Thank you to the EFers that provided valuable input and feedback to the draft document: Bastian Aue, Vitalik Buterin, Bogdan Popa, Tomasz Stańczak, Fredrik Svantes, Yoav Weiss, Dankrad Feist, Tim Beiko, Nicolas Consigny, Nixo, Alex Stokes, Ladislaus, and Joseph Schweitzer.
Thank you to kpk, Steakhouse Financial, and pcaversaccio for providing valuable and insightful input and the final review of this document.
The Ethereum Foundation (EF) exists to strengthen Ethereum’s ecosystem and uphold its long-standing non-negotiable objectives: enabling “applications that run exactly as programmed without any possibility of downtime, censorship, fraud, or third-party interference“. EF Treasury supports EF’s long-term agency, sustainability, and legitimacy. Capital deployments should be balanced between seeking returns above a benchmark rate and extending EF’s role as a steward of the Ethereum ecosystem, with a particular focus on DeFi.
This document provides the policies and guidance for EF Treasury management and discusses the key indicators and considerations.
1. Macro Policy
To achieve its objectives, EF will maintain and periodically refine an asset-liability management policy and a high-level grant allocation strategy. EF will manage its assets, considering risk, duration, and liquidity, while remaining aligned with Ethereum’s core principles.
Our approach focuses on two variables:
A: Annual Opex (expressed as % of current total treasury)
B: Years of Opex Buffer (number of years of operating runway held in reserve)
Where:
- A × B: determines target fiat-denominated (offchain or onchain) reserves. This value directly informs the size and the cadence of ETH sales.
- (Total Treasury A × B) defines the value of ETH reserves: dividing by ETH price gives the number of ETH that will remain in core holdings.
At regular intervals, the Board and Management re-evaluate both variables, weighing market dynamics and community input to keep short-term operations aligned with long-term strategy. Two further lenses shape each review: (1) identifying pivotal years that merit heightened ecosystem engagement and (2) maintaining a counter-cyclical posture—stepping up support in downturns and moderating it in bull runs.
Current targets stand at A = 15% of treasury for annual opex and B = 2.5 years. This policy reflects our conviction that 2025-26 are likely to be pivotal for Ethereum, warranting enhanced focus on critical deliverables.
EF expects to remain a long-term steward, but envisions its scope gradually narrowing. We intend to reduce annual opex roughly linearly over the next five years, ending at a long-term 5% baseline that is common for endowment-based organizations. This glide path and baseline will be reviewed and adjusted as conditions evolve.
2. Crypto Assets Policy
The EF will seek to earn acceptable returns on treasury assets in a manner consistent with Ethereum’s underlying principles.
The key considerations of the on-chain portfolio include, but are not limited to:
- Safety and security: favor battle-tested, immutable, audited, permissionless protocols. Encourage positive-sum actors in the Ethereum DeFi ecosystem. Aim to counterbalance, and not contribute to, systemic risks to Ethereum as a whole. Continually re-evaluate projects for attack vectors and risks, including but not limited to: smart contract, governance, custodial (e.g., stablecoins), and oracle risks.
- Reasonable return and risk: select conservative choices with higher degrees of liquidity instead of chasing only high returns. Guard against not just the risk of loss of funds but also risks to liquidity and general portfolio flexibility. Deployments that are somewhat higher risk may happen but will be of a more limited scale and in segregated sleeves. In all cases, aim to be a modest portion of any single project’s total TVL.
- Ethereum’s deeper goals: support maximally secure, decentralized, open source, cypherpunk applications. Cypherpunk DeFi is permissionless: no barbed-wire fences. Ideal protocols are trust-minimized, composable, and maximally privacy-friendly.
We will frequently reallocate funds between protocols for reasons such as changing market conditions, diversification, or new yield opportunities. Withdrawals should be understood in this context and not as anti-endorsements.
2.1 Ether Sales
Throughout the year, EF will periodically calculate the deviation of the treasury’s fiat-denominated assets from the Opex Buffer (“B”) target and determine how much, if any, Ether will be sold over the next three months. These sales will typically be via fiat off-ramps or onchain swaps for fiat-denominated assets.
2.2 Ether Deployments
Our current strategies include solo staking and wETH supplied to established lending protocols. Core deployments are re-evaluated continually but intended to be long-term. EF may also borrow stablecoins and seek higher yields onchain. EF Management and advisors will vet candidate protocols for contract security, liquidity risk and de-peg risk, and other factors. As the DeFi ecosystem matures, EF plans to fold select on-chain allocations, including to carefully vetted farms and tokenized RWAs, into its fiat reserve.
3. Fiat-denominated Assets Policy
The EF will allocate its fiat holdings across:
- Immediate-liquidity assets: cash and other highly liquid fiat-denominated instruments that cover real-time operational needs;
- Liability-matched reserves: fixed-term deposits, investment-grade bonds, and other low-risk instruments aligned with longer-term obligations; and
- Tokenized RWAs: governed by the same strategic objectives and risk guidelines as native crypto assets.
4. Transparency Policy
The EF Co-EDs are accountable to the Board for the management of the treasury.
To ensure transparency, accountability, and informed oversight, a structured internal reporting cadence is in place. Reports are prepared and maintained by the Finance team, with distribution based on scope and sensitivity.
4.1. Quarterly Reports
The Finance team provides quarterly reports to the Board and Management, including:
- Performance (Absolute and against Benchmarks)
- All positions (Open & Closed since the last report)
- A summary of notable events, including:
- Operations (processes, infrastructure, security updates/incidents)
- Ecosystem engagement (meetings taken, partnerships, etc.)
4.2. Annual Reports
The annual EF Report will include further treasury-related information, including a summary of major treasury allocations. For example, percentages in fiat, idle ETH, and deployed ETH.
5. Cypherpunk Goals
The EF (through its research, advocacy, and capital deployments) will build on cypherpunk principles to help formalize and apply a practical evaluation framework we refer to as “Defipunk” which has the following properties:
Privacy is historically neglected in the broader DeFi space, but it remains essential. Privacy protects market participants from both digital surveillance (e.g., front running, sandwiching, liquidation sniping, targeted phishing, profiling and data-based coercion) and physical threats (i.e. in-person coercion).
5.1. EF should actively support projects in their Defipunk journey
Ethereum is poised to attract exponentially larger flows of capital, talent, and innovative energy. Growth, however, is often path-dependent: standards adopted in periods of chaotic rapid growth harden into legacy constraints, and designs that privilege transparency can lock in surveillance by default. Incumbent systems often exert subtle pressures that narrow the design space for novel DeFi primitives and constrain privacy-focused innovation. The Ethereum Foundation will defend against these pressures.
Through research, advocacy, and strategic capital deployments, the EF can help cultivate an Ethereum-native financial ecosystem that safeguards self-sovereignty and sustains, at scale, “an open society in the electronic age.”
Turning this vision into real infrastructure takes work. There are numerous challenges to building cypherpunk DeFi protocols today: higher gas prices for privacy, UX friction, difficulty bootstrapping liquidity, more stringent audit needs associated with technical complexity and immutability, and, simply put, opponents to privacy. As a result, much of today’s DeFi ecosystem relies on centralized elements: backdoor shutdown mechanisms or funds extraction functions, excessive reliance on multisigs or MPC, pervasive use of whitelists, centralized and surveilled UIs, and a general absence of onchain privacy – all leave both DeFi markets and participants exposed to systemic vulnerabilities.
Privacy is particularly important to get right. As A Cypherpunk’s Manifesto points out, “for privacy to be widespread it must be part of a social contract”. Privacy has inherent network effects, and yet it has received very little attention so far. This suggests that strong, early institutional support from an EF-like entity can be uniquely valuable in flipping the equilibrium toward a more privacy-focused DeFi landscape.
EF is well-positioned to help guide DeFi’s evolution toward these goals. For example:
- Supporting nascent DeFi protocol to develop privacy features
- Encouraging mature protocols to strengthen Defipunk properties with research collaborations, liquidity, legitimacy, and other resources
- Promoting research and development of decentralized UIs
A more complete list of criteria for project support can be found in §5.3.
5.2. Defipunk starts at home
Advocating for open source, privacy and other Defipunk goals extends far beyond EF, but include EF’s own internal operations where possible. Using Defipunk principles in the EF’s own treasury management is a key first step in this regard. More generally, the EF can use secureware tools, build a prudent operational structure that is supportive of all qualified contributors, including anon and pseudonymous participants, and otherwise improve its security and privacy practices. This will help the EF remain principled and grow in strength, stability, and the ability to stand firm.
Staff involved in treasury management should use and/or contribute to open-source, privacy-preserving tools for routine tasks, especially if this requires upskilling in those areas. By taking care to live and breathe Defipunk principles in its own activities, EF will stay on target and gain the capabilities to support the rest of the ecosystem in doing the same.
5.3. Defipunk Criteria
These are concrete criteria for internal evaluation of protocols and UIs, intended to encourage new projects to start, and existing projects to improve. They will apply to all of EF’s future onchain deployments. While some criteria (e.g., permissionless access, self-custody, and FLOSS) are straightforward binary determinants for deployment, others are more complex. For now, projects are not required to sit at the “ideal” end of every axis. We look for credible progress and a roadmap for improvement, rather than perfection on day one. We share the framework openly to provide legibility for EF decisions and build alignment on these axes, and so that the wider community can consider, adapt, or apply them when forming its own views.
- Permissionless access
- Can anyone interact with the core smart contracts without KYC or whitelisting?
- Self Custody
- Does the protocol allow users to maintain self-custody and present it as default?
- Free-Libre & Open Source (FLOSS)
- Is the contract code free-libre open-source, with either a copyleft license (e.g., AGPL) or a permissive license (e.g., MIT, Apache)? Source-available (e.g., BSL) does NOT qualify.
- Privacy
- Transactions: Does it offer options for shielding tx origins/destinations/amounts?
- State: Is user/personal data and/or position information shielded onchain?
- Data: Does the protocol (and its typical UIs) avoid unnecessary collection of user data (e.g., user-agent) and personal data (e.g., IP addresses)?
- Open Development Processes
- Is the development process reasonably transparent?
- Are code repositories publicly accessible and actively maintained?
- Are protocol changes documented with clear rationales and versioning history?
- Is there visibility into the decision-making process for upgrades, parameters, and roadmaps?
- Maximally Trustless Core Logic
- Immutability: is the fundamental logic of the protocol non-upgradeable or governed by a highly decentralized, time-locked, and transparent process? (Avoid admin keys with broad powers.)
- Maximal viable cryptoeconomics: does the protocol rely maximally on cryptographic guarantees & economic incentives, and reduce the use of legal wrappers (like collateralization assurances) or offchain enforcement to the bare minimum required for its core function?
- Oracle reliance
- Does it minimize reliance on oracles, and minimize losses in cases where the oracle is compromised?
- Does it use robust, decentralized, governance-minimized and manipulation-resistant oracles wherever oracles are necessary?
- General Security
- Are the contracts audited, and processes in place to track the audited commit hash against what was last deployed, ideally including monitoring/alerting when the diff changes?
- Are contract properties formally verified or at least bytecode-verified on block explorers?
- Distributed UIs
- Are there multiple independent UIs?
- Is the primary UI open source and hosted in a decentralized manner?
- Can users interact directly with contracts?
Enduring Stewardship
The EF is here to stay for a long time and needs a robust long-term treasury management policy. We have for a long time simply held ETH, but are now increasingly moving into staking and DeFi, both to enhance financial sustainability and to support a key application category that is delivering on the promise of permissionless secure access to base civilizational infrastructure for millions of people today. EF’s involvement in these areas is well-positioned to set precedents for tool use that is responsible and compatible with its underlying goals. To do this, it will invest heavily in skilling up its own competency over time.
If you have ideas that contribute to EF x DeFi, please fill out this form.
