Proposal: SyncVotes — Build and Manage DAOs on Canton Network

[web3validator]

Development Fund Proposal Submission

Proposal file: /proposals/cantondao.md

Summary

SyncVotes is an open-source on-chain governance platform for Canton Network — live at syncvotes.com. Organizations create DAOs, submit typed proposals, vote, and manage on-ledger CC treasuries via Daml smart contracts deployed on Canton MainNet. The platform is operational today: a v1 Daml package is live on MainNet, a Go backend submits to the Canton Ledger API, a React/Vite frontend renders real ledger data, and external wallets integrate via CIP-0103. Milestone 1 is delivered. This proposal funds the v3 economic engine and the open-source SDK: per-DAO treasury sponsorship under CIP-0073 MintingDelegations, a bounded refund pipeline with fraud detection, typed proposals with deposit-and-slash anti-spam, token-based and membership-based DAO models, MultisigProposal flows, SubDAO hierarchies, third-party security audit, and a reusable canton-governance-sdk. 700,000 CC across 3 milestones.

Checklist

• Proposal file added under /proposals/
• Milestones and funding amounts defined
• Acceptance criteria included
• Alignment with Canton priorities described

Notes for Reviewers

• The author is an active Canton MainNet validator (web34ever) and operates the participant node infrastructure required for this project.
• The platform is live and operational — syncvotes.com and api.syncvotes.com serve real data from Canton MainNet. Daml DAO, DaoMembership, GovernanceProposal, VoteRecord, and UserRegistration templates are deployed on MainNet. Real proposal creation, voting, finalize, and execute work end-to-end.
• Milestone 1 is delivered in full — production React/Vite frontend, Go/Fiber backend (gRPC Ledger API via go-daml), two-party FA split (syncvotes-app-provider confirmer-only + syncvotes-operator submitter via CIP-0073 MintingDelegations), invite-only access via on-ledger UserRegistration, CIP-0103 external wallet support (Canton Loop, Console Wallet, Bron, Nightly).
• External wallets only. SyncVotes ships zero wallet code and holds no user keys. Wallets are provided exclusively through CIP-0103 (Canton Loop, Console Wallet, Bron, Nightly), inheriting the security posture of dedicated wallet vendors.
• Reward attribution via CIP-0104. No FeaturedAppActivityMarker contracts are created. Reward weight accrues automatically from traffic burn on envelopes confirmed by the syncvotes-app-provider party.
• Bounded refund formula min(0.85·r, 0.95·c) returns the majority of CIP-0104 reward to the originating DAO Treasury while preserving a strict net-loss-to-DAO invariant of at least 5% of burn — farming has negative expected value by construction.
• Stack: React/Vite, Go/Fiber + go-daml SDK, direct Canton gRPC Ledger API. GetActiveContracts provides real-time contract state from the participant node.
• This proposal does not overlap with Super Validator governance. SyncVotes lets any organization create its own DAO for its own needs — treasury councils, supply chain consortiums, standards working groups.
• The canton-governance-sdk (Milestone 3) is shared infrastructure — Daml templates + Go client + TypeScript client reusable by any Canton team.
• First migration partner committed: PostHuman Decentralized Validator is migrating its DAOs and SubDAOs from Cosmos/DAODAO to SyncVotes on Canton, bringing hundreds of governance-active wallets and ongoing proposal traffic.
• Scope expanded since first draft. The 700,000 CC total reflects the full v3 deliverable set added since the initial submission: per-DAO Treasury contracts, the bounded refund pipeline with fraud detection, typed proposals, token-based voting, MultisigProposal, SubDAO hierarchies, hardware-wallet support, and a third-party audit by Quantstamp and CredShields. M1 has already been delivered at the author's expense.

[waynecollier-da]

Interesting proposal. Have you considered whether to allow multi-hosted parties? If all the parties are hosted on a single Validator, the risk of unintentional disclosure seems non-trivial.

Have you considered how this proposal might interact with the proposal from BitSafe for decentralized party governance?

[web3validator]

Good catches, both.

On hosting. You're right — today everything (syncvotes-app-provider, syncvotes-operator, DAO and member parties) lives on a single participant (web34ever). Sub-transaction privacy holds at the protocol level, but the host validator can read its own parties' state. Fine for low-stakes membership governance, not for institutional or Private DAOs where the privacy claim is load-bearing.

On the Decentralization Manager. Direct fit, not a conflict. Topology orchestration, m-of-n threshold, propose/confirm/execute — exactly what we'd otherwise reimplement. We'd rather build on it than around it. Happy to scope an integration with @gabitu7 whenever makes sense.

We're open to any collaboration ideas here. Doing this right matters — institutional governance on Canton needs to be multi-validator by default for the DAOs that warrant it, and we'd rather build on shared infrastructure than reinvent it.

[gabitu7]

@web3validator feel free to reach out via Slack or email: gabi@bitsafe.finance

[web3validator]

Quick cross-link for anyone following the privacy thread here:

Related, different layer of the same problem — the participant-level
privacy fix (operator party shouldn't see private contracts at the
ledger, members query via per-party JWT with actAs=[memberPartyId])
is being worked through on the Canton forum:
Enabling auth-services on a running MainNet participant for party-scoped
private contract queries.
Confirmed by @Jatin_Pandya_cf and @evoandro that auth-services can be
added to a running participant without migration, and that per-party
JWT is the correct shape.

The two slot together: the JWT layer keeps the host's backend honest
about what it can read; multi-hosted parties keep the host itself
from being a single point of disclosure. We're rolling Phase 1
(backend JWT signer) first — no participant change yet — and would
love to scope the multi-host integration with @gabitu7 once that's
landed.