zaki9501 / Pgf-flaw-

0 stars 0 forks source link

Potential pgf steward Vulnerabilities in Namada #1

Open zaki9501 opened 7 months ago

zaki9501 commented 7 months ago

Description:

The current governance model in Namada introduces vulnerabilities that could be exploited by individuals with significant resources to manipulate the election of stewards. These vulnerabilities stem from the lack of constraints on the number of wallets a participant can use to vote and the absence of a minimum stake requirement for validators.

Issues Identified:

1: Multiple Wallets for Voting: The ability for participants to create multiple wallets to vote on governance proposals increases the risk of vote manipulation. Without restrictions or identity verification mechanisms, malicious actors could accumulate voting power and influence the outcome of elections unfairly.

2: Lack of Minimum Stake Requirement: The absence of a minimum stake requirement for validators allows individuals to create validators solely to increase their voting power. This could lead to a concentration of influence in the hands of a few entities, undermining decentralization and fairness in governance.

3: Potential for Self-Dealing: If elected as a steward, individuals could use the rewards received from the public goods funding pool to strengthen their position by bonding tokens to their own validators. This could exacerbate the concentration of power and create conflicts of interest within the ecosystem.

4: Accumulation of NAAN Rewards by Stewards: Elected stewards receive significant NAAN rewards, potentially leading to the concentration of wealth and influence within the governance process. This accumulation of NAAN rewards could further exacerbate disparities in voting power and create incentives for self-serving behavior.

Flaw: The flaw lies in the unrestricted ability of stewards to generate multiple proposals without limitations or oversight. This opens the door for potential abuse, as stewards could flood the governance platform with low-quality or irrelevant proposals, making it challenging for the community to effectively review and prioritize them.

Impact:

Cluttered Governance Platform: Proposal spamming by stewards can clutter the governance platform, making it difficult for community members to identify and prioritize valuable proposals. Diluted Quality of Proposals: The influx of spammy or irrelevant proposals can dilute the overall quality of proposals on the platform, diminishing the effectiveness of the governance process. Reduced Community Participation: Excessive clutter and spam may discourage community members from actively participating in the governance process, leading to decreased engagement and less representative decision-making.

Recommendations:

Implement Minimum Stake Requirements: Introduce minimum stake requirements for validators to participate in governance, ensuring that only participants with a significant stake in the network can influence decision-making processes.

Enhance Identity Verification: Implement identity verification mechanisms to prevent individuals from creating multiple wallets to manipulate voting outcomes. This could include KYC procedures or linking voting rights to verified accounts.

Monitor Voting Patterns: Implement tools to monitor voting patterns and detect suspicious activity, such as large-scale coordination of votes from multiple wallets. This would enable the identification and mitigation of potential instances of manipulation.

Additional Concern:

Purpose of Stewards and NAAN Rewards: There is a lack of clarity regarding the role and necessity of stewards within the governance model of Namada, as well as the rationale behind the significant NAAN rewards they receive. Further clarification on the purpose of stewards and the distribution of NAAN rewards would enhance transparency and understanding within the community.

Conclusion:

Addressing these vulnerabilities is crucial to maintaining the integrity and fairness of Namada's governance process. By implementing measures such as minimum stake requirements, enhanced monitoring of voting patterns, the project can safeguard against manipulation and ensure that decision-making processes reflect the genuine interests of the community.

zaki9501 commented 7 months ago

To prove that there is a flaw in pgf steward I did a test proposal initiate a pgf proposal id 489 start epoch 70 end epoch 72 in the first epoch then funded all wallets using my steward multisisg wallet I voted yay on my proposal using multiple wallets with small bonds and now after grace period i can see that my proposal was passed and i see most of the big validator holding major voting didn't even voted or voted nay on my proposal after that I'm able to pass my steward proposal. If i can do this everyone can do this one stewrad can creat multiple steward, I see there is no major use case or need of steward or any usefulness. also if any if network down or halt or any of reason cause that validator slashing then is so easy to make governance proposal and manuplate them.

link of my proposal : https://namada.valopers.com/proposal/489

note: i did this all just to prove that its possible having no intention

zaki9501 commented 7 months ago

Governance adds 1 internal address:

PGF internal address

The internal address VP will hold the allowance of 10% inflation of NAM. This funding is allocated to the internal address at the start of each epoch.

zaki9501 commented 7 months ago

Governance adds 1 internal address:

PGF internal address

The internal address VP will hold the allowance of 10% inflation of NAM. This funding is allocated to the internal address at the start of each epoch.

What does that exactly mean in practice?

Say in the beginning there are 1000 NAM in total. PFG is then set to 100 NAM and total NAM becomes 1100.

Next epoch total NAM starts at 1100, PGF gets 110 NAM or is set to 110 NAM? And total NAM becomes 1210 or 1110 if PGF did not spend any NAM?

by: Rigorous