Sybil resistance is a DAO's defence against one person secretly controlling many identities in order to swing a vote. The name comes from a 2002 paper by John Douceur (itself borrowing the title of a book about multiple-personality disorder), which showed that in any open, permissionless system without a trusted identity authority, a single adversary can forge enough distinct identities to overwhelm honest participants. For a DAO the stakes are direct: the moment voting power is measured by anything other than money — one-person-one-vote, quadratic voting, reputation — a cheap way to mint fake members is a cheap way to seize the treasury.
Why token voting sidesteps — and re-creates — the problem
Plain token-weighted voting is Sybil-resistant by construction: splitting your tokens across a thousand wallets gives you exactly the same total voting power, so fake identities buy nothing. That resistance is bought at a steep price — it is simply plutocracy, where whoever holds the most tokens decides. Every attempt to soften plutocracy by weighting votes more equally — giving each person a say rather than each token — immediately re-opens the Sybil door, because now each additional identity is worth something. Sybil resistance and resistance to plutocracy pull against each other, and bridging them is the central unsolved problem of egalitarian on-chain governance. (a16z governance FAQ)
Proof of personhood
The dominant answer is proof of personhood: a credential asserting that a wallet belongs to a distinct, unique human, without necessarily revealing which human. The leading approaches trade off differently on privacy, decentralization, and resistance to fakery:
- Biometric — World ID (Worldcoin) scans a person's iris with a physical "Orb" and issues a unique, privacy-preserving credential. Strong uniqueness guarantees, but it centralizes hardware and raises biometric-privacy concerns.
- Social graph — BrightID establishes uniqueness through a graph of mutual verifications in video calls, on the theory that fake accounts cannot easily forge dense, genuine social connections.
- Vouching + registry — Proof of Humanity maintains an on-chain registry of humans, each entry backed by a video and a deposit, and challengeable by anyone for a reward.
- Credential aggregation — Gitcoin Passport combines many weaker "stamps" (accounts, credentials, prior on-chain activity) into a single Sybil-resistance score, avoiding reliance on any one identity provider.
Zero-knowledge techniques increasingly sit on top of these, letting a voter prove "I am a unique registered human" without linking the vote back to the underlying identity. (Vitalik Buterin: What do I think about biometric proof of personhood?)
Where it matters most: quadratic voting and funding
Sybil resistance is not an abstract nicety — it is the load-bearing assumption under quadratic voting and funding. Quadratic schemes deliberately make additional influence from a single identity expensive (cost grows with the square of votes), which only dampens whales if each participant is one person. Without a working personhood layer, an attacker splits into many identities and the quadratic penalty evaporates entirely. This is why Gitcoin's quadratic-funding rounds spend heavily on Sybil defence: undetected fake donors don't just steal matching funds, they silently break the mechanism's core fairness promise. (Siddarth et al., "Who Watches the Watchmen?")
The hard limits
No personhood system is complete, and each has an honest failure mode. Coercion and vote-selling survive proof of personhood entirely — a verified-unique human can still be paid or pressured to vote a certain way, and a market in rented votes needs no fake identities. Privacy and exclusion cut the other way: biometric and government-ID methods risk surveillance and lock out anyone unwilling or unable to enrol, while looser social methods are easier to game. And every registry faces the base-rate problem that even a small false-acceptance rate, at scale, admits thousands of duplicates. The practical consensus is that Sybil resistance is a spectrum to be raised, not a box to be checked — which is why many DAOs layer personhood scores on top of, rather than instead of, some economic stake.
How Caper approaches this
A caper does not try to verify that each member is a unique human — it makes extra identities pointless instead. Voting weight is the product of a member's stake and their demonstrated participation, and participation is tracked by a soulbound token minted one per vote that can never be transferred or bought. A freshly created wallet therefore starts with zero participation and casts a zero-weight first vote, so spinning up extra empty identities adds nothing: each one would have to independently acquire real stake and vote, repeatedly, to earn any weight at all. The cheap half of a Sybil attack — manufacturing identities — buys no influence; the expensive half — genuine stake and repeated participation from every identity — is exactly what an honest, engaged member already does. It is a participation gate, not a proof of personhood, and it deliberately trades the egalitarian one-human-one-vote ideal for something a contract can enforce without biometrics or a trusted registry. That same earned weight also sets each member's pro-rata exit claim on the treasury.
References
- John R. Douceur, The Sybil Attack (2002) — the founding statement of the problem.
- Divya Siddarth et al., Who Watches the Watchmen? A Review of Subjective Approaches for Sybil-resistance in Proof of Personhood Protocols (2020).
- Vitalik Buterin, What do I think about biometric proof of personhood? (2023).
- a16z crypto, DAO governance FAQ.