Why Reputation Should Be Context-Specific, Not Universal

A universal score creates a single, high-value target for manipulation. Collateralized reputation from one context (e.g., a lending pool) is worthless for judging social trust in another (e.g., governance).

• Attack Surface: One compromised or gamed score poisons all integrated systems.
• Economic Mismatch: A $10M DeFi position should not grant outsized influence in a social DAO.

Portable reputation necessitates portable identity, destroying context-specific privacy. Your creditworthiness and your forum activity should not be linked on a public ledger.

• Data Leakage: Reveals behavioral graphs and financial footprints.
• Regulatory Risk: Creates unintended compliance liabilities (e.g., mixing DeFi and social data).

A prime case study in context-specific reputation. EigenLayer operators build reputation for cryptoeconomic security via restaked ETH. This score is meaningless for judging code quality in an EigenDA data availability auction.

• Isolated Trust: Failure in one AVS does not nuke reputation in unrelated AVSs.
• Specialized Slashing: Penalties are tailored to the service's specific fault proofs.

Reputation must be a set of verifiable credentials issued for specific contexts, not a monolithic score. Think ERC-20 allowances vs. full private key control.

• Minimal Disclosure: Prove you're a "top 100 Uniswap LP" without revealing your entire portfolio.
• Context-Bound: A Gitcoin Passport attestation for grants is separate from an Aave credit score.

These systems already model context-specific reputation correctly. A UMA oracle voter's accuracy score for ETH/USD price feeds is distinct from their score for a custom insurance payout resolution.

• Task-Specific Staking: Collateral and reputation are ring-fenced per data type or dispute type.
• No Spillover: Poor performance on exotic assets doesn't affect core forex oracle reputation.

The promise of "reputation as reusable collateral" is economically unsound. It encourages over-leverage across disparate systems. True capital efficiency comes from optimizing within a risk domain, not blurring lines between them.

• Risk Contagion: A governance attack triggered by a DeFi liquidation creates systemic black swans.
• Vampire Attack: A protocol can drain reputation capital from another by offering a marginally better rate, destabilizing both.

A single reputation score used across lending, governance, and social apps creates dangerous monocultures and attack vectors. A bad actor with a high score in one domain can exploit trust in another, leading to cascading failures.

• Monoculture Risk: A single exploit compromises the entire identity graph.
• Context Collapse: A DAO delegate's score shouldn't dictate their creditworthiness.
• Sybil Vulnerability: Gaming one system grants undue influence everywhere.

EigenLayer's restaking primitive enables the creation of Actively Validated Services (AVSs). This allows for the economic security of bespoke, context-specific reputation oracles. A DeFi protocol can spin up its own AVS to attest to borrower behavior, slashing stakers for bad data.

• Modular Security: Reputation systems inherit Ethereum's economic security via restaking.
• Isolated Contexts: A lending AVS is slashed for bad credit scores, not for poor DAO voting.
• Programmable Trust: The logic for reputation accrual and loss is application-defined.

Passport moves beyond a single score by aggregating verifiable credentials ('stamps') from disparate sources. Applications define their own weighting algorithms for these stamps, creating a reputation model specific to their needs (e.g., a grants DAO weights GitHub commits heavily, a lending app ignores them).

• Sovereign Aggregation: Apps control the formula, not a central scorer.
• Composable Proofs: Stamps from BrightID, ENS, and POAP can be mixed contextually.
• User Privacy: Zero-knowledge proofs allow proving reputation traits without revealing all stamps.

Nocturne uses zero-knowledge proofs to enable private, provable reputation. A user can generate a ZK proof that they have a 'good standing' attestation from a known entity (e.g., a high Gitcoin score, a Coinbase verification) without revealing their underlying identity or all their credentials.

• Privacy-Preserving: Reputation is proven, not broadcast.
• Selective Disclosure: Users reveal only the specific credential an app requires.
• Composability: Private reputation proofs can be used as inputs for other on-chain actions.

Reputation is often dynamic and based on complex behavior. HyperOracle provides a zkOracle network that can compute machine learning models or complex logic off-chain and deliver verifiable state proofs on-chain. This enables reputation scores that evolve based on real-time, on-chain activity.

• Verifiable Computation: The reputation score's derivation is provably correct.
• Complex Models: Enables ML-based scoring impossible to run directly on-chain.
• Real-Time Updates: Scores can update based on the latest block data with ~1 min latency.

The end-state is a wallet that silently aggregates your verifiable credentials across contexts. Applying for an undercollateralized loan automatically presents a ZK proof of your creditworthiness AVS attestation, while joining a developer DAO shows your GitHub commit history. Universal interoperability, but context-specific application.

• Silent Proofs: UX where reputation is proven in the background.
• Automatic Context-Switching: Your wallet uses the right proof for the right app.
• User Sovereignty: You own and control the mapping of your identity to contexts.

A high DeFi lending score is used to bootstrap trust in a gaming guild or prediction market. A malicious actor exploits this misplaced trust to drain funds from a naive protocol that accepted the imported reputation.

• Attack Surface: Cross-protocol integration via EigenLayer, Hyperliquid, or Across.
• Consequence: A failure in one vertical (e.g., gaming) triggers a bank run in another (e.g., lending).
• Mitigation: Context-specific attestations (like EAS) instead of a portable score.

Universal reputation creates a liquid market for Sybil identities. A wallet with a strong Gitcoin Passport or Galxe score can be rented to malicious protocols for a fee, laundering their perceived trustworthiness.

• Economic Incentive: Rent-seeking on reputation becomes more profitable than building it.
• Outcome: The reputation system's signal decays to noise, rendering it useless.
• Defense: Context-bound, non-transferable soulbound tokens (SBTs) and continuous behavior proofs.

A universal score becomes a de facto financial credit score, attracting scrutiny from regulators (SEC, CFTC, EU's MiCA). It creates a single point of failure for KYC/AML liability and unfair discrimination claims.

• Risk: The reputation protocol becomes a licensed entity, killing decentralization.
• Precedent: Worldcoin's biometric data collection faced global regulatory pushback.
• Solution: Keep reputation granular, self-sovereign, and non-financialized; avoid creating a central ledger of 'social credit'.

Composability is crypto's superpower, but universal reputation makes it a curse. A wallet's reputation becomes a monolithic NFT, composable into any application, regardless of fit. This violates the principle of least privilege.

• Analogy: Using your driver's license to get a medical prescription.
• Systemic Flaw: Encourages lazy integration by developers ("just check the score") instead of designing context-aware trust models.
• Correct Path: Modular reputation stacks where each layer (identity, credit, governance) is separately verifiable and composable.

A single, universal reputation score is a honeypot for Sybil attacks. Attackers can farm a good score in a low-stakes context (e.g., social media) and port it to drain a high-value DeFi pool.\n- Key Insight: Reputation is only as strong as its most vulnerable minting context.\n- Builder Action: Design reputation as non-transferable, context-bound attestations. Think Gitcoin Passport for specific grant rounds, not a universal credit score.

EigenLayer's universal restaking of Ethereum stake creates a meta-risk layer. A failure in an obscure AVS (Actively Validated Service) can slash reputation (stake) that is also securing a critical bridge.\n- Key Insight: Collateral cannot be perfectly fungible across trust domains.\n- Builder Action: For critical infra, demand isolated security pools or implement risk-tiered slashing where penalty severity matches the AVS's systemic importance.

Hyperlane's sovereign consensus and interchain security modules let apps define their own trust model per chain or even per message.\n- Key Insight: Developers, not protocol architects, should choose their security budget and threat model.\n- Builder Action: Use modular security to assign high-value transactions to Ethereum consensus and low-value social actions to a permissionless validator set. Context is policy.

Lens profiles are non-transferable, composable social graphs. A user's reputation as a content curator is separate from their reputation as a marketplace trader, yet both are portable within the Lens ecosystem.\n- Key Insight: Portability within a domain (social) is valuable; portability across domains (social→financial) is dangerous.\n- Builder Action: Build reputation as a basket of verifiable, context-specific credentials, not a monolithic NFT.

A universal reputation for oracle nodes is meaningless. What matters is their context-specific reliability for a specific data feed (e.g., ETH/USD on Arbitrum). Reputation here should measure latency, accuracy, and resistance to Oracle MEV capture.\n- Key Insight: Reputation must be tied to measurable, on-chain performance metrics for a specific service.\n- Builder Action: Implement slashing for data deviation and reward nodes based on the economic value they secure (see UMA's OEV auctions).

The endgame is context-specific proofs, not scores. A ZK proof can attest "I have >1000 followers" without revealing my identity or my entire reputation graph.\n- Key Insight: Selective disclosure via ZK is the ultimate context-specific reputation tool.\n- Builder Action: Design systems where users present verifiable claims (Sismo, World ID) for specific app logic, never exporting a raw, aggregate score.