[SEP #X] Partial Private Voting through Shutter

Simple Summary

This proposal aims to upgrade the Safe DAO voting process to use shielded voting. Shielded voting is a shutter implementation on Snapshot to combat front-running and malicious Maximal Extractable Value (MEV).


This Proposal would address the front running and MEV problem in DAO governance and Snapshot voting. The shielded voting offered by Snapshot is a voting mechanism deployed on the Shutter network, which uses cryptographic thresholds to hide the voting choice until the vote is over. Once voting has concluded, the lock would automatically be removed, displaying the detailed results, including who voted for what outcome of the proposal. This will prevent the voting process from altering voting outcomes.

Purpose and Background

What problem does it solve? What is the reasoning behind the proposal? What is the goal? Why should SafeDAO care about the proposal?

Snapshot voting aims to express the sentiments of the contributors and delegates effectively.

Contrary to traditional voting in democracies, voting in DAOs is 100% transparent and visible throughout the entirety of the vote. This opens the voting process to MEV and influences the voting results.

Effects and Impact Analysis

What are the effects of the proposal? What are the pros and cons? What are risks?

Introducing partial transparency to voting will resolve many misalignments in DAO voting. Using the native implementation of the shielded voting feature from Snapshot will be the first step in reducing malicious voter behaviour in DAO governance.

The rationale for excluding future emergency proposal spaces.

The fast-track proposal space allows the DAO to react quickly to emergencies. Voting strategies in such spaces should be as simple as possible.

A strategy misconfiguration on the main snapshot could always be ratified without worrying about time.


  1. Reduce voter front running
  2. Introduces partial privacy in voting
  3. Reduces voter apathy


  1. Shutter-shielded voting is a relatively new implementation, introduced on 27.January 2022.
  2. The first proposal, which used Shutter in 1inch DAO [1IP-10], had technical difficulties where smart contract accounts couldn’t cast votes. But it was quickly resolved before the voting ended.

Technical Implementation

Implements the proposal require new code? How is the security of the code ensured?

If this proposal is passed, Shielded voting should be turned on in the SeafeDAO main snapshot space, any subspace that doesn’t handle an emergency vote. And the governance documentation will be updated to reflect this implementation.

Specifications on shielded voting works under the hood can be found here.

But here is the tl;dr

  • Voters vote on the snapshot with their tokens encrypted with a proposal key.
  • The encrypted votes can only be decrypted by the Keyholders who sent the decryption key to the snapshot hub.
  • As soon as the voting ends, the snapshot hub decrypts the votes, counts them and submits and stores them on a distributed system.


This Proposal has no tokenomics changes or changes to the voting strategy. Still, it introduces a shielded voting feature from Snapshot, which encrypts user voting options till the voting period ends.

Alternative Solutions

What alternative solutions have been considered? Why have they been discarded?

Alternative solution

  1. No privacy in voting (current situation)

  2. Use 100% private voting using zk Tech.

  3. This requires custom experimental software, which may not be compatible with the current snapshot space. As mentioned in the rationale for fast-track proposals, snapshot strategies should be as simple as possible, thus reducing the area of attack vectors.

Open Questions

The potential implementation of semi-private voting should be systematically evaluated.


Copyright and related rights waived via CC0 4.


I’m definitely for this change.

We started using shuttered voting a few months ago at BanklessDAO and the voting process feels less “manipulateable” then when votes were open while active.

It also reduced my anxiety around voting, because I no longer feel I have to be strategic about when/how to cast my votes. I just vote my conscience and hope it all works out.


I’m in support of this.

1 Like

This will prevent the voting process from altering voting outcomes.

I agree with the goal of better enabling members of a DAO to vote in line with their expertise, values, and opinions.

  • Attempting to mitigate the negative impact of “group think” is a core component to improving the effectiveness of the governance process.
  • This could reduce the social impact of large token holders that vote and cause smaller token holders to follow either due to thinking that a given option is more likely to pass and/or to socially signal they align with powerful DAO members.

The main question for me is this feature ready for SafeDAO to implement now vs waiting for it to develop further?

  • If provided meaningful data mentioned below and it is positive, I think enabling shielded voting would be a good idea.


  • It is good that this is a feature integrated into Snapshot making implementation a straightforward setting configuration change.
  • See @SnapshotLabs Tweet 2023-06-01

Shutter network

  • To make this proposal stronger I’d like to see information on Shutter network.
  • Background of the Shutter project and team members
  • Do they have public audits for their Shielded voting feature?
    • Voting is essential to a DAO so I’d consider this a major consideration as to if the solution is ready yet.
  • Case studies on implementation
    • BanklessDAO is a great start!
    • What has worked well and what can be improved?
    • The Aaave DAO and others who have implemented this would be good to reach out to and add their perspectives to this proposal.

hey @adamhurwitz.eth thanks for the reply.
shutter enabled voting is used by a number of DAOs, I personally have experience with Bankless and also with some other DAOs I work on.
From a technical point of view, you only have to select Privacy - shutter under voting in the snapshot settings.

Previously there was a problem with counting the quorum, i.e it was not possible to know if the quorum was reached unless the vote had ended. This is already now sorted out.

for Discussions on Aave’s implementation


If there are any other concerns, I would like to request that the @safe team assign an SIP number in order to move this proposal forward.
cc: @Andre

Thank you for following up with the Aave governance thread, [ARFC] Private Voting for Aave Governance [2-month Trial]! There are great insights here.

Luis, from the Shutter team responsible for Shielded voting makes a few good clarifications.

  • Votes are public after the election has ended. This is good to verify delegates votes as they communicated.
  • It does not claim to prevent bribery/strategic voting amongst whales who can still communicate prior to a vote.

I’ve made a follow-up post in the Aave forum to see if there are takeaways from their 2 month trial.

1 Like