Dear Funders League MultiSig Key Holders,
Grants Round 9 (GR9) came to a close on March 25th, 2021, and it is time to take the journey to the Quadratic Lands where we honor our sacred agreement to support public goods in the Ethereum ecosystem. We do that by transferring funds from the Grants MultiSig to the non-custodial deployment contract, which will enable payout of the round’s matching pot.
Thanks to the generosity of the Funders League and the Ethereum community as a whole, the multisig has over $3 million in total assets destined to bolster digital public goods. Approximately $500k will be used to pay out this round, leaving $2.5mm in funding for future rounds. As was agreed when the multisig was formed, the social contract here is that these funds are to be used for public goods in ETH, specifically through Gitcoin Grants.
We have made gigantic strides since Feb 2019 when GR1 concluded with $44k funded, to GR9 which raised $1.9mm. We are thankful for all of the growth in digital public goods funding, and it’s our pleasure to take this opportunity to give a warm thank you to some of the many projects who have helped get us to where we are today. We appreciate you!
Ethereum Foundation, @optimismPBC, @Synthetix, @iearnfinance, @0xPolygon, @DefianceCapital & Three Arrows Capital, #FerretPatrol, @chainlink, @YAMFinance, @realmaskbook, 1337 working group, $MEME, @1kxnetwork, 1inch, @binance, @harvest_finance, BadgerDAO, @BalancerLabs, @Krakenfx, @graphprotocol, @uniswap, @sushiswap, @knotmegan, @econar, @nanexcool, @bantg, @future_fund_, @rleshner, Andrew Keys, @Jordanlyall, @tenQkp, @stakefish, @10b57e6da0, @fcmartinelli, @BasedProtocol, @bc_workshop, @ideamarkets_, SNX, Splunk, Auryn, fireeyes.xyz
Grants Round 9 was by far our largest and most successful yet. There were over 160k crowdfunding contributions from more than 12k contributors, raising over $1.3mm. Adding in the $500k matching pool funds, this totals almost $1.9mm for public goods, which surpasses the GR8 total by almost $800k (42% growth)!
At Gitcoin our mission is to support digital public goods development. We do that by empowering builders to earn in a number of ways, including sponsored hackathons, ongoing bounties, KERNEL, and quarterly grants rounds. Grants rounds are among our most significant economic vehicles, because they offer the community extraordinary involvement in the process through the Quadratic Funding mechanism.
Why Quadratic Funding On Gitcoin Grants Matters
Gitcoin Grants gives the community an opportunity to help focus where funds and therefore development cycles are spent. When community members send funds to a particular grant they are signalling their support for it, becoming a voice and a vote for its importance. And because of QF, their vote has a quadratic impact.
Gitcoin Grants supports open web development, but beyond that, we view Gitcoin Grants as a vital experiment in Quadratic Funding. Testing it is important because we believe QF is the optimal way of funding public goods in a democracy, and could become a major approach to allocating public resources this decade.
Each round offers more opportunity for our community to learn and test the system together, and the stakes get increasingly higher as the rounds become more successful.
That is why it’s crucial, as part of our quarterly Grants Round cadence, to take pause and reflect on not only the community’s accomplishments, but how we can support the community in improving integrity in the system and transparency in the process.
Red Team vs Blue Team
Quadratic Funding is amazing in how it amplifies the contributions of small donors, but it also comes with some open research problems to solve: namely how to prevent sybil attacks and collusion attacks. We have partnered with BlockScience and the Token Engineering Commons to create an open community-data-review process so we can begin solving these problems to deter adversarial behaviour at scale on Gitcoin Grants.
While Gitcoin Grants is known primarily as a public goods funding mechanism, there is another way of looking at it. Grants Rounds are battlegrounds for pushing forward research in adversarial behaviour in digital identity-based funding mechanisms. If you look at it from a certain angle, Grants Rounds are giant red team / blue team exercises for battle-testing Quadratic Funding in the real world, with real value on the line.
Our approach is iterative. Every round our goal is to build blue team’s fortitude by identifying and categorizing attacks from the red team, so that moving forward our community has defense against them. That way we can scale up the positive impact of QF.
Grants Round 9 saw a marked uptick in attacks, both in number as well as approach — which makes sense given more participation and more funds on the line. There is simply greater and greater incentive to try to game QF as the matching pool grows.
We view grant round integrity as a public good in itself, and so articulating what we’ve witnessed is an important priority for us.
It is worth noting before we get into the definition of attacks, that the Gitcoin Team’s focus has been on remaining as credibly neutral as possible. We think that consent of the governed is the only legitimate basis for any government, and so our governance goal is to be accountable to the Ethereum community.
This means our product philosophy is to enable the community to express their funding preferences, and to leave the hard policymaking questions to the community Gitcoin Grants serves.
We Do This In Three Ways:
- Using our @GitcoinDisputes Twitter handle, we seek feedback from the community as we spot attacks.
- We employ an open & community driven data analysis process driven by BlockScience and the Token Engineering Commons.
- We convened a group of 15 community stewards to review governance rules, and in the event of any suspected rule-breaking to run through these 4 steps:
The selection criteria for the creation of any group of stewards is admittedly subjective, but we felt that we could best enable the consent of the governed by selecting stewards according to the following criteria of “who has skin in the game”:
- Community members who have been active in giving feedback.
- Community members who have been active in giving funding.
- Community members who have pushed back on past Gitcoin Team’s policies.
In the future we plan to create a more formal process of selecting and informing stewards, as well as defining a process by which the community can hold the Gitcoin platform and team (long term, a Gitcoin DAO) accountable.
What Happened In Round 9?
Without further adieu, let’s go over several main types of attack vectors and what we’ve learned about them so far.
1. Sybil Attacks
Sybil attacks are a vulnerability for Quadratic Funding. The two types of sybil attacks we’re monitoring are multiple identities, and multiple grants. Since grant creators benefit from more participants, there is a systemic incentive to create multiple identities that give smaller donations, instead of giving a larger sum from one identity. Likewise, grant creators benefit from creating multiple, smaller grants with which to solicit donations, instead of one larger grant.
Multiple Grant Attack: Linked is an example of multiple grants with the same name from the same user.
Gitcoin Action: Caught with manual review, and Gitcoin did not approve grants.
Multiple Identity Attack: The above user isn’t even trying to disguise their identity.
Gitcoin Action: Accounts were deactivated.
Attack: In this example a user created a fraudulent grant impersonating Lukso. The Grant creation process does have several layers of fraud deterrent (requiring manual review of each project, and requiring creators to submit a project website and Twitter handle). In this case the malicious actor submitted a grant in Round 7 before a review process was in place, and was able to raise money until they were finally flagged by a community member.
Gitcoin Action: We were notified by a community member through @GitcoinDisputes that this is a fraudulent grant. We verified it as fraud with the project lead, and disabled it.
Attack: Blockchain technology offers unprecedented, decentralized transactional transparency, which is necessary for trustless coordination. But it can also lead to instances of bribery that could sway the QF algorithm to benefit a particular org. For example projects have promised token airdrops to users who have given to their grant. This is a form of quid pro quo in exchange for collusion to maximize their matching fund distribution, which is possible because send addresses are public.
However, not all airdrops are malicious. In this example an Ethereum project offered tokens for anyone who participated in Gitcoin Grants, no matter which grants they funded. But regardless of the intent, this behavior also may cause unintended consequences. If airdrops for Gitcoin Grants participants become common, users may employ bots to donate a small amount to many grants in the hopes of token profits later on.
It is worth noting that sometimes bribes are not explicitly offered, but can still be problematic even when they are implied, as is the case with Minerva. While not promising tokens, they do make a point to mention they will soon have one. It’s reasonable to believe they are implying that anyone participating in their grant now, will receive tokens in the future. This grey area is something we continue to work with the community stewards to define policy on.
Another consideration is what effect bots donating might have on the quadratic funding mechanism. Sybil accounts using bots to donate to a collection of grants they think are most likely to offer a token airdrop would skew the payouts from the matching pool. A bot that donates evenly across all grants would not have this same effect.
Gitcoin Action: In the case of an explicit bribe in which a quid pro quo is offered and a smoking gun evidence for the same is presented, we will take action to remove the grant from the matching pool.
In cases in which bribes are not explicit, then we expect resolution will come through a formal community governance process.
4. Well-Funded Grants & Community Self-Policing
Grants Round 9 also presented an interesting concern that does not fall into an attack category, but did raise questions of legitimacy from the community. Maskbook is a fully funded Web3 project who sponsored the GR9 Hackathon. They released their token in February, 2021 which included a retroactive distribution to anyone who supported their grant in previous rounds.
The controversial part of this is at the time Maskbook still had an active grant. So the community questioned whether or not it is appropriate for funded projects to participate in grants rounds and benefiting from QF matching, particularly if they had set a precedent for rewarding past grant contributors. In this case Maskbook acted quickly and stopped accepting matched funds, which seems in line with the expectations of the Ethereum community.
Another example is Vocdoni who also had an active grant, but proactively stopped accepting funds from the match pool after their financial future was secured late last year.
Both examples show the community was willing to police itself so that direct intervention from the Gitcoin Team was not necessary. This is an important observation to note. The more the community rewards good actors, and deters bad actors, the less the Gitcoin Team needs to be involved in governance decisions.
Gitcoin Action: In the case in which a grant owner decides to remove their grant from matching, we will do it for them.
Right now there is no policy against grants having business models, token models, or VC fundraising, but in the future community stewards (in cooperation with the Gitcoin community as a whole) could create one if they wanted.
5. Non Ethereum Related Projects
Every round Non-Ethereum projects seek to participate. This includes Web3 groups on other chains. In GR9 we saw our first Binance Smart Chain (BSC) grant from an NFT project called ARTSTRO.
In earlier rounds the precedent was set to not allow grants for projects outside of Ethereum, so we disabled this grant. But whether or not to permit other chains is an open governance question for the community.
6. Project With Multiple Grants In Different Categories
There was a dispute raised on March 17th, 2021 regarding two grants:
- EtherDrops (dApp Category)
- DropsEarn (Community Category)
Both projects are affiliated with the DROPS Foundation.
If the grants had been in the same category, then pairwise bounding would have muted the impact of both grants having similar contributors. But they were not.
Gitcoin Action: The community went back and forth with the founders of the DROPS Foundation, and ultimately decided that having similar grants from the same company dominating different categories with similar contributors, represented a threat to the legitimacy of the round. In response, the Gitcoin Team disabled matching on one (but not both) of the grants.
7. Airdrop Harvesting
We saw a number of accounts contributing from multiple Ethereum addresses this round. Upon investigation of these accounts it was determined that this behavior was likely scripted, and was focused on planting as many addresses as possible in the Gitcoin API. The motive for this behaviour was to benefit from possible future airdrops. The precedent has been set that the Gitcoin API has been used as the basis for past airdrops, so these attackers were betting it would happen again.
This is problematic on a few levels — mostly because it could pervert the behavior of contributors to favor public goods that are likely to airdrop tokens in the future. But also because the contributions were generally small and spammy.
Our immediate action was to modify the API results so that they do not include these contributions, and upon consultation with the community we may significantly scale back which APIs we make available in the future.
Round 9 Fraud Deterrents
TrustBonus is designed to prevent sybil attacks.
This round, Gitcoin supported BrightID, Idena, Twitter, POAP, SMS, and Google as optional identity verification techniques. When a user verified their identity on other platforms, they were given a TrustBonus. The higher the Trust Bonus of a user is, the more we can be confident that the user is real. Higher TrustBonuses come with benefits such as a higher match for grant contributions.
Given the sheer number of sybil attacks we saw this round (see Sybil section), we are strongly considering taking TrustBonus and making it a TrustRequirement next round — users will not get any matching for their donations until they verify their identity on other platforms.
2. Grant Review Process
Grants Review Process is designed to prevent fraud grants.
The Gitcoin Team has inserted itself into the grant creation process to prevent impersonation and fraudulent grants from going live on the platform. We also prevent racist, sexist, or pornographic content from being posted on the platform. (For transparency, see an example here but be warned that this content may be offensive to some.) In the future, we plan to decentralize the grant review process to a DAO or community stewards.
3. Pairwise Bounding
Pairwise bounding is designed to proactively prevent collusion in QF.
Gitcoin has implemented pairwise bounding, which is a way of muting the impact of groups of contributors who contribute to the same grants as each other. To learn more about pairwise bounding, check out this post on ethresearch.
4. Machine Learning Flagging & Community Review Process
Our Machine Learning Flagging & Community Review Process is designed to prevent sybil attacks.
In addition to the proactive measures above, we have been working with BlockScience on a reactive machine learning pipeline that gives a score to each contribution, and informs the community stewards what contributions to look out for.
BlockScience has been posting on the Gitcoin blog with details about what they’ve been working on, and will be posting a blog post about this pipeline as it develops.
Round 9 Review Process: How we Ratified Results
This round, in addition to using our @GitcoinDisputes Twitter handle to seek feedback, we convened a group of 15 community stewards who were informed of trends in the data, and asked to make policy about what was acceptable or not.
During the grant review process, the Gitcoin Team ran these machine learning algorithms on the dataset, and identified 26,911 contributions (out of over 168k total) by 1995 contributors (out of over 11,500 total) that presented as possible fraud or sybil attacks.
If we were to process these contributions through our QF engine, this is how the round results would change.
This represented a total fraud tax for Grants Round 9 of $33,014 (or 1.7% of the round).
Our recommendation to the community stewards is to, for each grant, payout max(old_match, augmented_match), which adds up to a total of $500k + $33k = $533k in matching payments for the round.
Why give each grant the best of both worlds? Because while these contributions present as fraud, that doesn’t necessarily mean they are fraud. Without spending time on evaluation — whether manually evaluating each contribution or creating an algorithmic policy that evaluates & sanctions — we just don’t know for sure.
We were caught a bit flat footed by the scale of the fraud this round, and did not have the time or resources to create an informed group of stewards to do evaluation and sanctioning on such a large data set. So, we made this recommendation to preserve the governance processes legitimacy by giving each grant the best of both worlds, effectively walking the line between:
- Gitcoin community stewards putting their thumb on the scale (and harming accused cheaters).
2. Not putting it on the scale enough to help the projects that were cheated.
Because we had not gone through the evaluation step, and because a grant gaining or losing does not imply collusion on the part of the grants, we have also redacted the grant names that would gain / lose from these sanctions from this governance report. This data shows which projects would be most affected if fraud contributors (not grants) were removed from QF. Some of those grants could have just been collateral damage of the attackers, and we felt like redacting this information is the best way of preventing a nasty blame-game that (1) is based upon a misperception and (2) involves grants that we all know and love.
In the end, the community stewards did accept our recommendation, and that is why we ask the multisig holders to pay out $533k this round to grantees.
Gitcoin Grants is an iterative experiment in funding public goods, and a grounds to push forward open research problems regarding quadratic funding. It is a red team / blue team adversarial game, and we are thankful that as the blue team we have “home team advantage” in designing the mechanism.
Gitcoin (the company) is focused on being as credibly neutral as possible, but we have engaged with the Ethereum community to build the scaffold of a governance structure that is accountable to the values of the Ethereum community and is ready to scale in Round 10 & beyond.
If we could sum up what we learned this round, we would present the TLDR as “More Scale More Problems”. Luckily our partnership with BlockScience was in place well before it was needed, and the foundation for anti-sybil architecture is in place for us to harden the grants system in an iterative way.
After all is said and done, we are extremely proud of the $1.9mm that was allocated to the community for public goods this round, and are taking seriously the governance challenges that are needed to 10x or 100x that. If you have feedback, please let us know. And we’ll see you again in GR10 in June.
— Kevin and The Gitcoin Team