Preston Vander Vos

Daniel Cason, Gordon Liao, Sergio Mena et al.

Blockchain systems that settle financial transactions face a structural tension: the single validator that assembles each block holds unilateral power over transaction inclusion and ordering. Traditional markets curb this very power through front-running and market-manipulation laws. Regulators have flagged the absence of such rules as a first-order concern for blockchain-based financial infrastructure. In response, we introduce AMP, a multi-proposer protocol, on top of the Tendermint consensus algorithm, where no validator can control the flow of transactions into blocks. Instead, dedicated nodes called proposers sit between users and validators. They collect user transactions, group them into payloads, and broadcast the payloads to all validators. Consequently, there is no mempool, and AMP applies the design principle of separating dissemination from agreement, which can lead to higher throughput. Validators publicly attest to receiving payloads and run consensus to decide the set of payloads to include in the next block. When all correct validators attest to a given payload, AMP guarantees that payload will be included in the next block; a block thus contains payloads from multiple proposers, allowing for bulk finalization. This bounded inclusion guarantee along with a deterministic ordering algorithm which is run over all payloads included in a block, curbs the power of any single validator. Validators no longer control what is included in a block, nor can they arbitrarily order the contents of blocks.

Austin Bennett, Preston Vander Vos, Duc V. Le et al.

Decentralized Autonomous Organizations (DAOs) run protocol governance by letting token holders vote on proposals. The dominant rule, voting power proportional to wallet balance, concentrates control among a small number of large holders, fueling the token-control governance attacks that have already compromised real protocols. To counter this concentration, the community has turned to anti-plutocratic voting mechanisms such as Quadratic Voting (QV), which assign sublinear voting power per token with the goal of dampening the influence of large holders. We prove that no voting rule that derives power solely from wallet balance can succeed on a permissionless blockchain. Through a costed model of on-chain voting that captures realistic blockchain frictions -- including per-wallet splitting and voting costs, fixed setup costs, and minimum-balance requirements -- we show that whenever a wallet of any size yields nonzero voting power, a Sybil attacker who splits tokens across many wallets achieves total voting power that grows at least linearly in their token holdings. For concave rules actually proposed to dampen governance power -- those that are positive, increasing, and finite -- we show that the optimal strategy yields power that is asymptotically linear in token holdings, regardless of the cost scheme. Instantiating the model on real DAOs reveals attack costs orders of magnitude below the value at stake. Replaying the ten most recent finalized proposals of five major DAOs (ENS, Compound, Uniswap, Arbitrum, and ZKsync) under linear, quadratic, logarithmic, and power-($β= 0.25$) voting, we measure Sybil amplification factors between $1,172\times$ and $4,039\times$ under Quadratic Voting, and exceeding $229,000\times$ under steeper power rules.