As blockchain has seen plenty of applications recently, this traction has created hype around the DLT (distributed ledger technology). Blockchain is considered the building block of crypto and thus has come up with offerings that serve different purposes. It has pushed decentralization with NFTs, dApps, DeFi, and smart contracts.
The emergence of DAOs has given concrete proof of the huge possibilities that blockchain can deliver. Recently we have seen how DAOs, or decentralized autonomous organizations, have evolved. This article has come up with a brief explanation of governance attacks on DAOs and how you can stand safe from them.
It was challenging for users to adopt the new governance models after the advent of the blockchain, as several parties were involved. Still, the whole notion behind blockchain was to refrain users from any central entity. At this point, the need arose to establish clarity for the governance.
The governance of a DAO is controlled by its members, who use a voting system to decide how the organization should operate and allocate its funds.
A DAO’s members typically own tokens representing their stake in the organization and allowing them to vote on proposals. These tokens can be bought and sold on the open market, allowing members to join and exit as they like.
The governance proposals could be proposed for various reasons, including upgrading the chain, making critical decisions for the chain’s future, and so on. Members of the DAO submit proposals, which are voted on by the entire membership. If a quorum of members votes to favor a proposal, the organization’s smart contract implements it automatically.
A governance attack on a DAO happens when an attacker takes advantage of flaws in the DAO’s governance structure to obtain power and make decisions that favor the attacker at the expense of other members.
This type of attack can take many different forms. Still, it usually involves the attacker using their voting power or other means to gain control of the organization’s decision-making process and change its regulations in their favor.
A majority attack is a governance attack in which the attacker has the majority of the voting power in a decentralized autonomous organization (DAO). With this degree of power, the attacker can make any proposal to the DAO that benefits them at the expense of other members.
In a Sybil attack, the attacker creates many fake identities, commonly known as “Sybils,” which they can use to vote in the DAO’s decision-making process multiple times. The attacker can obtain significant influence within the organization by generating many Sybils, even if they do not hold most of the tokens.
Before a proposal is publicly revealed to the rest of the community, an attacker may be able to observe it. They can then use this information to vote in favor of the proposal or acquire tokens before it is made public, allowing them to influence the outcome of the vote or profit from the increased token price. A well-defined and transparent decision-making process is essential to reduce the risk of front-running in a DAO, a well-defined and transparent decision-making process is critical. Proposals could be made public before the vote so that all members can evaluate and discuss them equally.
This is the most common because so many things can easily impact holders. This could be accomplished when particular members or groups have a disproportionate degree of influence over decision-making, whether through a large number of tokens, control over voting power, paid public relations initiatives, influencer marketing, or even bribing people to have a biased opinion on the plan.
The act of continuously submitting a large number of proposals with little or no value to overload the organization and make it difficult for valid ideas to be accepted is called spamming proposals. This attack can disrupt decision-making, making it more difficult for the community to reach a consensus and pass crucial ideas.
Beanstalk, an Ethereum-based stablecoin platform, was the victim of an attack on its governance protocol in April 2022. The attacker stole $181 million from the project but kept only $76 million. The attacker could perform a large deposit to the contract using a flash loan. This gave them 79% of the votes in the governance protocol, and the proposal was eventually approved.
On the 14th of February, 2022, Build Finance DAO was the target of a governance hack that allowed the attacker to mint and sell tokens. The attacker most likely gained the equivalent of 160 ETH, or $470,000, from the stolen tokens. The attacker was successful in the takeover because there were a significant enough number of votes in favor of the plan and not enough countervotes to prevent the takeover from occurring.
These are just a few of the various ways that can be employed to safeguard DAOs from attacks, and the best solution will depend on the organization’s specific needs.
It is essential to be aware of the possibility of governance attacks and to take preventative measures, such as having a well-defined and transparent decision-making process, regular audits of the DAO smart contract, bug bounty programs, and a community of experts who can act as watchdogs on any suspicious activity.
Get Pure Alpha Straight to Your Inbox. Miss this, and you’re missing out.
Insider Secrets - Delivered Right to You. Subscribe now.