Thoughts on Risk-Conscious Means of Neuron Transfer

Much has been discussed regarding enabling neuron transfer (in this thread here, for example). Neuron transfer would give stakers a means to recover staked funds in exigent circumstances, as even long-term commitments made in the best of faith may still from time to time need to be broken. But neuron transfer entails a number of risks that would need to be addressed in order to be supported in a risk-conscious way.

This post outlines one set of rough thoughts regarding how neuron transfer may be supported in a risk-conscious way.

TL;DR: safe enablement of neuron transfer looks perhaps maybe more involved than one may at first assume.

As a threshold matter, this post concerns ledgered neuron transfer – that is to say, neuron transfer taking place by way of one Internet Identity transparently sending a neuron to another Internet Identity, as recorded on an immutable ledger on the Internet Computer. It does not concern neuron transfer taking place by means besides. Namely, this post does not consider neuron transfer by way of transferring control of a canister that has staked ICP. It instead assumes the possibility that the IC can effectively prohibit canisters from staking ICP. See Note 1 below for brief further discussion on this point.

So presupposing that only Internet Identities may be able to stake ICP (and not canisters), neuron transfer should arguably at a minimum respect the following two conditions:

  1. Longer-dissolve-delay ICP stakes should continue to represent a staker’s true credible commitment to long-term good governance (foremost simply to sustain good governance, but also to keep neurons from devolving into a kind of speculative ICP future contract indistinct from vanilla ICP, per @coteclaude here); and
  2. The IC should continue to be protected against governance capture (a.k.a. 51% attacks), given the heightened risk that a malicious actor could, with neuron transfer supported, purchase neurons freely to collect a critical mass of voting power.

Now, both conditions may largely be addressed by imposing significant penalties for neuron transfer (as suggested by @Alixthe here) - penalties which could increase (perhaps exponentially) with dissolve delay. And additionally, redistributing penalties to existing stakers (as suggested by @BLeevit here) could both further (i) encourage long-term staking, and (ii) strengthen defenses against governance capture.

But neuron transfer could still non-trivially increase the likelihood of a successful 51% attack. Strictly speaking, a malicious actor needs only to achieve 50% + 1 of the voting power on the IC - not 50% + 1 of the outstanding supply of ICP. And given that small neurons can have many followers, one could hypothetically buy a small neuron with a lot of voting power for roughly only the price of the ICP in the small neuron - making governance capture potentially far more economical than commonly considered (per this post here).

And neuron transfer complicates matters for the more general related reason besides: the IC’s model of liquid democracy depends on neurons following other neurons… So how would liquid democracy work when neurons that one is following can be transferred at any time to a controller that the existing follower doesn’t want to follow (per the same post as above)?

The general issue arises from the very fact that neurons currently follow other neurons. So to address this, what if neurons followed not neurons, but instead Internet Identities?

After all, this would correspond conceptually better to reality: voters want to follow other voters, not those voters’ stakes (neurons). And it would mean that people couldn’t buy votes by buying neurons, because followers would now attach to Internet Identities - not neurons (see Note 2 for brief further discussion on this point).

So the suggestion that followers should attach to Internet Identities (and not neurons) may be sensible on a stand-alone basis. But a few other adaptations would need to be made to the IC’s current model of liquid democracy followership besides - namely in the rules regarding determining how a neuron votes given its followees’ votes. And naively, the simplest adaptation here might be for each neuron to split its votes in proportion to the voting power of all the neurons of all the Internet Identities that the given neuron follows. (This idea could definitely use some more careful thinking; but see Note 3 for a brief elaboration of this below.)

In fact, a follow-rule update like this could simplify the IC’s current model of liquid democracy, avoiding current first-past-the-post voting complications, whereby followers cast all votes in favor of only the majority of followee neurons (exaggerating support for on-the-fence decisions). And this adaptation would also make it possible to calculate so-called “liquid voting power” (“LVP”), as originally suggested by @wpb here. (See Note 4 below for brief further discussion on this point.)

Indeed, quantifying and publicizing LVP could be a key detective control to reduce the likelihood of a 51% attack materializing, as members of the IC governance community would have much better visibility into the moment-to-moment potential for capture by influential Internet Identities.

In addition to the measures more directly implicated by neuron transfer outlined above, and in the medium term to further preserve long-term good governance, it would probably be worth considering establishing more stringent voting thresholds for making “constitutional” changes to the IC (as suggested by @coteclaude here) - changes that substantially modify the way that governance itself works on the IC, in purpose and/or effect.

But in the more immediate term, the ideas offered above may represent one possible set of measures to enable neuron transfer in a risk-conscious way – and to make IC governance more robust in other aspects besides.

Summary of possible measures to enable neuron transfer in a risk-conscious way:

a. Support official neuron transfer with penalties…
— increasing in dissolve delay.
— redistributed to existing stakers in proportion to remaining stakers’ dissolve delay.

b. Update model of followership so that neurons follow Internet Identities instead of other neurons.
— follower votes split according to the votes cast by all the neurons controlled by all the Internet Identities that the voter follows.
— “liquid voting power” measured precisely, and publicized to reduce the likelihood that a 51% attack materializes.

c. Make it technically impossible for canisters to stake ICP.

And soon enough, consider establishing more stringent voting thresholds for longer-term, higher-impact, less-reversible “constitutional” proposals facing the IC.



  1. It would be great to confirm that the technical prohibition against canisters staking ICP could be effectively enforced, as otherwise canister staking could circumvent many of the controls suggested in this post. Indeed, in principle, governance of the IC should arguably be conducted by natural persons alone, as the IC is ultimately meant for the well-being of individuals, and not governments or firms which could be controlled by canisters. Enforcing that IC governance is conducted by natural persons alone, and not legal fictions, would arguably support the IC in achieving its potential to give power back to the individual.
  2. In theory, one could still sell his Internet Identity; but it is perhaps possible to make Internet Identity sales impractical, by for example ensuring that Internet Identity seed phrases cannot be deleted, such that an Internet Identity seller is unable to prove that he no longer has access to an Identity that he has sold, thus making sales much less likely in the first place.
  3. Example of suggested follow-rule: supposing that neuron [A] has 1,000 in voting power and follows Internet Identities (i) and (ii), which between them have neurons [B – 400 voting power], [C – 700 voting power], and [D – 900 voting power], then if [B] and [C] vote ‘YES’ on a given proposal, and D votes ‘NO,’ then neuron [A] would cast 550 of its power for ‘YES’ ((400+700)/(400+700+900) * 1,000), and 450 for ‘NO.’
  4. Given the “first-past-the-post” nature of the current follow-rule, it’s impossible to precisely determine “liquid voting power” in the abstract; liquid voting power is realized only in the context of a given vote ex-post. But under the suggested possible follow-rule, to get the liquid voting power of a given Internet Identity (as opposed to neuron), one would need simply to sum up the voting power of all followers’ neurons (and their followers’ neurons), as weighted by the Internet Identity’s total voting power as a proportion of total followed IIs’ voting power, to get total direct (and indirect) influence.

I’m going to need time to digest all the content in this post, but you have definitely hit on some very important points and concerns. Thank you for taking the time to expand in so much detail.

I think one concern you highlighted should be part of every discussion regarding neuron transfer. Specifically, it is possible for a neuron to have a very large voter following by way of liquid democracy without holding much ICP itself. The neuron owner could transfer ownership to a high bidder and none of the vote followers would know. That seems to be a huge security risk for the IC.


Doesn’t the upcoming feature of ECDSA signatures from canisters already make it possible for canisters to stake ICPs and control neurons? (Ultimately it seems hard, if not futile, to to build a general purpose platform like the Internet Computer, and then artificially try to prevent canisters from doing certain specific things.)


I feel that IC exists as the Internet Computer. Not sure why the distinction is necessary (or required) for natural persons versus artificial entities (such as AGI)

1 Like

@ayjayem Your post is great to read.

I think that approach is pretty great. I’d actually like to follow an internet identity (possibly even linked to a face or with a name in the forum), than just a stake.
I’ve argued about introducing following fees as a possible reward people for providing voting neurons, or with your approach voting identities.

Following internet identities + voting fees could give ICP additional security in terms of avoiding governance attacks. People could be incentiviced to participate in governance, strenghten decentralization and also have something to lose/fight for (voting fees). This could also make buying/selling of a following neurons/internet identities less likely. Let’s assume I put much work into establishing a serious id which people follow. Why should i suddenly sell it to the next best bidder and risk people to hate me for that?
The buyer would exactly have one bad vote before people unfollow the id + they’d also possibly cruzify me for doing that to them.

Did anyone see the controversy created by a Uniswap vote? As soon as an identity (possibly even showing a pseudonym in the forum, or a face, which the id holder provided by free will to advertise his neuron/id ) would be linked to that vote, there would be much more controversy and attention.
This is another form of accountability (personal) which could be incentivized.

I think this is a really interesting way to go. It wouldn’t be restricted, but people would face a loss and so they’d have financial accountability as soon as they stake. @namyIC provided it in the thread.

I personally started to become interested in ICP because of its unique handling of internet identites. The more I deal with it, the more I’d actually dislike permanent seed phrases. How do others see that?


Indeed - it was my understanding as well that canisters will soon be able to stake ICP.

So here’s the concern then. (Sorry for another longer post here.)

Someone creates a staking service offering initially 25+% returns, where users can also sell their neurons at any time in a market set up for the purpose. The service works by creating a canister for each stake, controlled by the user; and when the user wants to sell the stake, canister control is updated to the buyer. This transfer isn’t recorded on any general ledger.

Sounds like a great service - who wouldn’t use it? Great rewards and no real lockup… almost strictly better than staking directly. Eventually, almost anyone who wants to stake would use a service like this, instead of staking directly.

But now since staking involves little real commitment, we see much more of it. Many more 8-year neurons staked by (transferable) canisters. Any of these neurons could be bought to launch a 51% attack. And if neurons continue to follow other neurons in voting, governance capture could be relatively cheap (if an attacker buys small stakes with lots of followers).

Voting rewards also fall for all existing non-transferable neurons, as rewards are now shared with many new transferable stakes.

And in fact, the idea of voting rewards itself becomes much more dubious anyway: since stakers in transferable neurons demonstrate no real commitment to the long-term success of the IC, how can they be trusted to vote for measures favoring its long-term success? It would in this scenario be much less costly, for example, for unscrupulous supporters of other projects to buy neurons, vote maliciously, and then sell the neurons before the long-term impacts of votes are realized in the market more generally.

And if one buys into any of these concerns, it seems like there may be little way to prevent unencumbered neuron transfer (done by way of canister control transfer). So stakers could evade any neuron transfer penalty, for example, that could make neuron transfer less problematic.

I really hope that I’m missing something here - I would love to be educated on how these concerns may be overblown.


I am not saying that these concerns are not valid. I challenge, though, that they are avoidable (because it seems fundamentally impossible to prevent such markets to form, on or off the IC), and if they are not avoidable, I’d rather be honest about it, remove the restrictions that prevent other valid use cases (maybe I want to semi-automate my personal stalking and voting logic in a canister of mine), and keep these markets on the IC. And unless someone convinces me that it’s actually possible to prevent neurons transfer in a meaningful way (beyond making it merely annoying), I’ll stay out of discussions of how the world is better if was possible.


First off, a well composed and thought-through post. I believe case b has a paramount long term value for the governance system. However, on a side note I believe we need strong internet identity control in place to ensure that an internet identity is anchored to a real person. Nevertheless, there is always the risk that an internet identity could be managed by a bot in some way?

Reflecting on case a it seems like a viable approach as long as the penalty is in relation to the voting power so no one can acquire voting power at a discounted rate, but who would benefit from being able to do neuron transfers? What use case would there be for any dapp to give this as a service in any format?

  • If the argument is for retrieving economical value from a neuron then I am much more lenient to introduce an unwind mechanism per my post in the tokenomics proposal thread to prevent secondary neuron markets. How that unwinding model should go up for further discussion if that is the path to go.

  • If the argument is for automation then let the nns controlled by dfinity expose function calls to do this more automated for potential dapps to utilise in a controlled fashion.

  • Other cases I might be missing?


Absolutely. If unencumbered neuron transfer is unavoidable, best just to face up to it, even if it’s far from ideal.

In that case, then talk of neuron transfer penalties or other costs to neuron transfer seems unproductive, because it seems like these measures could be circumvented through canister staking.

But probably good to start thinking about neurons not following other neurons, to avoid cheap sales of followers, in line with suggested measure b. above.

And more generally, probably useful to start thinking about how to reinforce long-term good governance of the IC in the absence of demonstrated (financial) commitment as represented by binding staking lockup periods. Today’s concept of governance on the IC seems very much to depend on neuron immobility.


Joachim, I have the impression from your prior posts in the forum and on social media that you may be a former Dfinity team member. Is that true? Have you spent much time ideating about how to prevent neuron transfer? I’d like to better understand why you have come to the conclusion that it is impossible to prevent neuron transfer.

What’s wrong with something as simple as giving every neuron a permanent seed phrase. Wouldn’t that by itself prevent neuron transfer? Who would want a neuron that has a permanent seed phrase that someone else knows?

The security risks associated with neuron transfer seem significant to me and well worth pursuing and implementing mitigation strategies. However, I have a lot of respect for your technical understanding. I would appreciate if you would catch us up to how and why you have arrived at your opinion on this topic.

BTW, I know @wang and @lastmjs have similar opinion and I’d like their input as well.


As a neuron buyer, I can enter into a legal agreement with a seller where they forfeit all claims to their seed phrase or private keys.

1 Like

How does a legal agreement prevent the original seller from selling the neuron address and permanent seed phrase on the black market to some nefarious actor outside the government jurisdiction of the legal agreement?

How does a legal agreement prevent Dfinity Foundation from pursuing a class action lawsuit (on behalf of all ICP governance token holders) against any entity involved in such neuron transfers (mediators, sellers, and buyers), especially if it is done under the pretense of a legal agreement?

I recognize the fact that several technically skilled people that I highly respect have stated that they believe that it is impossible to prevent neuron transfer. However, this is fundamental to the tokenomics thesis that I bought into when I decided to stake ICP. I have not heard Dfinity Foundation say that they believe neuron transfer is impossible to prevent. It seems likely that this is a problem that can be solved. I need a better explanation for why it is impossible…or at least a better understanding of how much effort has actually been applied to developing mitigation strategies.

1 Like

That can happen of course, but perhaps there would be some clause in the contract that assesses penalties in case of private key leak. Also, as a seller, why would I bother? I have liquidity, and now I can go enjoy my life.

The foundation may not necessarily know a transfer of ownership event occurred. Also, such an event is (probably) not forbidden by the original agreement.

1 Like

@jwiegley and @johan

Given that you are working on the IC’s tokenomics, and have expressly flagged the risks of neuron transfer and invited comment, I would also be curious to hear your thoughts on the idea that neuron transfer may be impossible to prevent.

1 Like

It would be relatively easy to transfer ownership of an Internet Identity account, and thus any neurons controlled by it. This could be done by adding a new Yubikey to the account, and then giving that Yubikey to a buyer. Since the neuron cannot be disbursed before its dissolve is complete, the buyer can be certain that the funds won’t “disappear” in the midst of the transaction, and upon receipt they would remove all other keys from the account.

1 Like

Some have suggested permanent seed phrases for Internet Identities (or even neurons themselves), so that buyers could never be sure that they have sole control - which on its face seems like a pretty strong deterrent to vanilla Identity or neuron sales.

My main concern is neuron transfer by means of changing control of a canister that controls a neuron. I’d be curious to hear the Dfinity team’s thoughts on how to manage the associated risks.

1 Like

I do not think neuron transfer can be entirely prevented, since I could always sell you my Ledger Nano and sign a legal document swearing to destroy all trace of the seed phrase and never make use of it if I’d memorized it. But there is no trustless way to transfer a neuron, since we strictly enforce a “1 neuron 1 private key” rule, and all of the typical security issues of transferring a private key to another party would apply.

1 Like

I take this to mean, “there is no trustless way to transfer a neuron”? Thanks for the thoughts, John - appreciate it.


Yes, exactly, thank you for noticing that. Edited the reply.


But it seems that this is not true for internet identity. i.e. you can sell the internet identity and the neuron/s in the internet identity would go with it. To enable it to be trustless, you could just have the recovery phrase (all other authentication mechanisms removed) & the buyer could change the recovery phrase; thereby controlling the internet identity. Hence effecting the transfer.

1 Like