How to use $34,000 to conduct a spam proposal attack on NNS. (I will not implement this attack at the moment)

First, in terms of economic motivation, choosing this attack method wastes a lot of time and energy of the attacker, but it will not increase the attacker’s profit, nor will it cause any asset loss, and the attacker’s motivation is not very high. Enough, I suggest that you implement an attack immediately to test the robustness of the ICP network.

Looks like you can live with seeing bloody pictures every day

If not, just set the neuron to follow another one

  1. In the future, voters may need to vote every day, but this is not the fault of the spam proposal, with the development of ICP, voters will face various motions

  2. The real threat of junk proposals to NNS is to use proposals with very objectionable content to make neurons give up governance, which forces neurons that originally wanted to participate in governance to follow other neurons, thus making NNS more and more centralized

Do you agree with the above two points?

I agree the IC will grow and there will be frequent governance proposals in the future. I also agree spam proposals can cause people to give up on paying attention to governance. Hence, proposals need to be actionable and well deliberated.

I think decentralization is addressed by having many options for Followee configuration in the NNS dApp and by giving people a reason to think about who they should follow (or a reason to vote manually). If dfinity always votes, then people will naturally follow dfinity. If governance proposals have equal weight to all other proposals and there are 144+ other proposals each day, then naturally there is no incentive to participate in governance proposals.

Attack-type spam proposals must be addressed. As for meaningless proposals, it can be solved by dynamically adjusting the required funding threshold for initiating proposals

I don’t understand why the list of known neurons requires a vote to join. Maybe we’re all working on decentralization right now, but neurons in the “known neuron list” can easily gain more power. We cannot hope that there will be people willing to share their rights after the ICP restructures the Internet.

1 Like

That’s a fair point. It is a high threshold to become a named neuron and there is risk that existing named neurons will tend to reject new names neurons. I hope that’s not the case, but it can’t be guaranteed. I’m a big advocate for more names neurons and I can’t think of anyone in the ICPMN, cycledao, or ICDevs who is against adding more names neurons. Everyone I have ever talked to seems to agree. However, I suppose named neurons do need to have a presence in the community it order to have the highest probability of success at becoming a named neuron.

It’s also important to note that named neurons do not own or control their followers. They don’t get to choose their followers and they can’t hold on to them. Only the follower gets to choose their Followees. Hence, as more names neurons come online, I would expect there to be some movement of followers as people periodically re-validate their Followees.

What do you think is a reasonable funding threshold right now? I think 10 ICP sounds about right. I’m curious what you think is appropriate.

I don’t know what the exact value is, I think it needs to be dynamically adjusted based on the efficiency of NNS processing proposals and the number of recent proposals

Also, proposal initiation fees should be doubled on weekends and holidays

Why not implement democracy and give all stakeholders just 1 vote.

Proposers would then have no power to force their agendors, promote products or defraud the community without the support of many.

This would streamline proposers and voters should be able to ignore Proposers who they feel are bad Stakeholders.

I look for duplications to find problems and this same point has been brought up many times so this must be a real concern without a solution.

So get rid of the problem and consider my idea.

Also the Proposal should have a Yes, No and Reject in that way a proposer runs the risk of a community decision to give a stakeholder the option to vote only.

If everyone had equal votes then what would be the point of having a Neuron above the minimum ICP required when you could just bot 500,000 different accounts with 1 ICP each and still have the same amount of voting power as someone with a single 500k ICP neuron right now? KYC and people parties would create an unnecessary step to onboard more voters, the current design was chosen deliberately by Dfinity and with good reason.

I asked the question as I didn’t want to see big tech like dominance take control like we have today. Everyone so far has spoken like a true hacker, knowing how to attack but no one pointed me to the documentation that ICP has already consider this already and disproved the likely hood of a 51% attack, so I withdraw my concerns as I feel I finely have the answer to my question.

51% Attacks on Governance
A key security concern is the prevention of an attacker gaining 51 percent of the voting power, or even just enough that they can tip the balance in favor of those who vote unwisely, which will damage the success of the network. (The term “attacker” here applies equally to an actor who wishes to harm the network, an actor whose influence will be malign by accident, and one that might simply excessively centralize power.) Luckily, all things being equal, the colossal value of ICP locked inside the NNS makes it exorbitantly expensive to acquire such a stake. Furthermore, the financial investment required would be difficult to recoup, since ICP that have been purchased and locked would dramatically lose value if the network were harmed. Even if resources were less of a concern — for example, where an attacker was a malign state actor — unlocked ICP could not be purchased quickly on financial exchanges, since the vast majority of the overall ICP supply is locked in neurons to earn rewards. This would force such an attacker to build up their position slowly over time, with the buy pressure created by significant

I’ve been following the conversation around voting decentralization for some time and was wondering what your thoughts around the following are:

Instead of dividing up the non-voters’ rewards between voters, what if we had multipliers for flat rewards for each category of proposals/voters:

  • 0.1X for exchange rate proposals
  • 1X for non-governance proposals
  • 10X for governance proposals

The above is similar to what we currently have

Now, for neurons voting individually, we have a multiplier of let’s say 2X and for neurons following others, we have a multiplier of 1X. That way we’re incentivizing decentralization by incentivizing individuals to vote by themselves and not rely on a centralizing third-party to vote on your behalf. But you can still choose to do so, if you don’t have time to vote and get the current rate of rewards.

2 Likes

its no difference than giving up voting power for blackrock, vanguard, states street type of like within the NNS if we really going to implement that.

The return on betting yes or no is the same. Once manual voting is not the same as the reward for following voting we can’t stop people from randomly voting on proposals using other tools

1 Like