EOS investors can’t say they weren’t warned.

What was foretold in a March blog post by ethereum creator Vitalik Buterin may have come to pass on the world’s fifth largest blockchain, with a bout of vote buying drama rocking the $5 billion protocol over the weekend.

That’s when a Twitter account named “Maple Leaf Capital” produced screenshots from a leaked Excel spreadsheet that supposedly show the China-based exchange Huobi, one of the world’s oldest and largest, accepting money for its support of certain entities in the charge of ensuring the network’s distributed decision-making.

The allegation is notable as EOS has only 21 “block producers,” trusted entities periodically elected to maintain the history of the blockchain and that receive rewards in the form of cryptocurrency for doing so.

No one can verify any of the claims made in this thread, nor the provenance of the spreadsheet’s data. Huobi promptly denied all the accusations.

However, that doesn’t mean damage control isn’t being done. Block.One, the creators of the EOSIO software, for which they raised $4 billion in a nearly year-long initial coin offering (ICO), issued its own statement on Tuesday.

It reads:

“We are aware of some unverified claims regarding irregular block producer voting, and the subsequent denials of those claims. We believe it is important to ensure a free and democratic election process within EOS and may, as we deem appropriate, vote with other holders to reinforce the integrity of this process.”

Accusations of wrong-doing aside, the controversy illuminates deeper issues, adding fuel to the fire for those who allege the EOS protocol may have an incomplete approach to governance.

At the simplest level, the debate is over whether block producers should be allowed to pay other people to vote for them. The EOS interim constitutions, documents designed to put forth rules for participants on the network, clearly ban vote buying, but that constitution has never been ratified by EOS users.

Yet, at the same time, EOS seems designed for block producers to support other block producers.

Block producers earn tokens and have an interest in the long-term health of the protocol, so some argue it seems natural that they would (and must) use those tokens to support other block producers they have collaborated with and believe to be good stewards of the network.

Kevin Rose, community manage of EOS New York, a block producer since launch, acknowledged the point but told CoinDesk: “Profit sharing and vote trading which compromise an organization’s ability to remain independent is the issue.”

Huobi did not immediately respond to a request for comment. Block One declined to provide additional comment.

Unfinished governance

Despite the lack of conclusions, however, the incident has heightened claims that the state of the EOS software was perhaps too primitive at launch, so it’s worth revisiting these claims which have now renewed.

First, EOS has on-chain governance, albeit a system in which only one decision can be made by the EOS token holders. That is, they can decide which companies have those 21 block producer seats that control EOS’s ledger.

Every other decision is up to those 21 block producers. They can even (as we’ve previously reported) lock up accounts they believe to be operating maliciously.

Second, EOS has a constitution that forbids buying votes, but it’s never been ratified. (It isn’t even clear what ratification means in that the software was released without a way to agree on rules.)

This point is relevant to a recent Medium post by ethereum developer Vlad Zamfir, in which he discusses the need for a governance scheme to attain legitimacy by having the consent of the governed.

In the case of EOS, whether that goal is satisfied remains unclear.

The interim constitution was put together by a committee of block producer hopefuls leading up to the EOS launch. Its last article acknowledges that it is an interim constitution until a new one can be ratified, but not only has ratification not proceeded: there isn’t even a a legitimized way to ratify it.

Since launch, new block producer hopefuls have entered the space who don’t know about or don’t care about the process that yielded the interim constitution, and some of them have managed to win one of those top spots.

Third, EOS governance as written does not work well with exchanges, which have custody over a vast amount of user cryptocurrency.

EOS governance is done through the wallet. If users turn custody of their tokens over to exchanges, there’s really no way for them to vote their tokens. Perhaps more importantly, there’s no way to prevent exchanges from voting the tokens of their users who don’t care to vote.

Voting works at the wallet level, so a person can only really vote if they have custody. Anyone who wants to express their opinion about who should be a block producer has to stake their tokens on EOS, which locks them up for at least three days.

Each wallet can vote for one to 30 block producers. However many they choose, each gets a vote for every token the user staked. So if a user has 10 staked tokens and they vote for 10 block producers, each one gets 10 votes. If they vote for 30, then all 30 get 10 votes. There’s no additional nuance.

Voting is also continuous. EOSIO software rechecks the vote counts every few minutes and if a new candidate has pulled into the top 21, one gets kicked out and that new one goes in.

Since users put their tokens into an exchange’s wallet (or wallets) to use them there, an exchange would have to go to great lengths to give their EOS holders a way to vote (such as creating a separate wallet for each permutation of votes). Bitfinex has written open source software to enfranchise its users, but it has limitations. We do not know of any other exchanges that have implemented it or anything similar.

The active EOS community has urged users since before the launch to take their tokens off exchanges, a point made by one user in a group video conference call of Chinese block producer candidates hosted by EOS Alliance, organized around the current controversy.

Lastly, EOS wallets are anonymous by default. This makes it impossible to know who is giving what to whom. It’s not as if the various block producers accused of paying Huobi would have to pay a portion of their block rewards to known Huobi wallet, after all.

So, even if Huobi hasn’t accepted any such payments, the present conversation reflects widely shared fears that something like this could happen.

Vitalik’s prediction

Still, some allege that those backing the EOS protocol have known about the issue, but been slow to satisfy concerns. Buterin, as an example, articulated the vulnerability to vote buying before EOS launched.

He wrote: “The average voter has only a very small chance of impacting which delegates get selected … their incentive is to vote for whoever offers the highest and most reliable bribe.”

At the time, he also observed that the tension around deciding who gets to be block producer “has essentially become yet another frontier of US-China geopolitical economic warfare.”

This remains true. Scanning various EOS-affiliated Telegram channels, we saw EOS holders announcing that they’d no longer vote for any China-based block producers at all. Though it might be more accurate to say the faultline is a tension between block producers who participated in the public launch and those who didn’t.

But it does reflect a deeper problem spurred by a failure to define rules at the outset.

Some users have been treating the interim constitution like so much (digital) paper. Besides the interim constitution, there’s also a block producer’s agreement, in which block producer candidates commit to have websites and disclose anyone who owns more than 10 percent of their company.

Some have not done so, and there’s little the community can do besides fork the protocol.

As Zamfir wrote on his blog:

“If a coordination mechanism is legitimate, people will (justifiably) act like it’s a fact that people will use it. … If it’s illegitimate then they will act like it’s a fact that people won’t use it.”

Some people with clout on the network aren’t acting like the the interim constitution and block producer agreement are legitimate. We already know that, because they don’t all do the things that agreement requires them to do.

So, even if Huobi isn’t buying votes now, eventually someone almost certainly will unless rules are put in place that the whole community views as legitimate.

In other words, it’s a problem that may just take time to sort out.

That was the take of a block producer calling itself Aurora EOS, which wrote on its blog:

“As EOS grows and supports more use cases, those invested in the long-term success of the network will combat the forces, like vote manipulation, that degrade the long-term security of the network.”

That is, if a decentralized community like EOS has already become fragmented, the built-in incentive for the network to succeed should promote solutions.

As Zamfir’s post points out: it won’t be enough for it to vote something through. It has to be viewed by enough participants as legitimate such that the lion’s share of participants feel inclined to follow the rules.

In the short term, if any block producers are using their clout avariciously, Block.One can crush them out of the top 21 with its giant pool of still on the sidelines tokens.

But one whale shoving aside others may not hold up as legitimate governance strategy over time either.

Crowd image via Consensus archives