Open in app

Sign in

Write

Sign in

Taming the Whales | What to Do About Sybil Attacks

Raphael Spannocchi
Flipside Governance
Published in
7 min readApr 18, 2023

--

In this blog post, we’ll discuss some options to implement Sybil resistance in DAO governance so that more inclusive voting schemes like Quadratic Voting or weight caps can be deployed.

DALL-E2 interprets Sybil’s fear of a cypherpunk decentralized ID

How DAOs currently vote

Flipside Governance is helping MetricsDAO implement token-based governance and usher in the next quantum leap in decentralization.

The ability to make token-weighted voting more equal was pretty high on our wishlist. When looking at voting schemata you usually see one of two different schemes:

One person, one vote (1p1v)

Visualization of one person, one vote. Sybil attacks are not a thing in DAO Governance.

This schema is familiar to everyone living in a democratic country because this is how governments get voted in. Every person has one vote, and the winner is the one with the most people voting for them.

Major issues with this schema are:

  • Wasted votes (Imagine a 50.1% to 49.9% win, often the case in US presidential elections → almost half the votes get ignored)
  • No accounting for strengths of preference. The persons who vote because they should count as much as the ones whose life depends on the outcome.
  • Tyranny of the majority. “Democracy should be more than two wolves and one sheep deciding what to have for dinner.”
  • Selection of sub-optimal or even the worst possible candidates. Research has shown that voting mechanics like first past the post often result in selecting the worst possible candidate as a winner and seldom select the best when taking the Condorcet criterion to heart. (see our research here)

One token, one vote (1t1v)

One token, one vote is basically plutocracy in its pure form. Sybil attacks don’t play a role here.

If votes can be bought on an open, transparent, and liquid market, people can buy more votes if they care about a specific outcome. The schema is mostly called one dollar, one vote in literature, but we want to be currency neutral.

Issues with this schema are:

  • Mercenary capital can swoop in and swing polls last minute
  • Votes can be lent before polls and paid back afterward at minimal cost, distorting outcomes
  • Hostile for lower-income participants
  • It doesn’t incentivize long-term commitment
  • Tyranny of the whales. Small bag holders have no say and often tune out or feel taken advantage of.

Both of the previous voting schemata have strengths but also massive drawbacks. We are looking for something that allows voters to express the strength of their preference, but we also want to “tame the whales”, to dampen the power laws. To put it simply: We want it to get more expensive to buy an additional vote as your voting power increases. Thankfully Glen Weyl, Vitalik Buterin, and others have come up with a twist on the schema.

Quadratic voting

Quadratic voting dampens voting power progressively. But has to deal with Sybil attacks.

In quadratic voting, the influence of a given voter is the square root of the number of votes deployed. While going from a 3-vote support to a 4-vote support costs exactly one token in the one token, one vote schema, it costs seven tokens in quadratic voting. This cost is rising as the influence rises.

While this works if voters are known and identifiable, quadratic voting breaks down in DAOs because voters can divide their tokens among multiple addresses and reduce the overhead by automation. So instead of voting with nine tokens to get 3-token support (sqrt(9) = 3), voters could have nine addresses and get to express the total nine tokens of support for their preference.

This is known as a Sybil attack, named after the subject of the book Sybil, a case study of a woman diagnosed with a dissociative identity disorder.

We almost had it all… So close, yet so far away. But wait, what if there was a way to defend against Sybil attacks and prevent users from simply distributing their tokens to tens or hundreds of bot-wallets? Turns out many smart people have already thought about that in depth.

And so it is not surprising that defending against Sybil attacks is a hot topic in DAO governance. Most DAOs want to maintain the ability of participants to remain pseudonymous, while implementing quadratic voting.

We dug around in the Sybil attack resistance literature and want to introduce a few gems we’ve found and summarize our takeaway.

TL;DR: Sybil attacks are a complicated phenomenon and quite resistant to simplistic solutions. Let’s explore what we have found

Meet the Anti-Sybils

Almost all of the solutions we’ve seen use some form of decentralized IDs (short DIDs). DIDs allow users to securely add proof of their identity, like their passport, Twitter or Discord ID, while never disclosing these credentials to third parties.

Instead third parties can simply check if the ID has already entered the system to make sure each participant is unique. Clever, right?

Gitcoin’s Sybil detection mechanism

Gitcoin employs quadratic funding for its public good funding process. Quadratic Funding is an innovative approach to funding initiatives to tackle social, economic, and environmental challenges. Quadratic Funding works by matching contributions made to projects with funds given to the same projects by anonymous donors. This encourages crowdfunding projects to reach their goals, and the matching funds from anonymous donors can provide an essential boost to the success of these projects. The quadratic funding system was developed in 2010 by the Quake Project and is used to fund a broad range of initiatives and projects.

Quadratic funding contributes more matched funds to smaller donations, on average than to larger ones. Malicious users could game this by Sybil attacking the system by dividing a big donation into many smaller ones.

Gitcoin has a lot to loose from Sybil attacks and as a result has spent massive amounts of brain power, time and money on preventing them.

They’re currently using an open-source algorithm that is part machine learning, part human oversight. An essential building block is the necessity for donors to provides some identification and incentivizing that by matching with bigger amounts the more clearly identified a user is.

You can read more about their process here, well worth it.

Gitcoin Passport

Part and important parcel of Gitcoin’s detection mechanism is their Gitcoin Passport DID technology. Gitcoin Passport is an open system that let’s users add what they call verified credentials (VCs). VCs can be a Bright ID, a passport file stored on the Ceramic network, or proof of a Twitter handle, among others.

Gitcoin’s approach is to build open interfaces that VC providers can plug into. Projects querying Passport can specify what VCs their requiring, and what weight they give each credential. A passport is clearly a more robust identification than an email address, e.g.

Once more users have complete control over what to reveal and what not.

Klero’s proof of humanity

Klero’s proof of humanity (PoH) uses social verification of submitted videos to establish a basic proof that the address is a human, not a bot. Other credentials can be added, and are needed to bring down Sybil attacks.

A human could identify with multiple address, and there’s nothing wrong with that. Many privacy and security advocates have been pushing against reuse of addresses since Bitocoin’s inception.

As with Gitcoin Passport, PoH allows users control over what to disclose to whom and guarantees privacy. Users can unilaterally revoke permissions at any point, something that is a major departure from Web2 ways where identification, once given, are solely under control from the other party.

Governor C

One of the most enigmatic contributions to Sybil resistance we have found is D3Labs Governor C (Charlie) contract. Building upon Compound / Open Zeppelin’s Governor B, the de-facto standard DAO governance smart contract, Governor C introduces something the author’s call probabilistic quadratic voting (PQV).

The authors posit that PQV makes Sybil attacks lose voting power over directly voting with the full available balance on average, and making these attacks uneconomic and irrational.

We couldn’t find an implementation that was younger than a year old, and haven’t found any mentions of a successful deployment.

The team won the Chainlink DAO price and the Polygon best DAO/Tooling dApp price however. We’re currently trying to contact the authors and learn more.

Conclusion

Sybil attacks have many forms, many reasons and preventing them relies on centralized components for the most part.

For MetricsDAO governance we want to increase the cost of Sybil attacks just enough so we can rely on community spirit and ethics to carry the day.

Ultimately no amount of rules and regulation can replace ethical behaviour and an unhealthy community will always break down, one way or the other.

We recognize that increasing too much friction in the voting process will first and foremost reduce the percentage of the token supply that participates in governance, resulting in lower quorums and reduced governance security.

We will continue to work with security researchers to find sweet spots here.

Which technology ultimately gets deployed will depend on the community. Flipside Governance will recommend using Gitcoin Passport, as it seems to be the best developed system, that allows governance to expand and fine tune parameters going forward.

We hope this overview helps governance teams to get a view of the land and are happy to answer questions via Twitter DM or on Discord.

Research
Dao Governance
Quadratic Voting
Sybil Attack

--

--

Raphael Spannocchi
Flipside Governance

Written by Raphael Spannocchi

83 Followers
Editor for

I think about the intersection of DAOs and the real world at StableLab. Art head. Avid reader. https://twitter.com/raphbaph

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams