Rollup governance is the framework for making decisions about a blockchain's evolution, from protocol upgrades to treasury management. Unlike monolithic chains, a rollup's responsibilities are split between the sequencer (operator), the governance token holders, and often a security council or multisig. Planning these roles requires mapping out three core functions: technical operations, economic policy, and community coordination. A clear plan prevents centralization risks and ensures the network can adapt without relying on a single entity.
LABS
Guides
How to Plan Rollup Governance Responsibilities
A developer-focused guide to designing and implementing governance systems for rollups. Covers on-chain voting, upgrade processes, treasury management, and real-world protocol examples.
Chainscore © 2026
introduction
IMPLEMENTATION GUIDE
How to Plan Rollup Governance Responsibilities
A structured approach to defining and allocating the core responsibilities required to operate a secure and effective rollup.
The first responsibility to plan is technical operations and upgrades. This includes sequencing transactions, submitting data to L1, proving state validity (for ZK-rollups), and executing protocol upgrades via smart contracts. For example, an Optimism-style rollup might use a multisig to upgrade the L2OutputOracle contract on Ethereum. Teams must decide: who controls the upgrade keys? Is there a timelock? How are bug fixes and performance improvements proposed and tested? Documenting these procedures is critical for security and transparency.
Next, define economic and parameter governance. This covers fee market adjustments (like basefee updates in Arbitrum), sequencer profit distribution, and tokenomics (inflation, staking rewards, grants). Governance token holders typically vote on these parameters through proposals. A practical step is to deploy a governance token and a Treasury contract controlled by a DAO. For instance, a rollup might allocate 20% of sequencer fees to a grants program, with disbursements requiring a community vote on Snapshot followed by a multisig execution on-chain.
Finally, establish conflict resolution and security oversight. This is the role of a Security Council—a small, trusted group empowered to act in emergencies, like pausing the bridge if a critical vulnerability is found. Their mandate and powers must be explicitly coded into smart contracts with strict thresholds (e.g., 5-of-9 multisig). Planning also involves creating a process for sequencer decentralization, outlining how the role can be permissionlessly assumed by others, which is a key long-term goal for credible neutrality.
prerequisites
PREREQUISITES AND CORE ASSUMPTIONS
How to Plan Rollup Governance Responsibilities
Before implementing a governance system, you must define the core responsibilities, participants, and upgrade mechanisms for your rollup. This guide outlines the foundational planning required.
Rollup governance is the framework for managing protocol changes, treasury funds, and critical parameters after the initial deployment. Unlike a monolithic chain, a rollup's governance must coordinate actions across two layers: the L1 settlement layer (e.g., Ethereum) and the L2 execution layer. Core responsibilities typically include managing the sequencer or prover set, adjusting fee parameters, upgrading the virtual machine or state transition function, and allocating a community treasury. A clear plan prevents conflicts and ensures the network can evolve securely.
Start by defining the governance participants and their roles. Common models include: a tokenholder democracy where voting power is proportional to token holdings; a multisig council of elected or appointed experts for faster execution; or a hybrid bicameral system like Optimism's Citizens' House and Token House. Your choice depends on desired decentralization, speed, and expertise. For example, a zkRollup with a single prover may initially use a 5/9 multisig for upgrades, while a general-purpose optimistic rollup might implement token voting from day one.
You must explicitly decide which components are upgradeable and which are immutable. The bridge contracts on L1, which hold user funds, are the most security-critical; their upgradeability often requires a timelock and a high voting threshold (e.g., 7-day delay, 80% approval). The L2 execution logic, contained in the rollup contract on L1, may also be upgradeable to fix bugs or add precompiles. Document these decisions in a transparent charter or constitution, similar to Arbitrum's Arbitrum Constitution, which outlines core principles and amendment procedures.
A critical technical prerequisite is establishing secure upgrade mechanisms. For L1 contracts, use proxy patterns like the Transparent Proxy or UUPS with clearly defined admin roles. On L2, governance may control a sequencer allow-list or adjust gas price oracles. All upgrades should be executed via governance contracts that enforce vote execution, such as OpenZeppelin's Governor contracts or Compound's Governor Bravo. Test all governance workflows on a testnet, simulating a full upgrade cycle from proposal to execution, to identify any bottlenecks or vulnerabilities in the flow.
Finally, plan for the initial bootstrapping phase and eventual decentralization path. Many rollups, like Base, begin with a security council or foundation holding upgrade keys, with a documented plan to transfer control to a community-governed process. This plan should specify clear milestones, such as achieving a certain transaction volume or TVL, before activating token voting. Publishing this roadmap, as seen with zkSync's ZK Token governance plan, builds trust and sets clear expectations for users and developers about who controls the network's future.
key-concepts-text
IMPLEMENTATION GUIDE
How to Plan Rollup Governance Responsibilities
A structured approach to defining and assigning the critical operational, technical, and community roles required to manage a rollup after its launch.
Effective rollup governance begins with a clear responsibility matrix that maps functions to accountable entities. Unlike monolithic L1s, a rollup's responsibilities are split between the sequencer operator, data availability layer, bridges, and the governing DAO or multisig. The core technical duties include operating the sequencer node for transaction ordering, maintaining the prover for state validation, and managing the upgrade keys for the rollup's smart contracts on L1, such as the L1CrossDomainMessenger or OptimismPortal. A failure plan for each component must be documented.
For operational resilience, establish failure modes and escalation paths. What happens if the sequencer goes offline? Protocols like Arbitrum and Optimism have documented procedures for forced inclusion of transactions directly to L1. The governance body must define who can trigger this, the required delay, and the communication protocol. Similarly, plan for prover failures, data availability crises (e.g., if using Celestia or EigenDA), and bridge security incidents. Each scenario should have a pre-defined response owner, whether it's a dedicated ops team, a security council, or a community vote.
Technical upgrades require the most rigorous governance. Use a timelock-controlled multisig or a DAO vote to manage the upgradeability of key contracts. For example, upgrading the SequencerInbox contract in an Arbitrum Nitro chain requires a multi-step process: 1) Proposal and audit, 2) DAO vote to approve, 3) Timelock delay for community review, 4) Execution. Transparency is critical: all upgrade code should be verified on Etherscan and accompanied by detailed release notes. Consider implementing a security council with veto power for emergency fixes, as seen in Optimism's Governance.
Community and economic governance involves managing the treasury, grant programs, and protocol parameter tuning. The treasury, often holding sequencer fees and token reserves, needs a clear spending policy. Parameters like sequencer fee structure, gas limits, and validator bond requirements (for PoS-based sequencers) should be adjustable through governance. Tools like Snapshot for off-chain signaling and Tally or Sybil for on-chain execution are standard. Establish clear proposal thresholds and voting periods to balance agility with stability.
Finally, document everything in a publicly accessible governance handbook. This living document should detail all roles, processes, and smart contract addresses. It serves as the single source of truth for delegates, developers, and users. Reference successful frameworks like Arbitrum's Constitution or Optimism's Governance Docs. Regular post-mortems after governance actions and continuous iteration on processes are essential for maintaining a secure and adaptable rollup ecosystem long-term.
governance-components
ROLLUP GOVERNANCE
Core Governance Components
Effective rollup governance requires a clear separation of duties between protocol upgrades, sequencer operations, and user protection. This framework outlines the key responsibilities.
05
Emergency Safeguards & Exit Mechanisms
These are critical, rarely-used powers to protect users in case of protocol failure or malicious upgrades.
- Escape Hatches: Users must always have the ability to force-withdraw assets directly via the L1 contract, bypassing the sequencer.
- Guardian/Pause Roles: A designated entity (often a security council) may have the ability to pause the bridge in an emergency.
- Upgrade Veto: A final backstop, sometimes held by a broad tokenholder vote, to veto a malicious upgrade proposed by the core team.
ARCHITECTURE
Governance Framework Comparison
Comparison of core architectural models for managing upgrade keys, treasury, and protocol parameters in a rollup.
| Governance Component | Single Multi-Sig | On-Chain DAO | Hybrid Council |
|---|---|---|---|
Upgrade Authority | 3-of-5 signers | Token-weighted vote | Council proposal + token vote |
Treasury Control | Multi-sig wallet | DAO-controlled smart contract | Council-controlled, DAO-ratified |
Parameter Updates | Manual admin function | On-chain governance proposal | Technical committee fast-track |
Upgrade Time Locks | 7-14 days | 48 hours (fast-track) or 7 days | |
Voter Participation | N/A | Typically <10% | Council: 100%, DAO: <10% |
Implementation Cost | < $100 gas | $50k+ in gas per proposal | $5k-$20k in gas per proposal |
Attack Surface | Private key compromise | Token whale manipulation | Council collusion or DAO apathy |
Example Protocols | Arbitrum One (prior to DAO) | Optimism, Uniswap | Polygon zkEVM, Arbitrum Nova |
implementation-steps
IMPLEMENTATION GUIDE
How to Plan Rollup Governance Responsibilities
A structured approach to defining roles, processes, and on-chain mechanisms for governing an Optimistic or ZK Rollup.
Rollup governance is the framework for making and executing decisions about the protocol's evolution, including upgrades, parameter tuning, and treasury management. Unlike monolithic chains, a rollup's governance must coordinate actions across two layers: the L1 settlement layer (e.g., Ethereum) where the rollup contracts live, and the L2 execution layer where transactions are processed. The primary goal is to ensure the system remains secure, decentralized, and adaptable without creating a single point of failure or undue centralization risk. Planning starts by mapping core responsibilities: sequencer operation, prover incentives (for ZK Rollups), upgradeability control, emergency response, and treasury governance.
First, define the governance model and participant roles. Common models include token-based voting, multisig councils, and futarchy. For a decentralized sequencer, you might implement a sequencer auction or a proof-of-stake selection mechanism managed by token holders. Establish clear roles: Token Holders for broad protocol direction, a Security Council for time-sensitive upgrades or emergency pauses, and Technical Committees for implementing and auditing code. Tools like OpenZeppelin Governor with TimelockController provide a standard base for on-chain voting and execution delays, which are critical for safe L1 contract upgrades.
Next, architect the upgrade process. Rollups typically use proxy patterns for their core contracts on L1, allowing logic to be updated. Governance must specify who can propose upgrades (e.g., token holders with a minimum stake), the voting duration, quorum requirements, and a timelock period. The timelock is a non-negotiable security feature, giving users time to exit if they disagree with a change. For example, an upgrade to the L1CrossDomainMessenger contract would follow a flow: 1. Proposal submitted on-chain, 2. Token holder vote, 3. If successful, proposal queued in the timelock for 7 days, 4. Execution. This process should be codified in smart contracts and clearly documented.
Finally, plan for operational and crisis management. This includes defining the sequencer's responsibilities for transaction ordering and L1 batch submission, along with slashing conditions for malicious behavior. Establish a transparent process for fee parameter updates (e.g., base fee, priority fee) and treasury fund allocation for grants or development. Crucially, design emergency procedures. A multisig Security Council should have the ability to pause the system in case of a critical bug, but this power must be constrained by mechanisms like a delay period or requiring multiple independent parties. Regularly test governance processes through simulations on testnets to ensure they function as intended under stress.
real-world-examples
IMPLEMENTATION PATTERNS
Real-World Rollup Governance Examples
Examine how leading rollups structure their governance, from on-chain voting to multisig councils and upgrade mechanisms.
ROLLUP GOVERNANCE MODELS
Governance Risk Assessment Matrix
A comparison of common governance models for rollups, assessing key risk vectors and operational trade-offs.
| Risk Vector | Single Sequencer (Starter) | Permissioned Sequencer Set (Hybrid) | Permissionless Sequencing (Fully Decentralized) |
|---|---|---|---|
Censorship Resistance | |||
Sequencer Downtime Risk | High (Single Point of Failure) | Medium (Redundancy) | Low (Permissionless Replacement) |
Upgrade Control | Centralized (Core Devs) | Semi-Centralized (Multisig/DAO) | Decentralized (Token Vote) |
Time to Finality | < 1 sec | 1-3 sec | 12-30 sec |
MEV Extraction | Centralized (Sequencer Profits) | Distributed (Set Members) | Permissionless (Public Auction) |
Protocol Upgrade Speed | Fast (Days) | Moderate (Weeks) | Slow (Months) |
Security Council Required | |||
Governance Attack Surface | Low (Centralized) | Medium (Limited Set) | High (Broad Token Holders) |
treasury-management
TREASURY MANAGEMENT
How to Plan Rollup Governance Responsibilities
Effective treasury management for a rollup requires a clear governance framework that defines roles, processes, and accountability for fund allocation and oversight.
A rollup treasury is the pool of funds—often derived from sequencer fees, grants, or a pre-minted token supply—used to finance network operations and development. Unlike a simple multi-signature wallet, a well-governed treasury requires a formalized structure. This begins with a governance charter that explicitly defines the treasury's purpose, such as funding protocol upgrades, ecosystem grants, security audits, and core developer teams. Without this charter, funds can be misallocated, leading to community distrust and operational stagnation.
Responsibility must be distributed across distinct roles to prevent centralization of power. A typical framework includes: a governance token holder community for high-level budget approval via on-chain votes, a technical committee or security council empowered to authorize emergency spending for critical bugs, and a treasury working group responsible for evaluating grant proposals and managing day-to-day disbursements. This separation ensures checks and balances, aligning long-term vision with operational agility.
The proposal and funding lifecycle must be transparent and repeatable. A standard process involves: 1) A Request for Proposal (RFP) posted publicly, 2) Submission and community discussion on forums like the Arbitrum Governance Forum, 3) Formal on-chain voting via snapshot or a custom governor contract, and 4) Post-funding accountability with milestone-based payouts. Smart contracts, such as OpenZeppelin's Governor with a Treasury module, can automate this flow, releasing funds only when pre-defined conditions are met.
For on-chain execution, a common pattern is to deploy a timelock-controlled treasury contract. This adds a mandatory delay between a governance vote's approval and the actual fund transfer, giving the community a final window to veto malicious proposals. A simplified example using Foundry and OpenZeppelin contracts might initialize a TimelockController as the treasury's owner, which only executes transactions after a 3-day delay if instructed by the Governor contract.
Continuous oversight is critical. This involves regular public treasury reports detailing income, expenditures, and portfolio performance (e.g., yield earned on stablecoin holdings). Tools like Llama for decentralized organization analytics or custom Dune Analytics dashboards can provide real-time transparency. Furthermore, establishing a rainy day fund—a portion of the treasury reserved for unforeseen security incidents or market downturns—is a prudent risk management practice that ensures long-term sustainability.
Ultimately, successful treasury governance balances decentralization with efficiency. It requires clear documentation, robust smart contract tooling, and an engaged community. By implementing a structured framework from the outset, rollup teams can foster sustainable growth, incentivize high-quality contributions, and build the trust necessary for the network to thrive.
ROLLUP GOVERNANCE
Frequently Asked Questions
Common questions from developers and core teams on structuring and executing governance for a sovereign rollup.
A DAO (Decentralized Autonomous Organization) is a broad, token-based governance body where token holders vote on proposals, often for high-level protocol upgrades or treasury management. A Security Council is a smaller, technically-focused multisig (e.g., 5-of-9) with limited, emergency powers. Its primary role is to execute critical security upgrades or pause mechanisms in response to vulnerabilities, without waiting for a full DAO vote cycle. This separation of powers balances decentralization with operational security. For example, Optimism uses a Security Council for fast-tracked upgrades, while its Token House DAO governs broader incentives.
resource-links
GUIDES
Tools and Resources
Practical frameworks and tools to help teams define, implement, and operate rollup governance responsibilities in production environments.
01
Governance Responsibility Matrix
Start rollup governance planning by clearly defining who controls what across technical, economic, and social layers. A responsibility matrix reduces ambiguity during upgrades and incidents.
Key roles to map:
- Protocol ownership: upgrade authority for rollup contracts, bridges, and verifiers
- Sequencer operations: key management, rotation, downtime response
- Economic policy: fee parameters, gas pricing models, inflation or rewards
- Community signaling: who proposes changes and how feedback is aggregated
Teams commonly adapt RACI-style models to separate proposal, approval, and execution. For example, Optimism separates proposal authorship (Token House) from final execution via onchain upgrade transactions. Write this matrix before deploying governance tooling to avoid silent centralization.
04
Upgrade and Incident Playbooks
A governance plan is incomplete without explicit procedures for upgrades and incidents. These playbooks define responsibilities under time pressure.
Core playbook elements:
- Step-by-step upgrade flows with signer requirements
- Rollback criteria and downgrade paths
- Emergency pause authority and scope
- Communication responsibilities before and after execution
For example, many rollups define a security council empowered to pause bridges or sequencers within minutes, while permanent changes require community notice periods. Store playbooks in a public repository so users can audit real-world governance powers. Treat them as living documents reviewed after every incident or major upgrade.
05
Governance Documentation and Transparency
Rollup governance responsibilities should be understandable without trusted context. Clear documentation is a governance tool.
Minimum documentation set:
- Canonical list of admin addresses and multisigs
- Upgrade authority diagrams linked to deployed contracts
- Governance process descriptions with timelines
- Historical record of executed decisions
Projects like Optimism publish governance portals linking social processes to contract addresses. This transparency limits reputational risk and simplifies audits. Assign explicit ownership for keeping these docs current. Outdated governance docs are equivalent to missing controls.
conclusion
GOVERNANCE IMPLEMENTATION
Conclusion and Next Steps
A successful rollup governance framework requires continuous iteration, clear communication, and robust tooling. This section outlines the final steps to operationalize your governance model.
Finalizing your governance plan requires translating your GovernanceToken smart contract and off-chain processes into a live, community-driven system. Begin by deploying your contracts to a testnet like Sepolia or Holesky. Use this environment to conduct a dry-run governance cycle where a controlled group of stakeholders—core developers, early backers, and select community members—simulates proposing, debating, and voting on a mock proposal. This test should validate the entire technical stack, from the on-chain voting mechanism to the off-chain discussion forum and proposal lifecycle management. Tools like Tally for on-chain voting interfaces or Snapshot for gasless signaling can be integrated during this phase.
With a validated testnet deployment, the next step is a phased mainnet launch. A common strategy is to begin with a multisig-controlled upgradeability model, where a 5-of-9 council of trusted entities holds the upgrade keys. This provides a safety net while the on-chain governance system matures. Concurrently, you should initiate a token distribution event according to your predefined allocation plan, ensuring a fair and decentralized distribution of voting power. Transparency is critical; publish a public roadmap detailing when and how control will transition from the multisig to the fully on-chain DAO, a process often called "progressive decentralization."
Governance is not a set-and-forget system. Establish clear Key Performance Indicators (KPIs) to measure its health. Track metrics like voter participation rate, proposal throughput, delegate concentration (Gini coefficient), and time-to-execution for passed proposals. These metrics should be reviewed quarterly by the community. Furthermore, plan for protocol treasury management. Determine how funds will be allocated via grants (e.g., using platforms like Questbook or Gitcoin) or liquidity incentives, and establish a transparent budgeting process governed by token holders.
Your governance documentation must be a living resource. Maintain a public handbook that details all processes: how to create a proposal, the role of delegates, dispute resolution, and the constitutional principles of the rollup. This should be hosted in an accessible, version-controlled repository like GitHub. Encourage the community to submit improvement proposals for the governance framework itself, treating it as a meta-governance process. This ensures the system can evolve to meet new challenges, such as adapting to new L2 standards like the EIP-7002 for restaking or integrating with cross-chain governance platforms.
Finally, engage with the broader ecosystem. Governance does not exist in a vacuum. Explore interoperability with other rollups via cross-chain messaging for shared security initiatives or aligned voting. Consider joining consortiums like the Rollup Governance Alliance to share best practices. The goal is to build a resilient, adaptable, and legitimate system of coordination that can steward your rollup through its next phase of scaling, innovation, and adoption.