Urgent: SNS Governance Canisters Are Garbage Collecting Old Proposals – Immediate Fix Required

Developers SNS Framework
, , ,
1

Hello DFINITY community and team,

@Leadership @lara

I’m posting this as the recently elected SNS Canister Management Voting Grant Neuron holder, and I’m deeply concerned about a critical issue I’ve uncovered while auditing SNS DAO proposals. This affects the integrity of governance data on the Internet Computer and needs urgent attention from DFINITY to prevent potential loss of historical records and enable proper auditing.

Background and Discovery

Over the weekend, I set out to audit treasury transfer proposals across various SNS DAOs. I used the excellent Social Hub app developed by Snassy from Sneed DAO (app.sneeddao.com), which allows fetching and exporting proposals via the NNS API. Snassy even added CSV export functionality at my request to make bulk downloads easier.

While exporting proposals filtered by topic (e.g., “Transfer SNS Treasury Funds”), I noticed significant discrepancies. For example, in OpenChat (SNS root canister: 3e3x2-xyaaa-aaaaq-aaalq-cai):

  • The app indicated 1,339 total proposals for this topic.
  • However, only 95 were actually loadable and exportable.
  • Proposal IDs showed large gaps (e.g., Proposal 48 exists, but 49 does not; jumps from 1,030 to 1,032).
  • Direct checks on nns.ic0.app confirmed these missing proposals return “Proposal not found” errors.

Initially, I thought this was a bug in the Social Hub app, so I debugged with Snassy. We confirmed the app was correctly querying the NNS API— the proposals simply don’t exist there anymore.

I then reached out to the OpenChat dev team for clarification. Their explanation was shocking: SNS governance canisters perform garbage collection on proposals per action/topic, limited by a parameter called max_proposals_to_keep_per_action. For OpenChat, this is set to 100 (likely the default for many SNSes).

  • Topics with high proposal volumes (like treasury transfers) have old proposals deleted once the limit is exceeded, creating gaps in IDs.
  • Topics with fewer proposals (e.g., adding nervous system functions) retain their history.
  • Proposal IDs increment sequentially across all topics, but garbage collection is topic-specific, leading to non-sequential visible IDs.

The IC Dashboard (dashboard.internetcomputer.org) shows more complete history because it pulls and stores data in its own DB, whereas the NNS app and API fetch live from the canisters, where old data is gone.

Evidence and Examples

  • OpenChat Treasury Transfers: 1,339 indicated, but only ~95 retrievable via API. Missing examples: Proposal 49 (nns.ic0.app/proposal/?u=3e3x2-xyaaa-aaaaq-aaalq-cai&proposal=49) – not found.
  • Similar issues in other SNSes like Water Neuron (282 indicated treasury proposals, but only ~60 retrievable).
  • Sneed DAO (smaller volume) has no missing proposals, as limits aren’t exceeded.
  • Confirmed via canister parameters: For the SNS root canister 2jvtu-yqaaa-aaaaq-aaama-cai, max_proposals_to_keep_per_action is 100 (visible on dashboard.internetcomputer.org/canister/2jvtu-yqaaa-aaaaq-aaama-cai#get_nervous_system_parameters).

I’ve compiled a preliminary list of affected SNSes in this Google Sheet for reference: https://docs.google.com/spreadsheets/d/1gs7G0AV4KZYtGt-xTKzM3kuyuSqiNzcn4OT6acTnJio/edit?usp=sharing

Why This Is a Major Problem

  • Auditing Impossible: Without full proposal history, we can’t verify treasury movements, decisions, or potential misuse. For blockchain governance, this is unacceptable—how can we “audit all the proposals” if they’re deleted?
  • Blockchain Integrity: IC is meant to be immutable and transparent. Garbage collecting governance data undermines trust, especially for DAOs handling funds.
  • Wider Implications: This affects multiple SNSes. If not fixed, historical data loss will worsen as DAOs grow. It also echoes past issues, like vote data being discarded post-rewards.

Call to Action

DFINITY team: As the stewards of SNS architecture, please address this ASAP.

  1. Immediate Fix: Increase or remove max_proposals_to_keep_per_action limits across all SNSes. Make full proposal history persistent by default.
  2. Data Recovery: Do you have backups or replicas of garbage-collected proposals? If so, can they be restored or made queryable (e.g., via API or dashboard export)?
  3. Explanation and Timeline: Provide a detailed response on why this design was chosen, who’s responsible, and a timeline for resolution. If this is an NNS/SNS core function, propose an upgrade motion.
  4. Community Input: Let’s discuss alternatives, like off-chain archiving or canister upgrades, to preserve data without performance hits.

This isn’t just a technical glitch—it’s a governance crisis. I’ve paused my full audit until this is resolved, but the community deserves transparency now.

Looking forward to your urgent response.

Best,
Dexter
SNS Canister Management Voting Grant Neuron

P.S. Shoutout to Snassy for the Social Hub app—it’s invaluable for DAO oversight. If anyone wants to verify, try exporting from app.sneeddao.com and check against NNS.

Scherm­afbeelding 2025-09-01 om 13.35.09
Scherm­afbeelding 2025-09-01 om 13.35.091878×1468 113 KB

Scherm­afbeelding 2025-09-01 om 13.36.03
Scherm­afbeelding 2025-09-01 om 13.36.031878×1468 119 KB

Scherm­afbeelding 2025-09-01 om 13.35.49
Scherm­afbeelding 2025-09-01 om 13.35.491878×1468 133 KB

https://nns.ic0.app/proposal/?u=3e3x2-xyaaa-aaaaq-aaalq-cai&proposal=48

https://nns.ic0.app/proposal/?u=3e3x2-xyaaa-aaaaq-aaalq-cai&proposal=49

https://app.sneeddao.com/proposals?sns=3e3x2-xyaaa-aaaaq-aaalq-cai

Missing ID’s look at the numbers

OPENCHAT
OPENCHAT1500×935 94.8 KB

6 Likes
2

@Accumulating.icp Made a Post about auditing the SNS’s But he could not be acuurate due to missing proposals, thats why his numbers are not accurate

3

Meaning that we can not AUDIT THE SNS’S that have reached over their set amount, what a shame who is resposible for this?

4

I think its better to look at more recent SNSes to see if the issue still occurs.

Openchat was the second SNS to launch, so the whole framework just took shape, note that all SNSes before Nuance still used the old (multi step) SNS creation path, it could be that there were some compatibility issues with the new upgrade, like a change in proposal types that caused serialization issues of the payloads and needed to be removed.

Note that this is just an assumption and pretty sure that @aterga or @lara knows the answer to this.

Edit: i misunderstood the initial issue so the above response isn’t correct

5

This function should be removed from the SNS framework.

6

”// The maximum number of proposals to keep, per action. When the
// total number of proposals for a given action is greater than this
// number, the oldest proposals that have reached final decision state
// (rejected, executed, or failed) and final rewards status state
// (settled) may be deleted.
//
// The number must be larger than zero and at most be as large as the
// defined ceiling MAX_PROPOSALS_TO_KEEP_PER_ACTION_CEILING.
optional uint32 max_proposals_to_keep_per_action = 4;

7

Think there were some talks going about an archive canister for proposals with also the voting history. But if your goal is to check Transfer SNS Treasury Funds then you could also checkout the ledger to fetch the verified data.

also note that you can fetch these proposals from the offchain api as wel
https://sns-api.internetcomputer.org/api/v1/snses/3e3x2-xyaaa-aaaaq-aaalq-cai/proposals/49

2 Likes
8

I Did not know this, Snassy a well known developer didnt know this, again all proposals should be in the SNS / NNS and not removed from the dashboard

Thanks for this but the point stands, the Max_proposals_per_topic Should not exisist

2 Likes
9

I’m guessing the max_proposals_per_topic is still from the days that we only had limited heap storage, so this was probably an optimization the prevent bricking the canister. But good to bring it up, lets see what the reason is, curious as wel.

2 Likes
10

I had no issues loading any proposals - I pulled from Dashboard, not NNS.

11

From here?
https://sns-api.internetcomputer.org/api/v1/snses/3e3x2-xyaaa-aaaaq-aaalq-cai/proposals/49

Go to sneed hub, select openchat and teasury you will see 1339 proposals with that topic on dahsboard you only will se 96 of them

13

Scherm­afbeelding 2025-09-01 om 14.37.56
Scherm­afbeelding 2025-09-01 om 14.37.562868×986 211 KB

Check for yourself https://app.sneeddao.com/proposals?sns=3e3x2-xyaaa-aaaaq-aaalq-cai

14

This is still problematic even if possible.

Anyone should be able to pull this data from the chain.

The ic-api which the dashboard agregates and storew its Data from is still not even open source. To my knowledge.

15

The dashboard uses the offchain api, sneed and toolkit use the governance canisters to fetch the proposals.

2 Likes
16

ICRC-133 defines a generic call and state change capture in an icrc3 log that can be easily archived using the existing icrc-3 framework to keep utility canister light while preserving transparency.

We may need to adjust it a bit give the proposed ICRC-3 updates, but it should be fairly robust for capturing the content and outcome of governance votes(every vote may be a bit chatty…sorry @Snassy-icp :face_with_diagonal_mouth:), but perhaps votes could be mekleized somehow?

17

Dashboard will provide you with the complete registry of proposals :handshake:

https://dashboard.internetcomputer.org/sns/3e3x2-xyaaa-aaaaq-aaalq-cai/proposals

18

image
image755×489 70 KB

3 Likes
19

Hi all,

you are right, the SNS governance proposal keeps 100 proposals per type. In the NNS there is a similar limit per proposal topic.
This has always been the case and has been publicly discussed before, both in the forum and in public global R&D presentations.

The main reason for this is storage. In the SNSs, the proposals in the governance canister are needed to update and recover the SNS canister as well as the dapp canisters. Therefore, it is indispensable to ensure that the governance canister does not run out of memory.
Back when the governance canister was implemented, there was no support for stable storage. Therefore, proposals are stored in heap and the limit needs to take this into account.
Note that for this it doesn’t matter when an SNS was launched: in general, all SNSs that regularly upgrade to the latest version share the same SNS governance code and thus behavior. For this specific detail, all SNS versions had the same behavior.

For the NNS, we plan to look into moving proposals to stable storage later this year so that the constraint can be relaxed further there.

For interested people who would like to look at old proposals, the proposals are backed up on the dashboard. For example, you can find them here for the OpenChat DAO.
If someone would like to keep all the proposals on-chain, they could build a canister that regularly pulls proposals and makes them publicly available there. Such a canister could even be owned by the SNS that it backs up - avoiding having to trust one individual.

3 Likes
20

Thanks for the Response, excuses to be so alarming, but neither me or Sneed knew that they are backed up, as the person that would appreciate the storage of all proposals on chain I will take it upon me to build this canister maybe with the help of @snassy-icp and when its ready will show it for a proper audit.

As you understand we are talking about blob storage and such but the proposals are not even saved on chain which is a massive issue from my perspective at least.

I will close this topic off now and will open a new on once I am far enough with this canister development.

Cheers,

Dexter

4 Likes
21

Maybe next time just ask first?

3 Likes