I have devised a solution to address the Sybil attack issue in VeBetterDAO. However, under the current conditions, it is challenging to get any proposal approved solely by the community. Support from various dApps is also necessary to endorse the proposal during both voting rounds.
The solution involves introducing a P.O.P (Proof of Participation) NFT into the voting mechanism of VeBetterDAO. By leveraging the dApps operating on VeBetterDAO, a user would receive this proof of participation in the DAO. The system would then automatically send this P.O.P NFT to the user. Subsequently, the Smart Contract would need to be modified so that only wallets holding this P.O.P NFT can vote.
To get technical: with the latest update, all dApps call a VeBetterDAO Smart Contract to give the reward. It would be enough for VeBetterDAO to check that the Smart Contract has distributed the reward to that address, to give the possibility of minting the proof of participation NFT.
I also believe that 4/5 transactions are a fair number to make within 7 days to claim the P.O.P NFT.
This system could also benefit dApps like veDelegate, as it is easy to implement. When requesting the user to deposit B3TR/VOT3, the function of staking the P.O.P NFT could also be incorporated.
Would you all be willing to converge on this solution and support both voting rounds?
We just need to be sure that this system will be acceptable for the most of the community members.
Yesterday, on telegram channel, someone had some concerns about using the dapps.
For me would be totally fine, but since we have to take into account everyone’s needs,
would be possibile to achieve this NFT that serves as Proof of Participation also using a different method like a simple captcha or an authenticator system?
Anyway, time is tyrant. I hope that, as a community, we will be able to agree as soon as possible.
I don’t think it’s a correct solution not to interact with dApps and integrate a verification method referring to web2, in my opinion it loses the essence of the birth of the platform.
If you want to go down the road of not interacting with dApps, you should create a system that as soon as you enter VeBetterDAO, an information notice appears that explains what VeBetterDAO is and at the end of the information notice there is a button that allows you to put the flag on “I understand what VeBetterDAO is” and register this flag on the blockchain (Like when you cast a vote on the VeVote platform).
Once you have accepted the information notice you can mint your digital passport.
I’m not sure this addresses the problem. It adds some complexity to performing a sybil attack but a skilled attacker can get around this easily. Really what is needed is some more robust proof of personhood. It’s not a solved problem yet which is why nothing was implemented in the first place.
My first proposal on interacting with dApps and after a certain number of transactions made by the smart contract of the allocations of rewards does not solve but significantly lowers the problem, security could be further strengthened by requiring a fixed fee of VTHO to claim the P.O.P NFT in order to discourage the creation of thousands of wallets.
I believe enforcing users to be active dApp members is a new rule we need to be careful about.
It can be a solution, but puts the pressure onto the single dApps to ensure they have sybil protection. Basically it moves the responsibilities onto the shoulders of dApps.
If you require a certain number of transactions, it might prevent users that have larger single transfers (like cleanify or maybe carboneer) with more impact from participating in the gov. process.
It will also exclude users that might not have been active in a few days, but have a long standing history.
I don’t have a good solution, because I lack the experience within this field, but I see potential issues for certain changes.
I believe a sybil attack vector can be prevented by:
removing the motivation (removing the quadratic rewarding)
make it too expensive (enforce a lot of activity that a regular user has maybe already paid, a new setup would be too expensive)
at cost of privacy (force linking to authenticated sources, be it social accounts or even KYC)
Is it worth to remove/lower privacy instead of keeping everyone anonymous?
Or is acceptable to exclude new members from the gov. process due insufficient past activity?
Or can we accept whales grow bigger instead of giving more food to shrimps?
My personal preference is removing the core issue of quadratic rewarding, which is the motivation and accept that everyone gets the same yield. Otherwise we’ll be on an never ending battlefield.
@daithihearn If there is nothing put into place, because its so hard to solve, then why open the DAO for the problem? Best would be to remove the quadratic rewarding (not voting!) until its solved.
It’s like opening a bank without having locks on the safe.
@favo removing quadratic rewaeding would mean that the rewards are calculated based on the amount of votes one casts? Basically the way it was in testnet? If yes that would heavily favor users that hold large amounts of VOT3.
it will be useful for us as a community to define the said “problem” in detail first. Then device an identification mechanism to detect un-desired behaviour.
Only then one can start measuring tradeoffs of different solutions being proposed.
Jumping directly into solutions is never a good idea.
The problem we are trying to solve is, as far as I can state it:
The DAO has a quadratic rewarding formula that distributes the B3TR every week to all participants on the governmental processes. The goal, as far as I understand, was to create a fair distribution of B3TR.
The quadratic rewarding favors small token holders over bigger token holders, for example participants with 1 VOT3 earn 3000% yield (x30 in B3TR) while someone with 10000 VOT3 earns like 30% yield.
This motivates people to create more smaller wallets and vote from them, to increase their rewards. Using scripts this has been grown into more bots participating in the DAO than real users. Right now more than 40000 wallets are likely to participate in the DAO, which were only about 1000 four weeks ago.
The rewards are mainly channeled towards users that create those many small wallets, because they receive the majority of the rewards, creating big token holders, preventing a fair distribution. Most of those tokens are also sold weekly, so the selling pressure on the B3TR token is huge, lowering its price value.
Now the question I ask myself is the following, why has the quadric voting algorithm not been adequately tested in testnet?
This algorithm was created to keep whales under control and have a fair distribution of the token but without an intervention you are still creating a circle of whales that exploit this flaw in the system.
To which users is the VeBetterDAO platform aimed, to a real user who actively participates or to a fictitious user?
I 100% agree that something needs to change regarding the voting verification and reward process. Find my proposed solutions below. I’m not a technical developer so my ideas are more conceptual.
Address Verification Process: in order to be eligible for voting an address must meet the following qualifications: “acknowledged” by 5-10 verified members already approved to vote in the DAO, complete a waiting period of 1-2 voting rounds, and complete at least 10 actions on dapps within the DAO over the period of the waiting period. This approval process should be easy to complete for a real person and should deter scammers due to the time commitment needed to complete and effort needed for each individual account.
Post Address-Approval: A POP NFT is distributed to the approved address and is spirit bound to that address. There is no transferability and in order to keep an address in good standing with the DAO that address must perform a minimum of five verified actions on the DAO every quarter. This quarterly account maintenance would allow users to have a degree of automation and only require a minimal amount of activity going forward to maintain their status.
Maximum Voting Period Quota of New Users: The DAO could have a maximum limit of new users every voting period, potentially set at a certain number like 1,000 or a dynamic range equaling a percentage of current approved address within the DAO. The acceptance process for new users could be an driven by an automated ranking system where preferred users, those who have completed the address verification process and have significant dapp usage, fill the weekly quota first. The criteria driving the ranking system could be the number of dapp actions completed during the address verification process. This system would allow in real users first as they would clearly stand out from a bot account based on the criteria used in the address verification process.
Overall, I believe that the above concepts if refined and implemented into the DAO would create confidence that real users are participating in and being rewarded by the DAO, quadratic voting could be maintained and serve its intended purposed of deterring whales, and anonymity is preserved while providing a reasonable likelihood of personhood. Also, I think the implementation of a vetted weekly or monthly maximum quota of new users would serve as the largest deterrent to sybil attack scammers as they could likely sneak through only a measly amount of bot addresses, which would require further quarterly maintenance in perpetuity. I also think that this feature would create a sense of exclusivity and hype for the DAO and avoid the dilution of rewards for current users while still maintaining an aura of inclusivity. I see this as a necessary border wall, protecting the users within the wall while leaving the platform open to anyone who has sufficient motivation to join in the future. Note: all of these processes are to protect the integrity of voting and that anyone, even without being verified, could still participate in the dapps themselves and earn B3TR token for their actions.
I’m sure there are aspects of my ideas that are not fully thought through or maybe they are entirely unfeasible for a reason that I’m unaware of. I’d love to hear your feedback and continue towards a proposal with consensus.
But what if we change perspective?
All our focus is on the voting stage. What if we put a captcha to claim the rewards?
An anti bot captcha.
And if the rewards stay unclaimed for more than one round, the B3RT tokens will be put back into circulation to be distributed in the next round.
Great discussion, and i would say that a TLDR is: There are not silver bullets.
Having said this, i really believe at this point we need a very short term solution to at least not exacerbate the problem more. It’s clear that farmers are not stopping but just exponentially growing every week
My proposal would be:
A very short term solution like:
Removing Quadrating rewarding (and?) voting;
Removing voting reward entirely;
A mid/long term solution like the one mentioned above:
DID system (like gitcoin passport);
Centralised authority;
As a dApp owner i really think we have no more time to deal with this. The situation is still recoverable (we are at 2% of the supply), but we need rush to find a short term solution
It would be a damage to the image to remove the quadric vote after it was sanctioned in the whitepaper, because this vote has not been tested in testnet?
If we want to do something in the short term we must drastically reduce the rewards deriving from each round of voting until the other medium and long term solutions are applied, once the corrections have been made we can think about spreading all the percentages of tokens that have not been issued on future rounds to compensate.
@elcaliffo I don’t think it would be a damage whatever decision we make.
We need to get into the mind model that this is a DAO, controlled by everyone participating into it. If something does not work in a specific moment, we can and we have to change it.
I’m really open to different short-term possibilities, but again there is no silver-bullet.
Reducing the rewards will still benefit farmers, in addition to prevent real users from voting because of lack of incentives.
I still think the best short term solution is rolling back to the system we had in testnet. True it will benefit the already existing whales and dApps, but everything will be visible and we’ll remove the incentive to continue farming
I would like more the mid/ long term solutions, to be honest!
Remove temporary quadratic rewarding maybe could be a good move to help the users to recover some “lost” B3RT, or at least will stop the farmers, and unveil them if they will move all the tokens in one wallet.
I have just a question: we will try to implement these solution through a proposal on the governance?