dPoll development updates: Result filtering and voting audits

in utopian-io •  6 years ago 


See it online at dpoll.xyz, and the source code at github repository.


dPoll is a poll application on the top of STEEM blockchain. It utilizes an account based voting and stores poll and voting data on the blockchain. It's currently ranked at #4 at steemapps by usage numbers.

Result filters

Dan's latest poll brought some questioning about account based voting. In order to eliminate multi account voting abuse, we have implemented result filters in the poll detail page.

It's possible to filter voters by

  • Minimum reputation
  • Minimum STEEM power
  • Minimum account age in days
  • Minimum post count

If you have something big to decide and act according to a poll you have created, you can use these filters to exclude 0 SP/0 activity accounts.

We didn't want to limit people to vote. So, as a poll owner, you can't set restrictions for your potential voters. Every account can vote, and the default view doesn't exclude any accounts. However, you can filter/exclude the results based on the parameters you set.

Related pull requests:

Auditing votes

dPoll uses main posts as polls, and comments as votes. Whenever you post a poll, a secret json metadata is written to the blockchain. That's the same with votes.

People may delete the comment from Steemit. This operation doesn't actually delete the comment but sends a signal that it's deleted. The comment operations still stay in the history of the blockchain, However,get_content_replies doesn't return the deleted comments.

People may edit the comments with alternative Steem apps. These apps may hijack the json_metadata, therefore removes the voting_data when they're used for editing.

see Auditing dPolls.

In order to make the auditing process easier, we have started storing corresponding transaction ids and block numbers for each vote.

There is also a public table available for each poll (accessible via the audit button in the detail page).

Related pull requests:

Defensive broadcasting logic on votes


The previous logic on dPoll votes was:

  • Register the vote in dPoll's internal database
  • Sync the vote to the blockchain

However, this was causing some problems. Due to a really rare hiccup on Steemconnect, we were seeing some votes exists on dPoll but not on the blockchain. For the reference, on this huge poll, this issue happened on two votes.

We have updated the logic to behave more defensively. We register the vote to the database if only we get a successful response from the Steemconnect.

Related pull request:


Current activity levels

dPoll is ranked at 4 on steemapps. On stateofdapps we are at number 17.

Without any huge delegations, it's amazing that we generate that level of activity in the blockchain.

Thanks to our community and sponsors for the support. Our curation account is @dpoll.curation. You may consider delegating to that account to support the project.

Vote for my witness

I do my best to support the blockchain with my skills. If you like what I do, consider casting a vote on via Steemconnect or on steemit.com

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Good article with images, code samples and explanations.
  • Code could use more comments.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Chat with us on Discord.

[utopian-moderator]

Thank you for your review, @helo! Keep up the good work!

ǝɹǝɥ sɐʍ ɹoʇɐɹnƆ pɐW ǝɥ┴

This is a speedy and quality update to the system, nice one! :D

Thanks :-)

Impressive work and data to strengthen the outcomes of the results. Amazing that you were able to do in such short time!

Posted using Partiko iOS

Thanks @newageinv! :)

  ·  6 years ago (edited)

This is an amazing work @Emrebeyler and the entire @dpoll team. These restrictions is a good way to sanitize the blockchain to really bring out the value it stands for. It is quite sad how people would always be on readiness to abuse others' intellectual capacity.

My suggestion:

I would advise that you also help the dpoll creator to limit voters by the level of acitvity of the accounts. SOme idle accounts may just be created for such purposes. This implies that an account that has not been active for a few days past should not just become active for the purpose of voting. ANy account that should participate must be active at least in the last 7 days before being eligible. The reputation, age, no. of posts can still be abused, but the level of account activity would rarely be.

Goodluck!

Meanwhile, thanks to @Theycallmedan for really spicing the value of @dpoll

Hi! How can I vote for this app in the rank?

I was watching the #89 pull request, maybe if you add a validation before the loop asking for all the variables equal to zero , you could avoid the entire loop (if 0 is the default value of all the field will be usefull).

I dont know python language, and I supous that the cast and try is enough, but is possible to use Sql injection in this kind of forms?

Best regards!

Yes, good catch. Code can be refactored into using SQL instead of traversing all available votes.

refactored.

Wait, I was talking about a vulnerability called "sql injection", it's a way to introduce malicious sql code in a human filled form.

If you have a field that is concatenated in a sql query, some like:

query = "SELECT * FROM USERS WHERE SP > " + sp;

If I put this in the field:
[1 select password from users --]

I can execute sql code in your app. Even if you use a read/write connection, the code could contain some "drop table " or "drop database". Take a look of this:

Ah, no. Not even close to being vulnerable to SQL injection :)

https://github.com/emre/dpoll.xyz/blob/master/dpoll/polls/utils.py#L271

Also, Django ORM prevents SQL injection attacks with prepared queries as long as the library user doesn't execute raw queries.

The real problem with the current implementation is that the app gets all votes then filter them in a for loop. That doesn't matter in such a small scale like dPoll's but it should be done on database level. (more efficient and less code.)

Perfect! Are you able to use linq to retrieve a filtered dataset in python?

I enjoyed voting on dpoll a few times. I wish we had something like dpoll when some of the important details for the previous hardforks were being discussed.

I foresee dPoll playing a critical role in gauging community sentiment on future upgrades to the Steem blockchain.

Voted for your witness!

Thank you for the witness vote. Much appreciated. :)

Thank you for this useful update

Thank you so much for participating the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!

Hi @emrebeyler!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server

Thank you for the quick update! Hope for better ones in the future :D

  1. make a normal view instead of a code so that can give a direct link
  2. remove the duplication of the name, have to additionally edit everything
  3. and dpoll 5+5% takes, but absolutely does not support polls in other languages

Congratulations @emrebeyler!
Your post was mentioned in the Steem Hit Parade in the following category:

  • Pending payout - Ranked 2 with $ 113,47

Hey, @emrebeyler!

Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

I'm convinced, so you have my vote, my good Lord

red-wine.jpg

This post has been included in the latest edition of SoS Daily News - a digest of all you need to know about the State of Steem.



These are great filters to make sure polls csn be based on real accounts only. Can I suggest another filter - last posted x days ago. That will help to eliminate inactive accounts.

Also, my two cents worth thinks this will allow the poll owner to control the poll outcome by playing with the filters, unless they declare in advance which filters will be applied. Understand you want to make the dapp more inclusive and more people to use it, but it just seems kind of odd to allow people to vote, and then exclude their vote or opinion afterwards. Afterall, in all real life votes, you always set the criteria beforehand and not afterwards.

We avoid implementing off-chain rules. If the poll owner want to make a decision, they can add an info the poll that “minimum rep N is required for a valid vote”. Actually we adready seen @shaka followed this practice in his latest poll.

deleted

Amazing

Posted using Partiko Android

Great update! Please check out my latest dpoll here https://steemit.com/dpoll/@steemingmark/do-you-think-cds-and-cd-players-have-a-future

Posted using Partiko Android

Seems to me you are doing important work here!

Since we are part of a decentralized ecosystem, it seems to follow that many might use polling as a way to arrive at various degrees of consensus... for example for directions to take, and features on apps, and so forth. And so, a polling system needs to be as "robust" and resistant to manipulations, as possible.

Allowing the results to be filtered while everyone can still vote seems like the superior approach, as it will help expose patterns (if any) that suggest "bad actors" attempting to manipulate...

Nice work!

Adding your witness, as well.

Thank you for the witness vote.

Thank you @emrebeyler for this. Having been very interested in the outcome of the last poll, I am glad that there were some useful learnings to take into other "big" (your word) polls.

Poll: Cool thing? Or coolest thing ever?

Posted using Partiko Android