Mirror Security

With the recent fraudulent polls stemming from an address created in September 2021 worth over $1 million (180, 177, 173, and more) making a joke out of the Governance Section by trying to exploit users trust, ignorance, and greed, I think it is time to discuss security of the Mirror Protocol. As the user (Terra Finder) has just deposited another 100 MIR into their account, I suspect another fraudulent poll may be on the way.

I would like to open up a discussion on how to prevent fraudulent polls. So long as the gains are greater than the losses, fraudulent polls will keep popping up. MIR needs to develop a method not only to stop them in the first place (adding a layer of security), but also must make the scams very costly and time consuming so the risk outweighs the benefit.

Currently, there is no real risk to creating fraudulent polls besides spending 1 minute to create a poll and possibly losing 100 MIR if your poll does not reach quorum while the rewards might be something like 5% of the community pool (about $6 million based on MIR value today).

A few ideas:

  • banning addresses deemed by the community to create fraudulent polls from participating in governance
  • requiring a minimum address age to create polls (6 months or a year)
  • passing polls through a preliminary community review and vote before they appear on the governance page so people may issue their warnings there first, rather than risking their own MIR to warn the community on the governance page
  • creating a proposal template that must be filled out and submitted to the community for preliminary review

I had the following suggestion in another thread.

To solve the random poll issue and to avoid the scammers from sneaking-in fraudulent polls (e.g., #164, #177) or ill-intended polls (e.g, #169, 173, #180), the following measures may be considered and implemented so that the voters are informed before casting their votes and the fraudulent poll creators are penalized to a certain degree.

(1) All polls need to have a link to the forum for forum discussion.
(2) Casting of the votes would not be enabled until the linked forum topics meets the following conditions:
—(a) X-day old (let’s say X = 7), and
—(b) View count is greater than Y (let’s say Y = 100), and
—(c) Discussed by at least Z forum participants (let’s Z = 5)
(3) The poll deposit will be forfeited if
—(a) The vote count fails to reach threshold, or
—(b) The ratio of final No/Yes votes is greater than 3

1 Like

So how would the community go about doing this? If a poll was passed to modify governance parameters to require a sort of pre-approval process, would the change actually be implemented or would it go the ways of a text poll? At the moment when I look at the modify governance parameters section there are optional parameters that can be changed, but nothing like requiring a message board discussion. Is this something we’d need to wait until V3 for?