Why Proof-of-Humanity Fails as Sybil Resistance for Moderators

PoH creates a centralized, high-value target for attackers. Compromising the verification process (e.g., KYC provider, video submission system) grants an attacker legitimate-looking identities en masse. This is worse than anonymous sybils, as they are now 'verified' bad actors.

• Single Point of Failure: Attack the verifier, own the network.
• Scalability Ceiling: Manual verification limits the pool to ~10k-100k identities, insufficient for global applications.
• Irreversible Compromise: A sybil attack with verified identities is nearly impossible to purge.

Linking one-human-one-vote to moderation rights creates perverse incentives and cripples agility. It mirrors the flaws of coin-voting governance seen in DAOs like Uniswap, but is harder to fix.

• Tyranny of the Inactive: A majority of legitimate but disinterested humans can be outmaneuvered by a small, coordinated group.
• No Skin in the Game: Human status is not stakeable or slasable, removing a key economic disincentive for malice.
• Protocol Immutability: Bad moderation decisions by a 'legitimate' council become quasi-constitutional, stifling evolution.

Effective sybil resistance for moderators requires costly, recoverable signals. The solution space lies in cryptoeconomic staking (like EigenLayer) and programmable reputation graphs (like Gitcoin Passport).

• Bonded Roles: Moderators post slashable stakes, aligning cost-of-attack with potential reward.
• Delegated Reputation: User trust is delegated to entities with proven, measurable track records.
• Layered Defense: Combine stake, automated heuristics, and optional human appeals for robustness.

PoH's core mechanism is its weakness. Verification via social vouching and video submissions is vulnerable to coordinated Sybil attacks and bribery. A determined attacker can exploit social trust networks to create a cartel of fake identities that can then vote in malicious moderators.

• Attack Cost: Low relative to financial stake-based systems.
• Collusion Risk: High; identities can be rented or coerced.
• Real-World Precedent: Gitcoin Grants' early rounds showed vulnerability to donation-based collusion.

Manual verification creates a centralized bottleneck and cannot scale with the network. This directly contradicts the need for a large, readily available pool of moderators for a growing platform.

• Verification Latency: Days or weeks, not seconds.
• Throughput Limit: Human reviewers cap global onboarding.
• Consequence: Creates a stagnant, gatekept moderator class vulnerable to regulatory targeting.

The solution is to separate Sybil resistance from human identity. Use cryptoeconomic stake (like ERC-4337 paymasters) or work-based reputation (like The Graph's Indexer curation) to align incentives. Moderators are selected based on skin-in-the-game, not a verified passport.

• Key Mechanism: Slashable stake or bonded reputation.
• Entity Examples: Optimism's Citizen House, Aave's Guardians.
• Result: Sybil attack cost becomes financial, not social.

Embrace unpredictability. Sortition (random selection from a qualified pool) is a centuries-old democratic tool that neutralizes pre-voting collusion. Combine with a stake-based qualification layer (e.g., minimum token hold) for Sybil resistance.

• Key Benefit: Breaks pre-election collusion; attackers cannot know which fake identities will be selected.
• Protocol Example: Aragon's early court designs.
• Modern Implementation: ZK-proofs for fair randomness from on-chain entropy.

Don't elect individual moderators; elect expert subDAOs. Platforms like Compound and Uniswap delegate technical upgrades to specialized committees. Moderator duties (content, disputes) are delegated to professionally-run subDAOs elected by tokenholders.

• Key Benefit: Accountability shifts to entity performance, not individual identity.
• Scalability: SubDAO can hire and manage its own human operators.
• Incentive Alignment: SubDAO's reputation and treasury bond are at stake.

The fundamental flaw: Proof-of-Humanity assumes human identity is a scarce, Sybil-resistant resource. In a global, digital context, it is not. Fake identities are cheap, while verifying real ones is expensive and invasive. For moderators, the required property is aligned incentive, not proven humanity.

• First-Principle: Sybil resistance must be cryptoeconomic.
• Resulting Systems: Proof-of-Stake, Bonded Reputation, Delegated Authority.
• Legacy Example: Bitcoin's Nakamoto Consensus uses work, not identity.

Proof-of-Humanity (PoH) conflates identity with reputation. A verified human is not inherently a good moderator. This creates a single point of failure where a malicious actor with a valid identity can inflict maximum damage.

• Sybil-Resistant ≠ Competent: PoH solves the 'who' but not the 'how well'.
• No Skin-in-the-Game: Unlike staking-based systems like Aave's Safety Module, PoH moderators have no financial stake aligned with protocol health.

Manual verification (video submissions, social checks) is antithetical to web3 scale. It creates a permissioned, centralized bottleneck that cannot onboard the thousands of moderators needed for a global protocol.

• Throughput Ceiling: Processes ~10-100s of verifications/day vs. needing 10,000s of permissionless participants.
• Prohibitive Cost: Each verification costs $50+ in time and overhead, making large, diverse moderator sets economically impossible.

PoH assumes a cooperative environment. On-chain moderation is a constant adversarial game against well-funded attackers. A static identity is useless against sybil clusters that can buy/compromise verified identities or exploit the system's slow, human-centric appeal process.

• Reaction Time: Human committees resolve disputes in days/weeks; flash loan attacks happen in seconds.
• Corruption Market: Verified identities become commodities for sale, as seen in early Gitcoin Grants rounds, undermining the entire premise.

PoH fails to create a cryptoeconomic primitive. It cannot programmatically weight influence, slash for malice, or algorithmically scale trust. Systems like MakerDAO's Governance Security use staked MKR because value-at-risk is the only sybil-resistant signal that scales.

• No Programmable Slashing: You cannot automatically penalize a bad decision made by a verified human.
• Static Influence: One-human-one-vote ignores contribution, expertise, and financial alignment, leading to low-quality governance.