RFC: Mina Decentralized Treasury – Decentralized On‑Chain Community Treasury
The Mina Foundation has been working on a new Decentralized Treasury for funding Mina ecosystem development and projects, which will be fully on-chain and controlled by the Mina community.
This is the first phase of the development and deployment process - the Request for Comments (RFC) on the proposal. From Aug 1 - Aug 31, 2025, community members are invited to review, provide feedback, and ask questions about the Decentralized Treasury proposal in the comments of this thread or on Mina’s Discord.
Abstract
This RFC specifies the design, governance model, security mechanisms and rollout strategy for the Mina Decentralized Treasury – a fully on‑chain treasury owned and controlled by the Mina community. The treasury is implemented as a set of upgradable, permissionless Mina zkApps providing a trust-minimised mechanism to utilize and distribute funds for the advancement of the Mina ecosystem. All proposal handling, voting, execution and accounting is done in a provable manner, in accordance with the zkApps protocol.
Motivation
The Mina ecosystem requires a transparent, censorship‑resistant and trust‑minimised mechanism for managing community funds. Moving the treasury on‑chain eliminates single‑party custodianship, enables token‑weighted community governance, and provides verifiable execution of treasury decisions without a protocol‑level hard‑fork. Successful implementation of this RFC would significantly increase transparency in the funding decision making process within the ecosystem.
Mina Foundation plans to commit a significant amount of funds from its community and grants budget towards the Mina Decentralized Treasury.
Conceptual overview
-
The treasury has to be able to distribute $MINA tokens.
-
We should aim for the treasury to be fully “on-chain” or provable, thus not having any processes which cannot be programmatically enforced.
-
Mina’s protocol works with an account ledger, which is a Merkle tree of accounts, where each account has a balance and a delegate; this can be used to determine the voting power of each account.
-
Consensus / staking works with epoch-based snapshots. While the ledger itself is merkelized, root hash of the ledger is available for current or past epochs.
-
Given we want to use the $MINA balance as the voting weight, we need to prevent double spending of the voting power.
-
In order to achieve higher voting participation, we should make use of delegated governance, e.g. by using staking delegation as voting delegation, unless overridden by the delegator. At the same time, there should be minimal to no technical barrier to enter the system as a proposer or a voter.
-
Since treasury funds should be fully held by the treasury zkApps it affects the design of the Mina Foundation delegation program.
-
Any infrastructure associated with the Mina Decentralized Treasury should be permissionless and self-hostable, in order to allow for open community participation.
-
Technical implementation must be focused on security and auditability.
Members of the Mina ecosystem seeking funding for their work, either future or retrospective, should create proposals to spend treasury funds. Remaining members of the ecosystem should thoughtfully evaluate the proposal and vote either for or against the proposal, granting or denying funding.
Proposal System
Mina Decentralized Treasury is designed around proposals, which are voted on by the Mina token holders. Once a proposal has been passed, it can be executed – for example funds being withdrawn from the treasury.
Proposal Types
The following proposal types should be supported by the treasury:
-
Treasury Spend – Transfer of MINA or custom tokens from the treasury to a recipient account.
-
Treasury Upgrade (Optional) – Change of verification keys (code upgrade) for one or more treasury zkApps.
Proposal contents
Each on‑chain proposal must include a URI pointing to a Markdown text (e.g., GitHub Gist, HackMD). The treasury contracts do not host proposal contents, instead they hold a reference (e.g. URL, hash, or else).
Lifecycle Periods
In order to ensure fair voting and consideration for all proposals, a lifecycle mechanism can be put into place. Either the whole treasury as a whole, or individual proposals go through the following stages:
-
Proposal Period – New proposals accepted.
-
Exploration Period – Community discussion, no voting.
-
Voting Period – Votes recorded on‑chain.
-
Cooldown Period – Votes can be tallied, but proposals can’t be executed yet. Timelock in place allowing the break‑glass key to intervene.
-
Post Cooldown Period – Proposals can be executed, if they have passed and break-glass did not intervene during the cooldown period.
Periods may be globally synchronised or per‑proposal, subject to configuration. Lifecycle periods help anchor the period or individual proposals to their respective historical ledger snapshot, in order to determine voting weights.
Spam Prevention
A proposer must lock a bond equal to a configurable percentage of the proposal value (e.g., 10 %). Bonds are returned if the proposal passes; otherwise they are burned or frozen. This measure prevents treasury abuse, as in acting as a signal or a preliminary filter to concentrate attention of voters.
Governance Model
To ensure the highest stake participation possible, the treasury employs voting power delegation mechanisms, following the already established delegated proof of stake model of the consensus. This allows the treasury to accommodate votes from individuals looking to participate directly, and also from token holders willing to delegate their decision making power to a delegate.
Voting weights
To calculate voting weights and prevent multiple counts of the same stake, the system uses an epoch‑based historical snapshot of the account ledger. Nullifier commitments ensure an account’s balance is applied to at most one proposal outcome.
Voting Rules
-
Direct Vote – An account without a staking delegate casts its own vote.
-
Staking‑Delegate Vote – If an account has a staking delegate and no voting delegate, the staking delegate votes on its behalf.
-
Voting Delegate Override – An account with voting delegate overrides staking delegation.
-
Self‑Override – Setting the voting delegate to self allows direct voting even when staked elsewhere.
Vote Types
-
Yay – Support the proposal. Counts toward passing the proposal and enabling execution if quorum and majority are met.
-
Nay – Oppose the proposal. Counts against passing the proposal and helps prevent execution.
-
Abstain – Neutral stance. Does not affect the outcome but counts toward quorum participation.
Note: Concrete vote type naming is subject to further discussion
Passing Criteria (Configurable)
-
Quorum: ≥ 50 % of total eligible supply at snapshot.
-
Majority: ≥ 60 % (or parameterised, e.g., 75 %) of votes cast in favour.
In order to prevent the treasury from “deadlocking” itself, as in not being able to pass a proposal due to low participation, a dynamic/moving quorum can be considered for implementation.
Note: Passing criteria are subject to further research.
Double‑Spend Resistance
Nullifiers combined with ledger snapshots prevent an account balance from contributing voting power more than once per proposal.
Safety Mechanisms
In order to ensure a smooth transition towards a community owned Mina Decentralized Treasury, the following mechanisms can be put in place to prevent malicious participants from exploiting the treasury:
-
Break‑Glass Multisig – Temporarily able to halt execution during the cooldown period.
-
Upgradable Contracts – Allow critical bug fixes.
-
Progressive Fund Migration – Funds transferred in tranches, reducing blast radius of potential issues.
Break-Glass Multisig
The break glass mechanism is a safety feature to allow for intervention in case of a bug or exploit in the treasury zkApps. Specifics of how the mechanism works are subject to further discussion. In a simplest form it could be a multisig of trusted ecosystem participants.
This mechanism could for example prevent a proposal from being executed (paid out) if it’s deemed to be malicious, harmful or a result of an exploit of the treasury zkApps.
Eventually thanks to the treasury upgradability, the break glass mechanism can be removed, and the treasury can be fully owned by the community.
Additionally, the break-glass mechanism can be used by the governing entity behind the treasury to ensure the treasury operations remain aligned with relevant legal and regulatory frameworks. However, any such use would require clearly defined scope and transparency guarantees, consistent with the intended governance processes.
Foundation Delegation Program
To maintain the shape and form of the existing delegation program, treasury funds may be split across multiple sub‑treasuries, each delegating to distinct block producers while remaining governed by the same on‑chain rules.
Technical Details
Staking Ledger
Mina Protocol’s ledger is a Merkle tree of accounts, where each account has a balance and a delegate. There’s no “total delegated stake” per BP, since it’s not necessary for the consensus protocol (due to how VRF is implemented). This means that in order to determine the voting weight of an account, we need to iterate over all accounts delegated to the BP (or any valid voter) and sum up the delegated balance of each account.
If we are to enforce quorum/majority requirements, we also need to sum up the total circulating supply in any given ledger snapshot (unless explicitly exposed by the protocol itself).
JIT Vote Tallying
We could implement the zkapp/circuits in a way which does not require voters to do any heavy lifting proving wise, they could be just ‘dispatching actions’ with signatures authorizing their vote, instead of having to compute their voting power at the time of the vote. Similarly the UI could be optimistically (out of the prover) computing vote results on the fly, until the votes are tallied (actions are rolled up) at a later stage.
Security Considerations & Risks
-
Bonds mitigate, but do not eliminate, griefing attacks; parameters should be reviewed post‑MVP.
-
Break‑glass authority introduces centralisation risk and should be sunset as planned.
-
Low participation may create a governance deadlock where quorum is not met and no proposals are able to pass. In order to mitigate this risk, dynamic moving quorum may be implemented as part of the treasury design.
Audit plan
Before the treasury can be rolled out, a comprehensive independent multi-party audit needs to be conducted. Additionally extensive community testing should be concluded on devnet. Both of these measures combined should minimise the risk of technical issues or bugs occurring in production post-rollout. Audit is planned to be executed in two phases, in alignment with the development phases for MVP & advanced features. This enables earlier minimalistic mainnet rollout, before development of all features is completed.
Rollout Plan
First mainnet deployment of the Mina Decentralized Treasury is planned post-audit, after devnet testing has been completed and no breaking bugs were identified. The amount of funds rolled out to the decentralized treasury at various stages is subject to Mina Foundation’s discretion and policies, and shall be subject to ongoing assessment based on project’s progress.
Protocol Compatibility
The design relies solely on the existing Mina zkApp protocol and requires no hard‑fork.
Timeline
Phase | Indicative Schedule* | Focus |
---|---|---|
RFC | Month 1 | Publish specification; gather stakeholder feedback. |
MVP | Months 2‑4 | Implement core treasury zkApps & UI; public devnet demo. |
Safety & Performance | Months 5‑6 | Add spam bonds, break‑glass, prover parallelisation, basic upgradability. |
Audit | Months 7‑8 | Comprehensive external audit; address findings. |
Rollout | Month 9 | Initial mainnet deployment with limited funds. Requires complete audit. |
Advanced Features | Months 10‑11 | Multiple BP delegation, voting delegation, upgrade framework. |
Decentralisation | Ongoing post‑Month 11 | Remove break‑glass; migrate remaining Foundation funds. |
Improvements | Continuous | Bug fixes and performance enhancements. |
Note: Every tangible development update will be reflected on devnet as soon as possible, in order to shorten the community feedback & testing lifecycle
Legal Considerations
Mina Foundation will collaborate with relevant regulatory authorities and advisors as appropriate to ensure compliance with applicable law and regulations.