Voting Interface
Abstract
This EIP is an API for implementing voting with smart contract. This standard provides functionalities to voting as well as to view the vote result and set voting status.
Motivation
Voting is one of the earliest example of EVM programming, and also a key to DAO/organizational governance process. We foresee many DAOs will ultimately need to leverage voting as one of the important part of their governance. By creating a voting standard for smart contract / token, we can have the following benefits
Benefits of having a standard
- Allow general UI and applications to be built on top of a standardized voting to allow more general user to participate, and encourage more DApp and DAO to think about their governance
- Allow delegate voting / smart contract voting, automatic voting
- Allow voting results to be recorded on-chain, in a standard way, and allow DAOs and DApps to honor the voting result programmatically.
- Allow the compatibility with token standard such as ERC-20 or other new standards(ERC-777) and item standard such as ERC-721
- Create massive potential for interoperability within Ethereum echo systems and other system.
- Allow setting voting deadline, allow determine on single or multiple options. Allow requiring voting orders. (trade-off is interface complexity, we might need ERC-20 approach and later a ERC-777 for advanced voting)
- Recording the voting with weights with token amount.
- Possibly allow trust-worthy privacy-safe voting and anonymous voting (with either voter address being un-associated with the vote they cast, given a list of randomized/obfuscated voting options).
- Possibly allow result in reward by voting participation or voting result.
Non-Goal / Out of Scope
- Delegation: We intentionally leave delegation out of scope. A separate EIP could be proposed to address this particular use case.
- Eligibility or Weights: Some of the implementing want to have weights or eligibility to vote to be configurable. Such as OpenZeppelin’s implementation of GovernorBravo uses snapshot. Aslo weights calculation such as quadratic voting is not within the scope of this EIP. This EIP is intend to be flexible for any current and new voting weights calculation.
- Proposal: We intentionally leave Proposal out of scope. Proposals are going to be identified by
proposalId
but what information of the proposal includes, whether they are on-chain or off-chain and whether they are exeutable, is leaved out from this proposal. A separate EIP could be proposed to address this particular use case. See one of such proposals ERC-5247 - Signature Aggregations / Endorsement: When implementing contracts want to allow user to submit their vote or approval of vote offline and have some other account to generate the transaction, the signature aggregations or endorsements are not in scope of this EIP. A separate EIP could be proposed to address this particular use case. See one of such proposals here ERC-5453.
Use-cases
- Determine on issuing new token, issuing more token or issuing sub-token
- Determine on creating new item under ERC-721
- Determine on election on certain person or smart contract to be delegated leader for project or subproject
- Determine on auditing result ownership allowing migration of smart contract proxy address
Specification
- Compliant contracts MUST implement the
IERC1202Core
below
interface IERC1202Core {
event VoteCast(
address indexed voter,
uint256 indexed proposalId,
uint8 support,
uint256 weight,
string reason,
bytes extraParams
);
function castVote(
uint256 proposalId,
uint8 support,
uint256 weight,
string calldata reasonUri,
bytes calldata extraParams
) external payable returns;
function castVoteFrom(
address from,
uint256 proposalId,
uint8 support,
uint256 weight,
string calldata reasonUri,
bytes calldata extraParams
) external payable returns;
function execute(uint256 proposalId, bytes memory extraParams) payable external;
}
- Compliant contracts MAY implement the
IERC1202MultiVote
Interface. If the intention is for multi-options to be supported, e.g. for ranked-choices or variant weights voting, Compliant contracts MUST implementIERC1202MultiVote
Interface.
interface IERC1202MultiVote {
event MultiVoteCast(
address indexed voter,
uint256 indexed proposalId,
uint8[] support,
uint256[] weight,
string reason,
bytes extraParams
);
function castMultiVote(
uint256 proposalId,
uint8[] support,
uint256[] weight,
string calldata reasonUri,
bytes calldata extraParams
) external payable;
}
- the compliant contract SHOULD implement ERC-5269 interface.
Getting Info: Voting Period, Eligibility, Weight
interface IERC1202Info {
function votingPeriodFor(uint256 proposalId) external view returns (uint256 startPointOfTime, uint256 endPointOfTime);
function eligibleVotingWeight(uint256 proposalId, address voter) external view returns (uint256);
}
Rationale
We made the following design decisions and here are the rationales.
Granularity and Anonymity
We created a view
function ballotOf
primarily making it easier for people to check the vote from certain address. This has the following assumptions:
-
It’s possible to check someone’s vote directly given an address. If implementor don’t want to make it so easily, they can simply reject all calls to this function. We want to make sure that we support both anonymous voting an non-anonymous voting. However since all calls to a smart contract is logged in block history, there is really no secrecy unless done with cryptography tricks. I am not cryptography-savvy enough to comment on the possibility. Please see “Second Feedback Questions 2018” for related topic.
-
It’s assumes for each individual address, they can only vote for one decision. They can distribute their available voting power into more granular level. If implementor wants allow this, they ask the user to create another wallet address and grant the new address certain power. For example, a token based voting where voting weight is determined by the amount of token held by a voter, a voter who wants to distribute its voting power in two different option(option set) can transfer some of the tokens to the new account and cast the votes from both accounts.
Weights
We assume there are weight
of votes and can be checked by calling eligibleVotingWeight(proposalId, address voter)
, and the weight distribution is either internally determined or determined by constructor.
Backwards Compatibility
- The
support
options are chosen to beuint8
for the purpose to be backward compatible for GovernorBravo. It can be increased in the future
Security Considerations
We expect the voting standard to be used in connection with other contracts such as token distributions, conducting actions in consensus or on behalf of an entity, multi-signature wallets, etc.
The major security consideration is to ensure only using the standard interface for performing downstream actions or receiving upstream input (vote casting). We expect future audit tool to be based on standard interfaces.
It’s also important to note as discussed in this standard that for the sake of simplicity, this EIP is kept in the very basic form. It can be extended to support many different implementation variations. Such variations might contain different assumptions of the behavior and interpretation of actions. One example would be: What does it mean if someone votes multiple times through vote
?
- Would that mean the voter is increasing their weight, or
- vote multiple options in the meanwhile, or
- Does the latter vote override the previous vote?
Because of the flexible nature of voting, we expect many subsequent standards need to be created as an extension of this EIP. We suggest any extension or implementations of this standard be thoroughly audited before included in large scale or high asset volume applications.
The third consideration is non-triviality. Some voting applications assume anonymity, randomness, time-based deadline, ordering, etc, these requirements in Ethereum are known to be non-trivial to achieve. We suggest any applications or organizations rely on audited and time-proven shared libraries when these requirements need to be enforced in their applications.
The fourth consideration is potential abuse. When voting is standardized and put on contract, it is possible to write another contract that rewards a voter to vote in a certain way. It creates potential issues of bribery and conflict of interest abuse that is previously hard to implement.
Copyright
Copyright and related rights waived via CC0.