Security Measures

Proposal Security Measures

Several measures are in place to ensure that proposals are not susceptible to attacks from malicious actors. For example, a malicious actor might try to gain a majority of the voting power in the DAO, to be able to pass proposals by themselves, thereby essentially gaining control of the DAO.

Why we need security measures

Sybil attacks

As there is no verification or limit on creation of blockchain wallets, they can easily be generated and used for bot attacks. A Sybil attack happens when one person, who controls many digital wallets, tries to use this to gain a lot of power in the decision-making process. The DAO rewards members for contributing to the ecosystem, where one of these contributions is being active in the community, which we decided to reward by giving a daily reward on the webapp page. This incentivizes people to check the webapp page at least once every week, however this also makes it vulnerable to sybil attacks. A single user could control a large number of wallets which claim these daily rewards to gain a majority share of voting power in the DAO.

In order to prevent Sybil attacks against the DAO, each wallet must be verified using a 1+-year old Github account or Proof of Humanity (PoH). Alternatively, wallets may be verified permanently by whitelisting them through the whitelist action, but this requires a proposal to be passed by the entire DAO. The daily rewards are also much lower compared to other contributions (also because they are less valuable). This effectively negates Sybil attacks, as long as there is no way to gather a significant amount of Github accounts that are more than one year old. In case this becomes an issue in the future or there is a better solution, the verification can always be changed by a vote of the DAO.

Seniority bias

As older members have been able to gather rewards over a longer period of time, they will have more voting power than newer members. This is not a problem as they have also contributed more and provided more value to the DAO so far. However it should not be possible for this kind of member to maintain more voting power in the long term over new members who contribute just as much. When new members feel like no matter how much they contribute, their vote does not matter in the governance process, they will stop participating in the governance process, which is undesirable. Similarly we don't want older members to stop contributing, as they already know they have the largest amount of voting power and cannot be surpassed for a long time.

This seniority bias is decreased by inflating the reputation rewards. This will make new contributions more valuable than older ones and thus decrease the gap between new and old members. The daily rewards and mining rewards (not the initial reward) will increase overtime. This way the more recent contributions will weigh more than older ones. This will make it so that new members can catch up to older members in terms of voting power, as long as they contribute more than the older members. This will also incentivize older members to keep contributing, as they will be able to increase their voting power by doing so.

What measures are in place?

Voting power

Voting power is determined by the amount of SECOREP tokens held by a wallet. When you cast a vote on a proposal, the power of that vote depends on the amount of tokens you held at the time that specific proposal was created. You will automatically vote with all of the voting power you held at that time, but there's a cap on the amount of voting power that can be used to vote on "Yes" or "No", known as the Maximum Voting Power. If you held more voting power than the maximum, and you are voting for "Yes" or "No", your vote will be capped at the maximum voting power, and any overflow will count towards "Abstain" (such that all of your voting power will still count towards the quorum). This Maximum Voting Power cap is in place to prevent one or few members to have such a large amount of voting power, that the rest of the DAOs votes are neglectable.

Quorum

The quorum (aka Participation threshold) is the minimum amount of voting power that must put into a proposal in order for it to pass. If a proposal does not reach the quorum, it will be defeated. This quorum prevents proposals with low engagement to pass. Proposals with low engagement are either not important to many members of the DAO or not viewed by the majority of the DAO members before expiration. In both these cases the outcome is for the proposal to be defeated.

Approval threshold

The approval threshold is the minimum amount of voting power that must vote "Yes" (compared to the the voting power that voted "No") on a proposal in order for a proposal to pass. If a proposal does not reach the approval threshold, it will be defeated. This threshold defines what percentage of the votes needs to agree on a proposal for it to pass. If a proposals approval is lower than the threshold, this means that too many voters do not agree with the proposal. the outcome is thus that the proposal is defeated.