GIP-2: SAFE Token Model

I’m against this proposal.

Not because I don’t agree with it, I do, but because I don’t think the outlined strategy will achieve the desired goal.

I understand that the purpose of the SAFE token is to remove Gnosis as the central “gatekeeper” of Safe and I don’t think this proposal solves that problem.

The issue I see is that for the Safe to be usable, it requires servers which run services, like this one, which lets you know the balances of all your assets amongst other things.

Someone has to ensure that the servers keep running so that service is available so people may use the Gnosis Safe product. Right now that someone is Gnosis. If the community is using their tokens to decide things like curation and signalling, it’s not enough to remove Gnosis as the gatekeeper.

If something happens to Gnosis as a company that pays bills to host servers which run Safe services, then the whole product goes down and having Safe tokens means nothing because there will be nothing to curate and nobody to signal to.

I believe for this proposal to achieve its goal, the intention should be to remove the reliance on a single entity to run servers so that the product and the user experience can survive independent of Gnosis. As long as there is that reliance, the Safe product and the value of the token will rely directly on Gnosis.

1 Like

I agree. This aspect is not covered in the proposal. But even related to this centralization aspect, could a SAFE Token not be a potential solution? As you could imagine there being a network of transaction-services that is curated by SAFE Tokens and/or the SAFE Token being a means to access the “service” provided by these indexers?


About the Curation of Apps/Contracts/Modules, if the community uses the SAFE governance token to have a new token vote on every entry, it will require a massive duplication of effort and might be plagued by low response rates creating security issues and vectors of entry for unsafe apps.

You might consider using a dedicated Curation tool such as Kleros Curate in order not to have to reinvent the wheel and take the risk that the culture around the SAFE token do not develop appropriately so that people reliably vote so that the curation system can have good resistance to attacks.

The SAFE token can still have its use in such a schema by being either locked as a deposit to get a new entry into the list of authorized apps or also could be used as a lever to modify the display order of the apps in the Gnosis Safe (Projects display order would be ranked by the number of SAFE tokens locked/burned).


What is the advantage of creating a new token over giving control to the Gnosis DAO (and maybe still rewarding developers/early adopters with GNO)? After all the Safe has been built using the resources provided by the GNO holders (and its value is likely priced in to the current GNO price).

To me, creating a new token and only assigning 25% to the Gnosis DAO is a big give-away from GNO holders’ perspective that deserves further justification.


A SAFE token is definitely a solution, but I’d like to see this aspect directly addressed in the proposal to feel comfortable voting for it. In your example we have a network of competing services, its one thing to use the SAFE token to curate or decide which service is used by the Safe product, but that service provider still needs to be paid. If that service provider is paid with SAFE tokens, who pays those tokens? If no one pays. no services, no product.

It would be an interesting exercise to work out what the costs are to “run” the safe, how much does a single Safe wallet cost in services? What are the flat vs variable costs? Perhaps this could lead to a model that requires users to or hold X amount of SAFE tokens in a Safe to earn interest via lending protocol to pay service providers.

Kinda reminds me of the initial GNO/OWL token economics for the Gnosis Safe whereby fees where paid in OWL in order to incentive the holding of GNO to mint OWL, to pay for fees for the SAFE.

I agree with this comment. The creation of a Safe token is not removing Gnosis as the gatekeeper and decentralizing governance as this has already been achieved with the creation of the GnosisDAO. Instead it is transferring influence from GNO token holders to Safe token holders and only receiving 25% for doing so.


I’m not convinced the SAFE Token could more reliably align incentives with Safe development than GNO would. I hear you saying the stakeholders should be wider than GNO holders, because the Safe has become a critical piece of infrastructure for the community. I don’t, however, hear an explicit discussion of the misalignment.

What do you see as the specific conflicts of interest for using GNO as the governance mechanism, and why do you think mechanisms can’t be introduced to circumvent those?


I think the discussion boils down to what the Gnosis Safe is perceived to be in the long run.

  1. Is it a product, developed and maintained by Gnosis and funded through resources provided by GNO holders?

  2. Is it a platform kickstarted by Gnosis and with Gnosis / GnosisDAO being a critical provider of infrastructure, but where the value of the platform is driven strongly by other stakeholders.

If we aim for the former, then I agree, the value created should be exclusively captured by the GNO token and the GNO token also would be a good fit for governing centralized aspects of the system.

However, we have written this proposal with the second assumption in mind. We want to have the Gnosis Safe become the new “account standard” on Ethereum, effectively replacing EOAs as the primary accounts. EOAs will therefore take the role of simple signer keys but not as accounts. The Gnosis Safe is not to be seen as just the Safe Multisig web interface, but as a collection of components some being built by Gnosis and some by third-parties, including interfaces, Dapps, modules, backend infrastructure, SDKs etc.

If we want to have a chance to achieve this ambitious vision, Gnosis Safe cannot be seen as a purely “Gnosis product” and also the token economics, value capture & distribution, as well as governance over the system, should not be tied 1:1 to the GNO token. Here are a few reasons.

Value creators are not necessarily stakeholders

Even looking at the Gnosis Safe situation today, who actually brought value to the Safe ecosystem? Yes, one part was the GNO holders funding the project and Gnosis executing on the project (thus both being represented with a major stake in the SAFE Token Model). But Gnosis Safe, as a project, would hold no value without its user, especially early users bringing trust to the solution and making it an easier decision for later adopters to start using Gnosis Safe. Also, value was brought to the Gnosis Safe through external contributors creating Safe Apps, third-party interfaces, transaction relayers, and other extensions. Especially those external contributors will become even more critical value drivers in the future. As in order to achieve the vision of the Gnosis Safe of becoming the new account standard, we rely on a vibrant ecosystem being built around it. Saying GNO holders should capture 100% of the Gnosis Safe value will not allow to build up this ecosystem. If we build an ecosystem yet capture all value using GNO, wouldn’t the value drivers (i.e. ecosystem participants that are not GNO holders) just want to fork away, establishing their own SAFE Token using a fairer distribution and set up their own core maintainer team for the Safe infrastructure?

GNO Distribution issues

GNO currently is facing some significant distribution issues (outlined here). Any Gnosis Safe components being governed by the GNO Token would inevitably suffer from those. While they might be fixed at some point, this could very well take 1-2 years to achieve.

GNO can’t effectively be used in multiple token economics / (protocol) governance schemes simultaneously

Imagine if at some point Gnosis would have multiple protocols with each one needing to have some decentralized governance in place. How can be guaranteed that the protocol is governed by “relevant stakeholders” given that it might differ for each protocol who the relevant stakeholders are? Does it make sense to have the token economics of one protocol be impacted by things not related to the protocol itself? Should relevant stakeholders of those additional protocols become GNO holders by diluting existing GNO holders?

Misaligned incentives

The SAFE Token is essentially a separation of concerns, GNO Tokens are used to govern initiatives that increase the value of the GNO Token and the SAFE Token is used to bring value to the Safe ecosystem. In case GNO is used as a governance token in the Safe ecosystem, there might be cases where what’s best for the GNO Token is not best for the Safe ecosystem. This proposal makes sure incentives are aligned in those cases, because the value captured by the GNO Token is directly related to bringing value to the Safe ecosystem.

Final thoughts: My personal vision for the GnosisDAO / GNO token

I see GnosisDAO as a vehicle to fund/kickstart initiatives that ultimately capture more value for the GNO token. Whereas the most obvious two categories of initiatives are:

  • Treasury management: Effective deployment of assets in a way that they increase the value of the treasury
  • Kickstarting new protocols with their own native token: GnosisDAO is building infrastructure with their own ecosystems and establishes native tokens that capture the value of those ecosystems (not just the own interfaces/products built on top of the protocol). As a result, GnosisDAO receives a significant stake to be further incentivized to help grow the ecosystem. This should also be in the interest of the new “spun-out” ecosystem as they can rely on Gnosis continuing to be core maintainer and ecosystem developer. Therefore, Gnosis does not build products, it builds open-source infrastructure and establishes token economics / decentralized governance around those.

I think long-term it brings more value to GNO holders if GnosisDAO is a major stakeholder of ecosystems rather than an owner of products. At least wherever there is a chance to capture the ecosystem value vs. the product value. 25% value capture of a platform play can be a vastly better return than 100% value capture of a product play. However, both are valid options, of course, so I would not dismiss the latter.

This is definitely an important discussion to have because it also very much affects our product strategy. We have aimed to become a platform and have started to direct our focus towards this. If the GnosisDAO would prefer to see Gnosis Safe as a product, we have to adapt some assumptions and re-adjust our product focus.


@lukas_gnosis you provide a really great detailed perspective. It is interesting to think about a future where each product has its own token versus a community token that can govern many products.

You can see a parallel situation like that happening in the NFT/Art space. Is it better for every artist to have their own token, or for artists to join a collective/community token system and be a part of that?
Already, many people are having trouble handling so many tokens.

In order to detach the association, one step here might be to change the name of Gnosis Safe to something like “ETH Safe”???

1 Like

I’ll throw in my 2c:

From a theoretical perspective, I get it: It’s probably slightly better to separate the SAFE token from the GNO token.

But we’re here gathered around this wonderful GnosisDAO table, representing the GnosisDAO. We are only interested in the Gnosis Safe as it pertains to the GnosisDAO!

From a GnosisDAO perspective, I think giving away the SAFE is deadly, and I would much rather distribute GNO tokens to the relevant Safe ecosystem users to distribute GNO wider, and retain control of the Gnosis Safe product (the only product we have).

One way helps solve the issues around distributing GNO, and retains value in the GNO ecosystem (users actually now have an incentive to own GNO (to govern the Safe).

The other way only increases the problems around GNO Distribution Issues, making them much harder to solve…

It’s very hard to answer “What is the purpose of GNO?” without products, but community owned Software is a thing!

  • “Well, GNO governs the Gnosis Safe” is at least the roots of a purpose.

Otherwise, is GNO a hedge fund? Like what is GNO supposed to govern then?

Surprised by the approval in this proposal, to me it stifles the very best chance to distribute GNO wider and make it valuable.

For the GnosisDAO to want to get 25% of the SAFE, it effectively means that at the very least we believe that separating the SAFE token would create >4x the value, for us, as compared to just keeping it in GNO (making our 25% share worth more than 100%).

  • Do we really believe this?

EDIT: Since Gnosis DAO also controls 50% of the treasury, it would be more like >2x SAFE appreciation vs keeping it in GNO to make sense. That seems more reasonable to achieve, although still doesn’t help and rather takes away utility from the GNO token.

Otherwise, we could also think that Gnosis Safe is a toxic asset for the DAO to hold. That it costs us more to control it, that would lower the calculation (meaning we would need the price to be worth less than 4x).

Seems to me like it’s a great asset for the GnosisDAO to govern. Why give it away? Is it ready to be given away?

While it may or may not be maximizing the value for the Gnosis Safe, I just don’t think it’s maximizing the value for the GnosisDAO.

1 Like

Well, this is kind of a complex topic. I’m just informed enough to be dangerous.

The SAFE token way is probably more in-line with Gnosis vision.

Seems like a good proposal.

GNO makes more sense in this way, to take smaller peices of platforms.

I’m not sure that the existence of the safe-transaction-service necessitates that Gnosis remains as a gatekeeper for the Safe into the future. Certainly it’s reliant for the near-mid future but much of that functionality looks like it could be moved out to a subgraph given a v2 Safe which exposes more information via events (possibly for the existing contracts given call handlers as well). Incentivisation for others to run provide this service would then be provided through the Graph’s economics.

Obviously this can’t satisfy the offchain components of the service such as storing confirmation signatures before a transaction is executed but this could be handled by a non Safe-specific service also.


As a non-GNO-holding Safe user, I’m cautiously in favour of this.

I see the planned GnosisDAO governance process as potentially being too unwieldy for many of the decisions which are to be taken related to the Safe. GnosisDAO is more direction setting as seen by how futarchy plays a key role whereas many of the decisions taken by SafeDAO are technical and have a much shorter time horizon. A separate governance mechanism makes sense to avoid endless prediction markets on whether the GNO price will improve if we update the Balancer Safe app from v1.2.0 to v1.2.1.

Clearly there needs to be a parallel governance mechanism for the Safe ecosystem and a separate token goes some way to codifying it while also allowing decision making to be weighted differently to account for the distinct set of stakeholders for the ecosystem.

One issue I’m concerned about is that while the proposal goes in detail on the expenses of the SAFE treasury (i.e. rewarding individuals for developing/auditing new Safe contracts/apps) it doesn’t address how it may replenish this treasury. I’d be more comfortable if there were proposals on how the SafeDAO could be self-sustaining.

While I’m sure that it could make do with relying on periodic grants from GnosisDAO for the mid-term however I don’t expect this to be sustainable in the long-term. Should this distribution of GNO and SAFE holders diverge too strongly I’m sure that GnosisDAO members will feel reluctant to fund the SafeDAO (already seen in this thread) and SafeDAO may feel overly constrained by GnosisDAO’s power of the purse.

Should this be desired to become more than a specialised governance route within GnosisDAO itself I think that forming an independent revenue stream would be a priority.


My 5 pfennigs
I am felling myself like early Gnosis Safe user and from first look I was not very like this proposal. First of all I see risk of destroying well known brand ‘Gnosis Safe’ and a lot of usual users will be confused. Second ‘Gnosis Safe’ it is a beautiful software and it is really difficult valuate it in fair way and GNO holders fell uncomfortable giving blind answer.
From other side I see some benefits for future grow for Safe with out Gnosis monopoly trust. It is very strong point. All Ethereum supporters like freedom and collaboration and in long run Safe will benefit from open status. Gnosis not a jail :slight_smile:

As preparation to move GIP-2 to Phase 3 (Snapshot vote) I have updated the proposal to make clear GIP-2 is about a commitment of the Gnosis Team to work out a more clearly defined SAFE token model. Meaning a yes, vote does not yet necessarily mean that a SAFE Token will be implemented eventually. Rather, there might be several follow-on GIPs to approve individual parts of the SAFE token model such as token economics, distribution etc. And there might be a final GIP to make the final decision once all aspects have been agreed upon individually. Ideally, we would also have some community-sourced proposals contributing towards the SAFE token model.

This clarification of GIP-2 is important as some of the components of a SAFE token model also have dependencies on how the GnosisDAO will develop itself (e.g. the GnosisDAO manifest) and making a full commitment towards a SAFE Token, with these open dependencies as well as open questions around distribution / impact on the product might not be beneficial and could create wrong expectations/concerns.


If I may play devils advocate for a moment. I thought that the idea was that the Gnosis Safe can stand alone as an independent entity for which developers can build and deploy apps at will, earn rewards and somehow still not be directly tied to Gnosis as a whole. This might entail that a separate token that is specifically dedicated to this entity may be more appropriate than having the safe governed by Gnosis DAO. However, if it is the intention to keep this intertwined with GNO, then perhaps it is more reasonable not to have a safe token.

I like this - Let’s get community approval to start a formal work stream and then vote on different token models as the Gnosis Core Team and community proposes them. Thanks for the clarification!

As a GNO holder, I think most of SAFE tokens should be owned by the Gnosis DAO and SAFE should never be dissociated with GNO investors.

The Safe product was funded with GNO so any attempt to remove value from it will effectively dilute GNO holders. People invested in GNO because of the Gnosis Safe product.

Moreover, It would further endanger the value proposal for GNO giving the hint that every future Gnosis product’s value will be distributed among contributors and users that are not necessarily related to GNO token.

I also agree that most SAFE tokens should be owned by the GnosisDAO, given that GNO holders basically funded Safe development over the years.

It has been a challenge though to associated the success of the Safe to the GNO token. That’s a question which hasn’t only come up now, but which was thought about before as well.
For exchanges (e.g. Gnosis Protocol) or prediction markets (e.g. the conditional token framework), putting in a fee token (OWL/GNO) is not easy, but possible. (And actually has been done in the former.)

For the Safe, a fee token feels wrong since wallets/accounts should be free to use in my opinion (that is, except for gas fees or potential relayer fees).

That leaves governance of the Safe to capture value.
A specific SAFE token would allow to think about a token model independently of different Gnosis products.

1 Like

Generally agree on the notion of separation of concerns as it relates to governance of the Safe development; we need to foster the Safe as a product that could be used by the broader crypto ecosystem and new participants like institutions - and we really need inputs from that community to help guide and craft product development to make it the standard-bearer for self-custody for everyone; a Safe token could easily address and provide a voice to those segments of users in a way that hasn’t been thought of before.

The Safe could benefit from a whole host of services that users might end up paying fees for: customised analytics, support for visualisations (in terms of hosting for backend services - directly, or via the graph), support for customised security/policy modules for institutions, the notion of a backstop for simpler insurance/coverage for assets/apps that are utilised by users and additional app integrations (to facilitate connections to other ecosystems/apps) - as a few ideas off the top off my head, all of which could potentially lead to value accrual for Safe holders.
The Safe user community represents an extremely valuable one for people wishing to launch new protocols/products to target (for liquidity, for utilisation, for feedback), as well as gauging additional parameters to track utilisation. Additionally, there may be a need to complete more integrations with other protocols/services that the Safe community would find useful for broader adoption - and this would require the feedback of people using Safes. This essentially leads up to a good route for the utilisation of the tokens to serve as a signalling mechanism - and get the right feedback from the relevant segment of users.

From the perspective of GnosisDAO - we should really think about increasing the size of the pie and helping create value for the Safe and its ecosystem of users - which ultimately would create value for GnosisDAO. It is a good way to broaden participation and increase inclusivity + also gain the chance to start testing out the notion of futarchy as a basis to provide relevant signalling as it has to do with the development of the Safe.