This blog post was originally written for Flipside Crypto, by myself.

We’ll discuss some options to implement Sybil resistance in DAO governance so that more inclusive voting schemes like Quadratic Voting or weight caps can be deployed.

How DAOs currently vote

The ability to make token-weighted voting more equal was pretty high on our wishlist. When looking at voting schemata, you usually see one of two different schemes:

One person, one vote (1p1v)

One person one vote

This schema is familiar to everyone living in a democratic country because this is how governments get voted in. Every person has one vote, and the winner is the one with the most people voting for them.

Major issues with this schema are:

  • Wasted votes (Imagine a 50.1% to 49.9% win, often the case in US presidential elections → almost half the votes get ignored)
    • No accounting for strengths of preference. The persons who vote because they should count as much as the ones whose life depends on the outcome.
      • Tyranny of the majority. “Democracy should be more than two wolves and one sheep deciding what to have for dinner.”
        • Selection of sub-optimal or even the worst possible candidates. Research has shown that voting mechanics like first past the post often result in selecting the worst possible candidate as a winner and seldom select the best when taking the Condorcet criterion to heart. (see our research here)

          One token, one vote (1t1v)

          One token one vote

          If votes can be bought on an open, transparent, and liquid market, people can buy more votes if they care about a specific outcome. The schema is mostly called one dollar, one vote in literature, but we want to be currency neutral.

          Issues with this schema are:

          • Mercenary capital can swoop in and swing polls last minute
            • Votes can be lent before polls and paid back afterward at minimal cost, distorting outcomes
              • Hostile for lower-income participants
                • It doesn’t incentivize long-term commitment
                  • Tyranny of the whales. Small bag holders have no say and often tune out or feel taken advantage of.

                    Both of the previous voting schemata have strengths but also massive drawbacks. We are looking for something that allows voters to express the strength of their preference, but we also want to “tame the whales”, to dampen the power laws. To put it simply: We want it to get more expensive to buy an additional vote as your voting power increases. Thankfully Glen Weyl, Vitalik Buterin, and others have come up with a twist on the schema.

                    Quadratic voting

                    Quadratic voting

                    In quadratic voting, the influence of a given voter is the square root of the number of votes deployed. While going from a 3-vote support to a 4-vote support costs exactly one token in the one token, one vote schema, it costs seven tokens in quadratic voting. This cost is rising as the influence rises.

                    While this works if voters are known and identifiable, quadratic voting breaks down in DAOs because voters can divide their tokens among multiple addresses and reduce the overhead by automation. So instead of voting with nine tokens to get 3-token support (sqrt(9) = 3), voters could have nine addresses and get to express the total nine tokens of support for their preference.

                    This is known as a Sybil attack, named after the subject of the book Sybil, a case study of a woman diagnosed with a dissociative identity disorder.

                    We almost had it all… So close, yet so far away. But wait, what if there was a way to defend against Sybil attacks and prevent users from simply distributing their tokens to tens or hundreds of bot-wallets? Turns out many smart people have already thought about that in depth.

                    And so it is not surprising that defending against Sybil attacks is a hot topic in DAO governance. Most DAOs want to maintain the ability of participants to remain pseudonymous, while implementing quadratic voting.

                    We dug around in the Sybil attack resistance literature and want to introduce a few gems we’ve found and summarize our takeaway.

                    TL;DR: Sybil attacks are a complicated phenomenon and quite resistant to simplistic solutions. Let’s explore what we have found

                    Meet the Anti-Sybils

                    Almost all of the solutions we’ve seen use some form of decentralized IDs (short DIDs). DIDs allow users to securely add proof of their identity, like their passport, Twitter, or Discord ID, while never disclosing these credentials to third parties.

                    Instead, third parties can simply check if the ID has already entered the system to make sure each participant is unique. Clever, right?

                    Gitcoin’s Sybil detection mechanism

                    Gitcoin employs quadratic funding for its public good funding process. Quadratic Funding is an innovative approach to funding initiatives to tackle social, economic, and environmental challenges. Quadratic Funding works by matching contributions made to projects with funds given to the same projects by anonymous donors. This encourages crowdfunding projects to reach their goals, and the matching funds from anonymous donors can provide an essential boost to the success of these projects. The quadratic funding system was developed in 2010 by the Quake Project and is used to fund a broad range of initiatives and projects.

                    Quadratic funding contributes more matched funds to smaller donations, on average than to larger ones. Malicious users could game this by Sybil attacking the system by dividing a big donation into many smaller ones.

                    Gitcoin has a lot to lose from Sybil attacks and as a result has spent massive amounts of brain power, time and money on preventing them.

                    They’re currently using an open-source algorithm that is part machine learning, part human oversight. An essential building block is the necessity for donors to provide some identification and incentivizing that by matching with bigger amounts, the more clearly identified a user is.

                    You can read more about their process here, well worth it.

                    Gitcoin Passport Homepage

                    Gitcoin Passport

                    An important part of Gitcoin’s detection mechanism is their Gitcoin Passport DID technology. Gitcoin Passport is an open system that lets users add what they call verified credentials (VCs). VCs can be a Bright ID, a passport file stored on the Ceramic network, or proof of a Twitter handle, among others.

                    Gitcoin’s approach is to build open interfaces that VC providers can plug into. Projects querying Passport can specify what VCs they are requiring and what weight they give each credential. A passport is clearly a more robust identification than an email address, e.g.

                    Once more users have complete control over what to reveal and what not.

                    Klero's Proof of Humanity

                    Klero’s proof of humanity

                    Klero’s proof of humanity (PoH) uses social verification of submitted videos to establish basic proof that the address is a human, not a bot. Other credentials can be added and are needed to bring down Sybil attacks.

                    A human could identify with multiple addresses; there’s nothing wrong with that. Many privacy and security advocates have been pushing against the reuse of addresses since Bitocoin’s inception.

                    As with Gitcoin Passport, PoH allows users control over what to disclose to whom and guarantees privacy. Users can unilaterally revoke permissions at any point, something that is a major departure from Web2 ways where identification, once given, is solely under the control of the other party.

                    Governor C

                    One of the most enigmatic contributions to Sybil resistance we have found is D3Labs Governor C (Charlie) contract. Building upon Compound / Open Zeppelin’s Governor B, the de-facto standard DAO governance smart contract, Governor C introduces something the authors call probabilistic quadratic voting (PQV).

                    The authors posit that PQV makes Sybil attacks lose voting power over directly voting with the full available balance on average, and making these attacks uneconomic and irrational.

                    We couldn’t find an implementation that was younger than a year old nor any mentions of a successful deployment.

                    The team won the Chainlink DAO price and the Polygon best DAO/Tooling dApp price, however. We’re currently trying to contact the authors and learn more.

                    Conclusion

                    Sybil attacks have many forms, many reasons and preventing them relies on centralized components for the most part.

                    Ultimately, no amount of rules and regulations can replace ethical behaviour, and an unhealthy community will always break down, one way or the other.

                    We recognize that increasing too much friction in the voting process will, first and foremost, reduce the percentage of the token supply that participates in governance, resulting in lower quorums and reduced governance security.

                    We will continue to work with security researchers to find sweet spots here.

                    Which technology ultimately gets deployed will depend on the community. We recommend using Gitcoin Passport, which seems to be the best-developed system that allows governance to expand and fine-tune parameters as we advance.