Coinholder voting poses a serious risk of conflicts of interest, enabling self-dealing by major stakeholders.
I would like proponents of it to prove me wrong.
The self-dealing threat:
A large coinholder wants to increase the amount of ZEC that they have.
They vote with their ZEC on a proposal that directly benefits them. (a funding grant, or enabling staking, which is further governance capture because stakers typically get votes)
Proposals overwhelmingly succeed in the whale’s favor, and now they have more ZEC to vote with.
Zcash’s privacy hides the self-dealing behavior.
Do we have some solution to this threat that I am unaware of? Am I modeling this inaccurately?
None of our governance today can claim to represent a majority of ZEC holders.
Awareness of governance votes among most Zcash coinholders is extremely low, be it coinholder voting or otherwise.
When coinholder votes occur, participation is severely constrained: the coinholder voting process is technically complex, requires reliance on untested software that demands seed phrase access, and lacks integration with widely used wallet applications. When ZCAP votes occur, you somehow have to find out about how to join the process, which no wallets advertise.
As a result, the vast majority of coinholders remain effectively excluded from governance.
This further exacerbates the existing reality: less than 300 individuals are voting in Zcash governance processes, let alone how few are surely participating in coinholder voting. (a process which comically voted to ratify its own relevance recently)
Prove to me that I am wrong: Coinholder voting represents a massive self-dealing risk, empowered by the inability to audit who is participating in Zcash coinholder votes (and how many) due to its incredible privacy.
I’ll be away for the rest of today, but can respond to your post in more detail tomorrow. In the meantime, I want to clarify one point you made:
Coinholders did not ratify their own relevance. The Coinholder Grants Program was overwhelmingly supported by the community, ZCAP, ZAC, and coinholders earlier this year when they all independently approved the Community & Coinholder Funding Model. What they ratified in this poll is that the Coinholder Grants Program will be limited to retroactive grants and follow the process described here. Coinholders should ratify this because it is their grants program, and the structure should reflect their preferences.
Thanks for raising these concerns, @emersonian. To start, I want to restate your example. In the context of the Coinholder Grants Program, the self-dealing concern would look something like this:
A large ZEC holder wants to increase their holdings. They submit a grant proposal to the program that, if approved, would direct funds to themselves or a project they control. Because voting power in this program is proportional to the amount of ZEC held in shielded addresses at the time of the vote, they can cast a large number of votes in favor of their own proposal. If their voting weight makes up a significant share of the total participation, the proposal could pass largely because of their own stake. Once the payout is made, they end up with even more ZEC, which in turn gives them more voting power in future funding rounds.
While the risk of self-dealing certainly exists, there are safeguards and processes in place to help mitigate it. First, since the program only funds completed, verifiable work on a retroactive basis, it is difficult for a participant to direct funds to themselves without producing something the community can inspect. In addition, the program uses a multisig keyholder system in which Keyholder Organizations are obligated to execute coinholder-approved payouts, but retain veto authority in limited cases involving legal, regulatory, or clear community-harm concerns. If, for example, the community believed low-quality proposals were being consistently approved over higher-quality ones due to manipulation, it could be within keyholder authority to block payment if there were clear community-harm concerns.
I agree with you. These are valid points. There is still a lot of friction in the coinholder voting process, and the number of steps required to participate makes it both technically complex and time-consuming. The current recommended process involves generating a new seed phrase, being aware of the vote and the registration window, moving all funds into that wallet during the window, leaving them untouched until registration closes, and then moving them out again. For security reasons, the seed phrase used for voting should never be reused. However, the seed itself is never revealed during the process, and the voting mechanism has undergone an independent security audit by Least Authority. Integrating the voting mechanism directly into wallets is necessary to make participation easier, more accessible, and secure.
We need to improve this experience, which means fixing bugs, integrating the app into wallets, and streamlining the process so it is less time-intensive. I have already asked users to share feedback on the bugs and pain points they encounter, and I have asked Hanh to apply for an ongoing Maintenance and Support grant to address these issues over time.
Wallet integration is definitely essential. Perhaps Hanh can add it to Ywallet or Zkool, and I also believe the Zashi team eventually plans to integrate it into their Zashi Vault product. Better communication is important as well, and in-wallet notifications about funding and governance events would help raise awareness. The good news is that with each vote, participation has grown, and I expect the process will become easier to use over time. The Coinholder Grants Program creates an incentive to improve the user experience and make it simpler for ZEC holders to participate. I think things will naturally improve over time as the program is launched and grows.
To be clear, the Coinholder Grants Program is focused on funding decisions, not protocol governance. That said, coinholders are sometimes polled to gather sentiment on governance-related matters. For example, earlier this year they were polled (alongside ZCAP, ZAC, and ZecHub) on which funding model should follow ZIP 1015. It is important to note that polling ZCAP, ZAC, or coinholders on governance topics is a way to measure community and coinholder sentiment, it is not governance itself. Protocol governance ultimately comes from the software that miners, node operators, exchanges, and users choose to run. No sentiment poll can force the network to run code that its participants do not accept.
I think this will become more evident over time now that there are multiple organizations contributing to protocol development and planning to run their own node implementations.
What happens when large whales use this influence to introduce protocol solutions which reduces the core technology under the pre-text of polling, using the scale of their holdings? For example:
Binance is under increased regulatory pressure and is considering delisting certain privacy coins, including Zcash, in the coming months unless certain measures are taken to enhance the transparency of transactions and ensure compliance with evolving regulatory standards.
If a coin holder vote held today to continue enhancing transparency of transactions, Binance can out vote any group.
That’s why we should stick with shielded voting only and none of these institutions will participate since they want to keep their holdings on the transparent side for compliance reasons.
Do you guys have evidence of this happening in reputable blockchains?
Either way, just like the board of director of a regular company can decide how to distribute the funds (or at least nominate someone that will do as they say), self-dealing may be fair depending of how you look at it. I wouldn’t vote that way personally, and I wouldn’t complain if it would happen here. I may sell my tokens if I see something I don’t like, and I’m sure others will do as well, which is certainly part of the reasons why self-dealing risk is not at all massive.
What is a massive risk, is me having to read people that may not have tokens in here. Looking forward for a way to filter out based on stake. I know many won’t like this, but they are going to have to deal with it.
But I agree that first you have to consider this dubious blockchain as reputable, second Zcash long years of POW distribution is much fairer than insta minted (scam)tokens and third voting on Zcash only concerns funding and not core changes.
The complexity of all this, though, may distract from a fundamental truth of blockchain systems. On-chain voting systems may provide a layer of communication, coordination and formality, but ultimately the mechanism for making really big changes remains essentially the same
One of the many good questions. Ultimately, I see it less as whether an action is “self-dealing” or not, and more as whether it’s right or wrong, which itself I personally see as a combination of ethics as well as how we want Zcash to be seen.
I have always thought that the dev fund as it was governed, was very much self dealing (/ wrong), from people that may, or totally may not even have tokens. And I have always seen this as wrong. I suppose things are probably changing because there has been a realization of this reality.
More specific to your question, we can question whether locking deprecated shielded pools users out of their funds is self-dealing, because it indeed financially benefits all other tokens holders.
All in all it’s complex. But all of the previous reasonings I have seen against stakeholders decision making were deeply flawed, to put it nicely. The concerns were legitimate, but it’s not like something better was ever really put forward. If we have a fund, only stakeholders are legitimate to decide how to spend it. It’s totally fine not to want that, in which case, the dev fund should just be terminated.
Things have been improving though, thanks in good part to @hanh & Shielded Labs, and I think we can all be thankful for this.