# x/gov
Technical specification for Nibiru Chain's governance module, x/gov. The
module enables an on-chain governance system on the Nibiru network. In this
system, holders of the native staking token of the chain can vote on proposals on
a 1 token 1 vote basis.
# Abstract
Governance activities include:
- Proposal submission: Users can submit proposals with a deposit. Once the minimum deposit is reached, the proposal enters voting period.
- Vote: Participants can vote on proposals that reached MinDeposit
- Inheritance and penalties: Delegators inherit their validator's vote if they don't vote themselves.
- Claiming deposit: Users that deposited on proposals can recover their deposits if the proposal was accepted or rejected. If the proposal was vetoed, or never entered voting period, the deposit is burned.
# Contents
The following specification uses NIBI as the native staking token. The module can be adapted to any Proof-Of-Stake blockchain by replacing NIBI with the native staking token of the chain.
x/gov- Abstract
- Contents
- Concepts
- State
- Stores
- Messages
- Events
- Parameters
- Client
- Metadata
- Future Improvements
# Concepts
Disclaimer: This is work in progress. Mechanisms are susceptible to change.
The governance process is divided in a few steps that are outlined below:
- Proposal submission: Proposal is submitted to the blockchain with a deposit.
- Vote: Once deposit reaches a certain value (
MinDeposit), proposal is confirmed and vote opens. Bonded Atom holders can then sendTxGovVotetransactions to vote on the proposal. - Execution After a period of time, the votes are tallied and depending on the result, the messages in the proposal will be executed.
# Concepts: Proposal submission
# Right to submit a proposal
Every account can submit proposals by sending a MsgSubmitProposal transaction.
Once a proposal is submitted, it is identified by its unique proposalID.
# Proposal Messages
A proposal includes an array of sdk.Msgs which are executed automatically if the
proposal passes. The messages are executed by the governance ModuleAccount itself. Modules
such as x/upgrade, that want to allow certain messages to be executed by governance
only should add a whitelist within the respective msg server, granting the governance
module the right to execute the message once a quorum has been reached. The governance
module uses the MsgServiceRouter to check that these messages are correctly constructed
and have a respective path to execute on but do not perform a full validity check.
# Concepts: Deposit
To prevent spam, proposals must be submitted with a deposit in the coins defined by
the MinDeposit param.
When a proposal is submitted, it has to be accompanied with a deposit that must be
strictly positive, but can be inferior to MinDeposit. The submitter doesn't need
to pay for the entire deposit on their own. The newly created proposal is stored in
an inactive proposal queue and stays there until its deposit passes the MinDeposit.
Other token holders can increase the proposal's deposit by sending a Deposit
transaction. If a proposal doesn't pass the MinDeposit before the deposit end time
(the time when deposits are no longer accepted), the proposal will be destroyed: the
proposal will be removed from state and the deposit will be burned (see x/gov EndBlocker).
When a proposal deposit passes the MinDeposit threshold (even during the proposal
submission) before the deposit end time, the proposal will be moved into the
active proposal queue and the voting period will begin.
The deposit is kept in escrow and held by the governance ModuleAccount until the
proposal is finalized (passed or rejected).
# Deposit refund and burn
When a proposal is finalized, the coins from the deposit are either refunded or burned according to the final tally of the proposal:
- If the proposal is approved or rejected but not vetoed, each deposit will be
automatically refunded to its respective depositor (transferred from the governance
ModuleAccount). - When the proposal is vetoed with greater than 1/3, deposits will be burned from the
governance
ModuleAccountand the proposal information along with its deposit information will be removed from state. - All refunded or burned deposits are removed from the state. Events are issued when burning or refunding a deposit.
# Concepts: Vote
# Participants
Participants are users that have the right to vote on proposals. On the Cosmos Hub, participants are bonded Atom holders. Unbonded Atom holders and other users do not get the right to participate in governance. However, they can submit and deposit on proposals.
Note that when participants have bonded and unbonded Atoms, their voting power is calculated from their bonded Atom holdings only.
# Voting period
Once a proposal reaches MinDeposit, it immediately enters Voting period. We
define Voting period as the interval between the moment the vote opens and
the moment the vote closes. Voting period should always be shorter than
Unbonding period to prevent double voting. The initial value of
Voting period is 2 weeks.
# Option set
The option set of a proposal refers to the set of choices a participant can choose from when casting its vote.
The initial option set includes the following options:
YesNoNoWithVetoAbstain
NoWithVeto counts as No but also adds a Veto vote. Abstain option
allows voters to signal that they do not intend to vote in favor or against the
proposal but accept the result of the vote.
Note: from the UI, for urgent proposals we should maybe add a ‘Not Urgent’ option that casts a NoWithVeto vote.
# Weighted Votes
ADR-037 (opens new window) introduces the weighted vote feature which allows a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No.
Often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll.
To represent weighted vote on chain, we use the following Protobuf message.
For a weighted vote to be valid, the options field must not contain duplicate vote options, and the sum of weights of all options must be equal to 1.
# Concepts: Quorum
Quorum is defined as the minimum percentage of voting power that needs to be cast on a proposal for the result to be valid.
# Threshold
Threshold is defined as the minimum proportion of Yes votes (excluding
Abstain votes) for the proposal to be accepted.
Initially, the threshold is set at 50% of Yes votes, excluding Abstain
votes. A possibility to veto exists if more than 1/3rd of all votes are
NoWithVeto votes. Note, both of these values are derived from the TallyParams
on-chain parameter, which is modifiable by governance.
This means that proposals are accepted iff:
- There exist bonded tokens.
- Quorum has been achieved.
- The proportion of
Abstainvotes is inferior to 1/1. - The proportion of
NoWithVetovotes is inferior to 1/3, includingAbstainvotes. - The proportion of
Yesvotes, excludingAbstainvotes, at the end of the voting period is superior to 1/2.
# Inheritance
If a delegator does not vote, it will inherit its validator vote.
- If the delegator votes before its validator, it will not inherit from the validator's vote.
- If the delegator votes after its validator, it will override its validator vote with its own. If the proposal is urgent, it is possible that the vote will close before delegators have a chance to react and override their validator's vote. This is not a problem, as proposals require more than 2/3rd of the total voting power to pass, when tallied at the end of the voting period. Because as little as 1/3 + 1 validation power could collude to censor transactions, non-collusion is already assumed for ranges exceeding this threshold.
# Validator’s punishment for non-voting
At present, validators are not punished for failing to vote.
# Governance address
Later, we may add permissioned keys that could only sign txs from certain modules. For the MVP, the Governance address will be the main validator address generated at account creation. This address corresponds to a different PrivKey than the CometBFT PrivKey which is responsible for signing consensus messages. Validators thus do not have to sign governance transactions with the sensitive CometBFT PrivKey.
# Burnable Params
There are three parameters that define if the deposit of a proposal should be burned or returned to the depositors.
BurnVoteVetoburns the proposal deposit if the proposal gets vetoed.BurnVoteQuorumburns the proposal deposit if the proposal deposit if the vote does not reach quorum.BurnProposalDepositPrevoteburns the proposal deposit if it does not enter the voting phase.
Note: These parameters are modifiable via governance.
# State
# State: Proposals
Proposal objects are used to tally votes and generally track the proposal's state.
They contain an array of arbitrary sdk.Msg's which the governance module will attempt
to resolve and then execute if the proposal passes. Proposal's are identified by a
unique id and contains a series of timestamps: submit_time, deposit_end_time,
voting_start_time, voting_end_time which track the lifecycle of a proposal
A proposal will generally require more than just a set of messages to explain its
purpose but need some greater justification and allow a means for interested participants
to discuss and debate the proposal.
In most cases, it is encouraged to have an off-chain system that supports the on-chain governance process.
To accommodate for this, a proposal contains a special metadata field, a string,
which can be used to add context to the proposal. The metadata field allows custom use for networks,
however, it is expected that the field contains a URL or some form of CID using a system such as
IPFS (opens new window). To support the case of
interoperability across networks, the SDK recommends that the metadata represents
the following JSON template:
This makes it far easier for clients to support multiple networks.
The metadata has a maximum length that is chosen by the app developer, and passed into the gov keeper as a config. The default maximum length in the SDK is 255 characters.
# Writing a module that uses governance
There are many aspects of a chain, or of the individual modules that you may want to
use governance to perform such as changing various parameters. This is very simple
to do. First, write out your message types and MsgServer implementation. Add an
authority field to the keeper which will be populated in the constructor with the
governance module account: govKeeper.GetGovernanceAccount().GetAddress(). Then for
the methods in the msg_server.go, perform a check on the message that the signer
matches authority. This will prevent any user from executing that message.
# State: Parameters and base types
Parameters define the rules according to which votes are run. There can only
be one active parameter set at any given time. If governance wants to change a
parameter set, either to modify a value or add/remove a parameter field, a new
parameter set has to be created and the previous one rendered inactive.
# DepositParams
# VotingParams
# TallyParams
Parameters are stored in a global GlobalParams KVStore.
Additionally, we introduce some basic types:
# State: Deposit
# State: ValidatorGovInfo
This type is used in a temp map when tallying
# Stores
:::note Stores are KVStores in the multi-store. The key to find the store is the first parameter in the list :::
We will use one KVStore Governance to store four mappings:
- A mapping from
proposalID|'proposal'toProposal. - A mapping from
proposalID|'addresses'|addresstoVote. This mapping allows us to query all addresses that voted on the proposal along with their vote by doing a range query onproposalID:addresses. - A mapping from
ParamsKey|'Params'toParams. This map allows to query all x/gov params. - A mapping from
VotingPeriodProposalKeyPrefix|proposalIDto a single byte. This allows us to know if a proposal is in the voting period or not with very low gas cost.
For pseudocode purposes, here are the two function we will use to read or write in stores:
load(StoreKey, Key): Retrieve item stored at keyKeyin store found at keyStoreKeyin the multistorestore(StoreKey, Key, value): Write valueValueat keyKeyin store found at keyStoreKeyin the multistore
# Proposal Processing Queue
Store:
ProposalProcessingQueue: A queuequeue[proposalID]containing all theProposalIDsof proposals that reachedMinDeposit. During eachEndBlock, all the proposals that have reached the end of their voting period are processed. To process a finished proposal, the application tallies the votes, computes the votes of each validator and checks if every validator in the validator set has voted. If the proposal is accepted, deposits are refunded. Finally, the proposal contentHandleris executed.
And the pseudocode for the ProposalProcessingQueue:
# Legacy Proposal
A legacy proposal is the old implementation of governance proposal. Contrary to proposal that can contain any messages, a legacy proposal allows to submit a set of pre-defined proposals. These proposal are defined by their types.
While proposals should use the new implementation of the governance proposal, we need still to use legacy proposal in order to submit a software-upgrade and a cancel-software-upgrade proposal.
More information on how to submit proposals in the client section.
# Messages
# MsgSubmitProposal
Proposals can be submitted by any account via a MsgSubmitProposal transaction.
All sdk.Msgs passed into the messages field of a MsgSubmitProposal message
must be registered in the app's MsgServiceRouter. Each of these messages must
have one signer, namely the gov module account. And finally, the metadata length
must not be larger than the maxMetadataLen config passed into the gov keeper.
State modifications:
- Generate new
proposalID - Create new
Proposal - Initialise
Proposal's attributes - Decrease balance of sender by
InitialDeposit - If
MinDepositis reached:- Push
proposalIDinProposalProcessingQueue
- Push
- Transfer
InitialDepositfrom theProposerto the governanceModuleAccount
A MsgSubmitProposal transaction can be handled according to the following
pseudocode.
# MsgDeposit
Once a proposal is submitted, if
Proposal.TotalDeposit < ActiveParam.MinDeposit, Atom holders can send
MsgDeposit transactions to increase the proposal's deposit.
State modifications:
- Decrease balance of sender by
deposit - Add
depositof sender inproposal.Deposits - Increase
proposal.TotalDepositby sender'sdeposit - If
MinDepositis reached:- Push
proposalIDinProposalProcessingQueueEnd
- Push
- Transfer
Depositfrom theproposerto the governanceModuleAccount
A MsgDeposit transaction has to go through a number of checks to be valid.
These checks are outlined in the following pseudocode.
# MsgVote
Once ActiveParam.MinDeposit is reached, voting period starts. From there,
bonded Atom holders are able to send MsgVote transactions to cast their
vote on the proposal.
State modifications:
- Record
Voteof sender
:::note Gas cost for this message has to take into account the future tallying of the vote in EndBlocker. :::
Next is a pseudocode outline of the way MsgVote transactions are handled:
# Events
The governance module emits the following events:
# EndBlocker
| Type | Attribute Key | Attribute Value |
|---|---|---|
| inactive_proposal | proposal_id | |
| inactive_proposal | proposal_result | |
| active_proposal | proposal_id | |
| active_proposal | proposal_result |
# Handlers
# MsgSubmitProposal
| Type | Attribute Key | Attribute Value |
|---|---|---|
| submit_proposal | proposal_id | |
| submit_proposal [0] | voting_period_start | |
| proposal_deposit | amount | |
| proposal_deposit | proposal_id | |
| message | module | governance |
| message | action | submit_proposal |
| message | sender |
- [0] Event only emitted if the voting period starts during the submission.
# MsgVote
| Type | Attribute Key | Attribute Value |
|---|---|---|
| proposal_vote | option | |
| proposal_vote | proposal_id | |
| message | module | governance |
| message | action | vote |
| message | sender |
# MsgVoteWeighted
| Type | Attribute Key | Attribute Value |
|---|---|---|
| proposal_vote | option | |
| proposal_vote | proposal_id | |
| message | module | governance |
| message | action | vote |
| message | sender |
# MsgDeposit
| Type | Attribute Key | Attribute Value |
|---|---|---|
| proposal_deposit | amount | |
| proposal_deposit | proposal_id | |
| proposal_deposit [0] | voting_period_start | |
| message | module | governance |
| message | action | deposit |
| message | sender |
- [0] Event only emitted if the voting period starts during the submission.
# Parameters
The governance module contains the following parameters:
| Key | Type | Example |
|---|---|---|
| min_deposit | array (coins) | [{"denom":"unibi","amount":"10000000"}] |
| max_deposit_period | string (time ns) | "172800000000000" (17280s) |
| voting_period | string (time ns) | "172800000000000" (17280s) |
| quorum | string (dec) | "0.334000000000000000" |
| threshold | string (dec) | "0.500000000000000000" |
| veto | string (dec) | "0.334000000000000000" |
| burn_proposal_deposit_prevote | bool | false |
| burn_vote_quorum | bool | false |
| burn_vote_veto | bool | true |
NOTE: The governance module contains parameters that are objects unlike other modules. If only a subset of parameters are desired to be changed, only they need to be included and not the entire parameter object structure.
# Client
# CLI
A user can query and interact with the gov module using the CLI.
# Query
The query commands allow users to query gov state.
# deposit
The deposit command allows users to query a deposit for a given proposal from a given depositor.
Example:
Example Output:
# deposits
The deposits command allows users to query all deposits for a given proposal.
Example:
Example Output:
# param
The param command allows users to query a given parameter for the gov module.
Example:
Example Output:
# params
The params command allows users to query all parameters for the gov module.
Example:
Example Output:
# proposal
The proposal command allows users to query a given proposal.
Example:
Example Output:
# proposals
The proposals command allows users to query all proposals with optional filters.
Example:
Example Output:
# proposer
The proposer command allows users to query the proposer for a given proposal.
Example:
Example Output:
# tally
The tally command allows users to query the tally of a given proposal vote.
Example:
Example Output:
# vote
The vote command allows users to query a vote for a given proposal.
Example:
Example Output:
# votes
The votes command allows users to query all votes for a given proposal.
Example:
Example Output:
# Transactions
The tx commands allow users to interact with the gov module.
# deposit
The deposit command allows users to deposit tokens for a given proposal.
Example:
# draft-proposal
The draft-proposal command allows users to draft any type of proposal.
The command returns a draft_proposal.json, to be used by submit-proposal after being completed.
The draft_metadata.json is meant to be uploaded to IPFS.
# submit-proposal
The submit-proposal command allows users to submit a governance proposal along with some messages and metadata.
Messages, metadata and deposit are defined in a JSON file.
Example:
where proposal.json contains:
:::note By default the metadata, summary and title are both limited by 255 characters, this can be overridden by the application developer. :::
# submit-legacy-proposal
The submit-legacy-proposal command allows users to submit a governance legacy proposal along with an initial deposit.
Example:
Example (cancel-software-upgrade):
Example (community-pool-spend):
Example (param-change):
Example (software-upgrade):
# vote
The vote command allows users to submit a vote for a given governance proposal.
Example:
# weighted-vote
The weighted-vote command allows users to submit a weighted vote for a given governance proposal.
Example:
# gRPC
A user can query the gov module using gRPC endpoints.
# Proposal
The Proposal endpoint allows users to query a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# Proposals
The Proposals endpoint allows users to query all proposals with optional filters.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# Vote
The Vote endpoint allows users to query a vote for a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# Votes
The Votes endpoint allows users to query all votes for a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# Params
The Params endpoint allows users to query all parameters for the gov module.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# Deposit
The Deposit endpoint allows users to query a deposit for a given proposal from a given depositor.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# deposits
The Deposits endpoint allows users to query all deposits for a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# TallyResult
The TallyResult endpoint allows users to query the tally of a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# REST
A user can query the gov module using REST endpoints.
# proposal
The proposals endpoint allows users to query a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# proposals
The proposals endpoint also allows users to query all proposals with optional filters.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# voter vote
The votes endpoint allows users to query a vote for a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# votes
The votes endpoint allows users to query all votes for a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# params
The params endpoint allows users to query all parameters for the gov module.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# deposits
The deposits endpoint allows users to query a deposit for a given proposal from a given depositor.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# proposal deposits
The deposits endpoint allows users to query all deposits for a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# tally
The tally endpoint allows users to query the tally of a given proposal.
Using legacy v1beta1:
Example:
Example Output:
Using v1:
Example:
Example Output:
# Metadata
The gov module has two locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the gov and group modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure accross chains.
# Proposal
Location: off-chain as json object stored on IPFS (mirrors group proposal)
:::note
The authors field is an array of strings, this is to allow for multiple authors
to be listed in the metadata. In v0.46, the authors field is a comma-separated
string. Frontends are encouraged to support both formats for backwards
compatibility.
:::
# Vote
Location: on-chain as json within 255 character limit (mirrors group vote)
# Future Improvements
The current documentation only describes the minimum viable product for the governance module. Future improvements may include:
BountyProposals: If accepted, aBountyProposalcreates an open bounty. TheBountyProposalspecifies how many Atoms will be given upon completion. These Atoms will be taken from thereserve pool. After aBountyProposalis accepted by governance, anybody can submit aSoftwareUpgradeProposalwith the code to claim the bounty. Note that once aBountyProposalis accepted, the corresponding funds in thereserve poolare locked so that payment can always be honored. In order to link aSoftwareUpgradeProposalto an open bounty, the submitter of theSoftwareUpgradeProposalwill use theProposal.LinkedProposalattribute. If aSoftwareUpgradeProposallinked to an open bounty is accepted by governance, the funds that were reserved are automatically transferred to the submitter.- Complex delegation: Delegators could choose other representatives than their validators. Ultimately, the chain of representatives would always end up to a validator, but delegators could inherit the vote of their chosen representative before they inherit the vote of their validator. In other words, they would only inherit the vote of their validator if their other appointed representative did not vote.
- Better process for proposal review: There would be two parts to
proposal.Deposit, one for anti-spam (same as in MVP) and an other one to reward third party auditors.