Proposal: Make CXD the governance token of CortexDAO

CIP: [to be assigned]
Status: Discussion
Author(s): awinter
Discussions-to: https://forum.cortexdao.io/t/proposal-make-cxd-the-governance-token-of-cortexdao
Created: 06-01-2022
Quorum: 4% of vlCXD / 50% of voting vlCXD must be in favor of the proposal

–Simple Summary–
Make CXD the governance token of CortexDAO.

–Abstract–
Make CXD the official governance token of CortexDAO. Votes will be counted by the number of CXD held directly, or locked within any CortexDAO-owned or approved smart contract.

–Motivation–
In the current methodology, vlCXD tokens are the sole governance tokens of the CortexDAO. vlCXD tokens are created as a function of the number of CXD tokens and the duration of their lock.

Current flaws:

  • DAO attack vulnerability. The DAO may be successfully attacked by an entity owning far less than 50% of the CXD tokens, as long as they commit to a 4-year lock. The lock can then be removed once the attacker has control of the DAO.
    ** CXD holders cannot defend against an attack as those are not governance tokens.
    ** The average lock duration is 2.06 years, meaning an attacker willing to do a 4-year lock will have 2x the voting power of the average governance member per number of CXD owned.
  • Institutional reluctance. Well-intentioned financial institutions will be hesitant to commit to a lock-up period, meaning they will not meaningfully participate in the governance of this DAO.
  • Time locks do not keep people in, so much as encourage people to stay out. It results in a depressed token value. Pickle.Finance uses a time-lock model similar to the current CortexDAO model where one locks PICKLE tokens for DILL tokens, and more DILL is earned based on the length of the lock. DILL is the governance token. DILL receives a portion of the platform rewards. PICKLE is akin to CXD and DILL is analogous to vlCXD. The PICKLE token recently hit its all time low (on May 28th).

Voting

–FOR:–
Short description of what a future voter will be voting for.

–AGAINST:–
Short description of what a future voter will be voting against.

–Copyright–
Copyright and related rights waived via CC0

1 Like

I strongly agree with every point raised against using vlCXD as governance token. CXD should be used as governance token and CXD locking should only be used for reward benefit or single sided staking like feature. I am not very comfortable to lock CXD for long and gas fee is prohibitive for short term lockings. This simply means that I cannot participate in DAO voting despite being a top 100 holder. I am citing my case to strengthen @awinter point about using CXD as governance token. Locking of any kind depresses holder enthusiasm and inhibits participation especially during the early stage of the project

Wanted to add information to this discussion in hopes to introduce alternative perspectives to some of the viewpoints expressed in the OP.

  • DAO attack vectors exist regardless of having a lock v not. There are existing cases that show where not having a lock can easily be exploited via flash loan. Example: Beanstalk Farms where the attack took a total of 13 seconds to execute..

  • There are also instances where vote-locking alone did not initially prevent a governance attack against Curve, but it did provide Curve with the time to respond to the attack. Mochi. The attack was ultimately prevented by an Emergency DAO that Curve established and empowered to defend against attack. With the Emergency DAO, token holder participation (whether locked or not) is not necessary to respond to attacks and has proven effective.

  • Attack vectors are not necessarily of concern at the moment as the protocol does not use on-chain voting yet. However, should on-chain voting become desired (or required) those vectors become available. WRT gas fees, if on-chain voting is activated, gas fees would be required to vote anyway.

  • While it is reasonable to assume that Institutional investment may pause when considering an investment that requires locking, it is difficult to determine exactly if that is the deal-breaker. There is demonstrated interest from larger investors in other protocols that have lock-up periods (where your investment is diluted if you don’t stake) ranging from L1s like Cosmos and Polkadot to Yearn Finance after their merger with Akropolis. So while the outlook that there could be some friction with institutions with regards to vote-locking is reasonable, institutions have yet to provide a resounding ‘Yes’ or ‘No’ to take informed action. There is also opportunity for institutional whitelists (approved through governance of course), if this truly becomes an obstacle. The point is here that action should be considered in response to actual rejection rather than assumed disinterest.

  • Building on the above, it would be reasonable to say that institutions have found ways to participate in protocols that otherwise wouldn’t be a fit; this initial participation can open the door to deeper involvement in the platform. An institution, for instance, could buy idxCVX and stake for exposure to CXD. The idxCVX purchase would directly benefit vote-lockers (fee share), the institution would gain access to CXD and then an opportunity to discuss staking that CXD could be had.

  • Protocols with time-locks have actually shown an increase in average lock period and supply. As stated in the OP, the average lock duration for CortexDAO is 2.06 years and the amount of tokens locked have increased, especially after the announcement of fee distribution. CortexDAO Token Analytics. According to the Messari Valuation Report on Curve Finance released in December 2021, the average lockup period is 3.7 years and 350m CRV tokens were locked. The current average remains similar at 3.63 years with nearly 460m locked CRV..

  • It is challenging to accurately tie price action directly to any particular tokenomic especially in the throws of the current market conditions. There are also a number of projects that opt for token buy back programs and do not have vote locking that have suffered the same price action as the example used in the OP so the cause. I’ll leave further comments regarding token buy-back to the other proposal.

  • The major audience the DAO seeks to target are existing Curve and Convex users. Yearn may also have a user base worth exploring that operates in the same realm. All of which have users that are already accustomed to vote-locking mechanisms. Additionally, these communities benefit from vote bribes which is an opportunity (ambitious long term goals) CortexDAO might not be afforded without vote-locking. Being recognizable with a target audience is an advantage.

  • All monetary reward aside, vote-locking expresses a specific and targeted action in support and show of alignment with the long term mission of a project. Not to say that unlocked token holders can’t align just the same and does potential to create a barrier to entry, it also has potential to encourage a strong and engaged community where those participating in the decision making about platform performance have skin in the game that goes beyond speculating on the token price. Speculation that will occur regardless of vote-locking just as unlocked Curve, Convex and Yearn tokens are already included in popular crypto indexes and derivative exchange trading.

While it’s clear where I am (currently) on this issue, this is not an attempt to push an agenda of my own or sabotage @awinter’s efforts. I wanted to present this data with the goal to expand the conversation regarding the perceived flaws identified in the OP. I noticed other members expressing support FOR vote-locking in the Discord/Telegram chats but also a lack of posts on the OP itself. Well-informed electorate is the prerequisite for democracy and all that.

Most of all I want to thank Awinter for his contribution in kicking off debate on these issues. It’s important we openly discuss anything we feel would improve the CortexDAO, enrich its membership, and secure success for the platform is governs.

4 Likes

It seems the primary purpose of this proposal is to protect against an attacker that 51% attacks governance, manipulates the protocol, then passes a proposal to unwind the vlCXD contract so they can recover their CXD.

This is a very valid point, major kudos to @awinter for bringing it to light.

Vote-locking does have a lot of potential. None of us can argue that Curve has had great success with it. However, they did inadvertently protect themselves from this attack vector. Nothing, not even governance, can unwind CRV once it’s locked in veCRV.

Vote-locking is also a security measure itself, it prevents a range of possible attack vectors, such as a CEX voting with user tokens. If the attacker did not have the capacity to recover locked CXD, I am of the opinion that vote-locking reduces the likelihood of a 51% attack.

Based off of the ideas in this proposal, here are some additional possibilities to consider that balance governance security with governance usability:

  • Create strict requirements in the DAO constitution for vote-lock token changes. High quorum requirements would increase the cost of the attack, but not prevent it.

  • A potentially better solution than quorum requirements, is to qualify the vote-lock unwind feature as an emergency operation. Instead of a direct governance vote, it must be approved by trusted individuals in a multisig that ideally includes both DAO core contributors and trusted DAO members. The unwind feature is intended to be an emergency measure, so codifying our treatment of it as one makes sense.

  • Allow CXD holders to vote, but with a reduced voting power relative to vlCXD. This opens up some of the attack vectors that vote-locking protects against, but limits their impact. Institutions and users such as @prakashkr could then participate as if they were frequently locking for short time periods, without the gas cost.

2 Likes

Thanks @will for the detailed discussion. The idea to allow CXD holder to vote with reduced voting power is a reasonable approach that will take care of both side (CXD holders & vlCXD holders) without significantly increasing the attack vector.

If a proposal of interest is running close then I would lock CXD for short duration to vote. But I would wish if that (spending gas to vote) could be avoided

1 Like

Thanks @Will for the thoughtful response. Like @prakashkr I too prefer the CXD holder to be able to vote but with reduced voting power option of the 3 mentioned.

I suggest a fourth option: Being able to unlock tokens immediately, but with a penalty. Alchemix is doing with their veALCX Rage Quit function.

I would personally consider a 4 year lock with a rage quit option. I need an out of some fashion.

I made my argument on making CXD the governance token above using the security argument because that was my strongest argument and the most objective. There is a second argument, as to why I don’t want to lock up my CXD for 4 years, that I didn’t include because it is considerably less objective. I don’t want to. I’m a major supporter of the project and have been for awhile. I’m active on Discord, help others out, I put in proposals. I believed the APY.Finance approach was a good one, and I think the CortexDAO index token approach is even better (good pivot), and will be more easily adopted by institutions. I like the team (including yourself) and the investors. I also own a lot of CXD (about 2% of the total supply). I can’t get comfortable with a 4 year unbreakable lock. I can’t see that far. It’s just too much money to lock up. Even if the DAO were attacked, and you needed my CXD to turn to vlCXD to defend it successfully … I don’t know I’d commit that even then. Not for lack of appreciation of the project, or the leadership, simply the commitment that says those tokens will be safeguarded in their best use and I’ll have no need for the underlying funds within that time horizon (which happens to overlap with when my kids will be in college and graduate school). So…I am currently staking my CXD for 2 weeks at a time. Maybe I’ll go a month or two…but so far it really isn’t worth it. I paid gas to stake the tokens and this week got 2.05 3CRV ($2.10), the cost of which to claim it right now would be $18.52. I gain voting rights in the DAO…but based on my paltry weekly fee distribution, my vote would be significantly undersized relative to my underlying CXD holdings. This is why I’m personally disinterested in a lengthly lock of my CXD tokens.

2 Likes

I would be ok with the rage quit function but there needs to be a time delay long enough so that an attacker does not have time to unlock and withdraw before the Cortex team and or community can decide to take action in whatever form to stop and or reverse and or limit the impact of an unforeseen attack or manipulation event.

There also needs to be a limit in the number of wallets that can rage quit in a day/week etc. We don’t want a death spiral/“bank run” where millions of CXD are unlocked and sold on to the market. If there is no time delay I’d imagine the attacker would have large locked CXD amounts in multiple wallets and would attack in a concerted way, no matter how large the fees are to unlock and send to a DEX/CEX in total it still would be cost effective to do so.

3 Likes