O> Attack Governance Model

[patrick727]

Phil's POV "a critical part of the security of the whole platform. one has to avoid that the coop ends up being a SPOF due to political centralization & centralization of development decisions as well as centralization of staking coins. after all the coop has a jurisdiction and that might be an SPOF as well. I know it sounds weird at this point but maybe more restrictions of the coop's power might be better for the overall platform security. also it is much harder to restrict the power of the coop later on."

1. Define Governance Process'
2. Postulate attack vectors
3. Test through small scale experiments within a Circle
4. Review the results

[Ojimadu]

https://docs.google.com/document/d/1EW0H833BsBZV9hWQC7cl3_KucMbckQfPpVQtEK3JOuQ/edit?usp=sharing

This a first draft i wrote, we would be need some volunteers to test these postulations.

Edit: I just realised this issue was for the governance committee which am not part of. Since the links is here already I would leave it for as a note. Except there is a need to remove it.

[Keaycee]

This is also a document on Governance process for your review. Make suggestions and correction if needed. #133

[dckc]

@pmoorman see? We've been talking about this openly for some time. This might be an even better place for your analysis than #261.

[pmoorman]

@dckc yes, I even wrote it for this issue initially, to be honest.

Oke so for everyone else: a week ago @traviagio and I made an analysis of the "attack vectors" that we currently see exposed (or can easily imagine) in the Coop governance structure.

The document can be found here:

Analysis of attack vectors: https://docs.google.com/document/d/1qHQIuzj83VeZjusy6AvK7PAoKrg0CKP2SQTtNYv_3GI/edit?usp=sharing

Main findings:

• Whether intentional or not, we can already look back through our history and see "attacks". (notice that attacks don't necessarily constitute bad intentions, but rather hint at exposed attack vectors)

• Many attacks are much simpler than previously thought

• In the document, we outline 6 of the most common attack vectors

• We also provide suggested improvements

• I collaborated with @dckc to integrate our findings into a new 'spreadsheet-killer' tool that he's building that will replace the current spreadsheet. In the document I reflected our main conclusions and ideas.

[TrenchFloat]

I'm assuming this has been solved by the web app in #260 and the trust metric in #375.

[dckc]

@Phistr90 be sure to explain why when you reopen an issue.

[Phistr90]

@dckc This has just been resolved and addressed as well as analysed in regards to attack vectors of the bounty system.
The original intention was imo to cover as many coop related attack vectors. That also would include for example attacks like hostile takeovers of the coop due to current bylaws or for example regulatory risks due to the fact that the coop is a legal entity within the US jurisdiction.

I might be wrong here, in this case please point me to the extensive attack vector analysis.