Imagine you bring chocolate chip cookies to the park. You leave the cookies with a sign that reads, “Please only take one.” Later, an individual tells you they saw someone take five cookies from the box. So, you bring another box of cookies to the park. This time, you require everyone to bring their mom. For each person that takes a cookie, you write down their mom’s name and ask if she has any more children who want a cookie.
In this scenario, you designed an algorithm for defending public goods against Sybil attacks. In the case of Gitcoin grants, a Sybil attack is anytime a single actor donates to a single grant using multiple user accounts within a single Quadratic Funding (QF) round. Gitcoin Grants aim to empower the many instead of only the wealthy. The QF algorithm is the primary tool to accomplish this goal. With QF, grant donations are matched with the funding pool. In Gitcoin’s QF algorithm, the amount of contributors matters more than the amount funded. Though this algorithm aims to advantage strong communities versus centralized wealth, it is under attack by bad actors.
Gitcoin Passport is a self-sovereign data collecting machete for DAOs. Passport is a toolkit to build Proof of Personhood algorithms. With Gitcoin Passport, DAOs can seamlessly implement a system for establishing the identity of members. Tools like Gitcoin Passport are preparing Web3 for mass adoption.
Here are 4 ways Gitcoin Passport can help with DAO Defense:
With Gitcoin Passport, Gitcoin’s Fraud Detection Team can proactively identify Sybil accounts. A Sybil account is a bad actor looking to take more than one cookie. In GR14, 16,073 out of 44,886 contributors were detected as Sybil accounts. Passport verification uses stamps to measure the cost of forgery of an account. The cost of forgery score is a metric that denotes an account’s Sybil resistance. It quantifies how difficult it would be for a bad actor to duplicate the participant’s identity.
If your DAO is hosting a grant funding round on Grants 2.0, you can weigh stamps based on your preferences with Gitcoin Passport’s Scorer. The Scorer is a library in the Gitocoin Passport SDK. With this feature, you can integrate dApps into your passport verifier. Once you have created your scoring algorithm, you can require a certain score for participants to donate.
Banks identify provenance with “Know Your Customer” laws or KYC, which requires users to share personal information like an ID, SSN, or Passport. These laws are intended to mitigate illicit transactions, like the case of HSBC. In 2012, it was uncovered that HSBC opened 50,000 accounts to funnel $2.1B for cartel leader El Chapo and the Sinaloa. HSBC paid a fine equal to five weeks’ profits and admitted its guilt. Additionally, the bank entered into a Deferred Prosecution Agreement (DPA), giving the bank five years to clean up its act, or it would face charges (Blackhurst, 163).
Joaquín Guzmán Loera, known as El Chapo, broke out of prison twice in Mexico before being extradited to the United States. (Credit Eduardo Verdugo/Associated Press)
Passport identities are interoperable and portable across multiple chains and dApps. This allows your Passport to be a tool for provenance. Users can confirm Proof of Personhood through social relationships with stamps like Bright ID. Provenance is an essential factor in mitigating organized crime.
Prioritizing privacy is becoming increasingly risky due to poor regulation. Tornado Cash is a private crypto mixer. It allows for privacy by allowing you to move Ethereum from one wallet to another. Tornado Cash breaks the transaction history by mixing your currency with other transactions. In August 2022, The Tornado Cash protocol was sanctioned as the key tool in a $625M hack of Axie Infinity’s Ronin Network. This serves as a lesson to the importance of protecting our rights to privacy and that of developers writing open source code.
#FreeAlex protestors in Dam Square, Amsterdam (Jack Schickler/CoinDesk)
Gitcoin Passport identity data is built on Ceramic Network. The data is stored on a decentralized data stream. The data can only be altered by the account that owns it. As a result, DAOs can collect identification without negating privacy.
The culture of Web2 incentivizes the exploitation of data. The VC funding model created an ecosystem of apps that lack value. As a result, many apps rely on selling user data as a business model. Web 3.0 realigned these incentives by creating trustless interactions. DAOs are an opportunity for communities to define “What is labor?” With algorithms and human quality assurance, DAOs create new mechanisms for incentivizing work. Gitcoin Passport is a tool for designing incentive algorithms. With a Trust Bonus score, DAOs can use code to define what online interactions are valued the most by the community.
DAOs are defined by their members. The collective intelligence of a DAO’s members becomes the value of the community. Each DAO is different. DAOs need a way of recruiting and supporting like-minded people. This establishes a clear culture for developing the systems that manage the organization.
We created Gitcoin Passport to make Sybil resistance easy. Sybil attacks undermine the legitimacy of blockchain-based democratic pluralistic processes. Identity verification is an essential technology for battling this problem.
– Team Gitcoin
Thank you to Tagan for creating this piece.