DAO Governance Attacks and How to Prevent them

DAO Governance Attacks and How to Prevent them

DAO Governance Attacks and How to Prevent them

DAO Governance Attacks and How to Prevent them

DAO Governance Attacks and How to Prevent them

Read Time: 6 minutes

As blockchain has seen plenty of applications recently, this traction has created hype around the DLT (distributed ledger technology). Blockchain is considered the building block of crypto and thus has come up with offerings that serve different purposes. It has pushed decentralization with NFTs, dApps, DeFi, and smart contracts.

The emergence of DAOs has given concrete proof of the huge possibilities that blockchain can deliver. Recently we have seen how DAOs, or decentralized autonomous organizations, have evolved. This article has come up with a brief explanation of governance attacks on DAOs and how you can stand safe from them.

DAO Governance Model

It was challenging for users to adopt the new governance models after the advent of the blockchain, as several parties were involved. Still, the whole notion behind blockchain was to refrain users from any central entity. At this point, the need arose to establish clarity for the governance. 

The governance of a DAO is controlled by its members, who use a voting system to decide how the organization should operate and allocate its funds.

A DAO’s members typically own tokens representing their stake in the organization and allowing them to vote on proposals. These tokens can be bought and sold on the open market, allowing members to join and exit as they like.

The governance proposals could be proposed for various reasons, including upgrading the chain, making critical decisions for the chain’s future, and so on. Members of the DAO submit proposals, which are voted on by the entire membership. If a quorum of members votes to favor a proposal, the organization’s smart contract implements it automatically.

DAO Governance Attacks

A governance attack on a DAO happens when an attacker takes advantage of flaws in the DAO’s governance structure to obtain power and make decisions that favor the attacker at the expense of other members.

This type of attack can take many different forms. Still, it usually involves the attacker using their voting power or other means to gain control of the organization’s decision-making process and change its regulations in their favor.

Below are a few types of Governance Attacks in DAOs

  1. Majority attack: A majority attack is a governance attack in which the attacker has the majority of the voting power in a decentralized autonomous organization (DAO). With this degree of power, the attacker can make any proposal to the DAO that benefits them at the expense of other members.
  2. Sybil Attack: In a Sybil attack, the attacker creates many fake identities, commonly known as “Sybils,” which they can use to vote in the DAO’s decision-making process multiple times. The attacker can obtain significant influence within the organization by generating many Sybils, even if they do not hold most of the tokens.
  3. Frontrunning: Before a proposal is publicly revealed to the rest of the community, an attacker may be able to observe it. They can then use this information to vote in favor of the proposal or acquire tokens before it is made public, allowing them to influence the outcome of the vote or profit from the increased token price. A well-defined and transparent decision-making process is essential to reduce the risk of front-running in a DAO, a well-defined and transparent decision-making process is critical. Proposals could be made public before the vote so that all members can evaluate and discuss them equally.
  4. Influenced decisions: This is the most common because so many things can easily impact holders. This could be accomplished when particular members or groups have a disproportionate degree of influence over decision-making, whether through a large number of tokens, control over voting power, paid public relations initiatives, influencer marketing, or even bribing people to have a biased opinion on the plan.
  5. Spamming Proposals: The act of continuously submitting a large number of proposals with little or no value to overload the organization and make it difficult for valid ideas to be accepted is called spamming proposals. This attack can disrupt decision-making, making it more difficult for the community to reach a consensus and pass crucial ideas.

Real-Life Case Studies

  1. BeanStalk Governance Attack: Beanstalk, an Ethereum-based stablecoin platform, was the victim of an attack on its governance protocol in April 2022. The attacker stole $181 million from the project but kept only $76 million. The attacker could perform a large deposit to the contract using a flash loan. This gave them 79% of the votes in the governance protocol, and the proposal was eventually approved.
  2. Build Finance Governance Takeover: On the 14th of February, 2022, Build Finance DAO was the target of a governance hack that allowed the attacker to mint and sell tokens. The attacker most likely gained the equivalent of 160 ETH, or $470,000, from the stolen tokens. The attacker was successful in the takeover because there were a significant enough number of votes in favor of the plan and not enough countervotes to prevent the takeover from occurring.

DAO Governance Attacks Prevention

  1. Limiting the Governance Powers: By restricting the extent of what governance can perform, projects can reduce the value of attacks. If governance simply includes the ability to modify only certain features of the project, the scope of potential attacks is substantially limited than when governance allows full control of the governing smart contract.
  2. Emergency shutdown: In the event of a serious security issue, an emergency shutdown mechanism can be implemented in the smart contract code to halt all transactions and prevent additional damage temporarily.
  3. Transparency and communication: DAOs that are open and transparent about their operations and decision-making processes are more likely to create confidence and attract a dedicated community of token holders committed to the organization’s long-term success.
  4. Limiting the Proposals on a DAO: DAOs can limit the number of proposals that can be made within a specific time period, reducing spam or fraudulent suggestions. They should also incorporate some form of user authentication, such as a KYC (know your customer) check or a reputation score threshold for submitting proposals.

These are just a few of the various ways that can be employed to safeguard DAOs from attacks, and the best solution will depend on the organization’s specific needs.

Final Verdict

It is essential to be aware of the possibility of governance attacks and to take preventative measures, such as having a well-defined and transparent decision-making process, regular audits of the DAO smart contract, bug bounty programs, and a community of experts who can act as watchdogs on any suspicious activity.


Q: How do governance attacks impact the overall health of a blockchain network?

They can lead to a loss of trust in the network, resulting in decreased participation and adoption. They can also cause a drop in the value of the network’s native token, making it less attractive to investors.

Q: How does a Sybil attack work in a DAO?

In a Sybil attack, an attacker creates multiple fake identities and uses them to vote multiple times, effectively overwhelming legitimate votes and controlling the vote outcome.

Q: How does a front running attack work in a DAO?

In a front-running attack, attackers use their privileged access or knowledge to manipulate proposals before they are executed, often through buying and selling tokens.

Q: How can I protect myself from a governance attack?

Educate yourself on the specific risks and vulnerabilities of the network you are participating in.

Be careful when following or supporting proposals, and make sure you understand the potential consequences of the proposal before you vote.

Keep an eye on the network’s decision-making process and report any suspicious activity to the appropriate authorities.


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+