Trust & Reputation at Gitcoin

TL;DR: Safe-keeping the community’s trust and deploying Gitcoin’s good reputation are two parts of a risk strategy that will enable the hypergrowth we’re headed towards.


As we look forward towards Seasons 18 & 19 and prepare workstream budgets, I wanted to take a moment to address the ways in which risk mitigation will be absorbed by the DAO. With the dissolve of FDD, Gitcoin has a unique opportunity to be intentional with our risk strategies and avoid common pitfalls that have crippled our peers.

Since joining this team in November of 2022, I have been overwhelmingly grateful (and frankly relieved) to find that the Gitcoin team is well-prepared to imbed risk thinking in all we do. We are not optimistic to the point of lacking pragmatism. Our rose-tinted glasses do not cloud our vision as we walk into a regenerative future. I am confident that this is the right team to build the tools that enable systems of reallocation that are more fair and more kind than any available today. There are two tenants that are central to our ability to deliver these tools, though: Trust and Reputation.

In short, our reputation is our most valuable asset. It outweighs our treasury holdings in that it delimits the potential value of those same holdings, now and in any future. Currency, after all, is a quantitative indicator of faith.

Meanwhile, the trust of our community enables us to build the future we all want to see. We have trust now and it’s ours to lose.

There are a few key threats to the maintenance of this hard-earned trust and this amazing reputation which we enjoy. The key threats as I see them are:

(1) Status-quo security measures

We’ve been building scrappily and moving fast. But the scams in the space are moving fast, too. We give out money as a core function—we are perhaps among the most obvious targets for low level phishing scams that the web3 world has ever seen.

In addition to the day-to-day exploits inherited from web2 vulnerabilities, we also are becoming increasingly more attractive for novel and higher-skill attacks. We seek to achieve levels of success which would make us a household name, but we need to shore up our security vulnerabilities in direct proportionality to our success in earning new community members. We are committed to open source and we happily solicit pull requests to build on top of our products permissionlessly—but it would be naïve to pretend that there are not increasing incentives for malicious code to be introduced to our products. Right now, Allo contracts have already redistributed $3 million dollars of grants, and as we prepare for Beta, we are taking in even more. Our success means an increased target on our backs, and now is the time to implement protective security practices—not after we’ve experienced an avoidable loss.

To leave you with only one of many possible horror stories: what happens when someone forks our Passport front-end and removes the code that hashes user credentials? All of the sudden, that actor has achieved not one but several sets of matched online credentials for both web2 and web3 accounts, along with cookie data and device information. We have socialized our community to input their info into Passport—it is our responsibility to socialize them also to use best practices and bookmark our pages and whitelist sites who are permitted to call their hot wallets.

(2) Over-generosity with our in-crowd (and the fact that we have an “in-crowd” at all)

While we allow the proverbial masses to determine the outcome of our grants rounds, Gitcoin does make decisions about who can be a funder and currently also makes the decisions (albeit democratically) about who can participate in a grants round as a grantee.

We have not yet found a way to really dig into the performance of our grantees as a retrogressive method, and unfortunately right now the most scrutiny that a grantee project (or a Grants Program Partner for that matter) will undergo is when they approach us for the very first time. The consequence of being overly generous with the “in-crowd” is that it makes for a casual deprioritization of new audiences and new projects who come to us.

With renewed attention on grantee reputation I am excited to think that the solutions for project accountability are in sight. I also want to articulate the positive side of this problem: We can be better advocates for our grantees and win the trust of emerging partners. In providing grantees clear methods to share their successes, and coaching on best practices for quantitative metric-setting, we are only strengthening the support we provide to our grantees. The draw of applying to Gitcoin Grants should not purely be a monetary award and a loose association with our logo. We can give grantees a springboard to their next level of success.

I would love to see Gitcoin getting serious about courting new projects who are outside of our normal audiences. The strength of our grants program depends on a healthy mix of new blood and best-in-class reporting on the success of the projects we’ve funded.

(3) Obscured transparency in decision-making

Is a muddy window still transparent? Fundamentally, maybe the window itself is not at fault for the obstruction. But we have a lot of muddiness in sharing our intents and our directives with community members, not least of which is a culture of verbosity (exhibit A: this post itself).

Not everyone in our community has time to sift through our forums, or watch hours of CSDO meetings. Many of our own core contributors don’t feel up-to-date or able to closely watch these channels. I’m deeply committed to learning practices that will increase transparency—not to shorten the conversation, or cheaply simplify a complex inflection point—but to get the need-to-know information out to the interested parties on a regular, reliable cadence.

I make these call-outs not to imply that the work to address these threats is not already underway. Many people throughout the DAO as well as stewards and individual community members are all already hacking on these core problems. Coming from a risk background, I make these call-outs because I find it useful to articulate and name the monsters in the forest. I’d like to drive consensus around this characterization of the threats we’re facing. If anyone thinks I have omitted key components that our risk strategy should address, I would love to hear that. Similarly, if anyone thinks I’ve overblown the level of threat that any particular category poses—I’d be hugely open to that feedback, too.

It is from a desire to continue to socialize a risk mindset that I wanted to share with the wider group the top three threats I’m thinking about when it comes to trust and reputation. I also wanted to introduce a bit of a language shift: any risk programs at Gitcoin should be protective—not reactive and never combative against our own community.

What traditional organizations too often get wrong is to pit risk mitigation against growth mindset. I am personally convinced that one enables the other. These framings are not at odds, but complimentary. Having worked in fraud and risk at two traditional web2 companies that underwent periods of extreme hypergrowth during IPO—I can honestly say that I feel the tremors before the storm in Gitcoin right now. To seek increased growth is to seek increased risk.

At the base of many of these solutions is the mandate of better data availability. With data comes enriched communication tactics for fact-sharing, and improved ability to meet our community in their attempts to fact-find. I have been ecstatic to see increased awareness for data practices crop up in every single workstream budget this time around.

More on this to come— but thank you to all of the amazing Gitcoiners who I have gotten to work alongside in scoping risk at the DAO. I am overwhelmingly grateful to be solving such high-quality problems with you and clearing the way for the regenerative future.

Thank you especially to @J9leger who was the first to hear my nascent thoughts on trust and reputation. Thank you to the deeply powerful advocate @M0nkeyFl0wer who has looped me into all ongoing risk-related talks in such an effortless way, and @connor who already does so much to remind the DAO of the monsters in the dark forest. @kevin.olsen for encouraging more ambitious data road mapping and @kyle for calling out the need for risk to imbed in all workstreams. To Azeem and Juanna for showing me the power of our reputation when deployed. Infinite thanks to @MathildaDV, @baoki, @zen and @koday for all your energy for the problems and all the talent you bring to the solving.

And of course all the thanks will always go to @disruptionjoe for your thought leadership and for inviting me to hack on these problems at Gitcoin in the first place—most especially for being a brave enough leader to jump first into all things you believe in.

Suffice to say—I for one am very excited for what’s to come.

I don’t have experience in this field so reading this put a but of fear in my heart, but in a good way. It feels good knowing that the Gitcoin ecosystem has such fierce defenders.

Maybe there is something we can do mid round to increase communication from grantees and visibility on their projects. This could help with repeat contributors each round and keep grantees more involved between the rounds.

This all makes me really excited about the direction Gitcoin is headed.

Big +1. Excited to think through how we can increase engagement generally and also serve this need for reputation of grantees to evolve over time. cc also @koday and Armando who are thinking through better grantee experience and comms cadence…

Glad you called this out and brought up data availability!

With FDD dissolving and its functions being embedded elsewhere in the DAO, I’d love to see Gitcoin get a better handle on:

• Round Managers: are they satisfied with outcomes? is there enough Sybil resistance?
• Projects: are they satisfied with the experience? do they feel they’re on a level playing field? how important is Gitcoin to their overall funding these days?
• Donors: are they satisfied with the experience? how is Passport performing with regards to type I/II errors?

It might be uncomfortable to see some of this data.

But, as you say, having a good data foundation is necessary to underpin hypergrowth.

Yes, I love the idea of us digging in more intentionally on all the user interview data!

I will also tease that we are exploring ways to go beyond just what our community tells us and get deeper into available learnings derived from how they actually interact with our products. As anyone working with a front-end tech product knows, there can be a significant chasm between what people say and what they do… Excited for new energy for UX research and event stream labeling so we can dig deep and course correct where needed.

I would welcome your expertise in thinking about labeling techniques for the typeI/II Passport failures, as well @ccerv1 - and happy to report we’ve taken a first stab at characterizing these for the alpha and beta rounds. Our biggest win with Passport at this time is that we saw a ~38% drop-off where known sybil-voters simply abandoned at the Passport check.

Strategically, we’ve chosen to tolerate false-negatives above false-positives that negatively impact our community, since we can continue to clean up sybil action through statistical analysis… But we’re very excited for the wins that will come with a new scoring model and new stamp data.

So in summary- stay tuned! Thank you as always for your guidance and sense-checking (+ beautifying of FDD datasets <3)!

Coming from a web 2 background having the experience setting up a digital agency, where the emphasis has always been on employee retention, employee motivation and revenue generation, with zero exposure to the concept of community building throughout my working career especially when you come from a part of the world where crypto is yet considered illegal and still has one of the highest adaptation with a population of nearly 300 million. I must say it has been a roller coaster ride living amongst a population trying to get them on board the idea of community & Web3 (Probably I am the only one in the whole country having an nft as there twitter dp) and its importance while at the same trying gain trust & reputation amongst web3 community myself.

Having said that with zero support and even resistance from within my own organization, I have been doing my part in order to educate and play my part. I launched a couple of projects on which a lot of work had already been completed in terms of artwork one of them being a Game project, because I have a strong belief that gaming not only us a huge industry in terms of revenues but it can be a major factor for growing the community as it is the most easiest to adopt. And whilst there has been lot of support in terms of the open source resources available. I feel there is a lot room for improvement and growth in games in Web 3. There is a huge difference between where games are at the moment in web 3 ( like gambling games and p2e) to the actual gaming experience like Minecraft, Roblox etc, and my belief is that a link can easily be generated between the two and can intern prove to be the biggest source of growth of the web3 Community, considering almost all 8 years old I know are addicted to Roblox, Fortnite Minecraft.

While working on the game project and whilst trying to get it accepted into the community I have come a long way and whilst in NFTS I came across the Gitcoin Quadratic funding NFTS by meta lab from where I got to learn a bit more about GITCOIN and I must say you guys impressed me with the amazing job you’re doing in terms of decentralization and the kind of people involved . Looking at which I pitched one of my game projects to gather some community support in the Gitcoin beta round and worked and with the limited help and finances tried to put in my best. I registered to git coin passport and made sure my score is good enoughto match funds as well as other errands of the proposal.

Sadly thought the application as I got up today was rejected, it was disheartening as I did put in a lot of effort to the application and I would agree with the decision in a way that probably I wasn’t able to fully communicate my idea to the community or probably I didn’t have a reputation or trust developed. But what puts me down the most is that even if I wasn’t convincing enough to be trusted with financials, some sort of feedback or reasoning would have been something that would probably had kept me going, considering that fact that I did put in time and finances in terms of gas fees and other expenses yet at the end I stand where I was before I applied. I would agree there are a lot of rug pulls an frauds out there but there is a lot of potential out there being over looked because of those frauds ( even I have been robbed of my personal money and nfts in the past) but considering Gitcoin as a fully decentralized initiative there should be certain other checks and information sharing so that we who might not be as well reputed as the rest of the community for whatever reason can unlock there true potential and do there bit in order to grow the community rather then just get disheartened and give up on the whole idea of it.

I am not saying I would give up any time soon but consider the above a recommendation from someone who is pretty much using all the resources at his to earn a reputation in the community whilst at the same time educating an huge audience who currently are reluctant in adapting to the web3 starting from my own organization.

This needs to be adopted as a guiding principle. Well said.

I love this callout. We have a unique ability to gain trust from the community. Continuing to earn it by providing positive support rather than solely focusing on stopping negative actions is wise.

This can’t be understated. Increased growth IS increased risk. However, we can also use trust and reputation to enable growth. Our ecosystem moat is the network effects of this delicate 3-sided market. Growth should be a priority, but viewing risk mitigation as counter to growth is counter-productive.

Thank you for writing this. You’re such a valuable mind in our community. It would be great if you shared your thoughts more!

Hey @OffroadStudios - so many good thoughts in here- but to respond high level: thank you for your feedback! We do need to take seriously the opportunity we have to welcome grantees in. While we will likely always have a democratic (or eventually crowd-sourced) process of vetting projects for maturity and viability, we definitely need to do more to help prospective grantees build their reputations. I think this starts with providing examples and uplifting our success stories through case studies (shout out to MMM) - I would welcome any other ideas about how to inspire and uplift those working hard in the space to make an impact.

Big +1 to what you say here! I can tell you there is amazing work being done to make this a reality, and I’m very excited for upcoming opportunities for Gitcoin community veterans to share their collective wisdom on community building.

We are glad to hear you’re not giving up and excited for the work you’re doing! Please stay involved

@ale.k Honestly I love the way the whole community is focussed on trying to improve the cause and just by the way even after rejection of my project in the review phase I had an email from the team in which they asked my input abt there decision and if I would like to add something to my previous proposal which actually shows the dedication of the team I must say truly impressive. I would agree with the idea of presenting case studies of success stories I would how ever be in a better position to present my case by the end of the round. Apart from that I think the gitcoin passport is an amazing tool and I force it as becoming a standard in the industry but the scores should be a little more visible on on the grantees profile rather then having to look for the link to figure out the score.
Looking at it from the donors perspective I have been looking through the projects and found some pretty inserting ones, id like to add though that all projects have no sorting what so ever as in they aunt sorted in any order I would assume ( Correct me if I am wrong ) It would vbe great if we could sort the projects in any category say probably on the basis of there gitcoin passport score or probably the number of donations received on the main caregory page hence making it easier for the donors to open and further read the description based on how the community has responded to a project. Once again these are just ideas and my perspective and while I do appreciate how the whole process is being handled !!!

Strongly agree with this! My phd advisor is a security researcher, and he loves to remind me how much the social practices around security matter. In his opinion, the security afforded by webs of trust and robust communication channels tends to be just as important as the security afforded by proper technical practices, or even more important. And I definitely see data availability as one way of increasing robustness in communication.

BTW, anyone thinking about security/fraud should also check out the recent Gitcoin Community Proposal from me, @ale.k, @erich, and @kevin.olsen! The idea is to implement new research Glen Weyl and I have done on collusion-resistant QF for the GitCoin ecosystem. I think this could be another awesome way to prevent fraud, while also helping grants become more pluralistic.

Big +1 to everything you said here, @ccerv1

Good news. Thank you for your sharing information. Good luck. To do is the best every day