Much has been discussed regarding enabling neuron transfer (in this thread here, for example). Neuron transfer would give stakers a means to recover staked funds in exigent circumstances, as even long-term commitments made in the best of faith may still from time to time need to be broken. But neuron transfer entails a number of risks that would need to be addressed in order to be supported in a risk-conscious way.
This post outlines one set of rough thoughts regarding how neuron transfer may be supported in a risk-conscious way.
TL;DR: safe enablement of neuron transfer looks perhaps maybe more involved than one may at first assume.
As a threshold matter, this post concerns ledgered neuron transfer – that is to say, neuron transfer taking place by way of one Internet Identity transparently sending a neuron to another Internet Identity, as recorded on an immutable ledger on the Internet Computer. It does not concern neuron transfer taking place by means besides. Namely, this post does not consider neuron transfer by way of transferring control of a canister that has staked ICP. It instead assumes the possibility that the IC can effectively prohibit canisters from staking ICP. See Note 1 below for brief further discussion on this point.
So presupposing that only Internet Identities may be able to stake ICP (and not canisters), neuron transfer should arguably at a minimum respect the following two conditions:
- Longer-dissolve-delay ICP stakes should continue to represent a staker’s true credible commitment to long-term good governance (foremost simply to sustain good governance, but also to keep neurons from devolving into a kind of speculative ICP future contract indistinct from vanilla ICP, per @coteclaude here); and
- The IC should continue to be protected against governance capture (a.k.a. 51% attacks), given the heightened risk that a malicious actor could, with neuron transfer supported, purchase neurons freely to collect a critical mass of voting power.
Now, both conditions may largely be addressed by imposing significant penalties for neuron transfer (as suggested by @Alixthe here) - penalties which could increase (perhaps exponentially) with dissolve delay. And additionally, redistributing penalties to existing stakers (as suggested by @BLeevit here) could both further (i) encourage long-term staking, and (ii) strengthen defenses against governance capture.
But neuron transfer could still non-trivially increase the likelihood of a successful 51% attack. Strictly speaking, a malicious actor needs only to achieve 50% + 1 of the voting power on the IC - not 50% + 1 of the outstanding supply of ICP. And given that small neurons can have many followers, one could hypothetically buy a small neuron with a lot of voting power for roughly only the price of the ICP in the small neuron - making governance capture potentially far more economical than commonly considered (per this post here).
And neuron transfer complicates matters for the more general related reason besides: the IC’s model of liquid democracy depends on neurons following other neurons… So how would liquid democracy work when neurons that one is following can be transferred at any time to a controller that the existing follower doesn’t want to follow (per the same post as above)?
The general issue arises from the very fact that neurons currently follow other neurons. So to address this, what if neurons followed not neurons, but instead Internet Identities?
After all, this would correspond conceptually better to reality: voters want to follow other voters, not those voters’ stakes (neurons). And it would mean that people couldn’t buy votes by buying neurons, because followers would now attach to Internet Identities - not neurons (see Note 2 for brief further discussion on this point).
So the suggestion that followers should attach to Internet Identities (and not neurons) may be sensible on a stand-alone basis. But a few other adaptations would need to be made to the IC’s current model of liquid democracy followership besides - namely in the rules regarding determining how a neuron votes given its followees’ votes. And naively, the simplest adaptation here might be for each neuron to split its votes in proportion to the voting power of all the neurons of all the Internet Identities that the given neuron follows. (This idea could definitely use some more careful thinking; but see Note 3 for a brief elaboration of this below.)
In fact, a follow-rule update like this could simplify the IC’s current model of liquid democracy, avoiding current first-past-the-post voting complications, whereby followers cast all votes in favor of only the majority of followee neurons (exaggerating support for on-the-fence decisions). And this adaptation would also make it possible to calculate so-called “liquid voting power” (“LVP”), as originally suggested by @wpb here. (See Note 4 below for brief further discussion on this point.)
Indeed, quantifying and publicizing LVP could be a key detective control to reduce the likelihood of a 51% attack materializing, as members of the IC governance community would have much better visibility into the moment-to-moment potential for capture by influential Internet Identities.
In addition to the measures more directly implicated by neuron transfer outlined above, and in the medium term to further preserve long-term good governance, it would probably be worth considering establishing more stringent voting thresholds for making “constitutional” changes to the IC (as suggested by @coteclaude here) - changes that substantially modify the way that governance itself works on the IC, in purpose and/or effect.
But in the more immediate term, the ideas offered above may represent one possible set of measures to enable neuron transfer in a risk-conscious way – and to make IC governance more robust in other aspects besides.
Summary of possible measures to enable neuron transfer in a risk-conscious way:
a. Support official neuron transfer with penalties…
— increasing in dissolve delay.
— redistributed to existing stakers in proportion to remaining stakers’ dissolve delay.
b. Update model of followership so that neurons follow Internet Identities instead of other neurons.
— follower votes split according to the votes cast by all the neurons controlled by all the Internet Identities that the voter follows.
— “liquid voting power” measured precisely, and publicized to reduce the likelihood that a 51% attack materializes.
c. Make it technically impossible for canisters to stake ICP.
And soon enough, consider establishing more stringent voting thresholds for longer-term, higher-impact, less-reversible “constitutional” proposals facing the IC.
- It would be great to confirm that the technical prohibition against canisters staking ICP could be effectively enforced, as otherwise canister staking could circumvent many of the controls suggested in this post. Indeed, in principle, governance of the IC should arguably be conducted by natural persons alone, as the IC is ultimately meant for the well-being of individuals, and not governments or firms which could be controlled by canisters. Enforcing that IC governance is conducted by natural persons alone, and not legal fictions, would arguably support the IC in achieving its potential to give power back to the individual.
- In theory, one could still sell his Internet Identity; but it is perhaps possible to make Internet Identity sales impractical, by for example ensuring that Internet Identity seed phrases cannot be deleted, such that an Internet Identity seller is unable to prove that he no longer has access to an Identity that he has sold, thus making sales much less likely in the first place.
- Example of suggested follow-rule: supposing that neuron [A] has 1,000 in voting power and follows Internet Identities (i) and (ii), which between them have neurons [B – 400 voting power], [C – 700 voting power], and [D – 900 voting power], then if [B] and [C] vote ‘YES’ on a given proposal, and D votes ‘NO,’ then neuron [A] would cast 550 of its power for ‘YES’ ((400+700)/(400+700+900) * 1,000), and 450 for ‘NO.’
- Given the “first-past-the-post” nature of the current follow-rule, it’s impossible to precisely determine “liquid voting power” in the abstract; liquid voting power is realized only in the context of a given vote ex-post. But under the suggested possible follow-rule, to get the liquid voting power of a given Internet Identity (as opposed to neuron), one would need simply to sum up the voting power of all followers’ neurons (and their followers’ neurons), as weighted by the Internet Identity’s total voting power as a proportion of total followed IIs’ voting power, to get total direct (and indirect) influence.