knoshua’s proposal
8/10/2023vvander.eth
7/21/2023Mike Leach (vvander.eth) 2022-11-05
7/15/2023vvander.eth - 2022-08-18 Recently, the Rocket Pool community has been working hard to formalize the DAO and get several initiatives off the ground. This is a great achievement and it's something I'm very proud participate in. Generally, this has taken the form of Rocket Pool Improvement Proposals, but it also includes a vote on the Incentives Management Committee initial member list, which includes several anonymous members. This is the subject of my writing today. Identity and its relationship to trust in the crypto realm is a touchy subject, as evidenced by the recent Tornado Cash + OFAC debacle. Privacy is a core crypto value. Nevertheless, all participants are responsible for the safekeeping of public goods, so we have to form an opinion on identity and trust in governance. Namely, is identity a useful input in deciding who we trust? Trust is a difficult problem. BrightID and similar projects aim to provide Proof of Humanity (PoH) without publicizing identifying information, but they are still nascent and easy to fool. PoH protocols might help prevent large-scale sybil attacks, but it isn't a solution for preventing smaller, more targeted sybil attacks like the ones to which a multi-sig is vulnerable. As any infosec professional will corroborate, security planning is all about the expected threat vectors. If you want to defend against a nation-state attack on your trillion-dollar blockchain, you're going to take different precautions than if you're just worried about your smartphone in a sketchy part of town. In Rocket Pool's case, its governance resources are already a decently high value target, so when designing governance structures, the DAO must account for actors willing to put in an enormous amount of time and effort into an attack -- e.g. paying several people to create the appearance of multiple active and engaged anonymous accounts with the explicit goal of campaigning for governance powers. This is especially worth thinking about when it comes to the more powerful protocol-level responsibilities like the pDAO guardian and the oDAO, but it's true for anyone given governance powers. The blessing and curse of crypto is that we can't rely on any authority to provide deterrence against such attacks, so we're on our own to design resilient systems.
11/5/2022or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up