Reputation Scoring

Scores are derived from multiple data sources to create a holistic profile. Common dimensions include:

• On-chain activity: Transaction history, asset holdings, governance participation, and protocol interactions.
• Off-chain attestations: Verified credentials, social proofs, and KYC/AML status from identity providers.
• Behavioral patterns: Consistency, longevity, and the quality of interactions within a network. Aggregating these signals reduces reliance on any single point of failure and creates a more resilient score.

A core feature is the open specification of the scoring algorithm. Unlike opaque credit scores, a well-designed reputation system allows users to:

• Audit the logic: The formula or rules for calculating the score are publicly available.
• Verify their score: Users can independently recalculate their score from the underlying public data.
• Contest inaccuracies: Transparent logic enables users to identify and dispute errors in source data or score computation, often through a decentralized dispute resolution process.

A single universal reputation score is often less useful than scores tailored for specific use cases. Systems implement context-specific scoring by:

• Weighting different data dimensions based on the application (e.g., lending vs. governance).
• Creating sub-scores or badges for specific competencies (e.g., "Liquidity Provider Score," "Code Auditor Reputation").
• Allowing protocols to define their own scoring parameters based on their unique risk models and community standards.

Effective systems incorporate mechanisms to maintain score integrity over time and prevent manipulation.

• Time decay (or aging): Older contributions may carry less weight than recent activity, ensuring scores reflect current behavior.
• Sybil resistance: Algorithms are designed to make it economically or computationally prohibitive to create many fake identities (Sybils) to inflate a score. Techniques include proof-of-personhood, stake-weighting, and analyzing connection graphs between identities.

A user's reputation should be a portable asset, not locked within a single application. This is achieved through:

• Standardized data schemas: Using formats like Verifiable Credentials or on-chain attestation standards (e.g., EAS).
• Cross-protocol recognition: Allowing dApps to read and interpret reputation scores or badges issued by other trusted systems.
• Sovereign data ownership: Users control their reputation data, choosing which components to reveal to different verifiers, enhancing privacy and utility.

Scores are designed as programmable primitives that can be integrated into smart contract logic. This enables:

• Automated access control: Gating functions like minting, borrowing, or voting based on score thresholds.
• Dynamic parameter adjustment: Adjusting loan-to-value ratios, reward multipliers, or voting power based on reputation tiers.
• Custom scoring modules: Developers can compose existing reputation oracles with their own logic to create novel applications, turning reputation into a fundamental DeFi and DAO primitive.

Reputation scores rely on on-chain data feeds and potentially off-chain attestations. Attackers may target these data sources to artificially inflate or deflate scores. Key risks include:

• Oracle attacks to feed false transaction history or collateral values.
• Sybil attacks to create many low-reputation identities, diluting the meaning of a high score.
• Data poisoning where malicious actors deliberately interact with protocols to taint associated addresses.

The algorithms and parameters that calculate reputation scores are often controlled by a single entity or a small multisig. This creates central points of failure:

• Governance attacks could change scoring models to favor specific users.
• Admin key compromise could allow an attacker to arbitrarily set scores.
• Lack of transparency in proprietary models makes audits difficult and can hide biases.

If a reputation score becomes a widely trusted gatekeeper (e.g., for lending or governance), its failure or manipulation can have cascading effects:

• Protocol contagion: A flaw in one scoring system could affect all integrated protocols simultaneously.
• Pro-cyclical de-leveraging: A market downturn could trigger mass score downgrades, forcing liquidations and worsening the downturn.
• New monoculture risk: The ecosystem may become overly dependent on one or two dominant scoring providers.

Comprehensive reputation scoring requires extensive chain analysis and behavioral tracking, which conflicts with financial privacy.

• On-chain profiling: Addresses can be deanonymized and tracked across all interactions.
• Discrimination: Scores could be used to exclude users from regions or of certain transaction patterns without recourse.
• Immutable blacklisting: A negative reputation may be permanently and publicly recorded on-chain.

Since reputation systems are algorithms, they are inherently vulnerable to being gamed by sophisticated actors who reverse-engineer the model.

• Adversarial machine learning techniques can be used to find input patterns that maximize scores without genuine trustworthiness.
• Wash trading and circular transactions can be used to fabricate a history of 'good' behavior.
• An arms race emerges between score developers and attackers, requiring constant model updates.

Operating a reputation system may create unforeseen legal liabilities.

• Defamation claims: Assigning a low score could be argued as a damaging public statement.
• Regulatory capture: Scores could be forced to comply with Travel Rule or OFAC sanctions, turning them into enforcement tools.
• Consumer protection laws may apply if scores are used to deny financial services, requiring explainability and appeal processes.

Non-transferable tokens (NFTs) that represent credentials, affiliations, or achievements bound to a specific wallet or DID. They are a primary mechanism for encoding reputation on-chain.

• Function: Act as verifiable attestations of traits, memberships, or completed actions.
• Example: A DAO membership SBT, a loan repayment attestation, or a proof-of-attendance protocol (POAP) for event participation.

The set of mechanisms designed to prevent a single entity from creating and controlling multiple fake identities (Sybils) to manipulate a system. It is a critical requirement for any meaningful reputation system.

• Common Techniques: Proof-of-Personhood (e.g., Worldcoin, BrightID), social graph analysis, stake-weighted identity, and cost-of-creation barriers.
• Goal: Ensure that reputation scores correspond to unique, credible entities, not disposable wallets.

A cryptographically signed statement made by one entity about another, stored on-chain or off-chain. Attestations are the atomic units of data that feed into reputation models.

• Standards: Ethereum Attestation Service (EAS), Verifiable Credentials.
• Examples: A protocol attesting a user completed a KYC check, a borrower's on-time repayment history, or a peer review of work in a DAO.

A specific application of reputation scoring focused on assessing creditworthiness and default risk for undercollateralized lending. It translates on-chain history into a financial risk profile.

• Data Inputs: Transaction history, repayment patterns, wallet age, asset composition, and DeFi protocol interactions.
• Output: A score or rating used to determine loan terms, such as interest rates, credit limits, and collateral requirements.

Reputation systems used to weight voting power and recognize valuable contributions within Decentralized Autonomous Organizations (DAOs) and community projects.

• Mechanisms: Reputation-based voting (1 reputation point = 1 vote), contribution badges, and XP systems.
• Purpose: Align governance influence with proven commitment and expertise, moving beyond simple token-weighted voting to prevent plutocracy.