Decentralized market resolution relies on a governance model to adjudicate disputes when automated oracles fail. This is critical for prediction markets like Polymarket or decentralized exchanges with conditional outcomes, where the "truth" of an event must be determined. The core challenge is designing a system that is resistant to manipulation, efficient, and aligns incentives for honest reporting. A well-structured governance model acts as the final arbiter, ensuring market integrity and user trust when external data is unavailable or contested.
LABS
Guides
Setting Up a Governance Model for Market Resolution
This guide provides a technical blueprint for implementing a decentralized governance system to resolve prediction market outcomes. It covers smart contract design for proposals, token-weighted voting, quorum enforcement, and on-chain dispute escalation.
Chainscore © 2026
introduction
GUIDE
Setting Up a Governance Model for Market Resolution
A practical guide to implementing on-chain governance for resolving disputes in prediction markets and decentralized exchanges.
The most common governance framework for resolution is a token-weighted voting system. Token holders stake their governance tokens (e.g., MKR for MakerDAO, UNI for Uniswap) to vote on proposed market outcomes. Votes are typically weighted by the amount staked, aligning the voter's financial interest with the platform's long-term health. To prevent last-minute manipulation, many systems implement a time-locked voting period and a quorum requirement to ensure sufficient participation. For example, a proposal might need a 4% quorum and a 3-day voting window to pass.
For technical implementation, a basic resolution contract using a governor pattern might look like this. The contract manages proposals, voting, and execution based on the Governor standards found in libraries like OpenZeppelin.
solidity// Simplified example using a Governor contract import "@openzeppelin/contracts/governance/Governor.sol"; import "@openzeppelin/contracts/governance/extensions/GovernorSettings.sol"; contract MarketResolutionGovernor is Governor, GovernorSettings { constructor(IVotes _token) Governor("MarketResolutionGovernor") GovernorSettings(1 /* 1 block voting delay */, 45818 /* ~3 day voting period */, 0 /* 1e18 = 1 token proposal threshold */) {} function proposeResolution( address marketContract, uint256 marketId, bytes calldata resolutionData ) public returns (uint256) { // Encode the call to resolve the specific market address[] memory targets = new address[](1); targets[0] = marketContract; uint256[] memory values = new uint256[](1); values[0] = 0; bytes[] memory calldatas = new bytes[](1); calldatas[0] = abi.encodeWithSignature( "resolveMarket(uint256,bytes)", marketId, resolutionData ); return propose(targets, values, calldatas, "Resolve Market #"); } // ... quorum, voting logic, and state functions }
Beyond simple token voting, advanced models incorporate futarchy or conviction voting to improve decision quality. Futarchy, proposed by Robin Hanson, involves creating prediction markets on the outcomes of proposed decisions. The market's price becomes a signal of expected value, guiding governance. Conviction voting, used by Commons Stack and 1Hive, allows voters to stake tokens over time, with voting power accumulating the longer tokens are committed to a proposal. This reduces the impact of flash loans and encourages long-term deliberation.
Key parameters must be carefully calibrated: the proposal threshold (minimum tokens needed to submit), voting delay, voting period, and quorum. Setting these incorrectly can lead to voter apathy or governance attacks. For instance, a low quorum allows a small, coordinated group to pass proposals, while a very high quorum can stall the system. Platforms often start with conservative settings and adjust them via governance itself. Continuous analysis of voter participation and proposal success rates is essential for maintaining a healthy system.
Ultimately, a governance model for market resolution is not set-and-forget. It requires active community participation, clear dispute resolution guidelines, and sometimes a fallback to a security council or multisig for emergency interventions. The goal is to create a credibly neutral framework where the "correct" market outcome can be discovered through decentralized consensus, preserving the trustless nature of the underlying protocols while providing a clear path to finality.
prerequisites
SETTING UP A GOVERNANCE MODEL
Prerequisites and Technical Requirements
Before implementing an on-chain governance model for market resolution, you need to establish the foundational technical stack and define the core governance parameters.
The first prerequisite is a smart contract development environment. You will need Node.js (v18+), a package manager like npm or Yarn, and a framework such as Hardhat or Foundry. For this guide, we'll use Hardhat with Solidity 0.8.20+. Install the necessary packages: npm install --save-dev hardhat @nomicfoundation/hardhat-toolbox @openzeppelin/contracts. The OpenZeppelin library provides audited, modular contracts for governance components like Governor, TimelockController, and token standards (ERC-20, ERC-721) which are essential for voting power.
Next, you must define the governance token and its distribution. This token confers voting rights. You need to decide on its total supply, initial allocation (e.g., to founders, community treasury, liquidity pools), and any vesting schedules. The token must implement a snapshot mechanism, often via the ERC20Votes or ERC20VotesComp extension from OpenZeppelin, which allows delegates to checkpoint historical balances for vote weighting. Deploying this token contract is a prerequisite for the Governor contract.
The core technical requirement is the Governor contract architecture. You must choose and configure a governance module. The OpenZeppelin Governor contract family offers standards like Governor, GovernorCompatibilityBravo, and GovernorTimelockControl. Key parameters to set at deployment include: the voting delay (blocks before voting starts on a proposal), voting period (duration of the vote), proposal threshold (minimum tokens required to submit a proposal), and quorum (minimum voting power required for a proposal to pass). These values are chain-specific and critical for security.
Integrating a Timelock controller is a security best practice for executing resolved proposals. The Timelock contract acts as a queuing and execution layer, introducing a mandatory delay between a proposal's approval and its execution. This gives the community a safety window to react to malicious proposals. You must deploy the Timelock, grant it the PROPOSER_ROLE to the Governor contract, and the EXECUTOR_ROLE to a designated address (often the zero address for public execution). The Governor contract must be configured to use this Timelock as its executor.
Finally, you need a testing and deployment strategy. Write comprehensive tests for the governance lifecycle: token delegation, proposal creation, voting, queuing via Timelock, and execution. Use a local Hardhat network or a testnet like Sepolia or Goerli for dry runs. You will need test ETH for gas and wallet addresses for testing different roles (proposer, voter, executor). Document the deployment script sequence: 1) Deploy Governance Token, 2) Deploy TimelockController, 3) Deploy Governor contract linked to the token and Timelock, 4) Configure roles and permissions.
key-concepts
SETTING UP A GOVERNANCE MODEL FOR MARKET RESOLUTION
Core Governance Components
A robust governance framework is essential for decentralized markets to resolve disputes, manage risk, and upgrade protocols. This guide covers the key technical components required to implement an effective on-chain governance system.
proposal-mechanism-design
GOVERNANCE FOUNDATION
Step 1: Designing the Proposal Mechanism
The proposal mechanism is the entry point for all governance actions. This step defines how users submit, fund, and structure proposals to resolve market disputes or enact protocol changes.
A well-designed proposal mechanism requires clear on-chain definitions for what constitutes a valid proposal. This includes specifying the proposal struct, which typically contains fields like id, creator, description, forVotes, againstVotes, and a status enum (e.g., Pending, Active, Executed, Canceled). The description should link to a detailed specification off-chain, often using IPFS or similar decentralized storage, to avoid bloating on-chain data while maintaining transparency and auditability.
Critical to the mechanism is the proposal lifecycle. A standard flow begins with submission, where a proposal is created with an initial state of Pending. It then moves to an Active state for voting after passing two key checks: a proposal threshold (e.g., the proposer must hold 10,000 governance tokens) and a timelock period. The timelock enforces a mandatory delay between proposal creation and voting, allowing the community to review the proposition. This delay is a fundamental security measure against rushed or malicious proposals.
Funding proposals, especially for dispute resolution that may require external data or arbitration, is another key consideration. Mechanisms like a proposal bond can be implemented, requiring the proposer to lock a stake of tokens that is slashed if the proposal is deemed spam or fails to meet a minimum quorum. Alternatively, protocols like Aragon or Colony use curated registries or staking schemes to gate proposal creation, ensuring only serious, well-defined initiatives reach the voting stage.
For technical implementation, here is a simplified Solidity example of a proposal struct and state transition logic:
solidityenum ProposalStatus { Pending, Active, Defeated, Succeeded, Executed } struct Proposal { uint256 id; address proposer; string descriptionHash; // IPFS hash uint256 forVotes; uint256 againstVotes; uint256 startBlock; uint256 endBlock; ProposalStatus status; } // Function to move a proposal to Active state after timelock function activateProposal(uint256 proposalId) public { Proposal storage proposal = proposals[proposalId]; require(proposal.status == ProposalStatus.Pending, "Not pending"); require(block.number >= proposal.startBlock, "Timelock not met"); require(getVotes(proposal.proposer) >= proposalThreshold, "Threshold not met"); proposal.status = ProposalStatus.Active; }
Finally, the design must integrate with the subsequent voting and execution steps. The proposal's endBlock defines the voting period, after which the status updates to Succeeded or Defeated based on the vote tally. Successful proposals then enter an execution phase, often requiring a separate transaction to trigger the encoded actions, such as releasing funds from a treasury or updating a smart contract parameter. This separation between voting and execution adds a final layer of user consent and prevents automatic state changes.
voting-token-implementation
GOVERNANCE INFRASTRUCTURE
Step 2: Implementing the Voting Token and Snapshot
This guide details the creation of a custom voting token and the use of Snapshot for off-chain, gas-free governance to resolve market disputes.
The core of your governance model is the voting token. This is typically an ERC-20 token that represents voting power. For a prediction market, you can mint a fixed supply and distribute it to key stakeholders: the market creator, initial liquidity providers, and potentially a community treasury. The token contract must include a delegate function, allowing holders to delegate their voting power to another address, which is essential for voter participation in systems like Snapshot. This delegation is a key feature for building a representative governance structure without requiring token holders to vote on every proposal directly.
For the voting mechanism, using an off-chain solution like Snapshot is highly recommended for cost and efficiency. Snapshot is a decentralized voting platform that uses signed messages (EIP-712) instead of on-chain transactions, making voting gas-free for participants. You create a "space" on Snapshot (e.g., your-market.eth) and connect it to your voting token contract. Proposals, such as "Resolve Market X to Outcome Y," are created within this space. Voters then sign messages with their wallets, and Snapshot tallies votes based on the token balances (or delegated balances) at a specific block number, known as the snapshot block.
Setting the snapshot block is a critical step. This is the Ethereum block number used to determine each voter's token balance. It must be specified when creating a proposal and should be a block that was mined before the proposal is published, preventing users from buying tokens just to sway a single vote. The workflow is: 1) Deploy ERC-20 voting token, 2) Create a Snapshot space linked to the token, 3) For a dispute, create a proposal with the resolution options and the predetermined snapshot block, 4) Token holders delegate and vote off-chain, 5) Execute the on-chain resolution based on the Snapshot result using a privileged function in your market contract.
Here is a basic example of a minimal voting token contract with delegation, compatible with Snapshot:
solidity// SPDX-License-Identifier: MIT import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; contract GovToken is ERC20 { mapping(address => address) public delegates; constructor(uint256 initialSupply) ERC20("MarketGov", "MGOV") { _mint(msg.sender, initialSupply); } function delegate(address delegatee) public { delegates[msg.sender] = delegatee; } // Snapshot uses this function to check balance at a past block function balanceOfAt(address account, uint256 blockNumber) public view returns (uint256) { // In production, implement logic to return historical balance // This is a simplified example. return balanceOf(account); } }
For production, integrate a voting strategy in your Snapshot space. The default erc20-balance-of strategy checks the token balance at the snapshot block. For more complex governance, you could use strategies like erc20-with-delegation or whitelist. The final on-chain execution requires a relayer or a multisig wallet to read the proposal results from Snapshot's GraphQL API and call the resolution function in your market contract. This separation of concerns—off-chain voting and on-chain execution—provides a user-friendly and secure governance layer for managing your prediction market's lifecycle.
voting-logic-quorum
IMPLEMENTING CORE GOVERNANCE
Step 3: Coding the Voting Logic and Quorum
This section details the implementation of the on-chain voting mechanism, including proposal lifecycle management, vote casting, and quorum calculation.
The core of your governance contract is the voting logic. A typical implementation involves creating a Proposal struct to track the proposal's details, such as its id, description, forVotes, againstVotes, abstainVotes, and its current state (e.g., Pending, Active, Defeated, Succeeded). The contract must manage the proposal lifecycle, transitioning a proposal from Pending to Active after a delay and from Active to a final state once the voting period ends. Key functions include propose() to create a new proposal and castVote(uint proposalId, uint8 support) for token holders to vote.
To prevent double-voting and sybil attacks, voting power must be tied to a verifiable asset, most commonly an ERc-20 or ERc-721 token. The standard pattern is to take a snapshot of token balances at the block when a proposal is created. The getVotes(address account, uint256 blockNumber) function, as defined in OpenZeppelin's IVotes interface, allows the contract to query an account's voting power at that historical block. When a user calls castVote, the contract checks their voting power from the snapshot and adds it to the appropriate tally (forVotes, againstVotes, etc.).
A quorum is the minimum amount of voting power that must participate for a proposal's result to be valid. Without it, a tiny minority could pass proposals. Implement quorum by defining a quorumNumerator (e.g., 4 for a 4% quorum) and a QUORUM_DENOMINATOR (typically 100). The quorum is calculated as (totalSupplyAtSnapshot * quorumNumerator) / QUORUM_DENOMINATOR. A proposal only succeeds if the total votes cast (forVotes + againstVotes + abstainVotes) meet or exceed this quorum and the forVotes exceed the againstVotes.
Here is a simplified code snippet for a castVote function incorporating snapshot and quorum logic, using OpenZeppelin's governance contracts as a foundation:
solidityfunction castVote(uint256 proposalId, uint8 support) public virtual override returns (uint256) { Proposal storage proposal = _proposals[proposalId]; require(state(proposalId) == ProposalState.Active, "Governor: vote not currently active"); uint256 weight = _getVotes(msg.sender, proposal.voteStart, ""); // Get snapshot voting power require(weight > 0, "Governor: voting weight zero"); if (support == uint8(VoteType.For)) { proposal.forVotes += weight; } else if (support == uint8(VoteType.Against)) { proposal.againstVotes += weight; } else if (support == uint8(VoteType.Abstain)) { proposal.abstainVotes += weight; } emit VoteCast(msg.sender, proposalId, support, weight, reason); return weight; }
After the voting period ends, the state() function should evaluate the proposal's outcome. The logic should check: 1) Did the proposal meet quorum? 2) Did forVotes surpass againstVotes? If both conditions are true, the state becomes Succeeded; otherwise, it's Defeated. Proposals that succeed are typically queued for execution in a separate transaction. It's critical that this logic is immutable and transparent, as any flaw can lead to governance paralysis or attacks. Thoroughly test quorum calculations and state transitions with various token distribution scenarios.
For production use, consider leveraging audited base contracts like OpenZeppelin's Governor suite. These provide modular components for timelocks, vote counting, and different voting standards (e.g., ERC-20 GovernorVotes or ERC-721 GovernorVotesQuorumFraction). You can extend these contracts to add your custom market resolution logic. Always verify that your final quorum and voting period parameters (e.g., a 4% quorum over a 7-day voting period) are appropriate for your token's distribution and the desired responsiveness of your governance system.
dispute-escalation-path
GOVERNANCE
Step 4: Building a Dispute and Escalation Path
A robust governance model is essential for resolving market disputes and handling edge cases that automated logic cannot process. This step defines the on-chain rules and human-led processes for final arbitration.
The core of a dispute system is a time-locked escalation path. When a user challenges a market outcome, it triggers a dispute period—typically 24-72 hours—where other participants can review the claim and stake collateral to support or refute it. This initial phase leverages the "wisdom of the crowd" for low-cost resolution. Protocols like UMA's Optimistic Oracle popularized this model, where a claim is assumed valid unless disputed with a bond within the challenge window.
If a dispute is raised, the system must escalate to a final arbiter. This is often a decentralized oracle network (like Chainlink or API3), a dedicated DAO, or a panel of experts. The key is that the arbiter's address or contract is pre-defined in the smart contract's resolveDispute function. For example, a contract might store an arbiter address variable that only it can call to submit the final answer, ensuring the resolution is trust-minimized and on-chain.
Smart contracts must enforce bonding economics to prevent spam and frivolous disputes. The disputer must lock collateral (e.g., 100 DAI) that is slashed if their challenge fails, or awarded to them if it succeeds. The bond amount should be a significant percentage of the disputed payout. Here's a simplified Solidity snippet for initiating a dispute:
solidityfunction raiseDispute(uint256 marketId) external payable { require(msg.value == DISPUTE_BOND, "Incorrect bond"); disputes[marketId] = Dispute({ challenger: msg.sender, bond: msg.value, raisedAt: block.timestamp }); emit DisputeRaised(marketId, msg.sender); }
The governance model must also define data requirements for resolution. What evidence is admissible? This could be a specific API endpoint, a hash of off-chain data submitted via IPFS, or a merkle proof. The contract should specify the resolution criteria clearly, such as requiring the arbiter to return a bool or an int256 value. Ambiguity in these parameters is a major source of protocol failure.
Finally, consider a multi-tier escalation path for high-value disputes. A first dispute might go to a DAO vote using token-based governance (like Compound's Governor Bravo). If the vote is inconclusive or contested, it could escalate to a professional arbitration service like Kleros or Aragon Court. Each tier should have increasing time delays and bond requirements, creating a balance between speed for small disputes and security for large ones.
In practice, successful implementation is seen in prediction markets like Polymarket, which uses UMA's oracle for resolution, or Augur v2, which uses a multi-round, bond-based dispute system culminating in a forking mechanism. The goal is not to eliminate disputes, but to create a predictable, costly-to-game process that reliably converges on truthful outcomes.
CORE DECISIONS
Governance Model Design Trade-offs
Key architectural choices for on-chain governance and their implications for market resolution.
| Governance Feature | Token-Based Voting | Multisig Council | Futarchy / Prediction Markets |
|---|---|---|---|
Decision Speed | Slow (7-14 day cycles) | Fast (< 24 hours) | Slow (Market resolution period) |
Voter Participation | Typically < 10% | 100% (Council members) | Speculator-driven |
Attack Cost (Sybil) | High (Token acquisition) | Very High (Key compromise) | High (Market manipulation) |
Technical Complexity | Medium | Low | Very High |
Transparency | High (On-chain votes) | Medium (Off-chain deliberation) | High (Market prices) |
Adaptability to Crises | Low | High | Theoretically High |
Initial Capital Efficiency | Low (Wide distribution needed) | High | Medium (Market liquidity needed) |
Resistance to Whale Dominance |
integration-finalization
GOVERNANCE
Step 5: Integrating with Market Core and Finalizing
This step connects your custom resolution logic to the protocol's core and establishes a governance framework for managing disputes and upgrades.
After developing your custom ResolutionModule, you must integrate it with the protocol's MarketCore contract. This involves deploying your module and registering its address with the core system. The integration is performed by calling MarketCore.setResolutionModule(address _newModule) from an authorized address, typically the protocol's timelock-controlled governance executor. This function call updates a single storage slot in the MarketCore, making all future market resolution requests route through your new logic. It's critical to verify the module's interface compatibility and conduct thorough testing on a forked mainnet or testnet before executing this upgrade.
A robust governance model is essential for maintaining and evolving the resolution system. Proposals might include adjusting quorum thresholds, modifying dispute time windows, or upgrading to a new ResolutionModule version. Using a DAO framework like Compound's Governor Bravo or OpenZeppelin Governor, you can create proposals that execute the setResolutionModule function. For example, a proposal payload would encode a call to MarketCore.setResolutionModule(0xNewModuleAddress). Governance parameters such as voting delay, voting period, and proposal threshold must be calibrated to balance agility with security, preventing malicious or hasty changes to this critical system component.
Before finalizing, conduct a comprehensive audit of the integration. Key checks include: verifying the new module correctly implements the IResolutionModule interface, ensuring state transitions during resolveMarket are gas-efficient and revert on invalid inputs, and confirming that event emissions (MarketResolved) are accurate. Use invariant testing with tools like Foundry to assert that resolved markets cannot be re-resolved and that resolution payouts always sum to the market's total collateral. Finally, prepare documentation for governance participants detailing the changes, risks, and technical specifics of the new module to ensure informed voting.
resource-links
GOVERNANCE SETUP
Implementation Resources and Tools
These resources help teams design, deploy, and operate governance models for resolving markets, disputes, and outcomes in prediction markets, derivatives, and onchain financial products.
GOVERNANCE SETUP
Frequently Asked Questions
Common questions and solutions for developers implementing governance models for market resolution, covering smart contract design, voter incentives, and dispute handling.
The core difference lies in the default state and challenge mechanism. Optimistic governance assumes submitted market resolutions (e.g., "Yes" for a binary event) are correct by default. A challenge period (e.g., 3-7 days) follows, during which participants can stake collateral to dispute the result. The dispute escalates to a decentralized oracle or a specialized court (like Kleros or UMA's Optimistic Oracle) for final arbitration. This model prioritizes speed for undisputed outcomes.
Pessimistic governance requires a positive vote to approve any resolution before it is finalized. No resolution is accepted without explicit, majority consent from the governing body (token holders, a committee, etc.). This model is more secure against malicious proposals but is slower and can lead to governance gridlock. Use optimistic models for high-volume, lower-stakes events where speed is critical, and pessimistic models for high-value, irreversible decisions.
security-conclusion
GOVERNANCE
Security Considerations and Conclusion
A secure governance model is the final, critical component for a resilient on-chain market. This section outlines key security risks and summarizes the implementation journey.
Implementing a decentralized governance model introduces unique attack vectors. The primary risks include voting manipulation through token concentration or flash loan attacks, proposal spam that can paralyze the system, and timelock exploits where malicious proposals are executed before the community can react. To mitigate these, consider implementing a quorum requirement (e.g., 20% of circulating supply) to prevent minority rule, a proposal threshold to filter spam, and a mandatory timelock delay (e.g., 48-72 hours) between proposal passage and execution. These parameters must be carefully calibrated for your specific token distribution and market dynamics.
Smart contract security is paramount. Governance contracts hold significant power to upgrade core market logic, adjust fees, or manage the treasury. Use established, audited frameworks like OpenZeppelin's Governor to reduce risk. All governance contracts should undergo multiple professional audits before deployment. Furthermore, consider implementing a guardian multisig or security council with limited, time-bound emergency powers (like pausing the system) to act as a circuit breaker against a successful governance attack, providing a last line of defense while maintaining decentralization for routine operations.
The journey to a functional on-chain market involves integrating several core components: a liquidity pool (e.g., Uniswap V3, Balancer) for price discovery, an oracle (e.g., Chainlink, Pyth Network) for reliable external data, and finally, a governance system for decentralized parameter management. Each layer must be securely interconnected, with clear upgrade paths and fallback mechanisms. Testing this entire stack on a testnet like Sepolia or a fork of the mainnet is non-negotiable. Use tools like Tenderly or Foundry's forge script to simulate governance proposals and their impact on market state before going live.
In conclusion, building a governed on-chain market is a modular but intricate process. Success depends on selecting battle-tested primitives, rigorously auditing their integration, and establishing governance parameters that balance security with efficient operation. The end result is a transparent, community-owned financial instrument that operates predictably by code, yet remains adaptable to future challenges through a secure, democratic process. Start with conservative settings and allow the community to iterate, evolving the market into a robust public good.