โ๏ธ Governance Attacks: Defend Your DAO
Learn attack vectors and defense strategies for DAOs
Your Progress
0 / 5 completedโ๏ธ When Governance Gets Hacked
DAO governance sounds democratic: one token = one vote. But this creates exploitable attack vectors. Flash loans let attackers borrow millions of tokens for a single transaction. Whales accumulate massive voting power. Proposal spam blocks legitimate governance. When billions are at stake, attackers will exploit every weakness.
๐ Real Governance Exploits
- โข Beanstalk 2022: Attacker used $1B flash loan to pass malicious proposal, drained $182M in seconds (67% quorum reached)
- โข Build Finance 2021: Attacker bought 20% of tokens, passed proposal to mint 25M tokens to themselves
- โข Tornado Cash 2023: Attacker accumulated 1.2M votes via cheap token purchases, took over governance completely
๐ฎ Interactive: Flash Loan Attack Simulator
Model a governance attack using borrowed tokens. See how loan size, quorum requirements, and voting periods affect attack feasibility.
SECURE: Attacker only achieves 10.0% power, well below 20% quorum requirement. Even with 10M borrowed tokens, attack fails. Quorum requirement effective.
๐ฏ Why Governance is Vulnerable
- โข Flash loans: Borrow millions of tokens for one block
- โข Whale accumulation: Buy voting power slowly
- โข Proposal spam: Flood governance with junk
- โข Vote buying: Pay holders to delegate power
- โข Token = voting power (plutocracy, not democracy)
- โข Low quorums (easy to manipulate)
- โข Short voting periods (flash loan window)
- โข No identity verification (anonymous attackers)
๐ก Key Insight
Governance attacks aren't theoreticalโthey're proven and profitable. Beanstalk lost $182M in 2022 to a flash loan attack that took 13 seconds. The attacker borrowed $1B in tokens, voted through a malicious proposal, and drained the treasury before anyone could react. One token = one vote sounds fair until someone borrows a billion tokens. Understanding these attacks is the first step to defending against them.