Funding proposal attack vectors

Hi.
I am very new to the community. Hence I am not familiar with the design choices for the proposals.
It looks like I can create a proposal to fund myself with 100 HONEY from the common pool. For this proposal to pass, 1% of the consensus is required. As far as I understand, it would take me only 100 000 xDAI (250 HNY) to approve my own funding proposal, allowing me to collect those 100 HONEY.
Then having more HNY, I can repeat the operation.

Is there any minimal “individual votes” (addresses) requirement threshold ? Or maybe I am misunderstanding something in the design ?

Thank you.

2 Likes

Definitely a keen observation!

There are a couple of existing mitigations for this, and some even better ones being worked on.

Currently the amount of honey you need to accumulated 1% conviction depends on the active stake, the more people that support proposals, including signaling proposals like the “abstain” proposal, the more honey will be required to reach a given percentage of conviction. So if we start to see people trying to abuse the proposal process as you suggest we would encourage more people to activate their honey to make it more difficult.

Additionally, we have configured conviction voting so that the minimum threshold is 1% but this can be adjusted by honey holders so that it is higher, and therefore anyone trying to leach would need to control a larger portion of the supply (and have much greater exposure risk if their actions negatively impact sentiment and price around honey).

I’m not completely happy with either of these approaches, but I think they are good enough for now considering more robust solutions are already being worked on.

Quadratic Conviction Voting: would do as you suggest, using BrightID for sybil resistance, we could apply a quadratic weighting to voting power such that proposals need sufficient stake, time, and popular (people) support behind them. This would still not solve the issue entirely, but it would generally make the proposal process more inclusive and decentralized than it already is, which makes it worth considering regardless.

Celeste: The best solution is to implement decentralized moderation and a social agreement about what sort of proposals are acceptable, allowing proposals which do not adhere to that social agreement to be challenged and blocked. There is working being done to modify (integrating brightid and honey) the Aragon Court protocol and deploy it to xDai for this purpose (and many other related use cases).

9 Likes