Bribery/Quid Pro Quo

Attack: Blockchain technology offers unprecedented, decentralized transactional transparency, which is necessary for trustless coordination. But it can also lead to instances of bribery that could sway the QF algorithm to benefit a particular org. For example projects have promised token airdrops to users who have given to their grant. This is a form of quid pro quo in exchange for collusion to maximize their matching fund distribution, which is possible because send addresses are public.

However, not all airdrops are malicious. an Ethereum project offered tokens for anyone who participated in Gitcoin Grants, no matter which grants they funded. But regardless of the intent, this behavior also may cause unintended consequences. If airdrops for Gitcoin Grants participants become common, users may employ bots to donate a small amount to many grants in the hopes of token profits later on.

It is worth noting that sometimes bribes are not explicitly offered, but can still be problematic even when they are implied, as is . While not promising tokens, they do make a point to mention they will soon have one. It’s reasonable to believe they are implying that anyone participating in their grant now, will receive tokens in the future. This grey area is something we continue to work with the community stewards to define policy on.

Another consideration is what effect bots donating might have on the quadratic funding mechanism. Sybil accounts using bots to donate to a collection of grants they think are most likely to offer a token airdrop would skew the payouts from the matching pool. A bot that donates evenly across all grants would not have this same effect.

Gitcoin Action: In the case of an explicit bribe in which a quid-pro-quo is offered and a smoking gun evidence for the same is presented, we will take action to remove the grant from the matching pool.

In cases in which bribes are not explicit, then we expect resolution will come through a formal community governance process.

• Well-Funded Grants & Community Self Policing

Grants Round 9 also presented an interesting concern that does not fall into an attack category, but did raise questions of legitimacy from the community. Maskbook is a fully funded Web3 project who sponsored the GR9 Hackathon. They released their token in February, 2021 which included a retroactive distribution to anyone who supported their grant in previous rounds.

The controversial part of this is at the time Maskbook still had an active grant. So the community questioned whether or not it is appropriate for funded projects to participate in grants rounds and benefiting from QF matching, particularly if they had set a precedent for rewarding past grant contributors. In this case Maskbook acted quickly and stopped accepting matched funds, which seems in line with the expectations of the Ethereum community.

Both examples show the community was willing to police itself so that direct intervention from the Gitcoin Team was not necessary. This is an important observation to note. The more the community rewards good actors, and deters bad actors, the less the Gitcoin Team needs to be involved in governance decisions.

Gitcoin Action: In the case in which a grant owner decides to remove their grant from matching, we will do it for them.

Right now there is no policy against grants having business models, token models, or VC fundraising, but in the future community stewards (in cooperation with the Gitcoin community as a whole) could create one if they wanted.