v1.1 投票更新 & 关键社区讨论 (2025-10-28)

大家好，

DAO v1.1 提案的最终投票正在 Metaforo 上进行中。首先，非常感谢已经投出宝贵一票的社区成员！

投票情况同步： 在投票开始的24小时内，我们欣喜地看到社区展现出了前所未有的关注度。

• 投票进度： 目前总票数已达到 140,803,069 CKB，距离 1.85 亿的门槛已完成了 76.1%。
• 赞成率： 当前赞成票占比为 46.97%。
• 参与人数： 已有 15 位社区成员参与投票，其参与情况，已超过过去一年任一次元规则修改提案。

这说明社区对 DAO 未来的高度关切，无论最终结果如何，这都是一次成功的治理实践。

持续问答更新：一场关于 DAO 核心瓶颈的讨论

在 Metaforo 的投票页面上，一位社区成员提出了一个深刻且极具挑战性的反对意见。本着促进信息传播的原则，我们将这场重要的对话同步到这里，希望能让所有社区成员都能参与到这场思考中。

问：提案的核心前提，“有很多潜在的建设者被 v1.0 的流程卡住了”，并未得到证实。生态当前更可能的问题是“建设者稀缺”，而非“建设者被卡住”。因此，优化一个流入不足的管道（治理流程），不如将精力直接用于孵化和吸引建设者。

答： 这是一个最关键的问题。我们认为，大量数据表明：**我们当前失效的治理框架，正在主动地制造建设者稀缺”现象。

我们观察到：

• Talk 论坛上的提案：2023年有23个，2024年有19个，数量上并未出现明显下跌。然而，2023年提案的浏览量中位数是 1500 次，而2024年骤降至 437 次，仅为原来的三分之一。这意味着，当新的建设者带着想法来到这里时，他们的提案从一开始就无法获得必要的关注。
  

  

  Screenshot 2025-10-28 at 05.59.12.png#596px #323px840×455 14.2 KB

• 在2024年，有9个提案由社区外的团队成员发起，相比10个由社区内团队成员发起的提案，没有明显数量差别。但没有一个外部提案成功通过了 Talk 论坛的点赞阶段进入投票（在这里我想说明，这仅是对治理流程的分析，不评判任何项目本身的情况）。 其中一些团队，在发布提案后，苦等2个月，只收到了2条社区回复。这说明，缺少了必要的信息传递路径，一定程度会影响建设者的想法落地。

• DAO 成立至今，总计只有87人参与过投票。其中，有35人在2023年后停止投票，33人在2024年后停止投票。 我们活跃的治理核心正在萎缩。一个和我们这次提案响应建设者呼声，引入USDI计价相关的例子是：2024年一个关于将资助计价改为 USD 的元规则提案，获得了 100% 的赞成票，却因为总票数未达到1.85亿的门槛（90,411,228/185,000,000）而失败。
  可见，即使社区有明确的共识和有助于建设者的需求，我们当前的系统也无法将共识传递到足够多的治理者并转化为行动。

• 此外，一个鲜活的例子：就在上个月，CKBoost 在交付了里程碑后，却迟迟得不到支付，因为 v1.0 缺乏一个清晰的流程来处理此事。 这种挫败感，正在真实地伤害着每一个为生态贡献的建设者。

与之相对， 这次V1.1提案，通过模拟我们提议的流程：积极地沟通、澄清、迭代，我们这次的投票，在过去半天中激活了多个沉寂的治理参与者，甚至吸引了3位全新的成员来投票。 这证明了一个更好的流程，能够直接带来更高的参与度。

“工欲善其事，必先利其器”

我们相信，一个工匠如果斧头钝了，他最该做的不是更拼命地砍树，而是停下来，先把斧头磨快。

（完整的回复，请见 Metaforo 上的回应。）

我们欢迎所有人的观点。投票仍在继续，你的一票至关重要。

请前往 Metaforo 投出你的一票： https://dao.ckb.community/thread/vot-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal-64083

v1.1 Vote Update & Key Community Discussion`

Hello everyone,

The final vote for the DAO v1.1 proposal is currently underway on Metaforo. First, a huge thank you to all the community members who have already cast their valuable votes!

Voting Status Update: In the first 24 hours of voting, we’ve seen an incredible level of engagement from the community.

• Quorum Progress: The total votes cast have reached 140,803,069 CKB, which is 76.1% of the 185M CKB quorum.
• Approval Rate: The current approval rate is 46.97%.
• Participation: 15 community members have already voted. This level of participation has already surpassed any meta-rule proposal from the past year.

This demonstrates the community’s deep concern for the DAO’s future. Regardless of the final outcome, this is a successful governance event.

Ongoing Q&A Update: A Discussion on the DAO’s Core Bottleneck

On the Metaforo voting page, a community member has raised a profound and challenging objection, sparking a crucial debate about the DAO’s core bottleneck. To facilitate communication, we are syncing this important conversation here so that all community members can take part in this reflection.

Q: Many potential builders are being blocked by the v1.0 process is unproven. The more likely problem is that “builders are scarce,” not “builders are blocked.” Therefore, optimizing an empty pipeline (the governance process) is a lower priority than directly incubating and attracting builders.

A: This is the most critical question. We believe a significant amount of data shows that our current, failing governance framework is actively creating the phenomenon of scarce builders.

We’ve observed that:

• Proposals on the Talk forum: There were 23 in 2023 and 19 in 2024, not a dramatic drop. However, the median view count for proposals in 2023 was 1,500. In 2024, it plummeted to 437, roughly a third of what it was. This means when new builders arrive, their proposals fail to get the necessary attention from day one.
  

  

  Screenshot 2025-10-28 at 05.59.12.png#596px #323px840×455 14.2 KB

• In 2024, 9 proposals were initiated by team members from outside the community, a number not significantly different from the 10 proposals initiated by internal community members. However, not a single one of the external proposals successfully made it past the Talk forum’s like-gate to a formal vote. (I want to clarify here that this is purely an analysis of the governance process and not a judgment on any specific project itself.) Some of these teams waited 2 months to receive only 2 replies from the community. This indicates that the lack of a necessary path and process for information dissemination can, to some extent, hinder a builder’s idea from coming to fruition.

• Since the DAO’s inception, only 87 individuals have ever participated in a vote. Of those, 35 have not voted after 2023, and 33 have not voted after 2024. Our active governance core is shrinking. A perfect example, relevant to our proposal’s inclusion of USDI, is the 2024 meta-rule proposal to use USD amounts for DAO payments. It received 100% YES votes yet failed because the turnout (90,411,228 / 185,000,000) did not meet the quorum. This shows that even when there is a clear consensus on a builder-friendly need, our current system fails to mobilize enough participation to turn that consensus into action.

• And another real-world example: just last month, the CKBoost delivered a milestone but was left waiting for payment because v1.0 lacks a clear process to handle it. This frustration is actively harming the very builders who are contributing to the ecosystem.

In contrast, the v1.1 proposal process has simulated the very flow we are advocating for: active communication, clarification, and iteration. As a result, in just the last half-day, our vote has reactivated several long-dormant voters and even attracted 3 brand new participants. This demonstrates that a better process directly leads to better engagement.

An old saying goes:

“A craftsman who wishes to do his work well must first sharpen his tools.”

If an axe is dull, the right move isn’t to chop harder, but to stop and sharpen the axe.

(For the full response, please visit Metaforo.)

We welcome all perspectives. The vote continues, and every single vote is crucial.

Please cast your vote on Metaforo https://dao.ckb.community/thread/vot-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal-64083

Well said. The fact that not a single external proposal has successfully made it through the Talk forum in an entire year highlights a serious issue that needs to be addressed.

It doesn’t seem like we have really had any proposals in 2025 though

I feel like OP is raising an issue that has come up a good amount of times through the process (how to increase proposals), it is a concern that many people share.

Hi Matt,

在我上述分析中，确实没有包含2025年的 Talk 提案数据。这是因为2025年还未结束，为了进行年度间趋势比较，我只选取了2023和2024两个完整年度的数据。

而在 Metaforo 投票参与度的分析中，则包含了2025年。这样做的目的是为了观察，在模拟 v1.1 流程的情况下，社区的投票活跃度是否变化。感谢你提出这一点，让我可以把数据选择的逻辑解释得更清楚。

另外，我完全同意如何增加提案数量 绝对是 DAO 面临的最重要的问题之一，也是许多社区成员共同的关切。

正如我们在 AMA#2 中所讨论的，我们团队发起的 v1.1 提案，其核心目标是修复 DAO 当前在制度和流程上的缺失。我们相信，一个清晰、高效、可靠的治理框架，是吸引和留住建设者的前提。

然而，v1.1 本身并不直接旨在“创造”新的提案。我们非常欢迎、也期待其他团队或社区成员，能够针对这个问题，提出新的、有创意的提案。v1.1 是为了给这些未来的提案，铺平道路。

Hi Matt,

The previous analysis did not include the 2025 proposal data from the Talk forum. This was an intentional choice. To make a year-over-year trend comparison, I only used the data from the complete years of 2023 and 2024.

In the analysis of Metaforo voting participation, I did include 2025 data. The goal there was to observe the trend of voting activity over time, especially with the simulation of v1.1 processes. Thank you for bringing this up, as it allows me to explain the logic behind the data selection more clearly.

Moreover, I completely agree that increase proposals is absolutely one of the most important questions facing the DAO, and it’s a concern that many people share.

As we discussed during AMA #2, the core mission of our team’s v1.1 proposal is to fix the current institutional and procedural gaps in our DAO. We believe that a clear, efficient, and reliable governance framework is a precondition for attracting and retaining builders.

However, v1.1 itself is not designed to directly “create” new proposals. We would strongly welcome and look forward to other teams or community members bringing forward new, creative proposals to address exactly that problem. The v1.1 is meant to pave the way for those future proposals.

DAO v1.1 投票同步 & 关于交付时间的调整

大家好，

DAO v1.1 提案的最终投票正在进行中。首先，我们想向所有参与者，无论您投的是赞成还是反对，致以最诚挚的感谢。您们的参与，本身就是对社区治理最大的贡献。

投票情况同步：
在投票开始的两天内，社区的参与度远超预期：

• 投票门槛已达到： 目前总票数已达到 202,878,800 CKB，成功超过了 1.85 亿的元规则修改门槛！ 无论最终结果如何，这都证明了社区对 DAO 未来的高度关切。
• 赞成率： 当前赞成票占比为 45.99%。投票依然非常胶着，每一票都至关重要。

关于交付时间的调整与说明

在过去一个多月的审议和开发中，我们收到了大量宝贵的反馈，同时也积累了丰富的Web5开发经验，让我们对这个项目的复杂性和重要性有了更深刻认识。本着对社区负责、对交付质量负责的原则，我们决定对提案中的开发时间线进行一次主动、透明的调整。

更新日志 (2025年10月29日):

• 调整： “Milestone 1: MVP 开发与测试网上线” 的预计时间从2个月延长至 3个月 (2025年9月 - 2025年11月底)。
• 调整： “Milestone 2: 主网上线与试运行” 的预计时间相应顺延一个月，改为 (2025年12月 - 2026年2月中旬)。

变更理由说明：
我们做出该调整，不是因为遇到了意外困难，恰恰相反，是因为我们希望将这个项目做得更好，为社区交付一个真正高质量、可信赖的公共基础设施。具体原因如下：

1. 在开发过程中我们愈发清晰认识到，Web5 治理平台的许多模块（如投票合约、DID 身份验证等），都有潜力成为未来其他 Web5 项目可复用的核心组件。我们希望花更多时间，将这些基础打磨得更坚实。
2. 一个好的治理流程，不仅需要规则的完善，更需要在用户UI/UX的每一个细节上都做到清晰、易用。为了细化这些关键的用户体验功能，我们需要投入比原计划更多的时间。
3. 我们的目标是交付一个让社区成员愿意使用、并且用起来舒服的产品，而不是一个匆忙赶工的半成品。

最重要的是，这次时间调整并不会影响我们最初的承诺：我们依然会在今年的 CKCon 期间，向社区展示一个可供体验的 MVP 版本。

我们选择在投票期间公布这个调整，正是为了确保最大程度的透明。我们相信，一次负责任的、为了更高质量交付的主动规划，更能赢得社区的长期信任。

投票仍在继续，请前往 Metaforo 投出你的一票：
https://dao.ckb.community/thread/vot-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal-64083

v1.1 Vote Update & A Timeline Adjustment

Hello everyone,

The final vote on the DAO v1.1 proposal is underway. First, we want to extend our sincere gratitude to everyone who is participating, regardless of whether you voted Yes or No. Your engagement is the greatest contribution to our community’s governance.

Voting Status Update:
In the first 2 days of voting, the community’s engagement has exceeded our expectations:

• Quorum Reached: The total votes cast have reached 202,878,800 CKB, which has successfully surpassed the 185M meta-rule quorum! Regardless of the final outcome, it proves the community’s deep commitment to the future of the DAO.
• Approval Rate: The current approval rate is 45.99%. The vote remains very close, and every single vote is crucial.

Adjustments and explanations on delivery time

Over the past month of review, we have received a wealth of valuable feedback and gained extensive experience in Web5 development. In the spirit of being accountable to the community and to the quality of our deliverables, we have decided to make a proactive and transparent adjustment to the development timeline in the proposal.

Changelog (Oct 29, 2025):

• Adjusted: The estimated timeline for “Milestone 1: MVP Development and Testnet Launch” is extended from 2 months to 3 months (Sep 2025 - end of Nov 2025).
• Adjusted: The estimated timeline for “Milestone 2: Mainnet Launch and Trial Operation” is correspondingly shifted by one month to (Dec 2025 - mid-Feb 2026).

Rationale for the Change:
We are making this adjustment not because we’ve run into unexpected problems, but for the opposite reason: we want to do this project right and deliver a truly high-quality, reliable piece of public infrastructure for the community. The specific reasons are:

1. As we’ve moved deeper into development, we’ve realized that many modules of the Web5 governance platform (like the voting contract, DID authentication, etc.) have the potential to become core components that can be reused by other Web5 projects in the future. We want to take the extra time to make this foundation as solid as possible.
2. A good governance process requires not just good rules, but also a user interface that is clear and easy to use in every detail. We need more time than originally planned to refine these critical user-facing features.
3. Our goal is to deliver a product that community members want to use and enjoy using, not a rushed, half-finished tool.

Most importantly, this timeline adjustment does not affect our original promise: we will still be showcasing a usable MVP for the community to experience during this year’s CKCon.

We are choosing to announce this adjustment during the voting period to ensure maximum transparency. We believe that a responsible, proactive plan for a higher-quality delivery will earn more long-term trust from the community.

The vote continues, please cast your vote on Metaforo:
https://dao.ckb.community/thread/vot-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal-64083

大家好，关于 DAO v1.1 投票，一位社区成员投了反对票，核心理由是担心预算水分（例如域名等条目报价过高）。

我们在认真讨论后，刚刚在 Metaforo 上作出了回应，并新增了预算公开的承诺：

1. 完全透明承诺：
   在未来的每个里程碑完成后，我们将随交付报告一起，公开详细的、逐项的资金使用明细。

2. 成本控制承诺：
   所有非人力成本的基础设施预算（包括域名，及其他如服务器、合约部署费用等），我们将承诺“实报实销”：所有采购均保留票据，供社区随时审计。如有任何节余，将 100% 返还给 DAO 金库。

我们还详细解释了团队“加量不加价”（工期延长25%，预算不变），和各项预算的合理性。

我们相信这展现了最大的诚意和透明度。目前已有4.9亿CKB参与投票，成为DAO成立以来治理参与度最高的提案。投票结果依然非常胶着61.29%。我们恳请大家，阅读我们的完整回复，看到我们的行动和承诺：

https://dao.ckb.community/landing?method=share&thread=64083&refer_id=49172&post=1999532

Hi everyone, a community member has voted NO for the v1.1 proposal, with the core reason being concerns about high estimates in the budget (e.g., domains’ cost).

After careful discussion, we have just posted a formal reply on Metaforo, which includes the public commitments regarding the budget:

Full Transparency Commitment: After each milestone is completed, we will publish a detailed, itemized report of all fund usage alongside our delivery report.

Cost Control Commitment: All non-labor infrastructure budgets (including domains, and others such as servers, contract deployment fees, etc.) will be handled on an “at-cost reimbursement” basis. All receipts will be kept for community audit at any time. Any and all surplus funds will be 100% returned to the DAO treasury.

In our reply, we also detailed our “more work for the same price” situation (a 25% timeline extension with 0% budget increase) and the rationale for the budget.

We believe this demonstrates our utmost sincerity and transparency. The vote has now seen 490M CKB participate, making it the highest-engagement governance proposal in the DAO’s history. The result is still extremely close at 61.29%. We urge everyone to read our full reply, to see our actions and commitments:

https://dao.ckb.community/landing?method=share&thread=64083&refer_id=49172&post=1999532

感谢社区，我们的共同探索仍将继续

大家好，

为期7天的 DAO v1.1 提案投票已正式结束。

最终，投票共有527,873,238CKB参投，提案获得了 65.08% 的赞成票，未达到 67% 的元规则修改门槛。根据规则，DAO v1.1 提案未获通过。

我们坦然接受，并尊重社区最终的民主决策。

虽然提案本身未能通过，但在过去这一个多月里，我们与社区共同经历的这一切，是一次极其成功的治理实践。在这次投票中：

• 总参投 CKB 峰值达到了 6.03 亿，占 Nervos DAO 总锁仓量的 8.4%。
• 这是 CKB Community Fund DAO 成立以来，参与度最高、讨论最深入、最激烈的一次全民辩论。

我们成功地将整个社区的注意力，重新拉回到了对 DAO 未来的深度思考上。我们唤醒了沉睡的治理参与者，引发了关于 DAO 核心瓶颈的真正辩论。 仅凭这一点，我们所有的努力就是值得的。

致以最深的感谢

我们想向每一位参与者致以最诚挚的感谢：

• 感谢所有投出赞成票的朋友，你们的信任和支持，是我们坚持到最后一刻的全部动力。
• 我们更要感谢所有投出反对票、以及在审议月中提出尖锐批评和严谨质疑的成员。你们的挑战（无论是对预算、流程还是对核心前提的质疑），是 DAO 治理中最宝贵的制衡力量。你们迫使我们不断反思，也让这场辩论变得真正有价值。
• 感谢所有在 Talk、Telegram、Twitter 上参与讨论、分享观点的朋友。

未来何去何从

v1.1 提案虽然未能通过，但这不代表 v1.0 的问题已经消失。

DAO 的停滞问题依然摆在我们面前。提案团队将稍作休整，我们会认真复盘这次投票中社区所展现出的所有分歧和共识。

我们对 CKB 生态的承诺不会改变，对 DAO 治理的探索也不会停止。我们相信，社区会从这次深刻的讨论中汲取养分，未来一定会有更成熟、更能凝聚共识的 v1.2 或 v2.0 方案出现。

路虽远，行则将至!

再次感谢大家。

Thank You, Community. Our Shared Journey Continues.

Hello everyone,

The 7-day vote for the DAO v1.1 proposal has officially concluded.

In the end, 527,873,238 CKB participated and the proposal received 65.08% approval, which did not meet the 67% threshold required for a meta-rule change. According to the rules, the DAO v1.1 proposal has not passed.

We fully accept and respect this democratic decision from the community.

Although the proposal itself did not pass, we want to state that what we experienced together over the past month has been an incredibly successful governance event. In this vote:

• The total participating CKB peaked at 603 million, representing 8.4% of the entire Nervos DAO.
• This was, without question, the highest-engagement, most in-depth, and most intense public debate in the CKB Community Fund DAO’s history.

We succeeded in refocusing the entire community’s attention on a deep discussion about the future of the DAO. We re-engaged dormant voters and sparked a genuine debate about the DAO’s core bottlenecks. For this alone, all our efforts were worthwhile.

Our Deepest Gratitude

We want to extend our sincere gratitude to every single participant:

• To everyone who voted YES, thank you. Your trust and support were the fuel that kept us going until the very last minute.
• We must also thank everyone who voted NO and those who offered sharp critiques and rigorous scrutiny. Your challenges (on the budget, the process, and the core premise) are the most valuable check and balance in DAO governance. You forced us to constantly refine our thinking and made this debate truly meaningful.
• Thank you to everyone who joined the discussions on Talk, Telegram, and Twitter.

What’s Next

While the v1.1 proposal did not pass, the problems it sought to solve have not disappeared.

The issue of the DAO’s stagnation is still in front of us. The proposal team will take a short break, and we will carefully review all the disagreements and consensus points that emerged during this vote.

Our commitment to the CKB ecosystem is unchanged, and our exploration of DAO governance will not stop. We believe the community will draw strength from this profound discussion, and that a more mature v1.2 or v2.0 proposal that can achieve broader consensus will emerge in the future.

The road is long, but we will keep walking!

Thank you all again.

Sad to see the proposal not pass. I was really looking forward to the streamlined process it aimed to introduce. Hopefully, the resubmission builds on the lessons from this round and achieves broader consensus. If Nervos truly wants to renovate, the current process needs a serious overhaul. Kudos to the team for driving this forward and engaging the community at this level.

English Version

亲爱的社区成员，特别是此次提案的参与者们：

我代表 DAO 管理委员会，就本次提案的投票结果，发布以下调查与仲裁结果说明。

一、背景

在提案投票结束后，社区收到了多起关于投票公正性的投诉。

公开的讨论可见此帖：https://talk.nervos.org/t/community-fund-dao-v1-1-web5-recommendation-for-a-revote-on-the-community-fund-dao-v1-1-web5-optimization-proposal/9655/1

此外，还有多位成员通过私下渠道反映相似问题。

投诉的主要焦点在于：

投票账户 BroAllen 与 Mod 的投票权重的最后五位数完全相同，疑似重复使用了相同的 NervosDAO 地址 进行投票。

在收到投诉后，DAO 管理委员会认为这些怀疑合理且值得调查。

尽管当时尚无直接证据，但线索足以构成调查的起点。

我们随即启动了正式调查程序，期限为一周。

二、调查与结论摘要（TL;DR）

在截止日期前，我们找到了直接且可验证的证据。以下是调查与仲裁的主要结论：

1. Bug 发现

   我们确认 Metaforo 在基于 NervosDAO 存款计算投票权重时存在一个漏洞：

   用户在绑定 NervosDAO 地址完成投票后，可以解除绑定（unbind），再绑定到另一个账户进行重复投票。

2. 漏洞被实际利用

   调查确认该漏洞在本次投票中被利用。

   涉及的重复地址如下：

   ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsq22vda73jzdlu3lf6luskzcjz7z5ksa58stp95p5
   
   ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsqwpcdzq3q7klvy9esgjlsy9vrapke97kgsqmwwrp
   
   

   重复利用的权重合计：71,247,257

   该部分权重被用于反对票。

3. 未发现其他异常

   我们未发现除上述两个地址外的其他重复投票行为。

4. 仲裁决定：修正投票结果

   因此，委员会决定剔除重复的 71,247,257 票权重，并重新计算投票结果：

   • 赞成票：343,524,829

   • 反对票（修正后）：184,348,409 - 71,247,257 = 113,101,152

   • 新比例：343,524,829 / (343,524,829 + 113,101,152) = 75.23%

   修正后投票结果：提案以 75.2% 赞成票通过。

三、调查过程说明

1. 调查进展比预期更复杂。

   原因是 Metaforo 后端未保留完整的请求日志，数据库中也未记录 bind/unbind 状态变化。

2. 我们最终通过 Metaforo 前端实现细节，结合 CKB 浏览器后端日志，锁定了重复投票的证据。

3. 在调查过程中，我们意外联系到了 MOD（BroAllen）本人。

   他（她）承认了利用漏洞重复投票的事实，并提供了部分操作细节和动机。出于隐私考虑，本文不披露其个人信息。他（她）表示将在仲裁结果公布后以个人身份回应此事件。

四、致谢

此次调查和最终报告的形成得到了以下团队和个人的协助与支持：

• App5 团队(CKB浏览器团队)

• Metaforo 团队

• 社区成员 Yixiu

五、调查报告与日志资料

Metaforo 投票权重获取逻辑

• 绑定地址时，会去查询：

  • 该地址是否已被绑定（Metaforo平台内部）

  • 该地址下是否有处于「存款中」状态的 NervosDAO Cell（通过浏览器的/api/v2/dao_events接口获取），并拿到capacity，判断是否 > 0

• 投票时，会去：

  • 查询用户下绑定了多少NervosDAO地址

  • 依次遍历请求这些地址下处于「存款中」状态的 NervosDAO Cell（通过浏览器的/api/v2/dao_events接口获取），并拿到capacity（权重）

  • 对各个地址权重进行累加，得到该用户的投票权重

获取权重的代码如下：

image1010×727 138 KB

用户「Mod」的投票记录数据追踪

Metaforo 上 Mod 的投票完成的时间为 2025-10-28 08:18:27（UTC+0）：

image1920×936 148 KB

在ckb explorer的接口服务端，可以看到相同的时间段内，有三个地址顺序请求了/api/v2/dao_events 接口：

image2048×303 212 KB

Table1

图中数据两两一组，分别记录了请求入口，以及数据返回的时间（UTC+8）、请求地址。上图的日志里展示了在投票时 Metaforo 后端请求该账号当前绑定的3个CKB地址的权重，结合CKB浏览器的数据，这三个地址以及权重如下：

image1428×614 75.4 KB

考虑到 Metaforo 里忽略了小数点之后的权重，此累计权重与在 Metaforo 提案投票结果中 「Mod」的相符。

更进一步，我们抓取了Oct 28, 2025 @ 16:00:00.000 - Oct 28, 2025 @ 17:00:00.000 之间的请求记录（详细日志参见附件2）：

image1920×738 277 KB

Table2 BroAllen 投票前后的日志

发现只有上述3个地址相关的请求，由于来自 Metaforo 的投票均会进入这个请求，因此可以排除在此时间段有别的地址参与投票的可能性。

用户「BroAllen」的投票记录数据追踪

Metaforo 上 BroAllen 的投票完成的时间为 2025-11-03 19:44:05（UTC+0）：

image1920×793 127 KB

同样，我们抓取了 ckb explorer 后端的接口服务日志，看到该时段内有两个地址顺序请求了/api/v2/dao_events 接口（如图中红色标注区域），符合投票时 Metaforo 的请求行为：

image1920×484 180 KB

Table3

这两个地址的信息分别如下：

image1434×386 49.9 KB

考虑到 Metaforo 里忽略了小数点之后的权重，此累计权重与在 Metaforo 提案投票结果中 「BroAllen」的相符。

更进一步，我们抓取了 Nov 4, 2025 @ 03:00:00.000 → Nov 4, 2025 @ 04:00:00.000 之间的请求记录（详细日志参见附件3）：

image1920×501 179 KB

Table4 BroAllen 投票前后的日志

发现只有上述上述两个地址相关的请求，由于来自 Metaforo 的投票均会进入这个请求，因此可以排除在此时间段有别的地址参与投票的可能性，也即这一阶段只有 BroAllen 在 Metaforo 上投票。

分析

通过跟踪「Mod」和「BroAllen」的投票记录和请求日志，发现「BroAllen」和「Mod」两个账号在投票期间共用了以下地址来投票：

• ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsq22vda73jzdlu3lf6luskzcjz7z5ksa58stp95p5

• ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsqwpcdzq3q7klvy9esgjlsy9vrapke97kgsqmwwrp

累计权重达到 71,247,257 。

附录（相关日志文件）：

1. https://dao.ckb.community/thread/64083 提案投票期间两个地址的请求日志：
   log1, log2

2. 「Mod」投票前后的请求日志：
   log3

3. 「BroAllen」投票前后的请求日志：
   log4

4. 提案投票期间所有请求的日志（社区可以参考以上方法来进行验证）：
   log5

5. 日志文件重要字段说明

   

   image1444×354 38.9 KB

中文版

Dear Community Members, Especially the Participants of This Proposal:

On behalf of the DAO Funds Management Committee, I am releasing the following investigation and arbitration results regarding the voting outcome of this proposal.

I. Background

After the proposal voting concluded, the community received multiple complaints about the fairness of the voting process. Public discussions can be found in this thread: https://talk.nervos.org/t/community-fund-dao-v1-1-web5-recommendation-for-a-revote-on-the-community-fund-dao-v1-1-web5-optimization-proposal/9655/1 In addition, several members raised similar concerns through private channels.

The main focus of the complaints was: The last five digits of the voting weights for accounts BroAllen and Mod were identical, raising suspicions that the same NervosDAO address was reused for voting.

Upon receiving the complaints, the DAO Funds Management Committee deemed these suspicions reasonable and worthy of investigation. Although there was no direct evidence at the time, the clues were sufficient to initiate an investigation. We promptly launched a formal investigation procedure, with a duration of one week.

II. Investigation and Conclusion Summary (TL;DR)

Before the deadline, we obtained direct and verifiable evidence. The following are the main conclusions of the investigation and arbitration:

1. Bug Discovery We confirmed a vulnerability in Metaforo when calculating voting weights based on NervosDAO deposits: After binding a NervosDAO address to vote, users could unbind it and re-bind it to another account to vote repeatedly.

2. Vulnerability Exploited The investigation confirmed that this vulnerability was exploited in this vote. The duplicated addresses involved are:

   ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsq22vda73jzdlu3lf6luskzcjz7z5ksa58stp95p5
   
   ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsqwpcdzq3q7klvy9esgjlsy9vrapke97kgsqmwwrp
   

   Total duplicated weight: 71,247,257 This weight was used for opposing votes.

3. No Other Anomalies Found No additional duplicate voting behavior was identified beyond the two addresses above.

4. Arbitration Decision: Correct the Voting Results Therefore, the Committee decided to remove the duplicated 71,247,257 weight and recalculate the results:

   • For: 343,524,829

   • Against (corrected): 184,348,409 - 71,247,257 = 113,101,152

   • New Ratio: 343,524,829 / (343,524,829 + 113,101,152) = 75.23%

   Corrected Voting Result: The proposal passes with 75.2% in favor.

III. Investigation Process Details

1. The investigation was more complex than anticipated. The reason was that Metaforo’s backend did not retain complete request logs, and the database did not record bind/unbind state changes.

2. We ultimately locked in evidence of duplicate voting by combining Metaforo frontend implementation details with CKB Explorer backend logs.

3. During the investigation, we unexpectedly contacted MOD (BroAllen) in person. He/she admitted to exploiting the vulnerability for repeated voting and provided some operational details and motives. For privacy reasons, personal information is not disclosed in this document. He/she stated they would respond personally to the incident after the arbitration results are announced.

IV. Acknowledgments

The investigation and final report were made possible with the assistance and support of the following teams and individuals:

• App5 Team (CKB Explorer Team)

• Metaforo Team

• Community Member Yixiu

V. Investigation Report and Log Materials

Metaforo Voting Weight Retrieval Logic

• When binding an address, it queries:

  • Whether the address has already been bound (internally on the Metaforo platform)

  • Whether there are NervosDAO Cells in “deposited” state under the address (obtained via the browser’s /api/v2/dao_events interface), and retrieves the capacity to determine if > 0

• During voting, it:

  • Queries how many NervosDAO addresses are bound to the user

  • Sequentially requests the “deposited” NervosDAO Cells under these addresses (via the browser’s /api/v2/dao_events interface) and retrieves the capacity (weight)

  • Accumulates the weights of each address to obtain the user’s total voting weight

The weight retrieval code is as follows:

image1010×727 138 KB

User “Mod” Voting Record Tracking

On Metaforo, Mod completed voting at 2025-10-28 08:18:27 (UTC+0):

image1380×672 101 KB

On the CKB Explorer interface server, three addresses sequentially requested the /api/v2/dao_events interface during the same time period:

image1380×204 126 KB

Table 1

The data in the image is grouped in pairs, recording the request entry, data return time (UTC+8), and requested address. The logs above show Metaforo’s backend requesting weights for the three CKB addresses currently bound to the account during voting. Combined with CKB Explorer data, the three addresses and their weights are:

image1380×592 123 KB

Considering that Metaforo ignores weights after the decimal point, this cumulative weight matches “Mod”’s weight in the Metaforo proposal voting results. Further, we captured request records between Oct 28, 2025 @ 16:00:00.000 - Oct 28, 2025 @ 17:00:00.000 (detailed logs in Attachment 2):

image1380×530 178 KB

Table 2 – Logs Before and After Mod’s Vote

Only requests related to the above three addresses were found. Since all Metaforo votes pass through this request, the possibility of other addresses participating in voting during this period can be ruled out.

–-

User “BroAllen” Voting Record Tracking

On Metaforo, BroAllen completed voting at 2025-11-03 19:44:05 (UTC+0):

image1380×568 84.3 KB

Similarly, we captured CKB Explorer backend interface service logs and observed two addresses sequentially requesting the /api/v2/dao_events interface during this period (as marked in red in the image), consistent with Metaforo’s voting request behavior:

image1380×346 215 KB

Table 3

Information for these two addresses is as follows:

image1380×370 63.6 KB

Considering Metaforo ignores weights after the decimal point, this cumulative weight matches “BroAllen”’s weight in the Metaforo proposal voting results. Further, we captured request records between Nov 4, 2025 @ 03:00:00.000 → Nov 4, 2025 @ 04:00:00.000 (detailed logs in Attachment 3):

image1380×360 214 KB

Table 4 – Logs Before and After BroAllen’s Vote

Only requests related to the two addresses above were found. Since all Metaforo votes pass through this request, the possibility of other addresses participating in voting during this period can be ruled out—meaning only BroAllen voted on Metaforo during this phase.

Analysis

By tracking the voting records and request logs of “Mod” and “BroAllen,” we found that the two accounts shared the following addresses for voting during the voting period:

• ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsq22vda73jzdlu3lf6luskzcjz7z5ksa58stp95p5

• ckb1qzda0cr08m85hc8jlnfp3zer7xulejywt49kt2rr0vthywaa50xwsqwpcdzq3q7klvy9esgjlsy9vrapke97kgsqmwwrp

Cumulative weight: 71,247,257.

Appendices (Related Log Files):

1. https://dao.ckb.community/thread/64083 Request logs for the two addresses during the proposal voting period: log1, log2

2. Request logs before and after “Mod”’s vote: log3

3. Request logs before and after “BroAllen”’s vote: log4

4. All request logs during the proposal voting period (community members can refer to the above method for verification): log5

DAO v1.1 提案通过：感谢社区的质疑与信任

为期7天的 DAO v1.1 提案投票结果公布后，社区提出了关于投票公正性的质疑。DAO 多签委员会随即启动调查，并于今日发布了完整的调查报告：

中文 https://talk.nervos.org/t/dis-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal/8973/70

English https://talk.nervos.org/t/dis-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal/8973/71

调查确认：Metaforo 平台存在技术漏洞，允许用户通过解绑和重新绑定地址进行重复投票。这个漏洞在本次投票中被实际利用，涉及权重超过7100万 CKB。在剔除重复投票后，提案以 75.2% 的赞成票通过，实际参投量超过456M CKB，峰值一度达到6.03亿 CKB。

感谢所有参与者

作为DAO v1.1提案团队，我们想说的第一句话是：感谢。

感谢提出质疑的社区成员。你们的警觉启动了这次调查，你们的勇气让问题得以暴露。在很多组织里，质疑会被视为麻烦或不信任，但在一个健康的 DAO 里，质疑是最宝贵的贡献之一。

**感谢 DAO 多签委员会、App5 团队、Metaforo 团队。**你们用一周时间完成了一次严谨的技术调查。在没有完整日志、没有数据库记录的情况下，通过前端实现细节和浏览器后端日志锁定证据，这本身就是专业能力的体现。更重要的是，你们建立了一个可信的争议解决机制的先例。

感谢所有投票者，无论赞成还是反对。这次投票的参与度创造了 CKB Community Fund DAO 的历史记录。我们同样感谢那些在审议期间提出尖锐批评的成员，关于预算、流程、团队独立性的质疑迫使我们不断完善方案。现在我们还要感谢你们对结果修正的接受，这种接受本身就是对治理机制的信任。

这次波折让我们更加确信：社区需要自己控制的治理基础设施。我们的提案从一开始就主张建立社区拥有的平台，而不是依赖第三方工具。这次 Metaforo 漏洞的暴露和利用，以痛苦但清晰的方式验证了这个论点。

重申我们的承诺

在接下来的执行阶段，我们将严格遵守在审议期间所作出的公开承诺，包括：

1. 完全透明承诺： 每个里程碑都将发布详细的、逐项的资金使用明细。
2. 成本控制承诺： 所有非人力成本的基础设施预算（域名、服务器等），将按“实报实销”处理，所有节余 100% 退还 DAO 金库，并保留票据供社区审计。
3. 开源承诺： 平台所有核心组件（如投票合约、Web5相关通用组件）将完全开源，供未来社区项目复用。

接下来的工作

在社区审议和投票期间，为了增强社区对提案的信心，我们团队已经开启了部分工作。投票的结束，是全面推进工作的开始。我们将立即启动以下工作：

1. MVP 开发与测试网上线 (即日 - 2025年11月底):
   我们将确保在11月底完成包含核心功能的 MVP 版本，并在 CKCon 2025 前上线测试网，供社区进行第一轮的体验与测试。
2. 主网上线与试运行 (2025年12月 - 2026年2月中旬):
   完成所有规划功能的开发，将平台正式部署至主网，并开启社区试运行。
3. DAO 物业团队招募 (近期启动):
   我们将于近期正式面向全社区，公开邀请、招募第一届 DAO 物业团队的成员。物业团队将负责未来 DAO 的日常运营。这是一个服务社区的职位，我们真诚地欢迎所有有热情、有能力的朋友自荐或推荐。第一届DAO物业团队成员的遴选工作将由提案团队主持，本着公平和择优选择的原则，综合考虑物业团队成员组成。
4. 起草《运营手册》 (即日 - 2026年2月中旬):
   新组建的物业团队将与提案团队紧密合作，共同起草《DAO 物业运营手册》，以确保所有流程在主网上线前都清晰、透明。

这次投票的意义，不只是一个提案获得通过。它展示了当治理机制遭遇压力测试时，这个社区选择了调查真相而不是掩盖问题，选择了修正结果而不是维持表面共识，选择了从危机中学习而不是快速翻篇。这些选择定义了 CKB 社区的治理文化。

我们期待与整个社区一起，建设一个更高效、更透明、更具韧性的 DAO。

DAO v1.1 Proposal Passed: Gratitude for Community Scrutiny and Trust

Following the conclusion of the 7-day voting period for the DAO v1.1 proposal, community members raised concerns about voting integrity. The DAO Multisig Committee immediately launched an investigation and released a comprehensive report today:

Chinese: https://talk.nervos.org/t/dis-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal/8973/70

English: https://talk.nervos.org/t/dis-community-fund-dao-v1-1-web5-community-fund-dao-v1-1-web5-optimization-proposal/8973/71

The investigation confirmed that Metaforo platform contained a technical vulnerability allowing users to vote repeatedly by unbinding and rebinding addresses. This vulnerability was exploited during the voting process, involving over 71 million CKB in voting weight. After removing duplicate votes, the proposal passed with 75.2% approval, with actual participation exceeding 456M CKB and peak voting reaching 603 million CKB.

Thank You to All Participants

As the DAO v1.1 proposal team, the first thing we want to say is: thank you.

Thank you to the community members who raised concerns. Your vigilance initiated this investigation, and your courage brought the issue to light. In many organizations, questioning would be seen as trouble or distrust, but in a healthy DAO, scrutiny is one of the most valuable contributions possible.

Thank you to the DAO Multisig Committee, App5 team, and Metaforo team. You completed a rigorous technical investigation in one week. Without complete logs or database records, you pinpointed evidence through frontend implementation details and blockchain explorer backend logs. This demonstrates professional capability. More importantly, you established a precedent for credible dispute resolution mechanisms.

Thank you to all voters, whether for or against. This vote set a participation record in CKB Community Fund DAO history. We also thank those who raised sharp criticisms during the deliberation period. Questions about budget, process, and team independence pushed us to continuously refine our proposal. Now we also thank you for accepting the corrected results. This acceptance itself represents trust in governance mechanisms.

This experience reinforces our conviction: the community needs governance infrastructure it controls. Our proposal advocated from the beginning for building community-owned platforms rather than relying on third-party tools. The exposure and exploitation of the Metaforo vulnerability validated this argument in a painful but clear way.

Reaffirming Our Commitments

During the execution phase, we will strictly honor all public commitments made during the deliberation period, including:

1. Full Transparency Commitment: After each milestone is completed, we will publish a detailed, itemized report of all fund usage alongside our delivery report.
2. Cost Control Commitment: All non-labor infrastructure budgets (including domains, and others such as servers, etc.) will be handled on an “at-cost reimbursement” basis. All receipts will be kept for community audit at any time. Any and all surplus funds will be 100% returned to the DAO treasury.
3. Open Source Commitment: All core platform components (such as voting contracts and Web5-related general components) will be fully open-sourced for future community project reuse.

Next Steps

During the community deliberation and voting period, our team began preliminary work to strengthen community confidence in the proposal. The voting conclusion marks the beginning of full-scale advancement. We will immediately initiate the following work:

1. MVP Development and Testnet Launch (Now - End of November 2025):
   We will ensure completion of an MVP version with core functionality by the end of November, launching the testnet before CKCon 2025 for the community’s first round of testing and feedback.
2. Mainnet Launch and Trial Operation (December 2025 - Mid-February 2026):
   Complete development of all planned features, officially deploy the platform to mainnet, and begin community trial operations.
3. DAO Steward Team Recruitment (Starting Soon):
   We will soon formally invite and recruit members for the first DAO steward team from across the community. The team will handle future DAO daily operations. This is a community service role, and we sincerely welcome all passionate and capable individuals to self-nominate or recommend others. The selection of the first DAO steward team members will be conducted by the proposal team based on principles of fairness and merit, with comprehensive consideration of team composition.
4. Drafting the Operations Handbook (Now - Mid-February 2026):
   The newly formed property team will work closely with the proposal team to draft the DAO Property Operations handbook, ensuring all processes are clear and transparent before mainnet launch.

The significance of this vote extends beyond a proposal passing. It demonstrates that when governance mechanisms face stress tests, this community chose to investigate truth rather than cover up problems, to correct results rather than maintain surface consensus, to learn from crisis rather than quickly move on. These choices define CKB community governance culture.

We look forward to working with the entire community to build a more efficient, transparent, and resilient DAO.

v1.1 提案团队
The v1.1 Proposal Team

Thanks @poshboytl and everyone else involved in the investigation and congratulations @zz_tovarishch @yixiu.ckbfans.bit and the rest of the DAO V1.1 team!

Wow wonderful work everyone @poshboytl @zz_tovarishch @yixiu.ckbfans.bit and spescial thanks to App5 Team, Metaforo. I’m glad we exposed the vulnerability, and now have better captured the will of the community in implementing DAO v1.1 cheers everyone!

I’m still shocked that normal user actually hacked MetaForo out of spite over this proposal!! I had my reservations, but at least I’m trying to contribute in a concise & positive way. Wild times

@zz_tovarishch if you want to reduce the chance of future hacks on Community Fund DAO v1.1, would you like me to do a step-by-step review? Anyone else from the community want to review?

Also, since you showed proof your proposal won, can you start by open-sourcing the work being done?

Congrats, Phroi

Pretty funny that someone was so against the proposal to develop our own platform and get away from metaforo, but their actions just ended up proving how important it is that we develop our own platform.

4d chess

@zz_tovarishch too said something similar:

It’s a bug, likely fixable. Whoever developed the integration did not account for this exploit. The real issues are:

1. Where is the Open-Source code of Metaforo CKB integration??
2. Was it covered by an internal review? Was it audited externally?
3. Was the Community able to review it & contribute to it?
4. Was there any Bug Bounty covering it?

Again, a dude out of nowhere exploited a MetaForo CKB integration bug out of spite over this very proposal, instead of trying to contribute positively.

This means that incentives were not aligned.

It’s not about the Metaforo CKB integration itself, which is a valuable prototype, rather about the Community involvement in its development and bug discovery.

Please, let’s learn from these mistakes in Community DAO v1.1.

Phroi

Thanks, Phroi.

We appreciate your offer to review. Our commitment stands: full open source before mainnet launch.
Right now, we’re in rapid MVP development with daily code changes. We’ll open-source components progressively as they stabilize, giving the community meaningful review time before mainnet.

Best,

Even such an obvious bug hasn’t been discovered. When developing our own platform, what I’m more worried about is the usability of this new platform

Not every rule needs to be written, what you did was obviously against the spirit of the DAO.

I originally thought you must have withdrawn your Mod deposit from the DAO and deposited again as BroAllen, in which case you might have had a leg to stand on to argue it didn’t break any rules.

Because I also went back and read all the voting rules, including Jacky’s amendment you linked to and voting/withdrawing/depositing/voting surprisingly doesn’t break any rules (we really let that one slip by us!)

But just rebinding the same DAO deposit is an obvious exploit that no one could possibly argue that the votes be allowed to stand.