Hashtag Web3 Logo

Governance Attacks and Defenses

10 min
advanced

What Is a Governance Attack?

Most DeFi protocols are governed by token holders who vote on proposals. This is designed to be democratic. But like any democracy, it can be gamed.

A governance attack occurs when an entity acquires enough voting power to pass proposals that benefit them at the expense of other users — typically draining the treasury or changing protocol parameters.

The Beanstalk Flash Loan Attack

In April 2022, Beanstalk (a stablecoin protocol) was attacked for $182 million. The attacker:

  1. Flash-borrowed massive amounts of tokens across multiple protocols.
  2. Used those tokens to gain a supermajority of governance voting power.
  3. Proposed and instantly passed a malicious proposal that transferred all treasury funds to their wallet.
  4. Repaid the flash loan within the same transaction.

Total cost to the attacker: about $10 in gas fees. Total stolen: $182 million.

Attack Vectors

Flash Loan Voting

Borrow tokens in the same block as a vote. This gives temporary but overwhelming voting power without any capital at risk.

Vote Buying

Platforms like Convex (for Curve governance) and hidden OTC deals allow entities to accumulate voting power without buying the underlying token, through bribery and vote delegation markets.

Low Quorum Exploitation

Many DAOs have low voter turnout. If quorum is 4% and normal participation is 3%, an attacker with just 2% of tokens can pass anything during low-activity periods (holidays, weekends).

Proposal Spam

Flooding a DAO with dozens of complex proposals so that voters suffer fatigue and stop reviewing them carefully, allowing a malicious proposal to slip through.

Defenses

Time-Locked Voting

Require tokens to be locked (staked) for a minimum period before they are eligible to vote. This prevents flash-loan attacks because borrowed tokens cannot meet the lockup requirement.

Voting Delay

Insert a mandatory delay between when a proposal is created and when voting begins. This gives the community time to review and organize opposition.

Timelocks on Execution

Even after a proposal passes, enforce a waiting period (24-72 hours) before it can be executed. This allows the community to exit the protocol if a malicious proposal passes.

Optimistic Governance

Assume proposals will pass unless explicitly challenged. A security council can veto dangerous proposals during the timelock window. Used by Optimism and Arbitrum.

Quadratic Voting

Voting power scales with the square root of tokens held, not linearly. This reduces the power of whales while amplifying the voice of smaller holders.

Key Takeaways

  • Governance is an attack surface, not just a feature.
  • Flash loan attacks can pass proposals in a single transaction.
  • Time locks, voting delays, and snapshot mechanisms are essential defenses.
  • Low quorum is dangerous — DAOs should actively incentivize voter participation.

Quiz: Governance Attacks and Defenses

1 / 5

What is a governance attack?