A dumb thing happened
Last month, a defi protocol called "Beanstalk" was attacked. Like many of its kind, Beanstalk had a governance token that lets holders vote on proposals.
The whole treasury was drained in a single transaction, as follows. First, the attack transaction takes a flash loan, borrowing Ethereum and stablecoins. Then, it buys all of the Beanstalk available on decentralized exchanges, enough to form a majority. It passes a proposal transferring the whole treasury to an external account. Finally, it swaps all those Beanstalk tokens back to the original assets and repays the flashloan.
What can we learn from this?
Well first, Beanstalk made many mistakes, the most important being missing delay. Any on-chain governance needs a delay before a proposal takes effect.
More fundamentally, coin voting is broken.
But why? A similar mechanism works fine in tradfi, where shareholders vote on corporate governance decisions.
The missing ingredient is accountability.
Traditionally, if there's a disagreement about how a company should be run, 60% of the shares can outvote the other 40% and get their way. But the company is still legally required to run for the benefit of all shareholders! The majority can't pass a proposal saying "send us the company treasury". There are many subtler ways in which they could unfairly self-deal, so there are courts backed by human common sense that enforce the rules.
So coin voting with guardrails, with accountability, kind of works. Coin voting without accountability is a disaster.
Tradfi relies on the law for accountability. That's not a satisfactory solution in crypto. The magic of crypto is that it's global: there is a single tip of the chain, not one per country. It is permissionless: anyone in the world can participate. It is censorship resistant: anyone can transact as long as they can connect to the global internet and pay the transaction fee.
This means that crypto products reliant on one particular country's legal system (like USDC, for example) are a kind of half-and-half dual citizen. USDC is not really a crypto product. It's a tradfi product with on-chain transparency, which is an improvement but not a revolution.
How we achieve accountability while retaining the magic is the biggest open challenge in crypto right now. We have some fascinating experiments underway like the Optimism Collective:
The Optimism Collective will be governed co-equally by two houses:— Optimism (✨🔴_🔴✨) (@optimismPBC) April 26, 2022
🏛 The Citizens’ House
💰 The Token House
Together, they will drive rapid, SUSTAINABLE growth in Optimism, Ethereum, and the new internet. pic.twitter.com/6kaTkTklXa
And not to overcook it, but this is the next chapter in something fundamental for how the world works, the history of governance. Past centuries saw the invention of the modern democratic state and the joint stock corporation. Both are accountability mechanisms that prevent any individual or colluding group from taking sole control, carefully balancing that goal with the need for decisive leadership. Both are non-global. A company, even if multinational, is always controlled by one country or another.
The first few years of crypto were marked by wild experimentation, with accountability often an afterthought. We saw 1. Corporate protocols with some on-chain transparency, like USDC. These lack credible neutrality. 2. Protocols controlled by specific unaccountable individuals, like Terra or Tron. Or, worst of all, 3. Protocols that can be captured by anyone, like Beanstalk.
But we also saw the beginnings of something new and very exciting, with protocols like Bitcoin, Ethereum and now Optimism. Each of these is built from the ground up to achieve credible neutrality. To do that, they must avoid capture by any colluding group. To avoid capture while still allowing decisions to be made and the protocol to evolve requires accountability. To achieve accountability globally, without simply relying on one or another country's legal system, requires cleverness and carefully chosen decentralization.
So in Bitcoin and Ethereum, the default answer to a proposed change is "no". The bar for "yes" involves building rough consensus among users, exchanges, and validators, all of which are internationally distributed. In Optimism, the bar for yes involves both a soulbound "citizen" vote and a more widely distributed (but also more susceptible to financial collusion) token vote.
Borderless credible neutrality
It's not widely appreciated yet, but these are some of the first, experimental attempts at true global credible neutrality.
At a time of increasing conflict, many air-we-breathe international systems are revealed to be conspicuously not neutral or even weaponized. Twitter is not neutral. China's Twitter clone, Weibo, is not neutral. SWIFT is not neutral. No fiat currency is neutral. The domain name system is at least neutral in the sense that no one country or alliance owns the system, but it's balkanized. Any individual domain name can be seized and repointed by its parent government. With ENS, this is not possible. The distinction might seem subtle, but over the next few decades I predict that the protocols that survive and prove international credible neutrality will become extremely important in ways that go beyond asset prices, profit, or loss. They're trust anchors, like islands in an increasingly stormy ocean.