HIP: 57 title: Vouchallenger removals framework author: ludoviko.eth status: Phase-1 created: 2022-07-16
This HIP proposes a framework to allow to make removal requests under any of the already existing reasons for removal, in cases where an account is evidently vouching maliciously.
The proposal will allow vouchallengers to be removed if they meet the vouchallenger definition in the body of this HIP. Vouchallengers will be removed and cannot re-register after a period. This will be enforced by a modification of the PoH policy. It will not be retroactive but the ratio from previous actions will be considered if there is a new vouchallenge.
Vouching a profile is an act of responsibly giving the recognition of a legitimate and valid submission to the registry. Since the launch of Proof of Humanity, vouchallenging as in “the act of using the vouch feature of registered humans to make another profile vulnerable to challenge” has become a serious issue. As of the day that this HIP is being written, 57 profiles have more challenged vouched profiles than valid vouches, resulting in 211 challenges and a damage to the registrants totalling around 25 ETH. and the number is growing. A series of governanceposts raising the issue and some solutions were proposed during this time. @donosonaumczuk has proposed a robust and good approach for L2 rollups and future upgrades to PoH’s smart contract, but in the meantime there are possible solutions that could make it harder (important! not impossible!) for malicious actors to continue this attack.
1. Add removal criteria
In the latest PoH policy version, there are some explicit criteria to ask for a profile removal. A new removal criteria that allows a vouchallenger to be removed can be added. We can instruct jurors that in the case of a removal of a vouchallenger, if the alleged vouchallenger challenges this removal, to rule against the vouchallenger (effectively removing them from the registry).
2. Add admission criteria
In order to avoid the vouchallenge to re-register after a removal, another modification to the document will allow the cases where the removal was due to a vouchallenge to be inadmissible for a period (to be determined in future phases).
3. Conditions to consider a vouchallenger as such
To be precised before Phase 2 voting. The most supported option informally was
- At least 4 vouches total
- A ratio of more than 1 to 3 (more than 1 vouchallenge in 3). Example: 10 vouches that ended in challenge over 30 total is accepted. If there is an 11th vouchallenge, then it fits the vouchallenge criteria.
- Option to be considered: Make the victim the only person allowed to perform the removal (this would prevents an abuse of this norm from malicious actors)
This HIP is not retroactive to profiles that performed vouchallenged in the past. However, if a previously active vouchallenger performs a new attack, the total ratio will be considered (not the ratio from the start of the validity of this HIP).
- More robust solutions than this one will come in the future, but this solution tries to ammend the situation as of today, which has brought a large impact to the registration process.
- The ratioes proposed to consider what is a reasonable margin of a person range from 1 vouchallenge every 2 total vouches (1:2 ratio) or 1:3 ratio.
Challenges to the removal of a vouchallenger should be ruled against the challenger in cased of a dispute or, as an alternative, challenge to such removals (of the vouchallenger) should provide evidence that the holder of the vouchallenged person received consent from the vouched person of such act.