Before reading your post I was just thinking that a malicious actor could borrow the Ren in order to make an attack. There would be no need to buy if they could leverage a loan.
not sure what the difference would be, taking a loan requires collateral.
So buying REN on market and then dump after vote or get REN through loan that you pay back after vote kinda has same effect. Other than taking loan costs you more (fees)
but yea, point being, in both scenarios they would be gaming the votes
This is a good thing to discuss and think about when building out our governance, but just to keep in mind, this type of governance attack is not possible in Ren governance currently, because we couldnāt make all governance on-chain even if we wanted. Compared to some other protocols like Compound or TSD DAO, RenVM is not on Ethereum on-chain, while these other protocols can be because they are only a set of smart contracts. RenVM is a separate network, and most changes to RenVM require node operators to update their nodes, not anything some kind of vote could enforce.
On-chain governance could be implemented for each host chain where we have a set of gateway contracts, where weād like to change the minting/burning fee, but itās probably not attractive to have on-chain governance because each host chain would have a different voting system (unless itās an EVM-fork, and not every chain will be), and it would be a mess to use different on-chain DAO contracts for different chains. Having some structure, either on-chain somehow or not, that abstracts all contracts aside from RenVM base-layer, is what we need to develop if we want our governance to work properly. Thatās potentially something that can be bult out on RenVM directly when it has general smart-contract capability, but I still donāt think it would have that kind of vulnerability like TSD DAO did where you can acquire enough tokens and then control everything, because fundamentally darknodes still power the whole system and canāt be forced to do anything through a vote.
Fair points @MaxRoszko and I agree most things donāt apply in renVMās case.
I was mostly referring to governance decisions such as treasury expenditure which can indeed be on-chain through platforms such as Aragon. Someone with high voting power could in those situations put up some bogus poll to allocate funds to themselves and vote that through.
For simple off-chain voting not linked to on-chain execution I fully agree, those attacks are not possible
i found very interesting this article and relevant on this RFC