rfp for smart nominations

[mmagician]

Request for Proposals

Abstract

Create a smart contract which manages the users' nominations.

Checklist

• [x] I have checked the open and implemented RFPs to make sure this is not a duplicate.
• [x] I have read and followed the RFP Suggestion instructions.

[mmagician]

How would that technically work? Would the nominators denote the smart contract's address as controller address?

Yes, probably the user will need to set the smart contract address as the controller and then call the nominate method of the contract (at which point the contract should have the permission to stake the users' funds). I guess exact implementation TBD by the grantee.

[Noc2]

Interesting RFP. Btw. I think this becomes really interesting with XCMP and different tokens which you can stake. If you are not already aware of it, I recommend taking a look at yearn.finance. I think yearn for staking tokens with different strategies similar to the vaults would be extremely interesting: https://yearn.finance/vaults Potentially even together with an integrated insurance pool.

[burdges]

I'm against this.. strongly.

Nominating is labor done with a tool called dots, not investing in which someone else manages your money. Nominators should talk with validators, figure out who they trust, and then designate the trusted validators using their capital. If nominators do not do the work of figuring out who they trust then we should not be paying them. If we knew who to trust automatically then we'd do this ourselves and would not pay nominators.

We're no longer secure if too many nominators behave the same, including by too many nominating people they have no out-of-network reason to trust. We shot down restrictions on validator commission changes for exactly this reason.

Yes, some folks will do this anyways, but they're parasites. One day after we're much larger we should explore slashing condition that nail people who automate selecting nominators. Although I fear this crap is our kryptonite, which makes addressing this hard. Almost like Zcash's t-addresses are their kryptonite.

Attacks are dead simple: Eve has 1 validator worth of dots in thousands of accounts. Eve creates a validator Vlad. Eve slowly backs her validator from all her different accounts, which looks organic. Eve behaves slightly more like nominators desire than real validators do, like by maintaining a lower commission for longer. As more strangers' nominate Vlad, Eve slowly removes her own stake until Vlad is 100% staked by strangers. At this point, Eve starts another validator Victor with her dots. Victor reports a soundness violation by Vlad, which turns out to be real since Eve holds Vlad's keys. Vlad and all his nominators are slashed 100%. Victor claims 20% (?) of this slash for Eve. As Vlad really violated soundness, governance will never revert the slash. We'd let Eve get away with this since she only attacked nominators not the chain itself. In fact, we automate the punishment of people who automate nominations in exactly this way, except probably then nerf the slash to 1% or 10%.

I'll pre-emptively close this.. way too dangerous.

[burdges]

We need a conversation about how to advise nominators that they require more nominators. It's surely hard to know enough non-whale validator operators personally if you do not work at parity or w3f. Assuming you avoid the true whales, there is still much safety in choosing the "small whales" who run 2+ validators, and this is less than idea. I'd prefer some "meet your validators" social efforts, but scale matters.

[mmagician]

@burdges

If nominators do not do the work of figuring out who they trust then we should not be paying them.

I agree with the above and with what you wrote in general. It all sounds good in theory, but the reality is that we already have centralised exchanges which offer a 1-click nominations for a pretty good APY and I have a hard time imagining they distribute the stake among the best validators, rather than nominating their own addresses.

We need a conversation about how to advise nominators that they require more nominators. It's surely hard to know enough non-whale validator operators personally if you do not work at parity or w3f. Assuming you avoid the true whales, there is still much safety in choosing the "small whales" who run 2+ validators, and this is less than idea. I'd prefer some "meet your validators" social efforts, but scale matters.

Exactly. I assume the majority of the nominators don't personally know who they're nominating. We aren't yet a stage where a large share of validators promote themselves on social media etc (although there's certainly a market to be developed).

I'm not saying this is a silver bullet, and of course it has plenty of shortcomings you outlined. But in the present state, it's a shot at getting the DOTs off exchanges like Kraken and distributing it a little bit better, aiming to not aggregate too much yet still give users an experience comparable to the centralised "1-click nomination".

[alxs]

Isn't this pretty much what YieldScan does, which we previously funded?

[mmagician]

@alxs Yes exactly. I actually wasn't aware of YieldScan before, but indeed the objective is the same. The difference is in the implementation, in that I'm suggesting to use a smart contract, whereas they have an independent service (which you can also run locally as far as I can see). Also I'm not sure whether YieldScan will automatically update the nominations, e.g. with each new session.

[burdges]

we already have centralised exchanges which offer a 1-click nominations for a pretty good APY and I have a hard time imagining they distribute the stake among the best validators, rather than nominating their own addresses.

Yes, these staking whales who use other peoples money create a very real problem.

I assume the majority of the nominators don't personally know who they're nominating.

We should fix this ideally, but culture change is slow even if highly prioritized, which sounds unlikely.

Accepting we require messy compromises here..

I'm nervous about anything that disengages people from the staking interface, because although not ideal our staking interface gives us the means by which we communicate with nominators. I suppose some smart contract would be better for us than exchanges staking interfaces, but it still sounds pretty distancing.

What about tech ed doing a "new validators of the week" thing? We encourage operators in the 1000 validators program to submit content like a youtube video, which if half way decent gets mentioned by @laboon somewhere?

We can give validators a channel to make announcements to their nominators. Is there some reasons for people to send encrypted messages to account keys? We'd do that less well than others. We could encourage validators to set up announcement rooms on matrix for this purpose, and then certify the keys of the accounts with posting right for those rooms.

I'll think about more compromises here.. And maybe worth having a private, semi-public, or public discussions about this. We could make them give us a slot at polkadot decoded, but so far not clear if it'll support feedback that well.

[mmagician]

@burdges Also check out the follow-up grant by YieldScan. This clearly shows the need for such services.

[burdges]

So what is the advantage you see in smart contracts? Just an interface more like the exchanges?

At least crypto currency exchanges should owe their customers some fiduciary duty, which provides a proxy for trust. Yes, our whole industry exists in part because financial institutions violate this duty routinely, and the crypto currency exchanges look even sketchier, but still they're not intrinsically inviting attackers. It's bad if they nominate randos of course. It's also bad if they become too large too, because then their customers no longer aligns with our interests.

I therefore do not think exchanges having a simpler staking interface inherently justifies deploying easily gameable smart contracts. We could maybe fund legitimate journalism work that investigates the dominance of crypto currency exchanges or other whales. And "not your keys not your crypto currency" memes helps too. lol

[laboon]

I like the "Validator of the Week" idea although we'd have to find resources for it. We just hired Danny and Emre, and once you've done analysis a few times it should be pretty straightforward. Maybe something we could outsource to the community to also avoid accusations of favoritism?

[jonasW3F]

I like the "Validator of the Week" idea although we'd have to find resources for it. We just hired Danny and Emre, and once you've done analysis a few times it should be pretty straightforward. Maybe something we could outsource to the community to also avoid accusations of favoritism?

We implemented a "featured waiting validator" on the validator resource center. It currently switches with every refresh, but we'll implement a logic to randomize among the waiting set of validators (in addition to some requirement on self-stake) and feature that validator for about a month (or until she becomes active). The month is not set in stone and we can see if that is too long or too short.

[burdges]

We want a layer between nominators and validators, likely called endorsers or nomination delegatee or something. You could already make someone else your controller, but then they control your payment address too.

Instead, these endorser guys have a key that nominates just like a nominator does, and also recieves rewards just like a nominator does. We expect all rewards collect under a special balance, and then later the endorser triggers a payout pushing funds to all their nominators. Although endorser payouts could operate much like validator payouts, we should spend some time exploring other options because maybe other designs fit the "too many nominators" model better. Ask me or Al on element if interested and we'll make some reading suggestions.

We also need to figure out if endorsers demand a back sig or need the kick nominator feature validators use.

These endorsers act somewhat like a smart contract in that they only pay out correctly, but some human controls who they nominate. Their payout delays possible improve tax records for some people.