Quadratic Funding is under Sybil attack
We’re on the cusp of Grants Round 10, and each round has been more successful than the last. We expect that trend will continue through this round as well. The Gitcoin mission is to enable communities to build and fund the open web, so of course we’re always excited to see more growth through grants. But as we grow, we must continue to protect the integrity of the round by defending the Quadratic Funding mechanism from attack.
We believe Quadratic Funding is the optimal method of funding public goods in democratic communities. But Quadratic Funding is susceptible to attack vectors that enable bad actors to game the system in their favor. The most common is a Sybil attack.
Sybil attacks present in one of two ways: creating multiple identities or multiple projects. The Quadratic Funding algorithm weighs the number of participants more than the total amount donated to a grant, so an incentive exists to send many smaller donations from multiple accounts instead of one larger donation from one account.
The same is true for project owners. They might game QF by creating multiple, smaller grants instead of one larger grant, grabbing a larger overall share of the match fund in the process. For more information about QF attack vectors, please check out these short videos.
In GR9 we experienced a significant uptick in Sybil attacks. This was to be expected based on the growing size of the match fund. But this means we, as a web3 community, need to take our defense against Sybil attacks to the next level. The best way to defend against Sybil attacks is through robust identity verification. Identity verification raises the cost of creating multiple identities, which makes it less beneficial for a malicious actor to perform a Sybil attack.
In previous rounds we began offering a trust bonus to Gitcoin users based on their level of identity verification. The more thorough a user verified their identity, (for example by linking their BrightID and social media accounts) the more impact their contributions had on the distribution of the match fund. For GR10 we have created a more comprehensive solution that gives an even greater incentive to verified users.
This is what it looks like:
All users start with a 50% trust bonus. For example, if you give $100 to a grant project, the project receives the full $100. But only 50% of your matched funds will go towards the grant. That means the project you’ve donated to would receive less of the match fund after the crowdfunding round is over.
However, by linking to identity verification providers, a user may increase their impact on the match fund up to 150%. That means the projects you’ve donated to will receive more of the match fund after the crowdfunding round is over.
We offer a variety of verification tools, some more comprehensive than others. You can find them in the Trust Bonus tab on your Gitcoin profile page. Just make sure you’re logged in. Verify with one or a combination of tools to give your grant donation the maximum amount of impact — up to 150%. At the same time you’ll be doing your part to help the community defend the Quadratic Funding mechanism against Sybil attacks.
If you have questions, please connect with the Gitcoin Community in Discord. If you have ideas on improving the Sybil defense mechanisms, please join the related workstream in the Gitcoin governance forum. Thanks for supporting public goods!