SourceCred is primarily a reputation protocol. This could be extremely useful for DAOs, which typically allow for pseudonymous participants and need a way to gauge the trustworthiness of various inputs to the system. Below, I attempt to define the general challenges DAOs face when using reputation systems. Goal is to develop this into an article on how SourceCred could work with DAOs, with integration ideas/examples added, perhaps merge these ideas with @decentralion’s SourceCred and DAOs: A Sketch if it makes sense. Any feedback, ideas welcome. This is such a broad topic and I’m having a hard time focusing on what direction to take.
(1/2 finished rough DRAFT) Reputation Protocols for Decentralized Autonomous Organizations (DAOs)
2019 is indeed shaping up to be the year of the Decentralized Autonomous Organization (DAO). The term DAO, once tainted by the disastrous DAO hack of 2016, has regained its luster, with an explosion of new DAOs, DAO platforms and tools to support them. In this post, we explore what a DAO is exactly, the challenges they face and how SourceCred fits into the emerging DAO stack.
What is a DAO?
What constitutes a DAO is a subject of great debate. Fundamentally, a DAO is an organization that is both autonomous and decentralized. Autonomous in the sense that there are hard-coded rules that define how the organization behaves. This can take the form of smart contracts executing pre-defined rules, members voting to enforce or change the rules, or some combination of both. The organization must also be decentralized; i.e. the DAO’s rules should not be defined and enforced by a centralized entity, but by members of the DAO. While decentralization exists on multiple dimensions, and always on a spectrum, it generally means that no centralized party (internal or external) can seize control of the organization. DAOs are typically permissionless, allowing members to be pseudonymous to avoid censorship.
While DAOs sidestep many problems with traditional companies, and unlock potentially revolutionary new forms of collaboration and production, they face significant challenges. Many of the proposed solutions rely on reputation systems. Below we explore the challenges these reputation systems face, and how SourceCred could address them.
DAO members are often pseudonymous, globally distributed and do not know each other very well. This makes it difficult for participants to build trust by traditional means. They must therefore must build trust by other means. Typically this is done using some form of reputation system.
Reputation systems typically employ one of two strategies: measuring reputation based on past behavior, or measuring reputation based on a trust graph (i.e. the trustworthiness of connections). Both of these approaches are vulnerable to Sibyl attacks, where an attacker creates a large number of pseudonymous identities and uses them to gain a disproportionately large influence.
If DAOs measure reputation based on past behavior, an attacker can fraudulently gain reputation by simulating good behavior, or by working for Sibyl identities that rate their behavior. If measuring reputation based on trust graphs, an attacker can gain reputation by connecting to their Sibyl identities.
Reputation-based networks such as Google, Facebook and Twitter defend against Sibyl attacks (fake users, bots, spam links, etc.) by using proprietary, closed-source data and algorithms trained to identify and kill Sibyl identities. DAOs, by definition, cannot do this without introducing centralization.
Perhaps the most difficult coordination problem DAOs face is reaching consensus on important decisions without relying on a centralized authority (i.e. decentralized governance). Most DAOs reach consensus via some form of voting mechanism. A wide variety of mechanisms have been proposed. From 1-person-1-vote, to stakeholder voting, to experimental new voting mechanisms such as Quadratic Voting (QV) and Knowledge-extractable Voting (KEV), DAOs are trying it all.
A major challenge here is that most voting mechanisms are identity based, opening them to Sibyl attacks. 1 person 1 vote, for instance, will be highly vulnerable to Sibyl attacks unless the DAO has highly Sibyl-resistant identities (unlikely). Voting mechanisms that do not rely on human identities (e.g. stakeholder voting, or 1 coin 1 vote), risk a “rich get richer” scenario, where large holders can use their voting power to collude and form cartels to exploit smaller holders–precisely what most DAOs are trying to escape.
To improve decision quality, many governance systems aim to verify not only that a voter is human, but that they have some trustworthy characteristic. For instance, in stake-based systems, voters must stake (put at risk) tokens, proving they have “skin-in-the-game”. In coin age voting schemes, older tokens are given more weight, assuming that long-term holders are more trustworthy, etc. While such approaches hold promise, if not designed properly, they can also introduce unnecessary complexity and expose new attack vectors, weakening the system.
One of the most exciting possibilities DAOs present is the ability to more fairly compensate people for the value they create. But how to measure value? In what form is that value rewarded? This is perhaps the most difficult challenge.
DAOs often measure value using some form of “activity metric”, such as time spent performing a role ($/hr), units of work produced (e.g .lines of code) or measures of performance (e.g. usage of lines of code). This can introduce objectivity, but also suffers from a “flattening effect”, whereby value not measurable by metrics is not rewarded. Metrics will also be gamed. The problem is amplified in a DAO, where participants are often pseudonymous (free from IRL consequences), and often engaged in activities that transcend traditional employment roles. Members are free to add value in different domains, at different skill levels, and collaborate in new creative ways; if they are not, the value prop vs traditional companies diminishes. Therefore, DAOs must have a way to value contributions in a way that is not over-reliant on traditional roles or task definitions. DAOs must also be careful not to incentivize behavior that is not in alignment with the organization’s goals or values (#xrpthestandard). Here, reputation systems can be helpful, as they tap into the human capacity to see value beyond what is capturable by metrics.