Gitcoin Knowledge Base
EN
EN
  • Welcome to Gitcoin
  • Gitcoin DAO
    • Initiatives
      • DAO Support
    • Workstream Resources
      • Full Accounting
      • Full Snapshot History
    • FDD FAQ
      • What is a Sybil attack?
    • DAO FAQ
      • What is GitcoinDAO?
      • What is Quadratic Lands?
      • What are governance workstreams?
      • How do I get involved in governance?
      • What is the Gitcoin Stewards Delegation Program?
      • Who chooses Stewards?
      • Tell me more about Stewardship.
      • Where does governance happen?
      • What does a future Gitcoin DAO look like?
      • Will you eventually dissolve Gitcoin as a company?
  • Gitcoin Token
    • GTC FAQ
      • Why is Gitcoin launching a token?
      • What is the address of GTC?
      • What is the GTC Issuance?
      • How do I claim my token ?
      • I try to claim my tokens on mobile and it didn't work!
      • I missed the GTC token claim, what happens next?
      • Quadratic Lands Token Distribution web3 support-Delegate Voting Power
      • Quadratic Lands Token Distribution web3 support- Token Claim
      • Quadratic Lands Token Distribution web3 support- Signed Message Vote
      • What happens to my delegations if I transfer the tokens to someone else?
      • What types of things can the community govern with GTC?
      • Why don’t I have tokens?
      • What is Quadratic Lands?
      • I missed the GTC token claim, what happens next?
      • How can I check the status of my grant?
      • What are governance workstreams?
      • Who chooses Stewards?
  • Gitcoin Grants
    • What are Gitcoin Grants ?
    • Grants FAQ
      • What is the scope of Gitcoin Grants?
      • Are there any grant rules I need to follow?
      • I'm a programmer who wants to build on Gitcoin Grants, where do I start?
      • I see a grant that I don't like, what do I do?
      • I've posted a grant, how do I maximize my contributions?
      • Tell me about the technology you're using for Gitcoin grants
      • What do I do if my contributions are missing
      • What is the Gitcoin Grants Roadmap?
      • What's Quadratic Funding?
      • Why isn't the match amount updating?
      • Why should I contribute?
      • How can I withdraw my funds from zksync?
      • How much volume has Gitcoin Grants done?
      • I see a bug or I've got a question, what do I do?
      • I see a grant that is not a public good on the platform, what do I do?
      • I want to explore Gitcoin's other products, where do I go?
      • What is Gitcoin's mission?
      • Why isn't my grant active?
      • Why is Quadratic funding powerful?
      • Where can I learn more?
      • Learn more about matching rounds
      • How does one decide between the Grant contribution checkout options?
      • How do I withdraw my funds from an L2 (zkSync and/or Polygon/Matic?)
      • How do you prevent Sybil attacks?
  • Gitcoin Bounties
    • Bounties FAQ
      • How do I get started with Bounties
      • How do I submit work?
  • Gitcoin Quests
    • Quests FAQ
      • How do I mint a kudo?
      • How do I use kudos ?
      • Why can't I access my account?
  • External links
    • Moonshot Collective
  • Gitcoin Policy
    • Code of Conduct
    • Policy
      • Introduction
        • The Gitcoin Mission
        • What are we protecting ?
        • Why Quadratic Funding Through Gitcoin Grants Matters ?
        • Red Team vs Blue Team
        • Legitimacy as a North Star for Gitcoin Grants
      • Gitcoin Grants Platform and Technology
      • Governance
        • Accepting Round Results
        • Making Policy Updates
        • Subjective Decisions
        • Accepting Workstreams
        • Stewards Role
        • Credible Neutrality
      • GitcoinDAO Role in Grants
      • Collection Levels & Participation Policies
        • Ecosystem Acceptance
        • Round Acceptance
        • Sub-Round Acceptance
        • Side-Round Acceptance
      • Grant Participation Policy
        • The Grant Approval Process
        • Platform Level Grant Participation Policy
        • Ecosystem Level Grant Participation Policy
          • Side Round Ecosystem Policy Documentation
            • Ethereum Ecosystem Participation Policy (GR11, GR10, GR9, etc.)
            • GitcoinDAO Ecosystem Participation Policy
            • All Exclusive Ecosystem Policy Documentation
      • User Participation Policy
        • Round User Participation Policy
        • Ethereum Ecosystem User Participation Policy Documentation
        • Ecosystem Level User Participation Policy
        • Platform Level User Participation Policy
        • User Disputes, Sanctions, and Appeals
      • Understanding Potential Attack Vectors
        • Fraud/Impersonation
        • Collusion Attack
        • Sybil Attack
        • Bribery/Quid Pro Quo
      • Fraud Deterrent Mechanisms
        • Trustbonus
        • Identity Requirements
        • Integration to DID
        • Pairwise Bounding
        • Minimum Donation
      • Active Defense Measures
        • Sybil Detection by Machine Learning
        • Crowdsourced Flagging
        • Human Review
      • The Fraud Tax
      • Community Oversight
      • Appeals
        • Introduction to Appeals
        • Introduction to Appeals for Denied Grants.
        • Appeal Process - Stage 1
        • Appeal Process - Stage 2
Powered by GitBook
On this page

Was this helpful?

  1. Gitcoin Policy
  2. Policy
  3. Understanding Potential Attack Vectors

Bribery/Quid Pro Quo

PreviousSybil AttackNextFraud Deterrent Mechanisms

Last updated 3 years ago

Was this helpful?

Attack: Blockchain technology offers unprecedented, decentralized transactional transparency, which is necessary for trustless coordination. But it can also lead to instances of bribery that could sway the QF algorithm to benefit a particular org. For example projects have promised token airdrops to users who have given to their grant. This is a form of quid pro quo in exchange for collusion to maximize their matching fund distribution, which is possible because send addresses are public.

However, not all airdrops are malicious. an Ethereum project offered tokens for anyone who participated in Gitcoin Grants, no matter which grants they funded. But regardless of the intent, this behavior also may cause unintended consequences. If airdrops for Gitcoin Grants participants become common, users may employ bots to donate a small amount to many grants in the hopes of token profits later on.

It is worth noting that sometimes bribes are not explicitly offered, but can still be problematic even when they are implied, as is . While not promising tokens, they do make a point to mention they will soon have one. It’s reasonable to believe they are implying that anyone participating in their grant now, will receive tokens in the future. This grey area is something we continue to work with the community stewards to define policy on.

Another consideration is what effect bots donating might have on the quadratic funding mechanism. Sybil accounts using bots to donate to a collection of grants they think are most likely to offer a token airdrop would skew the payouts from the matching pool. A bot that donates evenly across all grants would not have this same effect.

Gitcoin Action: In the case of an explicit bribe in which a quid-pro-quo is offered and a smoking gun evidence for the same is presented, we will take action to remove the grant from the matching pool.

In cases in which bribes are not explicit, then we expect resolution will come through a formal community governance process.

  • Well-Funded Grants & Community Self Policing

Grants Round 9 also presented an interesting concern that does not fall into an attack category, but did raise questions of legitimacy from the community. Maskbook is a fully funded Web3 project who sponsored the GR9 Hackathon. They released their token in February, 2021 which included a retroactive distribution to anyone who supported their grant in previous rounds.

The controversial part of this is at the time Maskbook still had an active grant. So the community questioned whether or not it is appropriate for funded projects to participate in grants rounds and benefiting from QF matching, particularly if they had set a precedent for rewarding past grant contributors. In this case Maskbook acted quickly and stopped accepting matched funds, which seems in line with the expectations of the Ethereum community.

Both examples show the community was willing to police itself so that direct intervention from the Gitcoin Team was not necessary. This is an important observation to note. The more the community rewards good actors, and deters bad actors, the less the Gitcoin Team needs to be involved in governance decisions.

Gitcoin Action: In the case in which a grant owner decides to remove their grant from matching, we will do it for them.

Right now there is no policy against grants having business models, token models, or VC fundraising, but in the future community stewards (in cooperation with the Gitcoin community as a whole) could create one if they wanted.

Another example is who also had an active grant, but proactively stopped accepting funds from the match pool after their financial future was secured late last year.

Vocdoni
In this example
the case with Minerva