On second thought, maybe witnesses don't need to be involved in declaring actual outcomes of events.
What if this job was done by Steem users?
They could do it by casting their votes after the event to up-vote some sort of a formal post which states the actual outcome of the event. Once the voting is done, all that's needed is a smart-contract which will execute the pay-outs.
Are there any attack vectors? All I can think of is a bad actor trying do up-vote a false statement but I guess this is similar to a 51% attack in a POS system.