The need for operational security in a DAO, particularly POKT

What’s missing in the move to Web3 and DAOs is security consciousness.

Here’s an article about how JP Morgan Chase was a part of a secret deal to control Metamask and Infura. ConsenSys lawsuit reveals JPMorgan owns critical Ethereum infrastructure
Many of you also know by now that both MM and Infura collaborated a few days ago to shut down transactions and relays in Venezuela-- the very thing POKT and Web3 seeks to overcome.

We are missing an awareness that there are forces that want to kill projects like POKT and we need to put security measures in place to protect against sabotage and whale manipulation. I’m not sure how to accomplish this, but a discussion by the great minds among you should start around this idea of security.

The first step would be to look at the project from the perspective of vulnerability. Then maybe imagine second position— “what would I do if I were part of the evil traditional system and trying to kill a web3 project?”

Aren’t there whitehats that attempt to hack a project but with the intent of discovering vulnerabilities?

This isn’t some big boogeyman hunt where I think the community should be conspiracy minded or negative about everything. However, I would like to see some awareness of it in the operations because it’s definitely a reality and the aforementioned article proves that the traditional players are strategizing against the evolution to Web3.

I apologize if this has already been discussed. It’s tough to cover all the docs!

2 Likes

You’re right in thinking along these lines. From the protocol to the DAO, we assume an adversarial environment in everything we do.

We have eliminated token voting in the current DAO model, so there is no risk there when it comes to buying/lending token votes on/off chain. That said, there are certainly tradeoffs in our current model where voters can still be bought. There has been some topics in other threads that highlight the difficulty of claiming a vote today which exposes the DAO to motivated actors claiming votes themselves.

We’re still early in the evolution of the Pocket DAO, but a research document highlighting the potential weaknesses of the current model will help us push improvements to ensure Pocket is not able to be captured at a DAO level.

That’s something I could certainly get behind.

3 Likes