Last updated 4 months ago
[Concept] Improve Cardano Governance Security
Problem
Vulnerabilities in Cardano’s governance process can result in community conflict or even outright attacks. If not addressed, they can cost anything from millions in dollars to Cardano’s reputation.
Total to date
This is the total amount allocated to [Concept] Improve Cardano Governance Security.
About this idea
[GENERAL] Name and surname of main applicant
Gerrit Brügge[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)
Entity (Incorporated)[GENERAL] Co-proposers and additional applicants
Martin Schmidt
[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)
4[GENERAL] Please indicate if your proposal has been auto-translated into English from another language
No[GENERAL] Summarize your solution to the problem (200-character limit including spaces)
Research, identify and suggest solutions to potential vulnerabilities and attack vectors within the wider Cardano governance process, specifically focusing on the threat of Contentious Hard Forks.
[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?
No[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”
No dependencies.
[GENERAL] Will your project’s output/s be fully open source?
Yes[GENERAL] Please provide here more information on the open source status of your project outputs
The final report will be made publicly available, to be accessible free of charge.
As contributors to Q, which is a fully open-source project, we are committed to the ethos of decentralization to support the Web3 space in moving forward and preventing capture by centralized organizations.
Open-source contributions are vital to this vision.
[METADATA] Horizons
Governance[SOLUTION] Please describe your proposed solution
The Problem
Cardano is a living system which grows and improves over time. Like a snake shedding its skin, the network can fork to update core functions and ensure relevance as technology and use cases evolve.
However, like Giorgio Zinetti rightly identified in a recent LinkedIn post, conflicts can arise with protocol updates. These conflicts, while carrying the potential for improvements, can have unwanted side effects. Especially larger conflicts that cannot be dealt with within the Cardano governance Process threaten to damage Cardano as a whole. Due to its fundamental role in evolving Cardano, forking is one of the attack vectors with tremendous potential for damage. A contentious or malicious fork could introduce vulnerabilities to the core of Cardano and bypass on-chain governance processes. It can also lead to a damaging, costly and potentially fatal public conflict about which chain is “Cardano” – as seen in previous Ethereum and Bitcoin forking wars. Additionally, other layers of the governance process may be at risk, if decision making, execution, accountability and dispute resolution are not all accounted for.
The Solution
To support the various stakeholders and community members of Cardano in mitigating governance risk, we propose to conduct comprehensive research on vulnerabilities and attack vectors within the wider Cardano Governance Process. Within this research, a special focus will lie on the treat of contentious hard forks (which can be malicious forks, or boycotted benevolent forks). We will identify attack scenarios, analyzing them and propose approaches to address the most crucial threats. Within our analysis, we will evaluate technical, economic and social attacks scenarios. While providing legal advice is outside of the scope of our research, we will highlight potential legal issues that might require further legal assessment.
Based on our comprehensive research we will develop a concept of how governance risk related to protocol upgrades can be mitigated. Again, the concept developed will factor in technical, economic and social aspects of protocol upgrades, providing a holistic view on the topic.
A special focus will be on the connection between off-chain governance elements (e.g. a protocol constitutions and other rulesets of specific stakeholder groups) and on-chain governance (e.g. protocol clients, governance smart contracts and token holder voting). The mitigation strategies will include elements that address risks related to a potential divergence between off-chain and on-chain decision making, including mechanisms to resolve disputes and enforce decision-making both off-chain and on-chain.
Our findings will be peer-reviewed by governance experts from the Q ecosystem, including academics from prestigious academic institutions and internationally practicing lawyers (e.g. – still to be confirmed – Prof. Strnad from Stanford Law School and Eric Alston from the University of Colorado).
The outcome of this project is a comprehensive report with a summary of our research findings, an outline of the concept for risk-mitigation strategies addressing potential governance vulnerabilities.
[IMPACT] Please define the positive impact your project will have on the wider Cardano community
The main impact is an increase of governance security for Cardano, by reducing the risk of community conflict or even black swan events that could have a material adverse impact on the protocol and its ecosystem. The proposed concept will reduce the risk of governance attacks that bypass the envisioned governance process. This, in turn, mitigates potential vulnerabilities which could lead to millions in damages, or contentious forks that divide the Cardano Community and question the legacy of which chain is relevant.
Further, by helping to improve and secure Cardano’s governance, community involvement in project updates is ensured and decentralization of the system maintained.
Lastly, this project adds to the qualitative positioning of Cardano as a leader in on-chain governance. As a side effect, good practices established as a result of this project can be utilized by applications and projects that build on top of Cardano.
[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
Q Development AG is a company registered in and regulated in Liechtenstein.
The team conducting the research has multiple years of experience in governance design in both web3 and in traditional corporate environments.
Over the last years, various stakeholders within the Q Ecosystem have established strong partnerships with leading academia and industry across the globe. For example, researchers from NYU, Stanford the Toulouse School of Economics and MIT have formed the Economic Advisory Panel on Q and contribute to the review of concepts developed by Q contributors. Furthermore, the Root Node Panel on Q consists of more than 20 Individuals and organizations across 14 jurisdictions that lead the conversation around decentralized governance across industries, in law firms, academia and government.
[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?
- Comprehensive Research of Cardano Governance System, uncover attack vectors
- Includes Workshops with Stakeholders in the Cardano Ecosystem.
- Document findings and develop a concept to address attack vectors and vulnerabilities
- Peer-Review the concept with external experts in game theory and governance
n/a
n/a
- Delivery of final Report and Presentation of findings and improvement suggestions.
[RESOURCES] Who is in the project team and what are their roles?
Martin Schmidt, Core concept development
Nimrod Knoller, Ecosystem implications
Gerrit Brügge, Research and concept development as well as project management
TBD – External Researchers and Peer Review
[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources
80k ADA
20, Research and Workshops
30, Concept development
20, Peer Review and external targeted research
10, Reporting and communication.
[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?
Improve governance security of Cardano: Blockchains create value by providing users with certainty of outcome without trusted parties. Where governance risk exists, this certainty is corrupted, in turn reducing the utility of using a blockchain compared to traditional centralized technologies. We often say, “governance doesn’t matter until it does”: When governance fails, the consequences can be dramatic. Through the proposed project, we aim to improve the robustness of Cardano’s governance system, which will result in increased user confidence and hence boosts utility for projects and people building on Cardano.
Mitigate regulatorily risk: Regulators evaluate the decentralization of a system. If they find de-facto centralization, even if it’s due to mistake rather than design, the project can face adverse consequences. This puts primarily those at legal risk who hold power, which can be a number of different stakeholders. This risk will reduce the attractiveness of the Cardano Ecosystem for external capital, validators and core contributions and can take a toll on the wider Cardano community, if not threaten the stability of the system as a whole.
Mitigation of tail risk: An attack of the governance can have an economic impact that’s exceeding millions and will thus far exceed the cost of this project.
