Vouch Protocol & VouchDAO

Introduction

Bot and governance attacks are a constant in blockchain. Protocols and applications must add new layers of Sybil resistance mechanisms to decrease the chances of those attacks happening. There has been a recent rise in popularity in Arweave and deploying permissionless applications to the Permaweb. This means planning and building in a way that can identify users through verification, to help reduce the risk of the aforementioned attacks should be high on the priority list. The Permaweb is exactly as it sounds, the permanent web. Being that what we deploy on it is immutable and permissionless, the ideal outcome for the users would be safe use dApps and smart contracts that are less susceptible to exploit.

Arweave recently released a standard named ANS-109, or simply Vouch. It specifies a transaction format that allows addresses to vouch for the identity of Arweave addresses. The standard is utilized by verification services built by developers which help to minimize spam, bots and attacks on the Permaweb.

The process is divided into 3 unique layers:

→ Vouch

→ Trust

→ Consumer

Vouch Protocol

This is the Vouch layer. These verifying services are the issuers of the ANS-109 and give developers the ability to create custom verification services also allows us to be able to implement our own forms of authentication and additional security. Using API's, we can utilize this layer to create services that will decide based on the data which wallet owners are more trustable than others.

These can be used to link a verification (ANS-109) to a wallet address. Examples of what they could be are:
→ web2 standards like email, SMS, and captcha.
→ web3 uses like minimum wallet balance, NFT holdings, or wallet activity.
→ biometrics, KYC's, DNS, typing speed and licenses.

A working example is the Twitter verification service. A user goes to https://vouch-v0.hyper.io/ and connects an Arweave web wallet, once connected the user is prompted to post a tweet vouching for their address. The Twitter service will run its checks against the users Twitter activity, age of account, and more before it approves or denies the request.

When you query a wallet for its ANS-109's, you have a ledger of VouchDAO approved services that have issued it to that wallet. This serves as a type of "Proof of Humanity" which gives developers ways to create their own mechanisms to minimize bad actors, bots or spammers in their userbase.

Click to view example query

    
query {
  transactions(
    tags:{name:"Vouch-For", values:["UZ1YsJa8yJrw8yynYzhaAikqD1uuMu9gi9u7Ia_Eja8"]}
  ) {
    edges {
      node {
        id
        tags {
          name 
          value 
        }
      }
    }
  }
}

Click to view example result

    
{
  "data": {
    "transactions": {
      "edges": [
        {
          "node": {
            "id": "V17u9e8K8ePi2JKRdj9Bg24TSguYC9wcG7qGBt0U5VU",
            "tags": [
              {
                "name": "Content-Type",
                "value": "application/json"
              },
              {
                "name": "App-Name",
                "value": "Vouch"
              },
              {
                "name": "App-Version",
                "value": "0.1"
              },
              {
                "name": "Verification-Method",
                "value": "Twitter"
              },
              {
                "name": "Vouch-For",
                "value": "UZ1YsJa8yJrw8yynYzhaAikqD1uuMu9gi9u7Ia_Eja8"
              }
            ]
          }
        }
      ]
    }
  }
}

The results will return an object and inside of the transaction edges will be an array of nodes which display the verification service that issued it to that wallet.

Vouch DAO

This is the Trust layer. VouchDAO is a community owned and operated DAO that governs which identity management services will be used to verify addresses on the Permaweb. It is a decentralized process which ensures fair assessment of the proposed verification services. The mission of VouchDAO is for the community to participate in voting to decide which services will be added or removed, based on the majority decision around it. The goal is to have identity management systems that can minimize Sybil attacks on smart contracts and dApps.

How VouchDAO Works

When a new verification service is added to VouchDAO, the address and description of that service will be added and put to vote. Once the community vote has reached the end of its allotted time, the votes that passed will be added as trusted verification services. The two other outcomes will either be failed due to the majority votes being no, or quorum failed due to not enough governing members voting, which will result in that method not being added. The same goes for services being voted on to be removed.

Core Arweave contributors will be the first to receive governance tokens for VouchDAO. Once they have received them they will be required to allocate a portion of those tokens to other credible Arweave community members, and so on so forth. This will create a pipeline of reliable governance to ensure that services being voted on are done so in an equitable way, slowly but surely making Permaweb dApps and smart contracts more secure.

Use & Implementation

This is the Consumer layer. This layer will be used by either users or developers.
For users, simply use the services provided through VouchDAO and never have to verify again!
For developers, you can use these services or create your own.

User

→ Verify once, verified forever.
→ No more captchas.
→ Safer experience using Permaweb dApps.

Developers

→ Straightforward way to add cybil resistance mechanisms to dApps & contracts.
→ Prevent spam.
→ Add role based access control.

Use

For Users:
Head to https://vouch-twitter.arweave.dev to verify your address using the Twitter verification service.

For Developers:
ANS-109 Documentation
Twitter verification service GitHub
VouchDAO npm package
VouchDAO community.xyz

Keep an eye out for updates on VouchDAO and new services by following the VouchDAO Twitter