Content
@
0 reply
0 recast
0 reaction
Elad
@el4d
Nouns Governor design challenge We found a bad attack vector, and don't love any of the mitigations. Please read and help us be smarter! (rounds.wtf starts tomorrow morning) https://mirror.xyz/verbsteam.eth/gnTdSqqiZC7OmqL8Dix-hEek5Sim1abC1BsZNm9_h-s
3 replies
16 recasts
39 reactions
w-g
@w-g
another q is whether to reframe the problem to include proposal spamming, which currently *is* exacerbated by permissionless swapping. I suppose depends whether part of the intended purpose of constraining a noun’s proposal rate is to constrain the owner’s proposal rate, or just to limit total simultaneous props
1 reply
0 recast
1 reaction
Spencer Perkins
@spencerperkins.eth
Good point, but I think this is actually already a theoretical issue today, and I haven't seen it yet (?) Can create a prop, then transfer Nouns to another wallet and create another, so on... I.e I think this isn't necessarily new or exacerbated (transferring is easier than swapping)
1 reply
0 recast
2 reactions
w-g
@w-g
! is this true? 😅 I always thought a noun with an active prop can’t be used again but thinking about it now I guess I see how that doesn’t make sense. So ofc agree, then, except insofar as there are/may be incentives (inside or outside protocol) to propose at the Noun level…eg w $nogs. IMO will have to be fixed eventually (not durable long term). The extreme failure mode is Nouns treasury could be pursued/fork forced with a min. quorum of nouns & > foundation reserves in a gas offensive (push thousands of successful props). Token pools like $⌐◨-◨ may then be more of a solution than a problem since they probably *increase* governance security (can disallow Nouns from being swapped/claimed that have pending props, votes etc as needed)
1 reply
0 recast
1 reaction
Spencer Perkins
@spencerperkins.eth
A **wallet** with an active prop can’t make another prop. But, since snapshotting currently happens at the wallet level, AFAICT nothing is stopping someone from transferring their Nouns to a new wallet and making another prop (@davidbr / @el4d can confirm). Agree this should be fixed eventually, and likely will be in the move to Noun level governance being proposed by Verbs. While $⌐◨-◨ could implement mechanisms to solve the issue you are talking about, I still think it should be at the core protocol level and not rely on a pool to enforce (because not all will, ex $nouns).
1 reply
0 recast
2 reactions
w-g
@w-g
Yep, just unsure how we will solve the new challenges introduced by nft governance. As we discuss this tho I think at protocol level this current situation is a bigger problem than the swap-to-vote attack surfaced by the recent verbs post (@el4d, @davidbr) . If Nouners choose to make their votes easily accessible to attackers there’s not much we can do systemically, short of invest resources in anti-Sybil infrastructure. The vote attack can be framed as an extension of risks introduced by bribe markets. Better to face them head on. While it is the case that products like $nouns should be viewed with extreme skepticism by conscientious dao members, liquidity, if not propped up by the dao, will continue to languish and the threat is probably marginal. Imo benefits ultimately outweigh cost & the governor work should press on. Emphasizing non-fungibility is the key to dao security and a thriving culture.. the more we lean in, contracts that quantize it away will progressively lose financial appeal
1 reply
0 recast
1 reaction
david
@davidbr
re: proposal spamming currently you can move your nouns to another wallet and propose again, BUT if a proposer's wallet loses their voting power, anyone can cancel that proposal. we were discussing internally whether this spam protection is needed. the current OZ governor contracts don't have this by default.
1 reply
0 recast
0 reaction
david
@davidbr
as you mentioned earlier, the extreme case is an attacker with quorum votes pushing thousands of proposals. currently defending against it would require someone to cancel all the proposals where the proposer no longer has enough votes. so attacker needs to be willing to spend more gas than the DAO.
1 reply
0 recast
0 reaction
david
@davidbr
if we remove it completely, then the DAO would need to vote against all the proposals or the foundation would need to veto.
0 reply
0 recast
0 reaction
