Last updated 4 months ago
Vulnerabilities in Cardano’s governance process can result in community conflict or even outright attacks. If not addressed, they can cost anything from millions in dollars to Cardano’s reputation.
This is the total amount allocated to [Concept] Improve Cardano Governance Security.
Martin Schmidt
Research, identify and suggest solutions to potential vulnerabilities and attack vectors within the wider Cardano governance process, specifically focusing on the threat of Contentious Hard Forks.
No dependencies.
The final report will be made publicly available, to be accessible free of charge.
As contributors to Q, which is a fully open-source project, we are committed to the ethos of decentralization to support the Web3 space in moving forward and preventing capture by centralized organizations.
Open-source contributions are vital to this vision.
The Problem
Cardano is a living system which grows and improves over time. Like a snake shedding its skin, the network can fork to update core functions and ensure relevance as technology and use cases evolve.
However, like Giorgio Zinetti rightly identified in a recent LinkedIn post, conflicts can arise with protocol updates. These conflicts, while carrying the potential for improvements, can have unwanted side effects. Especially larger conflicts that cannot be dealt with within the Cardano governance Process threaten to damage Cardano as a whole. Due to its fundamental role in evolving Cardano, forking is one of the attack vectors with tremendous potential for damage. A contentious or malicious fork could introduce vulnerabilities to the core of Cardano and bypass on-chain governance processes. It can also lead to a damaging, costly and potentially fatal public conflict about which chain is “Cardano” – as seen in previous Ethereum and Bitcoin forking wars. Additionally, other layers of the governance process may be at risk, if decision making, execution, accountability and dispute resolution are not all accounted for.
The Solution
To support the various stakeholders and community members of Cardano in mitigating governance risk, we propose to conduct comprehensive research on vulnerabilities and attack vectors within the wider Cardano Governance Process. Within this research, a special focus will lie on the treat of contentious hard forks (which can be malicious forks, or boycotted benevolent forks). We will identify attack scenarios, analyzing them and propose approaches to address the most crucial threats. Within our analysis, we will evaluate technical, economic and social attacks scenarios. While providing legal advice is outside of the scope of our research, we will highlight potential legal issues that might require further legal assessment.
Based on our comprehensive research we will develop a concept of how governance risk related to protocol upgrades can be mitigated. Again, the concept developed will factor in technical, economic and social aspects of protocol upgrades, providing a holistic view on the topic.
A special focus will be on the connection between off-chain governance elements (e.g. a protocol constitutions and other rulesets of specific stakeholder groups) and on-chain governance (e.g. protocol clients, governance smart contracts and token holder voting). The mitigation strategies will include elements that address risks related to a potential divergence between off-chain and on-chain decision making, including mechanisms to resolve disputes and enforce decision-making both off-chain and on-chain.
Our findings will be peer-reviewed by governance experts from the Q ecosystem, including academics from prestigious academic institutions and internationally practicing lawyers (e.g. – still to be confirmed – Prof. Strnad from Stanford Law School and Eric Alston from the University of Colorado).
The outcome of this project is a comprehensive report with a summary of our research findings, an outline of the concept for risk-mitigation strategies addressing potential governance vulnerabilities.
The main impact is an increase of governance security for Cardano, by reducing the risk of community conflict or even black swan events that could have a material adverse impact on the protocol and its ecosystem. The proposed concept will reduce the risk of governance attacks that bypass the envisioned governance process. This, in turn, mitigates potential vulnerabilities which could lead to millions in damages, or contentious forks that divide the Cardano Community and question the legacy of which chain is relevant.
Further, by helping to improve and secure Cardano’s governance, community involvement in project updates is ensured and decentralization of the system maintained.
Lastly, this project adds to the qualitative positioning of Cardano as a leader in on-chain governance. As a side effect, good practices established as a result of this project can be utilized by applications and projects that build on top of Cardano.
Q Development AG is a company registered in and regulated in Liechtenstein.
The team conducting the research has multiple years of experience in governance design in both web3 and in traditional corporate environments.
Over the last years, various stakeholders within the Q Ecosystem have established strong partnerships with leading academia and industry across the globe. For example, researchers from NYU, Stanford the Toulouse School of Economics and MIT have formed the Economic Advisory Panel on Q and contribute to the review of concepts developed by Q contributors. Furthermore, the Root Node Panel on Q consists of more than 20 Individuals and organizations across 14 jurisdictions that lead the conversation around decentralized governance across industries, in law firms, academia and government.
n/a
n/a
Martin Schmidt, Core concept development
Nimrod Knoller, Ecosystem implications
Gerrit Brügge, Research and concept development as well as project management
TBD – External Researchers and Peer Review
80k ADA
20, Research and Workshops
30, Concept development
20, Peer Review and external targeted research
10, Reporting and communication.
Improve governance security of Cardano: Blockchains create value by providing users with certainty of outcome without trusted parties. Where governance risk exists, this certainty is corrupted, in turn reducing the utility of using a blockchain compared to traditional centralized technologies. We often say, “governance doesn’t matter until it does”: When governance fails, the consequences can be dramatic. Through the proposed project, we aim to improve the robustness of Cardano’s governance system, which will result in increased user confidence and hence boosts utility for projects and people building on Cardano.
Mitigate regulatorily risk: Regulators evaluate the decentralization of a system. If they find de-facto centralization, even if it’s due to mistake rather than design, the project can face adverse consequences. This puts primarily those at legal risk who hold power, which can be a number of different stakeholders. This risk will reduce the attractiveness of the Cardano Ecosystem for external capital, validators and core contributions and can take a toll on the wider Cardano community, if not threaten the stability of the system as a whole.
Mitigation of tail risk: An attack of the governance can have an economic impact that’s exceeding millions and will thus far exceed the cost of this project.