Summary
The case for the Dynamic Allocation Pool (DAP) asks the Polkadot community to measure economic security by a lower bound – validator self-stake plus an annuity of forfeited future rewards, about 12.5M DOT today – instead of the nominator-inclusive slashable stake, which the write-up’s own accounting puts at ~285M DOT and our independent computation puts at ~224M today (§4.1), and to conclude that removing nominator slashing is therefore safe.
This forum post reviews DAP, and we make three claims:
- DAP’s central premise – that a successful attack sends DOT’s value to zero – fails. It is internally inconsistent as used, it inverts how nine years of security literature treats value destruction, and it contradicts the accountable-safety design of Polkadot’s own finality gadget.
- DAP is a bet against the entire industry. Its argument uses nothing specific to Polkadot: if it is sound, every chain whose safety rests on slashing – Cosmos, Ethereum, every slashing-BFT design – is carrying two orders of magnitude more at-risk collateral than its security requires and could give delegated stake full consensus weight while exempting it from slashing, for free. None does. Polkadot under DAP would be the first chain to keep an accountable-safety consensus while giving full weight to the stake it has made unslashable.
- The real numbers, computed independently from chain state, show a significant reduction in Polkadot’s security. The collateral a corrupting third of the validator set must expose to slashing is ~224M DOT today. DAP’s substitute metric reports ~12.5M – an 18× reduction achieved by re-measurement, not by anything that happened on chain, and justified only by the failed premise. Worst-cased consistently, DAP’s own bound is ~2M. And referendum 1910 then makes ~2M the real figure: post-DAP, the at-risk floor is 2.01M DOT – a ~113× collapse that requires no assumption about post-attack price.
Thesis in one line: DAP is justified by a coordination attack whose chief antidote – slashable collateral – it switches off, on a value-destruction assumption that the security literature only ever places on the attacker’s side and that Polkadot’s own accountable-safety design contradicts.
1. The argument under review
Restated faithfully, DAP’s argument runs:
An adversary posts a bounty just above the lower bound L, payable to validators who help break consensus if the attack succeeds. If the attack succeeds, “all value would be wiped” (and, the write-up adds, the network’s value “diminishes and can’t be revived”), so a validator’s honestly-held stake becomes worthless anyway. Refusing the bribe therefore protects nothing; given that a chain-breaking coalition forms, each validator’s best response is to defect; all-defect is a Nash equilibrium. The operative worst case is therefore L – self-stake plus the net present value of forfeited future rewards – not the ~285M DOT of nominator-inclusive stake. Since L does not depend on nominator stake, removing nominator slashing does not lower the operative security floor.
On the live set (600 validators), our faithful recompute of L gives 12.45M DOT, of which 87% is the annuity of forfeited future rewards (era 2211–2212; the DAP write-up’s own status-quo figure is 14.7M). The slashable self-stake of the cheapest corrupting third of the set is ~2M DOT (1.98M, era 2221).
Every step of the argument routes through the clause “all value would be wiped”:
- “Staying honest protects nothing” requires the honest stake to become worthless on success.
- “The bounty is credibly collectible” requires the chain not to recover and claw it back.
- “The floor is L” requires the forfeited future rewards – 87% of L – to still be worth something.
Remove the value-to-zero premise and none of the conclusions follow. The next section shows it fails three independent ways.
2. The premise fails
2.1 Internally: the premise that fires the cascade also dissolves the floor
L is a coherent security floor only in the world where DOT retains value. Its largest component – the annuity, 87% of the number – is a claim on future validator rewards, and a claim on future rewards presupposes a surviving, valuable chain. That is the value-not-zero world. But the same argument invokes value-to-zero to make honesty collapse. The premise cannot hold in the place the conclusion needs it and fail in the place the number needs it. Split the two cases and the conclusion loses in both:
| Value → 0 true | Value → 0 false | |
|---|---|---|
| Is L the operative floor? | No – refusing protects nothing, so the bribe collapses toward ε per validator (Buterin’s P+ε, §2.2), and the annuity that is 87% of L is worth zero | Yes – L ≈ 12.5M is coherently computed |
| Does the coordination cascade fire? | Yes | No – honesty still protects live, valuable stake |
| Is removing nominator slashing safe? | Moot – the price wipes honest and dishonest identically; unslashability changes nothing | No – slashing is the live deterrent being removed |
Read the columns. If value really goes to zero, then L is not the floor the argument claims – the operative bribe is far below it, because a validator that gains nothing from honesty defects for almost nothing – and unslashability is beside the point, because an indiscriminate price collapse cannot tell friend from foe (deterrence requires a penalty targeted at provable misbehavior; a universal wipeout equalizes the honest and the dishonest). If value does not go to zero, L is computed correctly, but the cascade never fires, honest validators keep live stake worth protecting, and nominator slashing is exactly the deterrent that holds them. There is no setting of the premise on which “the operative worst case is L, so removing nominator slashing is safe” follows.
2.2 Against the literature: value destruction belongs to the attacker
The bribery-coordination attack DAP invokes has a nine-year published lineage, and the falsifiable claim is this: whenever value destruction enters a security model in that lineage, it enters on the attacker’s side – as an external payoff or a cost-reducer – never as a defender-side source of security.
- Buterin, The P+ε Attack (2015) – the paper whose “cost to attack collapses” headline the DAP argument echoes – achieves the collapse with a failure-conditional payment and needs no value destruction at all. The bribe pays out only if the attack fails, which makes defection weakly dominant and the attack near-costless in equilibrium. DAP’s success-conditional bribe is a different and weaker game (see FAQ), propped up by a value-to-zero assumption P+ε never needed.
- Bonneau (Why Buy When You Can Rent?, FC 2016), Budish (The Economic Limits of Bitcoin and the Blockchain, NBER 2018; published as Trust at Scale, QJE 2025), Ford & Böhme (2019) all model the attack payoff as external to the token – a double-spend, a rental arbitrage, a short position that profits because the token collapses. In every case value destruction makes attacks cheaper or more profitable. It is the reason validators defect, not the reason they stay honest.
- Karakostas, Kiayias & Zacharias (CCS 2024, arXiv:2402.06352) is the one paper that quantitatively parameterizes how much an attack destroys value – and derives the sign: the attacker’s budget to sustain the all-bribed equilibrium decreases as the attack’s value destruction increases. The same paper’s positive result – the field’s antidote – is that slashing and dilution can restore the honest protocol as an equilibrium. Slashable live collateral, not value collapse, is what defends.
DAP takes a phenomenon the literature uniformly scores as an attacker subsidy and re-labels it a security floor for the defender. That is a sign error relative to every source in the lineage.
2.3 Against Polkadot’s own design – and the historical record
GRANDPA, Polkadot’s finality gadget, is built on accountable safety (as is Casper FFG, from which the property is drawn): if a safety fault occurs – two conflicting finalized blocks, which requires ≥⅓ of validators to vote against the protocol rules – the misbehaving validators are provably identifiable from their own signed protocol messages (GRANDPA paper, Theorem 4.1: at least f+1 Byzantine voters can be identified). Attributable means slashable and forkable. The design premise of Polkadot’s own consensus is that a ≥⅓ safety fault is a recoverable, punishable event – the literal opposite of an unrecoverable extinction. If value-to-zero were true, accountable safety would be pointless: there would be no chain left to recover and no one worth slashing. Polkadot’s designers spent enormous effort on GRANDPA’s accountability precisely because they do not believe a safety fault ends the chain.
The historical record agrees. Ethereum Classic absorbed multiple 51%/deep-reorg attacks (January 2019; several in August 2020, including three in one month), suffered real double-spends – and survived, trading continuously since. The Monero/Qubic hashrate episode (2025, reorgs up to 18 blocks) produced a single-digit-percent dip that recovered within days, with no confirmed theft. Attacked chains get hurt and recover. None has gone to zero. (On why PoW reorgs are a fair reference class here, see the FAQ.)
Conclusion of §2: we live on the recovery branch. On that branch, honest validators hold live, valuable stake, so the cascade never fires; the bribe is not credibly collectible, because accountable safety names the defectors and the chain recovers; and the deterrent that holds the equilibrium is the targeted, full-exposure slash on live tokens. That is the deterrent DAP disables.
3. The bet against the industry
The DAP argument uses nothing specific to Polkadot. Read the coordination game on its own terms: a briber, a set of stake-weighted validators, a threshold coalition, a bounty. Nowhere does it invoke Phragmén election, maximin support, or anything else that distinguishes NPoS from generic delegated proof-of-stake. The argument is therefore portable: if it is sound on Polkadot, it is sound everywhere, and it proves the same thing everywhere – that slashing delegated stake buys no security, because the “real” floor is what a bribed operator personally forfeits, which delegated stake never raises.
So look at what the industry actually does. The relevant comparison class is the chains whose safety, like Polkadot’s, rests on slashing – the accountable-safety BFT designs that price the cost of corruption in burnable collateral: Tendermint/Cosmos, Ethereum’s Casper FFG, Polkadot’s GRANDPA finality and ELVES parachain-validity protocol. In this class, no production chain gives unslashable stake full weight in its safety denomination. Cosmos slashes delegations pro-rata alongside the validator. Ethereum has no protocol delegation to exempt, and its dominant liquid-staking venue (Lido) socializes slashing losses to the token holders who supply the stake. Polkadot, pre-DAP, slashes nominator backing at full weight. (Two apparent exceptions – the chains that never slash at all, and Tezos – are addressed in dedicated FAQ entries; neither is a counterexample.)
If the DAP argument is right, this entire class is over-provisioned. Cosmos could exempt its delegators, Lido could stop passing slashes to stETH holders – and every slashing-BFT chain is carrying roughly two orders of magnitude more at-risk collateral than its security requires, a free lunch a competitive, heavily-audited industry has somehow left on the table. Polkadot under DAP would be the first chain in the class to give full consensus weight to stake it has made unslashable – keeping an accountable-safety design whose entire purpose is to make faults attributable so collateral can be burned, while exempting from burning the stake that backs it.
Either the industry’s uniform practice is a hundred-fold error that DAP alone has seen through, or the argument for the full-weight exemption is missing something. §2 identified what it is missing.
4. From 224M to 2M
The descent from Polkadot’s actual security to DAP’s headline number happens in two reductions – one performed by argument in the DAP write-up, one performed on chain by referendum 1910. Neither survives scrutiny, and they end at the same place.
4.1 The pre-DAP figure, computed independently
The starting point needs no DAP methodology. Sort the active set by total slashable exposure (the on-chain Staking.ErasStakersOverview map), take the cheapest corrupting third (201 of 600 validators), and sum: 224.0M DOT. That is the minimum collateral any coalition capable of a GRANDPA safety fault must expose to slashing.
Its meaning as a security figure comes from the peer-reviewed, non-W3F literature. In Budish’s economic-limits framework (QJE 2025), a chain is secure against any attack whose external payoff is smaller than the capital the attacker stands to lose. For a self-inserting attacker – one that supplies or marshals the backing behind its own validators – that loss is the full 224M: an attacker supplying the backing internalizes the slash directly, and one marshaling third-party backing must compensate its owners for the same expected loss. Pre-DAP the 224M is borne either way. Karakostas–Kiayias–Zacharias’s positive result (CCS 2024) assigns the same quantity the same role: the destructible collateral of the deviating coalition is the counter-incentive that renders the honest protocol an equilibrium. In both frameworks, pre-DAP Polkadot is secure against attacks worth up to ~224M DOT.
The DAP write-up’s own accounting corroborates the number rather than contradicting it: DAP’s upper bound (“Scenario A,” ~285M, computed with a per-seat shortcut) and the naive ⅓-of-total-stake figure (~278M) land within ~30% of the independent computation. The dispute is not what the metric says; it is his decision to discard the metric.
4.2 First reduction: 224M → 12.5M, by re-measurement
The DAP write-up replaces this figure with the lower bound L ≈ 12.5M – an 18× reduction in which nothing on chain moves. (The two figures come from snapshots ~10 eras apart; the staked total moved under 2% between them, immaterial to the ratio.) The reduction is achieved entirely by swapping the measurement instrument: from collateral at risk (what the protocol can burn on a misbehaving coalition) to what a bribed incumbent personally forfeits (its self-stake plus its own forgone rewards). The swap’s only justification is the value-to-zero cascade – nominator stake is declared illusory as security because a successful attack allegedly wipes everyone out regardless – and that justification is what §2 dismantled.
Two properties of the substituted metric complete the picture. It is nominator-independent by construction, so it is guaranteed – before any economics is done – to read the same on both sides of a reform whose entire content is nominator collateral; its invariance under DAP is a property of the instrument, not evidence about the network. And the discarded metric is not some external standard: it is Cevallos & Stewart’s “total collateral susceptible to being lost” (arXiv:2004.12990), the quantity NPoS’s maximin-support election exists to maximize, which Gehrlein both computes himself (Scenario A) and has published within (arXiv:2312.11408).
4.3 Second reduction: 12.5M → 2M, by the argument’s own worst-case discipline
Even the 12.5M does not survive the argument’s own premise. As §2.1 showed, L is a coherent floor only in the value-not-zero world; in the value-to-zero world the argument needs, its 87%-annuity component is worthless and the operative bribe collapses below it. So the largest number the DAP framework can consistently defend as a worst-case floor is the slashable self-stake of the cheapest corrupting third: ~2M DOT.
So the honest reading of the DAP write-up’s own framework is not “security is 12.5M.” It is: security today is ~224M; the write-up re-measures it at 12.5M on a premise that fails; and consistent worst-casing of its own substitute yields ~2M. What makes this more than an accounting dispute is that referendum 1910 then makes the ~2M real.
4.4 DAP enacts the 2M floor
The mechanism in code
In the staking-async implementation, nominator slashability is a Root-controlled configuration flag:
AreNominatorsSlashableis a storage value defaulting totrue, settable viaset_staking_configsunderensure_root.- Offence processing branches on the per-era snapshot of the flag: when true, the full nominator-inclusive path (
process_offence) runs; when false,process_offence_validator_onlyslashes the validator’s own stake with an emptyotherslist – nominator exposures are simply not enumerated. - When the flag is false, nominators also receive fast unbonding (
NominatorFastUnbondDuration= 2 eras, on the order of half a day) instead of the full bonding duration.
Referendum 1910 flips this flag to false. Two consequences of the flag mechanism deserve emphasis. First, keeping nominator slashing off is a standing governance choice, held by whoever controls governance – and (§5) the change’s largest beneficiary holds a large share of that vote. Second, “governance can flip it back in a crisis” is not a symmetric safety valve: fast unbonding means the backing behind an attacker’s validators can exit in an era or two, faster than governance can detect, propose, and enact re-enablement. The exit outruns the correction.
The effect on chain state
Post-DAP the attacker optimizes differently. Pre-DAP, the cheapest corrupting third is the 201 validators with the least total backing: 224.0M DOT at risk. Post-DAP, backing is riskless, so the attacker picks the 201 validators with the least self-stake: 2.01M DOT at risk – while that third carries 287M DOT of now-unslashable backing, more than the pre-DAP minimum, because backing has stopped costing the attacker anything. Same snapshot (era 2221), same chain-state query: the at-risk barrier falls ~113×, a ~99% collapse, with no assumption about post-attack price.
One term does not appear in this comparison, deliberately: the annuity of forfeited future rewards is unchanged by DAP – an attacking validator forfeits its future income before and after the reform alike – so it cancels out of the before/after comparison entirely. (And it cannot prop up the post-DAP floor at ~12.5M: it is forgone income, not collateral the protocol can seize, and §4.3 gave the reason it cannot serve as a worst-case floor.)
The attack this matters for
The value-to-zero-independent attack that slashable backing deters is not bribery of honest incumbents – it is self-insertion: an attacker runs its own ≥⅓ of the validator set atop backing it controls. Against self-insertion, the defenses that protect the bribery game – screening, reputation, repeated play – do nothing, because there is no independent counterparty. Two costs gate it: the acquisition cost of marshaling enough stake to win ⅓ of the seats under NPoS election, which DAP does not remove, and the at-risk cost – the exposure of that backing to slashing – which is exactly what DAP removes.
The collapse is most concrete for an attacker whose acquisition cost is already largely sunk – one that already holds backing at scale. The largest such entity holds ~17.5% of the set (§5), over half the distance to a corrupting third, and under the set reduction to 250–300 validators now on Polkadot’s own roadmap its existing ~105 seats would cross the ⅓ threshold outright. For an incumbent at that scale, the ~113× at-risk collapse is close to the entire security change: the backing behind its validators simply stops being hostage to their behavior, with little left to acquire. Section 5 documents that exactly one entity of this scale exists.
Which layers this hits
The collapse lands precisely on the slashing-dependent layers identified in §3. Block production (BABE) belongs to the honest-majority family and is largely unaffected – it degrades to roughly Cardano’s security model. Finality (GRANDPA) and parachain validity (ELVES) are the layers whose safety is denominated in slashable collateral, and they take the full ~99% reduction: liveness roughly unchanged, safety down two orders of magnitude. Note also what unslashability does not change: the fraction of validators needed to break safety stays ~⅓ – DAP lowers the cost of the attack, not its difficulty threshold.
Why does the thin residual floor matter only now? Because pre-DAP, the slashable-backing barrier dominates every softer number – the annuity, the bribery figures, the self-stake floor are all immaterial while ~224M of live collateral stands behind any corrupting third. DAP switches off the dominating barrier, and only then does the ~2M residual become the operative worst-case floor of the network.
5. The conflict of interest
Three facts:
- A single nominating entity backs ~17.5% of the active set. We have recently identified a large validator bloc, and we have strong evidence that this is simply W3F/Parity. The backing – on the order of 135M DOT – is entirely one entity’s.
- DAP converts that backing from slashable to unslashable. This holds regardless of who operates the nodes: the benefit accrues to the backer.
- The same affliated entity authored, proposed, and voted in relevant referenda enacting DAP.
Grouped by backing entity rather than by validator identity, Polkadot’s concentration picture also changes: counting backing groups, the top few groups exceed the ⅓ finality threshold at a coefficient on the order of 4.
Put plainly: the entity switching off the antidote is the entity whose position the antidote most constrains. We state this as a structural conflict to be disclosed and reconciled – not an allegation of bad faith. But a proposal that changes the economic security model cannot be evaluated as if authored behind a veil of ignorance about who holds the stake, and it raises the bar for the safety case: the party asking the community to accept “the lower bound is the right measure” is the party whose exposure that measure minimizes.
FAQ
“Pivotal-bribe worst-casing is standard method. Are you rejecting it?” No – it is the right method (Bonneau’s rent-vs-buy discipline), and we use it ourselves. We dispute what is plugged into it: a value-to-zero premise the frame does not need and the literature places on the other side of the ledger. The frame is sound; the instantiation is not.
“Doesn’t the naïve 285M figure genuinely overstate security?” Yes, read as an attack cost – a rational attacker bribes the pivotal fraction, it does not buy the whole set, and DAP is right to push back on 285M-as-price-of-attack. But attacker outlay and defender collateral-at-risk are two different numbers, and the second is the one NPoS was designed to maximize and the one DAP changes. “The attacker need only spend L” does not imply “only L is really at stake.” Conceding the first proposition – which we do – does not license removing the slashability of the second.
“The annuity is valued in the no-attack world and value-to-zero applies in the attack world – different branches, not a contradiction.” Correct that they are different branches – and that is the dilemma, not an escape from it. L is offered as the operative worst case that justifies removing nominator slashing. On the branch where value goes to zero – the one that makes the cascade fire – the annuity that is 87% of L is worthless, and a validator who gains nothing from honesty defects for almost nothing, so the operative bribe collapses below L: L is not the floor. On the branch where value survives, L is computed correctly, but the cascade never fires, honesty holds, and nominator slashing is the live deterrent. The standard pivotal-bribery defense of L – each member’s bribe must cover its opportunity cost in the counterfactual where it refuses and the attack fails – lives entirely on this second branch, the survival world where slashing binds. Neither branch yields “L is the worst case, so removing slashing is safe.”
“Post-DAP, doesn’t the attacker still risk its ~287M of backing through the price impact of the attack?” Three reasons that is not a slashing-equivalent deterrent. First, under DAP the backing need not be the attacker’s own capital: unslashable backing is risk-free to whoever supplies it, so an attacker can attract third-party nominators to back its validators rather than post the 287M itself. Second, an attacker that does hold the exposure can hedge or short it – by the same rent-vs-buy logic the literature applies to attackers (Bonneau; Ford & Böhme), a price decline becomes a payoff rather than a cost. Third, and decisively, a diffuse market dip is not a targeted protocol penalty: it falls on honest and dishonest backing alike, so it cannot supply the differential deterrence slashing does (the friend-from-foe point of §2.1). The price impact on the 287M is real, but it is neither reliably borne by the attacker nor differential; the ~1.98M slashable floor is what survives all three.
“Doesn’t the coordination game show honesty collapses regardless of slashing?” The game actually constructed doesn’t show that. Buterin’s P+ε earns the “cost collapses” headline because its bribe pays when the attack fails, making defection weakly dominant and eliminating the honest equilibrium. A bribe conditional on success – DAP’s construction – yields a stag hunt with two equilibria in which honesty survives, which is why he must concede that Nash equilibrium cannot select the played strategy. Nor does global-games selection rescue all-defect: that machinery requires players to observe payoffs through private noise, and a publicly announced bounty is common knowledge – exactly the regime where the uniqueness result does not apply.
“Cardano, Avalanche, and Algorand run fine without slashing – doesn’t that prove slashing is dispensable?” No, because these chains never had a slashing pillar to remove. Their safety was never claimed to rest on burnable collateral: Cardano’s Ouroboros is a longest-chain, honest-majority design with never-bonded, non-custodial delegation – there is no attributable finality fault whose economics depend on bonded stake – and the same holds for Avalanche, Algorand, and the accountable-BFT chains that simply chose not to slash (NEAR, Sui, Aptos). Their delegators risk nothing because the security model never asked them to. Removing a load-bearing pillar and never having built one are different operations. Polkadot’s GRANDPA finality and ELVES parachain-validity protocol do price their safety in slashable collateral – that is the class §3 compares against, and the class in which DAP’s change operates. (Within Polkadot itself, BABE block production belongs to the honest-majority family, which is why §4.4 finds liveness largely unaffected while safety collapses.)
“Doesn’t Tezos prove a BFT chain can run with unslashable delegation?” Tezos is the one accountable-BFT chain that exempts delegated funds from slashing, and its history is the strongest available natural experiment – pointing the other way. Delegation has been unslashable there since genesis (2018), with rewards passed through off-protocol by the baker minus a fee. When Tezos adopted BFT finality (Tenderbake, 2022), it briefly ran the closest configuration to post-DAP Polkadot: full-weight, unslashable delegation, gated only by the bakers’ frozen deposits. It then spent three consecutive upgrades engineering out of exactly that: Oxford and Paris (2024) introduced slashable third-party staking under Adaptive Issuance, and Quebec (2025) cut exempt delegated funds to one-third weight in consensus power, raised slashable staking’s rewards to 3× delegation, and capped external slashable stake at 9× a baker’s own. Today ~75% of Tezos baking power is slashable stake, and the exempt delegated half of participating funds supplies only ~25% of consensus power (live figures in the appendix). The one chain that lived with full-weight unslashable delegation under BFT concluded it needed more slashable skin in the game, not less – and paid three protocol upgrades to move in precisely the direction DAP proposes to leave.
“A coalition holding ⅓ can censor the slashing extrinsics – attribution without enforcement.” True, and it does not rescue value-to-zero; it relocates recovery to the social layer. Because equivocators are provably named by their own signed messages, the honest supermajority of stake, operators, clients, and parachains can fork them out – the template Ethereum executed in the DAO fork, and which Polkadot’s Root-level governance is designed to enact. For value to go to zero, the community must fail to coordinate a fork while able to name every culprit – an assumption contradicted everywhere it has been tested.
“ETC and Monero are PoW reorgs, not BFT finality faults. Bad analogy.” They are the closest available natural experiments, not exact analogues – and the disanalogy runs in our favor. A PoW victim cannot attribute or punish its attacker; Polkadot’s accountable safety exists precisely so that a BFT safety fault is more recoverable: culprits identified from their own votes, slashable, forkable. The burden falls on the claim that a GRANDPA fault would end worse – at permanent zero – than attacks on chains with no attribution mechanism at all.
“Nominators can’t prevent a validator’s fault. Slashing them is unfair and suppresses participation.” The fairness and participation concerns are real, and DAP’s goal of addressing them is legitimate – we say so without reservation. But the security function of nominator exposure was never about nominator culpability: the at-risk backing is the seat-cost the protocol imposes on a self-inserting attacker. Removing the exposure to fix a fairness problem also removes that barrier – a side effect the safety case never modeled. Designs that keep both exist: a residual slash fraction, or a cap on unslashable backing per entity, would address the fairness concern for ordinary nominators while preserving the barrier.
“If it’s just a flag, governance can re-enable slashing when a threat appears.” The valve is not symmetric. With the flag off, nominators fast-unbond in two eras (on the order of half a day); by the time a threat is detected and governance enacts re-enablement, the backing behind an attacker’s validators can already have exited. The exit is faster than the correction.
“Is this an accusation that W3F designed DAP in bad faith?” No. Every claim in §5 is structural: who authored, who benefits, who votes. Structural conflicts arise routinely and have a standard remedy – disclosure and arms-length review. Nothing in this critique requires or asserts intent.
