Separate governance from validators

Hey all! Just published this, would appreciate feedback:

Quick Takes

  • Combining Cosmos Hub governance with the validator role is problematic
  • The Hub’s design indirectly rewards power-seeking at the cost of the validator set
  • Undercutting the validator set to capture governance power drives down the value of validator security
  • Case study: Sikka is exploiting this vulnerability
  • Governance signalling is powerful
  • On-chain parameter changes via governance fast approaching
  • Call to research: should we separate Cosmos governance from validator security?
  • Design drives behaviour–be careful what you select for!

Thanks to Doug, Sunny, and Jae for their feedback :pray:


Hi @Gavin,

Thanks for highlighting this important topic. Here’s some related writing I’ve done -

I’d be glad to contribute to actively researching an implementable solution to this.

Do you have any suggestions on how we can keep this going?

I’m thinking on-chain governance should be removed from the Cosmos Hub, and ICF should 1) open up membership to stakeholders and 2) coordinate changes to the network. AiB employees to be consulted as experts, but not allowed to make decisions. Thoughts?

I think on-chain governance isn’t mainnet ready, and it’s only a matter of time before the Hub is captured. I like having experiments in governance, but most experiments fail (cost of learning), and the cost will be paid by the Hub.

Excellent thread Gavin.

(These are personal thoughts unaffiliated to Chorus One)

One way to think of Cosmos governance is that it’s a principal-agent model. The principles (token holders) delegate their decision making authority to a set of agent (validators). Mis-aligned incentives between the principles and agents will lead to governance failure. Governance by Validation has latent misaligned incentives due to the following reasons:

  • Validators care about validation, not building useful network functionality: One dimension in which the Cosmos governance is abysmal is the attention paid to building useful network features. The Hub hasn’t found product market fit, and should be iterating on the opportunities it has: Peg Zones, Shared Security, DEX etc. Validators don’t really care about product development or product research for the Hub. Their minds are geared towards discussing 0% validation, proportional slashing and other validation related topics. Effectively, the principles have delegated power to agents that don’t care about the most important topic for survival - how to actually make the Hub useful.

  • Why do validators not care about making the Hub useful?:

    A. Their bets are spread across multiple networks: If one validates in 10 Cosmos networks, one doesn’t really care which network becomes successful. As long as a validator on-boards the (eventually) successful network, it’s fine. In the future, a validator will spread its bet across 100 networks. The downside from some network faltering is quite low. Unlike a VC or investor, it’s not the validator’s capital at stake - it’s the delegators’ capital at stake. Validators only have commission at stake, and commission per network is low.

    B. Commercially, validators are incentivized to fight for low commission rates. To have low rates, costs must be cut. Governance is a cost. If delegators are apathetic to governance participation (which they are), the optimal move is to underinvest in governance.

The Hub needs a body to care about product market fit and business development. That’s the major missing piece of the governance puzzle to me.

1 Like