DAO Governance Attacks and How to Prevent them

Updated at: June 22, 20246 Mins Read

Author: QuillAudits Team

As blockchain has seen plenty of applications recently, this traction has created hype around the DLT (distributed ledger technology). Blockchain is considered the building block of crypto and thus has come up with offerings that serve different purposes. It has pushed decentralization with NFTs, dApps, DeFi, and smart contracts.

The emergence of DAOs has given concrete proof of the huge possibilities that blockchain can deliver. Recently we have seen how DAOs, or decentralized autonomous organizations, have evolved. This article has come up with a brief explanation of governance attacks on DAOs and how you can stand safe from them.

DAO Governance Model

It was challenging for users to adopt the new governance models after the advent of the blockchain, as several parties were involved. Still, the whole notion behind blockchain was to refrain users from any central entity. At this point, the need arose to establish clarity for the governance.

The governance of a DAO is controlled by its members, who use a voting system to decide how the organization should operate and allocate its funds.

A DAO’s members typically own tokens representing their stake in the organization and allowing them to vote on proposals. These tokens can be bought and sold on the open market, allowing members to join and exit as they like.

The governance proposals could be proposed for various reasons, including upgrading the chain, making critical decisions for the chain’s future, and so on. Members of the DAO submit proposals, which are voted on by the entire membership. If a quorum of members votes to favor a proposal, the organization’s smart contract implements it automatically.

DAO Governance Attacks

A governance attack on a DAO happens when an attacker takes advantage of flaws in the DAO’s governance structure to obtain power and make decisions that favor the attacker at the expense of other members.

This type of attack can take many different forms. Still, it usually involves the attacker using their voting power or other means to gain control of the organization’s decision-making process and change its regulations in their favor.

Types of Governance Attacks in DAOs

Majority attack

A majority attack is a governance attack in which the attacker has the majority of the voting power in a decentralized autonomous organization (DAO). With this degree of power, the attacker can make any proposal to the DAO that benefits them at the expense of other members.

Sybil Attack

In a Sybil attack, the attacker creates many fake identities, commonly known as “Sybils,” which they can use to vote in the DAO’s decision-making process multiple times. The attacker can obtain significant influence within the organization by generating many Sybils, even if they do not hold most of the tokens.


Before a proposal is publicly revealed to the rest of the community, an attacker may be able to observe it. They can then use this information to vote in favor of the proposal or acquire tokens before it is made public, allowing them to influence the outcome of the vote or profit from the increased token price. A well-defined and transparent decision-making process is essential to reduce the risk of front-running in a DAO, a well-defined and transparent decision-making process is critical. Proposals could be made public before the vote so that all members can evaluate and discuss them equally.

Influenced decisions

This is the most common because so many things can easily impact holders. This could be accomplished when particular members or groups have a disproportionate degree of influence over decision-making, whether through a large number of tokens, control over voting power, paid public relations initiatives, influencer marketing, or even bribing people to have a biased opinion on the plan.

Spamming Proposals

The act of continuously submitting a large number of proposals with little or no value to overload the organization and make it difficult for valid ideas to be accepted is called spamming proposals. This attack can disrupt decision-making, making it more difficult for the community to reach a consensus and pass crucial ideas.

Real-Life Case Studies

BeanStalk Governance Attack

Beanstalk, an Ethereum-based stablecoin platform, was the victim of an attack on its governance protocol in April 2022. The attacker stole $181 million from the project but kept only $76 million. The attacker could perform a large deposit to the contract using a flash loan. This gave them 79% of the votes in the governance protocol, and the proposal was eventually approved.

Build Finance Governance Takeover

On the 14th of February, 2022, Build Finance DAO was the target of a governance hack that allowed the attacker to mint and sell tokens. The attacker most likely gained the equivalent of 160 ETH, or $470,000, from the stolen tokens. The attacker was successful in the takeover because there were a significant enough number of votes in favor of the plan and not enough countervotes to prevent the takeover from occurring.

DAO Governance Attacks Prevention

  • Limiting the Governance Powers: By restricting the extent of what governance can perform, projects can reduce the value of attacks. If governance simply includes the ability to modify only certain features of the project, the scope of potential attacks is substantially limited than when governance allows full control of the governing smart contract.
  • Emergency shutdown: In the event of a serious security issue, an emergency shutdown mechanism can be implemented in the smart contract code to halt all transactions and prevent additional damage temporarily.
  • Transparency and communication: DAOs that are open and transparent about their operations and decision-making processes are more likely to create confidence and attract a dedicated community of token holders committed to the organization’s long-term success.
  • Limiting the Proposals on a DAO: DAOs can limit the number of proposals that can be made within a specific time period, reducing spam or fraudulent suggestions. They should also incorporate some form of user authentication, such as a KYC (know your customer) check or a reputation score threshold for submitting proposals.

These are just a few of the various ways that can be employed to safeguard DAOs from attacks, and the best solution will depend on the organization’s specific needs.

Final Verdict

It is essential to be aware of the possibility of governance attacks and to take preventative measures, such as having a well-defined and transparent decision-making process, regular audits of the DAO smart contract, bug bounty programs, and a community of experts who can act as watchdogs on any suspicious activity.

Frequently Asked Questions

How do governance attacks impact the overall health of a blockchain network?
They can lead to a loss of trust in the network, resulting in decreased participation and adoption. They can also cause a drop in the value of the network’s native token, making it less attractive to investors.
How does a Sybil attack work in a DAO?
How does a front running attack work in a DAO?
How can I protect myself from a governance attack?

Subscribe to our Newsletter

Your weekly dose of Web3 innovation and security, featuring blockchain updates, developer insights, curated knowledge, security resources, and hack alerts. Stay ahead in Web3!