How to use $34,000 to conduct a spam proposal attack on NNS. (I will not implement this attack at the moment)

I’m glad to see you posting the forum with the intention of driving dialogue on a potential security threat for the NNS (although, the last sentence was over-the-top imo).

To add to the dialogue, here are some additional solutions that could be considered:

  • Drastically increase the number of named neurons with people and groups that are clear with their voting strategy and intended goals. In this solution, most neuron holders will follow a named neuron and the “spam” will only be seen by the voters of the named neurons (this is my preferred solution)
  • Create a multi-step process for creating proposals.
  • Create a penalty for proposals that fail to reach a threshold of votes or an option for voters to identify a proposal as spam.

ok i modified it _____


I like the multi-step process idea. If there were a web UI that made submitting proposals simple, but submitted them to a public review board (on the same site), before the actual NNS, and the board required a certain number of upvotes to be submitted to the NNS; we could defeat the spam proposals from those that can’t/don’t submit over dfx (like those that think Entrepot is necessary).

Additional decentralization (your first option) is the best solution here, asked it will happen over time.

1 Like

I love the change! Thanks.

1 Like

I like the multistep proposal solution, actually suggested similar yesterday on Twitter (although I was solving different/false problem):

You are really smart for a high school kid @ysyms. :smiley:. I really appreciate your engagement in governance discussions and the effectiveness of the tactics you have chosen to stimulate discussion. Well played!

I’m not sure if you have seen it yet, but @justmythoughts started a forum topic discussion two days ago that I think has some really good ideas as well. The two ideas that have surfaced that I think have high potential for developing into a good solution to this type of attack include:

  1. Allocate 75% of total voting rewards each day to Governance participation on a 21 day rolling average (since we don’t have governance proposals daily). This way it doesn’t matter how many proposals are submitted or if there is a proposal submitted every day. I’d be curious if @johan or others at Dfinity have already considered this idea.
  2. When a proposal is submitted to the NNS, a new forum Governance topic is created automatically on the forum with a minimum deliberation time period requirement (potentially set by the proposal lead). Then after the deliberation time, the proposal lead is required to submit a follow up proposal (potentially a revision) to the NNS in order for it to become active for voting. I’m sure there are other variations that would make sense, but this gets at the need for deliberation. It doesn’t have to be the current forum, but that is what we have available at this time and makes sense for now.

I’m interested in your thoughts on how to improve decentralization if motion proposal weights are reduced. What would drive people to follow anyone other than Dfinity? How can Dfinity and our IC community escape accusations of centralization if more public known neurons don’t step up to the task of representing the community (and not follow other public known neurons) and people are not incentivized to follow them? You clearly have given a lot of thought to the governance system, so I’m curious what you think are solutions to that problem.

By the way, I agree with your assessment that the proposal to reset default following for All Topics Except Governance does not address spam attacks that are initiated for the purpose of community announcements or advertising. That proposal only removes the incentive for spam proposals by anyone who wants higher voting rewards with the current system.


I don’t see why we have to vote to receive rewards.

Shouldn’t abstaining be a valid vote? What if I don’t have enough technical knowledge to cast an educated vote? I just have to blindly click approve/reject to get my rewards? It skews the incentives for progressing the network.

I think doing away with “vote to get rewards” in favor of a classic staking model (e.g. PoS rewards) makes more sense. This would prevent spam proposals from getting any attention, because everyone would just ignore them, knowing that they’ll still get their rewards whether or not they vote.

  1. Every proposal must be set by a followee
  2. Followees are responsible for the content of their proposals
  3. Followees must participate or-and be DAO
  4. DAO must be voted in order to be followees
  5. DAO must vote before setting a proposal
  6. The result of their votes must easily shown to everyone
  7. For any illegal content of any proposal, authorities must be informed and the DAO setted the proposal is responsible for that.
  8. Rewards must be distributed to the voters that their vote=results. If I vote adopt and the result is reject, I cannot be rewarded and the opposite.
1 Like

I’ve been concerned about this for a while and knew it was only a matter of time before someone did it.

I also wondered if someone starting to submit spam proposals would be the motivation for change or if we could get ahead of that.

I think this is probably at least worth a conversation (if not a full analysis) of how the penalty for submitting a spam proposal is far outweighed by the ICP minted in voting rewards.

I believe this could create incentives for spam proposals to be submitted as they would always result in a net positive for voters.


@ysyms I notice that the neuron from which you are submitted these proposals has 0 ICP in it. I also notice that 2 months ago, about 200 other neurons were created with 0 ICP staked. 2 questions:

  1. How did you manage to create this neuron without ICP?
  2. Are you sure the attack hasn’t started already?

Thanks again for bringing necessary changes to the internet computer :smile:

Since I was at mentioned, I should note that I am not personally privy to designs on spam prevention, but I believe research team has some thoughts (and consider it important). However, I do not want to dangerously speculate due to my own ignorance on this topic.


For 1, I don’t understand how it is implemented.
For 2, it looks like it can’t avoid broadcasting motions to the community

There will be a Twitter space about NNS tomorrow, I may reveal my thoughts on this later

1 Like

attack? Ok but they are not the same attack

abstaining is a valid vote if you use a super majority voting system rather than a simple majority system

Then perhaps a supermajority system is what we need. My point for casting blind approve/reject votes still stands.

1 Like

I am heavily in favor of Dominic’s voting proposal Idea which he posted on twitter.

"my guess is we’ll need to have random subsets of neurons “second” governance proposals before prime time, auto-repeating with larger subsets when the result is indeterminate ". - Dominic.

This idea is immense. Not only does it deal with the current spam proposal scenario, adding randomization to any voting system helps with decentralization as well.

The NNS as a system needs to evolve by creating strong decentralized protocols that avoid simple if-then error catching solutions. It has to be organic with layers of filtering and verification, thankfully blockchains allow this to be easily possible

Dom’s threshold voting solution solves this. It randomly chooses a set of neurons from a population which then decides whether the proposal is fraudulent or not. If it is found to be spam it will then do nothing the proposal ends there. If the small group of neurons find the proposal to be valid or indeterminate, they fire which activates a larger group of neurons to do the same thing, and so and so on. Each group further validating the proposal. ( I added my own bit there, it moves to another larger group even if its valid)

However for this to fully work we still need the human element that can actually read through proposals, manually vote on them and not just follow governance leaders. Unfortunately, the only real solution at the moment is people parties, maybe once A.I advances we can shift directions then.

If am excited to see if Dom further pursues this line of thinking and what he develops out of this base idea.

Exciting stuff here.


First, in terms of economic motivation, choosing this attack method wastes a lot of time and energy of the attacker, but it will not increase the attacker’s profit, nor will it cause any asset loss, and the attacker’s motivation is not very high. Enough, I suggest that you implement an attack immediately to test the robustness of the ICP network.

Looks like you can live with seeing bloody pictures every day

If not, just set the neuron to follow another one

  1. In the future, voters may need to vote every day, but this is not the fault of the spam proposal, with the development of ICP, voters will face various motions

  2. The real threat of junk proposals to NNS is to use proposals with very objectionable content to make neurons give up governance, which forces neurons that originally wanted to participate in governance to follow other neurons, thus making NNS more and more centralized

Do you agree with the above two points?