Governance
Clear rules without a DAO. Multisig control, time-locked changes, public disclosures.
Governance
YAP does not use a DAO. We run a simple, transparent stewardship model that protects users, keeps the token economy predictable, and makes every change visible before it happens.
Principles
User safety first. No surprise mints. No hidden fees. No balance seizures.
Predictability. Small, well-bounded changes with notice.
Transparency. Every decision leaves a public trail with rationale and on-chain links.
Least privilege. Separate roles and keys. Rotate and monitor them.
Stewardship model
Multisig control. A named Stewardship Multisig holds the keys to protocol parameters and treasury spending. Quorum and signer list are public.
Role separation. Different multisigs or sub-keys for Protocol, Treasury, and Oracle settings. No single signer can move funds and change rules.
Time-locked actions. Non-emergency changes queue with a notice period, then execute. We target a 7-day timelock.
Emergency controls. Narrow, scoped pauses for rewards, spending, or a specific sink, with a short maximum duration and a required public postmortem.
Parameters that can change
All changes are time-locked, announced, and capped by max drift limits.
Verification caps by tier, daily and weekly.
Hourly budgeting weights and soft throttle thresholds.
Reward targets per activity, within published bands.
Oracle sources, averaging windows, and stale-data rules.
Transfer lock duration on newly earned tokens.
Allowlisted spend sinks and their prices.
Staking, leaderboard, and quest rules.
Treasury program budgets within the approved annual plan.
Max drift guidance
Reward targets and sink prices: up to 10 percent per change.
Hourly budgeting weights: up to 15 percent per change.
Caps: up to 20 percent per change. Anything larger requires a special incident process and extended notice.
Parameters that will not change
Total supply: fixed at 1,000,000,000 YAP.
Learner rewards cap: hard capped at 500,000,000 YAP.
Spend split: 50 percent burn, 50 percent treasury on every in-app spend.
No confiscation. User token balances remain user owned.
No stealth minting. Any mint path is disabled except the scheduled rewards mint governed by the emission plan.
Change process
Proposal. Publish an RFC with rationale, options, and expected impact.
Comment window. Collect feedback in a public forum or GitHub.
Queue. Submit the on-chain transaction to the timelock with a clear summary.
Execute. After the delay, execute and post a changelog with tx links and dashboards.
Review. Monitor metrics, publish a 14-day impact note.
Non-binding community polls can be used for signal, but final authority stays with the multisig.
Transparency and reporting
Live dashboards. Show daily budgets, emissions, burns, treasury inflows and outflows.
Changelog. All parameter edits, with diffs, dates, and links.
Quarterly treasury report. Spend by category, runway, and upcoming grants.
Audit library. Pre-launch and post-upgrade audits, plus any remediation notes.
Security and key management
Hardware backed keys, monitored access, and mandatory key rotation.
Quorum rules that survive a single key loss. Emergency key revoke path.
Separate signing devices per role. No key reuse across environments.
Legal and compliance
KYC and AML applied where required for higher tiers or claims.
Region-aware data handling with clear deletion paths.
No governance features that imply profit rights or dividends.
Incident response
Clear triggers for scoped pauses, such as oracle failure or reward inflation.
Public status page and incident updates.
Postmortem within seven days, including remediation and timelines.
Bottom line: you get a predictable protocol with human accountability, clear guardrails, and public evidence for every change. No theater, no DAO, just responsible operations.
Last updated