We're constantly thinking about sybil attacks. For the alpha, to vote in a poll, users need to pay a decent sized zap to vote. For smaller value bounties, the sats to vote in a poll can quickly outstrip the bounty itself, and so it's simply easier to just pay out.

Additionally, users have the option to link their github accounts using NIP-39. This imports reputation and increases likelihood of getting good bounties, or having your bounties fulfilled. If a poll looks suspicious (i.e. many accounts voting with no history of activity and no github profiles), it can be disregarded without reputational risk. Zap dispute polls are currently advisory, not binding, and simply create a record of what the community thinks, which can be checked against zap receipts to see if the decision was or wasn't followed. So, a zap poll that looks fishy won't really effect a user's reputation.

Future dispute resolution tools on the roadmap involve the ability to choose an association or group of reviewers to vote, which can provide assurances of a vote's validity.

If anyone has further ideas on sybil resistance or anything else, please let us know! Discord | GitHub