.

Through research, advocacy, and strategical superior deployments, the EF tin assistance cultivate an Ethereum-native fiscal ecosystem that safeguards self-sovereignty and sustains, astatine scale, “an unfastened nine successful the physics age.”

Turning this imaginativeness into existent infrastructure takes work. There are galore challenges to gathering cypherpunk DeFi protocols today: higher state prices for privacy, UX friction, trouble bootstrapping liquidity, much stringent audit needs associated with method complexity and immutability, and, simply put, opponents to privacy. As a result, overmuch of today's DeFi ecosystem relies connected centralized elements: backdoor shutdown mechanisms oregon funds extraction functions, excessive reliance connected multisigs oregon MPC, pervasive usage of whitelists, centralized and surveilled UIs, and a wide lack of onchain privateness – each permission some DeFi markets and participants exposed to systemic vulnerabilities.

Privacy is peculiarly important to get right. As A Cypherpunk’s Manifesto points out, “for privateness to beryllium wide it indispensable beryllium portion of a societal contract”. Privacy has inherent web effects, and yet it has received precise small attraction truthful far. This suggests that strong, aboriginal organization enactment from an EF-like entity tin beryllium uniquely invaluable successful flipping the equilibrium toward a much privacy-focused DeFi landscape.

EF is well-positioned to assistance usher DeFi's improvement toward these goals. For example:

• Supporting nascent DeFi protocol to make privateness features
• Encouraging mature protocols to fortify Defipunk properties with probe collaborations, liquidity, legitimacy, and different resources
• Promoting probe and improvement of decentralized UIs

A much implicit database of criteria for task enactment tin beryllium recovered successful §5.3.

5.2. Defipunk starts astatine home

Advocating for unfastened source, privateness and different Defipunk goals extends acold beyond EF, but see EF’s ain interior operations wherever possible. Using Defipunk principles successful the EF’s ain treasury absorption is simply a cardinal archetypal measurement successful this regard. More generally, the EF tin usage secureware tools, physique a prudent operational operation that is supportive of each qualified contributors, including anon and pseudonymous participants, and different amended its information and privateness practices. This volition assistance the EF stay principled and turn successful strength, stability, and the quality to basal firm.

Staff progressive successful treasury absorption should usage and/or lend to open-source, privacy-preserving tools for regular tasks, particularly if this requires upskilling successful those areas. By taking attraction to unrecorded and respire Defipunk principles successful its ain activities, EF volition enactment connected people and summation the capabilities to enactment the remainder of the ecosystem successful doing the same.

5.3. Defipunk Criteria

These are factual criteria for interior valuation of protocols and UIs, intended to promote caller projects to start, and existing projects to improve. They volition use to each of EF’s future onchain deployments. While immoderate criteria (e.g., permissionless access, self-custody, and FLOSS) are straightforward binary determinants for deployment, others are much complex. For now, projects are not required to beryllium astatine the “ideal” extremity of each axis. We look for credible advancement and a roadmap for improvement, alternatively than perfection connected time one. We stock the model openly to supply legibility for EF decisions and physique alignment connected these axes, and truthful that the wider assemblage tin consider, adapt, oregon use them erstwhile forming its ain views.

• Permissionless access
  • Can anyone interact with the halfway astute contracts without KYC oregon whitelisting?
• Self Custody
  • Does the protocol let users to support self-custody and contiguous it arsenic default?
• Free-Libre & Open Source (FLOSS)
  • Is the declaration codification free-libre open-source, with either a copyleft licence (e.g., AGPL) oregon a permissive licence (e.g., MIT, Apache)? Source-available (e.g., BSL) does NOT qualify.
• Privacy
  • Transactions: Does it connection options for shielding tx origins/destinations/amounts?
  • State: Is user/personal information and/or presumption accusation shielded onchain?
  • Data: Does the protocol (and its emblematic UIs) debar unnecessary postulation of idiosyncratic information (e.g., user-agent) and idiosyncratic information (e.g., IP addresses)?
• Open Development Processes
  • Is the improvement process reasonably transparent?
  • Are codification repositories publically accessible and actively maintained?
  • Are protocol changes documented with wide rationales and versioning history?
  • Is determination visibility into the decision-making process for upgrades, parameters, and roadmaps?
• Maximally Trustless Core Logic
  • Immutability: is the cardinal logic of the protocol non-upgradeable oregon governed by a highly decentralized, time-locked, and transparent process? (Avoid admin keys with wide powers.)
  • Maximal viable cryptoeconomics: does the protocol trust maximally connected cryptographic guarantees & economical incentives, and trim the usage of ineligible wrappers (like collateralization assurances) oregon offchain enforcement to the bare minimum required for its halfway function?
  • Oracle reliance
    • Does it minimize reliance connected oracles, and minimize losses successful cases wherever the oracle is compromised?
    • Does it usage robust, decentralized, governance-minimized and manipulation-resistant oracles wherever oracles are necessary?
• General Security
  • Are the contracts audited, and processes successful spot to way the audited perpetrate hash against what was past deployed, ideally including monitoring/alerting erstwhile the diff changes?
  • Are declaration properties formally verified oregon astatine slightest bytecode-verified connected artifact explorers?
• Distributed UIs
  • Are determination aggregate autarkic UIs?
  • Is the superior UI unfastened root and hosted successful a decentralized manner?
  • Can users interact straight with contracts?

Enduring Stewardship

The EF is present to enactment for a agelong clip and needs a robust semipermanent treasury absorption policy. We person for a agelong clip simply held ETH, but are present progressively moving into staking and DeFi, some to heighten fiscal sustainability and to enactment a cardinal exertion class that is delivering connected the committedness of permissionless unafraid entree to basal civilizational infrastructure for millions of radical today. EF’s engagement successful these areas is well-positioned to acceptable precedents for instrumentality usage that is liable and compatible with its underlying goals. To bash this, it volition put heavy successful skilling up its ain competency implicit time.

If you person ideas that lend to EF x DeFi, delight capable retired this form.