The Telos Foundation — the organization behind smart contract platform Telos (TLOS) — has taken action against two of its board members following a network security controversy.

Telos is a platform that supports the creation of decentralized applications (DApps) and decentralized autonomous organizations (DAOs) running on EOS.io, the software underlying the EOS blockchain.

In a blog post published on March 22, the foundation announced that it had made “appropriate adjustments to its board and various board member responsibilities” in light of recent controversial developments, as it “holds network security in the highest regards.”

The two board members in question are Daniel Uzcátegui, who has been removed from the foundation’s board as of March 11th, and Richard Bryan, who will remain on the board but will no longer engage in block production or node operation on Telos.

Background to the foundation’s actions

Like EOS, Telos uses a consensus mechanism known as “delegated proof-of-stake,” in which network participants are able to stake their tokens to vote for so-called Block Producers (BPs) as their elected delegates.

In this system, BPs in part serve a similar function to miners on the Proof-of-Work-based Bitcoin (BTC) blockchain or staking nodes on a Proof-of-Stake (PoS) protocol.

They also have additional responsibilities to miners, as the top 21 BPs elected on the network are granted full executive power and so wield a decisive vote on all decisions regarding the blockchain.

In its blog post, the foundation writes that it discovered earlier this month that several BPs had been implicated in disputes that related to “inappropriate shared access” to their signing keys, thereby degrading network security.

The controversy over the safety of apparently inappropriate key sharing was addressed in a personal statement published by Richard Bryan on March 10. Bryan is a Telos Foundation board member who until now ran the “TelosDAC” BP, on which Daniel Uzcátegui also served as a technical advisor. Bryan wrote:

“In order for Daniel to be effective in some of his work [...] with us he needed to have a safe level of access to our infrastructure. This was well planned and arranged using SSH provisioning tools [...] and keys obscured using available tools. At no time did Daniel have access to our BP owner key [...]”

Bryan has now pledged that he will no longer engage in block production/node operation on Telos nor on any of the public EOSIO blockchains currently in operation.

This, he says, is due to the fact that he lacks an “in-depth understanding of the implications of shared active keys,” as well as not having the knowledge that would be required to detect unusual activity on nodes.

Structural reform

The foundation’s announcement clarifies that according to its bylaws, outgoing board members will remain in the organization for 30 days after their removal in order to transition their responsibilities to remaining members.

Beyond adjusting its board, the foundation has responded to the controversy by planning to put a Telos Foundation Transparency Amendment up for vote. This will attempt to address security concerns, clarify the organization’s structure, and separate board members from operational members in order to prevent excessive centralization.

EOS’ own controversies

EOS has itself faced criticisms over similar issues to those currently being debated at Telos. In fall 2019, an EOS BP raised concern over apparent levels of centralization and misconduct, claiming that six registered producers on EOS were being managed by a single entity.