Why Your DAO's Governance is Insecure Without Selective Disclosure

Public voting intentions allow large holders to snipe governance proposals. They can wait until the final block, analyze the vote distribution, and swing the outcome with a minimal capital outlay, rendering community sentiment irrelevant.

• Attack Vector: Late-stage vote manipulation.
• Real-World Impact: MakerDAO's early governance suffered from this, where a single entity could decide proposals by observing the public tally.

Transparent voting power (e.g., veTokens) enables the formation of explicit, on-chain cartels. Entities like Curve's "whale wars" or Convex demonstrate how governance becomes a financial derivative, decoupled from protocol health.

• Attack Vector: Capital coordination against decentralized voters.
• Systemic Risk: $10B+ TVL protocols are controlled by a handful of voting blocs, creating centralization under the guise of decentralization.

Proposal details and voter sentiment are public, but strategic discussions among insiders are not. This creates a profitable gap for informed traders to front-run governance-driven market moves (e.g., token listings, treasury allocations).

• Attack Vector: Trading on non-public deliberation insights.
• Protocol Risk: Undermines fair launch principles and erodes trust, as seen in early Uniswap and Compound governance events.

Adopt cryptographic schemes where votes are committed with hashes and revealed later. This is the zero-knowledge proof of governance, breaking the direct link between voter identity and intent during the critical voting period.

• Key Benefit: Eliminates front-running and last-minute manipulation.
• Implementation Path: Leverage Aztec, Semaphore, or custom zk-SNARK circuits for private voting on public chains.

Shift from one-token-one-vote to a delegated model where reputation (non-transferable) is earned through verifiable contributions. This separates liquid capital from governance influence, attacking the vote-buying problem at its root.

• Key Benefit: Aligns voting power with proven skin-in-the-game.
• Analog Model: Optimism's Citizen House and Gitcoin's Grants Stack are pioneering non-financialized governance layers.

For sensitive treasury operations or parameter changes, require a multi-party computation (MPC) or trusted execution environment (TEE) to execute the outcome. The vote authorizes the action, but the how and when remain hidden until execution.

• Key Benefit: Enables selective disclosure—the what is public, the operational details are private.
• Tech Stack: Integrate Oasis Network's confidential smart contracts or Intel SGX-based keepers like Chainlink's DECO.

Public voting intentions are front-run. A whale seeing a losing proposal can change their vote last block to be on the 'winning side', gaining influence. This corrupts decision integrity.\n- Strategy Leakage: Reveals treasury management or partnership plans.\n- Vote-Buying: Enables explicit bribery markets on platforms like PolyMarket.\n- Gas Wars: Final-block vote changes trigger ~$50k+ in wasted gas per major DAO vote.

Voters submit a hash commitment first, reveal votes later. The outcome is unknowable until the reveal phase ends, neutralizing sniping.\n- Blind Voting Period: Votes are encrypted using threshold encryption (e.g., Shutter Network).\n- Forced Honesty: Voters must reveal with the original key, preventing last-second swaps.\n- Integration Path: Works with Snapshot and major governance platforms like Tally.

ZK proofs validate vote correctness (one-person, one-vote) without revealing individual choices. The gold standard for coercion-resistance.\n- Privacy & Verifiability: Uses zk-SNARKs (like in clr.fund) to prove tally correctness.\n- Anti-Collusion: MACI (Minimal Anti-Collusion Infrastructure) prevents voters from proving how they voted.\n- Heavyweight but Future-Proof: Currently complex, but essential for treasury grants and sensitive policy votes.

When a prominent VC's wallet votes, the herd follows. This creates centralization and discourages independent thought. Privacy protects the minority.\n- Social Proof Bias: Delegators blindly follow large, visible addresses.\n- Retribution Risk: Voting against a powerful bloc can lead to social or financial retaliation.\n- Data Harvesting: Nansen, Arkham turn governance into a free signal feed for traders.

Separates identity from vote using anonymous credentials. Voters prove membership (e.g., NFT holder) without linking wallet to ballot.\n- Census Proofs: Prove right to vote off-chain, submit anonymous vote on-chain.\n- Scalability: Uses IPFS and rollups for ~1M+ voter capacities at low cost.\n- Real-World Use: Deployed for city council elections and large DAO contributor polls.

You don't need a full ZK overhaul. Start with Snapshot X's private voting plugin or Shutterized Snapshot. Mitigate the worst leaks today.\n- Incremental Adoption: Add privacy to specific, sensitive proposals (e.g., budget allocation).\n- Developer Tools: OpenZeppelin's Governor contracts are adding privacy extensions.\n- Cost/Benefit: ~$500 in dev time vs. millions in leaked alpha.

Public voting on proposals like Compound or Uniswap is a free alpha feed. Front-running bots can extract $100M+ in MEV by anticipating governance-driven price moves.

• Strategy Leakage: Whale voting intent signals market moves.
• Vote Manipulation: Adversaries can bribe or coerce based on public positions.
• Voter Suppression: Exposure leads to harassment, chilling participation.

Separate the vote submission from its content. Voters commit a hash of their vote, then reveal later. This is foundational for Aztec, zkVotes, and clr.fund.

• Blind Commitment: First transaction hides intent with a hash.
• Forced Revelation: Second transaction reveals plaintext vote, enforceable on-chain.
• Strategy Obfuscation: Eliminates front-running windows between proposal snapshot and execution.

Prevent leakage in the transaction pool itself. Use SGX enclaves or FHE-like systems as seen in Phala Network and Oasis for private smart contracts.

• Encrypted Execution: Votes are processed inside a trusted enclave.
• Temporal Privacy: Outcome is only decrypted after the voting period.
• Integrity Guarantees: Remote attestation proves code ran correctly, mitigating trust issues.

Prove a vote is valid without revealing its direction or the voter's identity. MACI (Minimal Anti-Collusion Infrastructure) by Privacy & Scaling Explorations uses this for quadratic funding.

• Unlinkable Proofs: ZK-SNARKs validate vote eligibility and correctness.
• Collusion Resistance: Final tally is known, but individual votes are not.
• On-Chain Verifiable: Proofs are small (~1 KB) and cheap to verify.

Ignoring selective disclosure cedes control to extractive actors. Governance attacks on Curve, MakerDAO, and Fantom showcase the stakes.

• Protocol Capture: Adversaries can cheaply manipulate outcomes.
• TVL Flight: Sophisticated capital avoids leaky systems.
• Regulatory Risk: Public vote history creates liability for delegates and whales.

Start with commit-reveal for hot proposals, then layer in ZK or TEEs for full privacy. Aragon, Snapshot, and Tally are integrating these primitives.

• Phase 1: Add commit-reveal to existing Snapshot strategies.
• Phase 2: Integrate a ZK-rollup for voting (e.g., using zkSync's ZK Stack).
• Phase 3: Move critical treasury actions (e.g., Gnosis Safe upgrades) to private execution.