c4-judge
commented
1 year ago Picodes changed the severity to QA (Quality Assurance)
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago Picodes marked the issue as grade-c
yixxas
commented
1 year ago I believe medium severity to be appropriate for this issue from a game theory viewpoint because core function of the protocol's voting mechanism is impacted.
Votes made during the funding stage is extremely important to the protocol as it influences the way funds are distributed. We want to ensure that proposals voted upon by voters are in the fairest way possible. This includes reducing as much bias as we can in the voting process. The importance of the funding stage can also be seen in how voters are only given delegation reward IF they vote during the funding stage. Protocol wants to incentives users to vote.
Should Ajna gain sufficient adoption, it would not be unrealistic for hundreds of proposals to be proposed in the screening stage. It is inevitable for some users' choice of proposal to not make it through the screening stage. Which of the 10 proposals should these users vote for in such situations if they are indifferent to all of them? Because they still want to claim the delegation rewards, they are effectively forced to vote, and to use all of their votes for maximum reward. Ideally, if they do not want to influence or favour any proposal, they should give equal votes to all of the proposals. But this is an unreasonable and unrealistic expectation of what most voters would opt for.
Voters can only vote for one proposal for each call. This incurs gas cost for each call. Majority of voters who are disinterested in the proposals would not operate in this way. They will however, likely choose to put all of their votes on a proposal "randomly", as explained in the report. There would, at some point bound to be proposals that are close in votes competing for the final funding slot. This bias, or randomness in the current voting mechanism can possible influence the final outcome. Such randomness introduced in the voting process should be eliminated if there is a reasonable way to do so, and in a relatively straightforward manner that does not negatively affect other parts of the protocol.
I believe that allowing voters to abstain from voting in the funding stage will have an overall net positive effect.
Because voters can now abstain from voting and yet still be considered for rewards, one can argue that this mechanism would only encourage voters to vote in this way since they do not have to go through the available proposals that has made it through the screening stage and make a harder decision. This is especially true for voters who are reward-motivated.
However, I argue that the proposed solution incidentally benefits the protocol in a positive way. Now, voters who are disinterested in voting, either because they are disinterested in the votable proposals, or that they are disinterested in voting in general are automatically filtered out. This means that the voting results we get at the end of the funding stage are voted more accurately represents proposals that voters favour and are overall more beneficial for the protocol.
Furthermore, I believe we can all agree that the outcome of votes that are casted for no proposals, is significantly better than votes that are casted for a random proposal because proposal votes are no longer skewed in unintended and unexpected ways.
I hope that the judge would reevaluate this issue, and for the sponsor to weigh in on this issue.
c4-judge
commented
1 year ago Picodes marked the issue as grade-a
Picodes
commented
1 year ago Hi @yixxas, thanks for your comment.
I believe this kind of report is value-adding and are perfect for the new "Analyzes" category of contests (https://code4rena.notion.site/Analyses-Guidelines-and-FAQ-2808a71e08e44c81a985527194f5f118). However, even if I understand your point that "core function of the protocol's voting mechanism is impacted from game theory viewpoint", I won't accept this report as a valid Med or High, as everything is working as intended but you're pointing out that the original design may be questionable. However I'll change the QA grade.
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-grants/src/grants/base/StandardFunding.sol#L274-L293
Vulnerability details
Impact
Voters are forced to vote for one of the proposal, whether in favour or against, in order to claim delegation reward even if they are indifferent to all the proposals as their preferred choice of proposal did not make it through the screening stage.
Proof of Concept
We illustrate a very possible scenario. Voter participated in the screening stage, but unfortunately the proposal they voted for did not make it into the top 10. In the funding stage, none of the 10 proposals interests them, and they are indifferent to all of them.
However, in order to fully claim the delegate reward, they are forced to fully use their voting power. Since the gas cost is minimal if we vote for only one proposal, we will choose a proposal at random and give them all our votes, utilising all our voting power.
Votes allocated to a proposal hence may not be what users actually want to vote for, creating unfairness in the voting process, where the "lucky" proposal gets additional vote. Bias may even be introduced here, for eg, voters in this category will simply vote for the first proposal as it is the most convenient.
Note that the total number of votes cast in favour of a proposal matters and I quote from the white paper,
Tools Used
Manual Review
Recommended Mitigation Steps
Consider adding a way for voters to vote for none of the proposals in the funding stage, i.e. they still spend their votes (in order to incentive non-idle voters), but the votes going to none of the proposals.
Assessed type
Other