What makes a good voting system?
- Clarity: It should be clear what I'm voting on. Do I have to agree with every idea in the proposal to vote yes?
- Integrity: All valid votes should be counted and no invalid votes should be counted.
- Finality: There should be no "re-vote" or excessive delays in implementing a successful proposal.
- Cost: Voting should be cheap, especially in relation to the benefit of the proposal being voted on.
Here's how the two main approaches—off-chain and on-chain—stack up against these criteria as well as a description of how a hybrid "best of both worlds" approach could work.
On-chain voting: luxury, at a cost
Let's use Nouns as our on-chain exemplar. Its approach, which is a fork of Compound Finance's, work's like this.
A proposal is created in a blockchain transaction and stored within the DAO contract. The proposal includes not only the text of the proposal, but also the functions the DAO should call and the ETH transfers the DAO should make should the proposal succeed.
This makes it 100% clear from the beginning the specific transactions the voter is voting for.
Each vote is a transaction that updates the internal state of the DAO contract. The contract's logic prevents people from double voting, voting outside the voting period, or otherwise casting invalid votes.
Once the voting period ends, anyone can move a successful proposal to an execution queue. Once in the queue, the Nouns leadership has two days to veto the proposal after which anyone can trigger its execution.
By limiting the time that the veto can be executed in and also by making it an active decision, the veto power is made as narrow as possible and creates as much accountability as possible. Compare this to a system where proposals are "vetoed by default" because leadership has to decide to queue them and has no timebox in which to do this.
Overall an extremely solid system, but an expensive one as well. Storing proposal descriptions on-chain is expensive, but votes are the killer: each vote costs around 80k gas (about $5 USD at 35 gwei gas). For most DAOs it's not feasible to spend $2k–10k USD to make decisions, many of which will govern amounts of money on that order of magnitude.
Even Nouns, as on-chain DAO maxi as you get, has a different voting track for smaller proposals that need to be more cost-conscious.
Off-chain voting: you get what you pay for, or do you?
Off-chain voting systems like Snapshot.org are free for voters because they don't require a blockchain transaction to vote.
Instead, Snapshot is signature-based. Like on-chain voting, signature-based voting is secure against impersonation attacks. You don't have to trust Snapshot to be confident that no one can cast a vote and say it was from you.
However, you do need to trust Snapshot to prevent someone from casting 100 votes as themself (when they are only allowed one), from voting after the voting period ends, and you must trust them to remember to count your vote in the first place!
On-chain voting costs a lot in terms of gas, off-chain voting costs a lot in terms of trust. Fortunately Snapshot has a strong track record, but in the end DAOs must decide on the right cost to bear.
Snapshot also has issues on the Finality and Clarity points. Because Snapshot proposals are off-chain, their corresponding transactions need to get on-chain in order to be executed. Snapshot does not offer a built-in way to do this, nor does Snapshot by default offer a way to validate that a proposal can be unambiguously turned into an on-chain executable transaction.
How can we solve for this?
Off-chain voting, on-chain execution: the best of both worlds
On-chain voting will never be cheap. However, on-chain settlement is not very expensive. Can we combine it with cheaper off-chain voting to achieve a more secure but still inexpensive voting system?
Here is how off-chain voting can still result in on-chain execution:
- All Snapshot proposals must include transaction information in a structured, blockchain-readable format.
- When a proposal succeeds, anyone can store the proposed transactions on-chain, along with a pointer to the Snapshot proposal.
- After a specified "cooldown" period (e.g., 2 days), anyone can execute these transaction, provided a pre-specified oracle contract says the proposal passed.
- This oracle gets its information from the community, who submit their answers to the question "did the proposal pass?" Each answer requires a "bond" of ETH that is recoverable in the case the answer is truthful. Disputing someone's answer requires an increased bond, and dispute arbitration happens off-chain.
Any system that bridges off-chain data to the blockchain is only as good as the oracle. However, this method is far better than the alternative: DAO leaders parsing human language proposals into transactions and executing them at convenient times in the future.
Onward!