Governance Attacks and Defenses
What Is a Governance Attack?
Most DeFi protocols are governed by token holders who vote on proposals. This is designed to be democratic. But like any democracy, it can be gamed.
A governance attack occurs when an entity acquires enough voting power to pass proposals that benefit them at the expense of other users — typically draining the treasury or changing protocol parameters.
The Beanstalk Flash Loan Attack
In April 2022, Beanstalk (a stablecoin protocol) was attacked for $182 million. The attacker:
- Flash-borrowed massive amounts of tokens across multiple protocols.
- Used those tokens to gain a supermajority of governance voting power.
- Proposed and instantly passed a malicious proposal that transferred all treasury funds to their wallet.
- Repaid the flash loan within the same transaction.
Total cost to the attacker: about $10 in gas fees. Total stolen: $182 million.
Attack Vectors
Flash Loan Voting
Borrow tokens in the same block as a vote. This gives temporary but overwhelming voting power without any capital at risk.
Vote Buying
Platforms like Convex (for Curve governance) and hidden OTC deals allow entities to accumulate voting power without buying the underlying token, through bribery and vote delegation markets.
Low Quorum Exploitation
Many DAOs have low voter turnout. If quorum is 4% and normal participation is 3%, an attacker with just 2% of tokens can pass anything during low-activity periods (holidays, weekends).
Proposal Spam
Flooding a DAO with dozens of complex proposals so that voters suffer fatigue and stop reviewing them carefully, allowing a malicious proposal to slip through.
Defenses
Time-Locked Voting
Require tokens to be locked (staked) for a minimum period before they are eligible to vote. This prevents flash-loan attacks because borrowed tokens cannot meet the lockup requirement.
Voting Delay
Insert a mandatory delay between when a proposal is created and when voting begins. This gives the community time to review and organize opposition.
Timelocks on Execution
Even after a proposal passes, enforce a waiting period (24-72 hours) before it can be executed. This allows the community to exit the protocol if a malicious proposal passes.
Optimistic Governance
Assume proposals will pass unless explicitly challenged. A security council can veto dangerous proposals during the timelock window. Used by Optimism and Arbitrum.
Quadratic Voting
Voting power scales with the square root of tokens held, not linearly. This reduces the power of whales while amplifying the voice of smaller holders.
Key Takeaways
- Governance is an attack surface, not just a feature.
- Flash loan attacks can pass proposals in a single transaction.
- Time locks, voting delays, and snapshot mechanisms are essential defenses.
- Low quorum is dangerous — DAOs should actively incentivize voter participation.
Quiz: Governance Attacks and Defenses
1 / 5What is a governance attack?