On-chain governance is the mechanism by which a decentralized community proposes, votes on, and executes changes to a protocol. For economic parameters—such as staking rewards, fee structures, inflation rates, or collateral ratios—governance controls are essential for long-term sustainability and adaptability. Unlike immutable contracts, which are fixed, a well-designed governance system allows a protocol to evolve in response to market conditions, security threats, or community consensus, while maintaining security and decentralization.
LABS
Guides
Setting Up Governance Controls for Economic Changes
This guide explains how to implement smart contract-based governance for managing a protocol's economic parameters, including token supply, inflation rates, and treasury allocations.
Chainscore © 2026
introduction
FOUNDATIONS
Introduction
This guide explains how to implement governance controls for modifying core economic parameters in smart contracts, a critical component for decentralized protocols.
Implementing these controls requires careful architectural decisions. The core pattern involves separating the logic for parameter storage from the logic that uses them. Typically, a Governance or TimelockController contract holds the authority to call a restricted setParameter function on a target contract. This separation of concerns, often enforced via the OpenZeppelin AccessControl or Ownable libraries, prevents arbitrary upgrades and ensures only authorized governance actions can modify critical state. A common security enhancement is to implement these changes through a timelock, which introduces a mandatory delay between a proposal's approval and its execution, giving users time to react.
For developers, the primary task is to design upgradeable data structures and permissioned setters. For example, a lending protocol's InterestRateModel contract might store a baseRate and multiplier. Instead of hardcoding these, the contract exposes functions like updateRateModel(uint256 newBaseRate, uint256 newMultiplier) that are protected by the onlyGovernance modifier. The governance contract itself, which could be a simple multi-signature wallet or a complex DAO like Compound's Governor Bravo, is then the sole address permitted to call this function.
This guide will walk through the practical steps of building this system: 1) defining the upgradeable parameters in your contract, 2) implementing access control using proven libraries, 3) integrating with a timelock contract for safe execution, and 4) connecting to a governance framework for proposal lifecycle management. We'll use Solidity examples based on OpenZeppelin Contracts, the industry standard for secure smart contract development, to illustrate each concept with deployable code.
prerequisites
SETUP
Prerequisites
Before implementing governance controls for economic changes, you must establish the foundational technical and organizational infrastructure.
The first prerequisite is a deployed and verified smart contract system. This includes the core protocol contracts (e.g., token, staking, treasury) whose parameters will be governed. Use a development framework like Hardhat or Foundry for local testing and deployment. All contracts must be upgradeable via a proxy pattern (e.g., Transparent Proxy, UUPS) to allow for future modifications approved by governance. Ensure the contract architecture clearly separates logic for economic parameters (like interest rates or fee percentages) into discrete, governable modules.
You will need a live governance token that confers voting power. This token must be deployed and distributed according to your protocol's initial design, whether through a fair launch, investor allocations, or liquidity mining. The token contract should implement the necessary standards (like ERC-20Votes or ERC-20VotesComp) to support snapshot-based voting and delegation, which are critical for gas-efficient governance. Tools like OpenZeppelin's governance contracts provide a robust starting point for this functionality.
A governance framework must be deployed and configured. This is typically a set of contracts including a TimelockController, a Governor contract (e.g., GovernorBravo, OpenZeppelin Governor), and optionally a Treasury module. The Timelock is essential for economic changes, as it enforces a mandatory delay between a proposal's approval and its execution, providing a safety net for the community. Configure the Governor's parameters: voting delay, voting period, proposal threshold, and quorum requirements, which define the process's security and inclusivity.
Establish off-chain infrastructure for proposal creation and voting. This includes a frontend interface (like a DAO dashboard) that interacts with your governance contracts and an indexing service to query proposal data and voter history. For decentralized voting, integrate with Snapshot for gasless, off-chain signaling on complex proposals, while keeping binding, on-chain execution for finalized economic changes. Ensure your team has the tooling to generate and verify the calldata for proposed contract upgrades or parameter adjustments.
Finally, define clear social consensus channels and documentation. Governance operates on code and community. Establish a forum (e.g., Commonwealth, Discourse) for discussion, a transparent process for Temperature Checks and Request for Comments (RFCs), and comprehensive documentation for delegates. This ensures economic change proposals are technically sound, widely understood, and have measurable community support before reaching an on-chain vote, reducing governance attack surfaces and failed execution.
key-concepts-text
KEY GOVERNANCE CONCEPTS
Setting Up Governance Controls for Economic Changes
Implementing robust on-chain governance is essential for protocols managing monetary policy, fee structures, and treasury allocations. This guide covers the technical mechanisms for controlling economic parameters.
On-chain governance for economic changes involves creating executable proposals that modify a protocol's core financial parameters. These parameters typically include token emission rates, staking rewards, protocol fee percentages, and treasury withdrawal limits. Unlike social governance, economic proposals are binding smart contract calls that execute automatically upon approval. For example, a Compound Governance proposal can directly call the _setCompRate function to adjust COMP token distribution speeds. This requires a precise technical specification within the proposal payload.
The security model for economic governance relies on time-locks and multi-sig safeguards. A common pattern is to implement a TimelockController contract (like OpenZeppelin's) that queues approved proposals for a mandatory delay period, often 48-72 hours. This gives users time to react to potentially harmful changes, such as a sudden inflation increase. For high-value actions like large treasury transfers, protocols like Uniswap use a Governor contract that requires a 7-day timelock and a 4-day voting period, creating an 11-day total delay before execution. This prevents rushed or malicious proposals from causing immediate financial damage.
Developing a proposal involves several technical steps. First, you encode the target contract call using ethers.js or web3.py: calldata = targetContract.interface.encodeFunctionData('setFee', [newFeeBasisPoints]). This calldata is embedded in the proposal submitted to the governance contract. Second, you must define clear voting parameters: voting delay (time before voting starts), voting period (duration of the vote), and proposal threshold (minimum token power needed to propose). Aave's governance, for instance, requires a 1% threshold of AAVE tokens to create a proposal, with a 3-day voting period.
Best practices include implementing circuit breakers for critical parameters. For example, a governance contract can enforce hard caps, preventing a single proposal from increasing annual inflation beyond 5% or draining more than 20% of the treasury in one transaction. Lido's stETH reward rate changes are governed by the DAO but are also bounded by on-chain limits derived from Ethereum's consensus rules. Always simulate proposals on a testnet fork using tools like Tenderly or Foundry's forge to verify the exact state changes and avoid unintended consequences.
Monitoring and transparency are crucial. Use governance dashboards like Tally or Boardroom to track proposal lifecycles. Implement event emission for all state changes: emit ParameterUpdated("stakingAPY", oldValue, newValue, block.timestamp). For developers, integrating with Snapshot for off-chain signaling before an on-chain vote can improve community alignment. Remember, the goal is to create a system where economic power is distributed, changes are transparent and deliberate, and users have sufficient time to exit if they disagree with new monetary policy.
governance-frameworks
IMPLEMENTATION
Governance Frameworks and Tools
Tools and frameworks for implementing on-chain governance, from proposal creation to execution and security.
04
Governor Contract Parameters
Key configurable parameters that define a governance system's security and responsiveness.
- Voting Delay: Time between proposal creation and start of voting (e.g., 1 block for instant, 6570 blocks ~1 day for review).
- Voting Period: Duration votes can be cast (typical range: 3-7 days).
- Proposal Threshold: Minimum token power required to submit a proposal.
- Quorum: Minimum percentage of total voting power required for a proposal to pass.
Misconfiguration is a leading cause of governance attacks or stagnation.
05
Timelock and Execution Security
Using a Timelock contract is a security best practice for executing privileged actions, especially economic changes like fee updates or treasury transfers.
- Execution Delay: A mandatory waiting period (e.g., 2 days) between a proposal passing and execution.
- Role-Based Access: The Timelock is the sole executor, preventing instant, unilateral action by any single party.
- Escape Hatch: Gives users time to exit (e.g., withdraw liquidity) if a malicious proposal passes.
Compound's Timelock has a 2-day delay for all Governor-controlled functions.
06
Sybil Resistance and Vote Delegation
Mechanisms to prevent vote manipulation and enable efficient governance participation.
- Token-Weighted Voting: Standard for economic governance (1 token = 1 vote).
- Delegation: Allows token holders to delegate voting power to experts without transferring assets, as seen in ERC-20Votes.
- Sybil Resistance: Relies on the cost of acquiring governance tokens, making large-scale identity fraud economically impractical.
Uniswap's delegation system has over 80 million delegated votes.
COMMON CONFIGURATIONS
Governable Economic Parameters
Key economic parameters that can be controlled by on-chain governance, comparing typical settings across major DeFi protocols.
| Parameter | MakerDAO (DAI) | Compound (cTokens) | Uniswap V3 | Aave V3 |
|---|---|---|---|---|
Stability Fee / Interest Rate | 1.5% - 8.5% | Governance-set base rate + utilization | N/A | Variable/Stable rate model parameters |
Debt Ceiling | $1B+ per vault type | Per-asset borrow caps | N/A | Per-asset borrow/supply caps |
Liquidation Penalty | 13% | 5% - 10% | N/A | 5% - 10% |
Liquidation Threshold | Varies by collateral (e.g., 150%) | Varies by collateral (e.g., 75-85%) | N/A | Varies by collateral (e.g., 70-80%) |
Protocol Revenue Fee | Stability Fee revenue | 10% of interest (Reserve Factor) | 0.05% - 1% fee tier per pool | 10% of interest (Protocol Fee) |
Governance Voting Delay | 0 days (Executive Vote) | 2 days | N/A | 1 day |
Parameter Update Timelock | 0 days (Spell execution) | 2 days | N/A | 1 day |
Emergency Shutdown Mechanism | Global Settlement | Pause Guardian (admin multisig) | N/A | Emergency Admin (multisig) & Risk Admin |
implementation-steps
IMPLEMENTATION STEPS
Setting Up Governance Controls for Economic Changes
This guide details the technical process for implementing on-chain governance mechanisms to manage protocol parameters like fees, rewards, and inflation.
The first step is defining the governance framework. Most protocols use a token-based voting model where voting power is proportional to the amount of governance tokens staked or delegated. You must decide on key parameters: the quorum (minimum votes required for a proposal to be valid), the approval threshold (percentage of 'yes' votes needed to pass), and the voting delay and period. These are typically set in a smart contract, such as an extension of OpenZeppelin's Governor contracts. For example, initializing a governor might look like: GovernorVotesQuorumFraction(4, 1000) to set a 4% quorum of the total token supply.
Next, implement the proposal lifecycle. A proposal is a bundled set of function calls to be executed on the protocol's core contracts. In Solidity, you create a proposal by calling propose() on the governor contract, which takes an array of target addresses, values, and calldata. The proposal then enters a timelock period before execution, a critical security feature that allows users to exit if they disagree with the changes. For economic parameters like a staking reward rate, the calldata would encode a call to a function like setRewardRate(uint256 newRate) on the relevant staking contract.
Smart contract integration is crucial for secure execution. All contracts whose parameters are governed must have their critical functions protected by access control, typically using the onlyGovernance modifier that checks the caller is the timelock executor contract. This ensures only successfully passed proposals can enact changes. For upgrades, consider using a Transparent Proxy or UUPS pattern where the upgrade authority is the timelock, separating the logic of proposing changes from the power to execute them.
Finally, establish off-chain infrastructure for proposal discussion and signaling. While the voting occurs on-chain, platforms like Snapshot are used for gas-free, off-chain voting based on token snapshots. Integrate with a front-end that connects to wallet providers, displays active proposals, and shows voting power. Monitor governance participation metrics and consider implementing delegate functionality to allow token holders to delegate their voting power to experts, increasing engagement and the quality of decision-making.
code-example-treasury
GOVERNANCE IMPLEMENTATION
Code Example: Treasury Spending Proposal
A practical guide to writing and deploying a smart contract that enables on-chain governance for treasury fund allocation.
A treasury spending proposal is a core governance primitive that allows token holders to vote on the allocation of a protocol's funds. This is typically implemented as a smart contract that holds the treasury (often a multi-signature wallet or a dedicated vault) and only releases funds upon the successful execution of a proposal. The key components are: a proposal struct storing the recipient, amount, and description; a voting mechanism (e.g., token-weighted snapshot); and an execution function that transfers funds after a successful vote. This creates transparent, auditable control over a DAO's economic changes.
Below is a simplified Solidity example using OpenZeppelin's governance contracts, demonstrating a TreasurySpendProposal contract. It inherits from Governor contracts to manage the proposal lifecycle and uses a TimelockController to queue and execute transactions safely. The proposal target is the treasury contract itself, and the calldata encodes a call to its transferFunds function.
solidity// SPDX-License-Identifier: MIT pragma solidity ^0.8.19; import "@openzeppelin/contracts/governance/Governor.sol"; import "@openzeppelin/contracts/governance/extensions/GovernorSettings.sol"; import "@openzeppelin/contracts/governance/extensions/GovernorTimelockControl.sol"; contract TreasurySpendProposal is Governor, GovernorSettings, GovernorTimelockControl { IERC20 public treasuryToken; address public treasuryVault; constructor( IVotes _token, TimelockController _timelock, IERC20 _treasuryToken, address _treasuryVault ) Governor("TreasuryGovernor") GovernorSettings(7200 /* 1 day */, 50400 /* 1 week */, 100000e18) GovernorTimelockControl(_timelock) { treasuryToken = _treasuryToken; treasuryVault = _treasuryVault; } function proposeSpend( address recipient, uint256 amount, string memory description ) public returns (uint256 proposalId) { address[] memory targets = new address[](1); targets[0] = treasuryVault; uint256[] memory values = new uint256[](1); values[0] = 0; bytes[] memory calldatas = new bytes[](1); calldatas[0] = abi.encodeWithSignature( "transferFunds(address,uint256)", recipient, amount ); return propose(targets, values, calldatas, description); } // ... Required override functions (votingDelay, etc.) }
The proposeSpend function formats the governance action. The targets array points to the treasuryVault address. The calldatas array contains the encoded function call, which instructs the vault to transferFunds to a specific recipient for a given amount. The values array is zero because we're not sending Ether, but ERC-20 tokens. This proposal is then submitted to the Governor contract, which manages the voting period, quorum checks, and, upon success, forwards the action to the TimelockController. The timelock introduces a mandatory delay between vote completion and execution, giving users a safety window to exit the system if they disagree with a passed proposal.
The separate TreasuryVault contract must be secured and expose a transferFunds function that is only callable by the TimelockController. This ensures no funds can leave without a successful governance process. A common pattern is to use OpenZeppelin's AccessControl with the TIMELOCK_ADMIN_ROLE. Critical implementation details include: setting appropriate voting parameters (delay, period, quorum) in the constructor; ensuring the governance token correctly implements the IVotes interface for snapshot voting; and thoroughly testing the entire flow on a testnet. Always audit the permissioning between the Governor, Timelock, and Vault contracts to prevent privilege escalation.
Once deployed, the workflow is: 1. A community member calls proposeSpend. 2. Token holders vote during the voting period. 3. If the vote succeeds, the proposal is queued in the timelock. 4. After the timelock delay, anyone can execute the proposal, triggering the fund transfer from the vault. This structure is used by major DAOs like Uniswap and Compound. For production, consider using bravo-style governance with explicit for/against/abstain votes and vote delegation, available in OpenZeppelin's GovernorCountingSimple extension.
Security considerations are paramount. The timelock delay is a critical defense, often set between 2-7 days. The proposal threshold (minimum tokens needed to propose) should balance accessibility and spam prevention. Use on-chain execution for complete transparency, but be mindful of gas costs for complex operations. For large treasuries, consider a multi-chain governance strategy using cross-chain messaging protocols like LayerZero or Axelar to manage funds on different networks from a single voting dashboard. Always start with a conservative configuration and a guarded launch, perhaps with a multisig guardian that can veto proposals in the early stages of the DAO's lifecycle.
code-example-inflation
GOVERNANCE IMPLEMENTATION
Code Example: Adjusting Inflation Rate
A practical guide to implementing a governance-controlled inflation parameter using Solidity, demonstrating how to manage a core economic lever in a decentralized protocol.
Inflation is a critical economic parameter for many blockchain protocols, directly impacting token supply, staking rewards, and long-term sustainability. A common best practice is to make this parameter upgradeable via on-chain governance, rather than hardcoding it. This example demonstrates a simple InflationController contract where the annual inflation rate can be adjusted through a governance vote. The contract uses OpenZeppelin's Ownable for initial simplicity, but in a production environment, this would be replaced with a full governance module like OpenZeppelin Governor or a custom DAO contract.
The core logic is straightforward. The contract stores a public inflationRateBasisPoints variable, representing the annual inflation rate in basis points (e.g., 500 for 5%). An onlyOwner function, setInflationRate, allows the authorized governance address to update this value. It's crucial to include validation, such as ensuring the new rate does not exceed a safe maximum (e.g., 20% or 2000 basis points), to prevent governance attacks or economic instability. This function should emit an event to provide a transparent, on-chain record of all parameter changes for users and analytics tools.
Here is a basic implementation in Solidity:
solidity// SPDX-License-Identifier: MIT pragma solidity ^0.8.19; import "@openzeppelin/contracts/access/Ownable.sol"; contract InflationController is Ownable { uint256 public inflationRateBasisPoints; // e.g., 500 = 5% uint256 public constant MAX_INFLATION_BPS = 2000; // 20% maximum event InflationRateUpdated(uint256 oldRate, uint256 newRate); constructor(uint256 _initialRateBps) { require(_initialRateBps <= MAX_INFLATION_BPS, "Rate too high"); inflationRateBasisPoints = _initialRateBps; } function setInflationRate(uint256 _newRateBps) external onlyOwner { require(_newRateBps <= MAX_INFLATION_BPS, "Rate exceeds maximum"); uint256 oldRate = inflationRateBasisPoints; inflationRateBasisPoints = _newRateBps; emit InflationRateUpdated(oldRate, _newRateBps); } }
The constructor sets an initial rate, and the setInflationRate function allows the owner (the governance contract) to propose updates.
In a real-world deployment, this controller would be integrated with a token minting or staking reward mechanism. For instance, a staking contract could call inflationRateBasisPoints to calculate the number of new tokens to mint for rewards over a given epoch. The governance process would involve a timelock between a proposal's passage and its execution, giving users time to react to economic changes. This pattern is used by protocols like Compound for adjusting its compRate and by many Cosmos SDK chains where governance proposals modify the x/mint module parameters directly.
Key security considerations include ensuring the governance contract is the sole owner, implementing a timelock on the setInflationRate function, and potentially adding a rate change delay or a minimum time between adjustments to prevent rapid, destabilizing changes. The maximum cap is essential, but the governance process itself must also be secure against flash loan attacks or other forms of voting manipulation that could force an extreme, harmful inflation rate. Always audit the full governance flow, not just the target contract.
SECURITY BEST PRACTICES
Setting Up Governance Controls for Economic Changes
Governance controls for economic parameters like token minting, fee changes, or treasury management are critical attack vectors. This guide covers common pitfalls and secure implementation patterns for on-chain governance.
Proposals to adjust protocol fees, inflation rates, or reward distributions are high-risk because they directly manipulate value flows. Common failure modes include:
- Parameter manipulation attacks: A malicious proposal may set fees to 100% or redirect rewards to a controlled address. Mitigate this by implementing hard caps in the governance contract itself (e.g.,
require(newFeeBps <= 500, "Fee cap exceeded")). - Vote manipulation through flash loans: Attackers borrow governance tokens to pass proposals. Use a time-weighted voting model (like ve-tokenomics) or include a vote delay to prevent last-minute swings.
- Unclear parameter effects: A "5% fee increase" might be applied additively or multiplicatively, causing unintended consequences. Always specify the mathematical formula and test edge cases on a forked mainnet before execution.
Smart contract audits for Compound and Aave governance highlight these vulnerabilities. Always simulate proposal effects using Tenderly or a local fork before a live vote.
resource-links
GOVERNANCE TOOLING
Resources and Further Reading
Guides, frameworks, and tooling used by production DAOs to control protocol-level economic changes such as fees, emissions, and parameter upgrades.
03
Economic Parameter Design and Change Management
Effective governance is not just contracts; it starts with economic parameter design.
Key parameters typically governed:
- Trading fees (e.g., 0.05% → 0.3%)
- Inflation or emission schedules
- Collateral factors and liquidation thresholds
Recommended controls:
- Define allowed ranges in contracts for critical variables
- Require governance approval for changes outside predefined bounds
- Separate emergency parameters from routine updates
Many leading protocols document this process explicitly. For example:
- MakerDAO uses distinct proposal types for stability fees vs risk onboarding
- Aave separates risk parameter updates from core contract upgrades
Design takeaway:
- Treat economic changes as risk events, not routine admin actions
- Require higher quorum or longer delays for changes with irreversible impact
04
Governance Risk Disclosure and Transparency Playbooks
Transparent documentation around economic governance reduces attack surface and user distrust.
Well-run protocols publish:
- What parameters can change via governance
- How often changes are expected
- Who can propose, vote, and execute
Resources to study:
- Uniswap Governance Process documentation
- MakerDAO governance collateral and risk frameworks
Operational recommendations:
- Maintain a public repository with parameter history
- Tag high-impact proposals with explicit economic risk summaries
- Publish post-mortems for failed or controversial changes
Clear governance disclosures help downstream users, integrators, and auditors understand how economic power is exercised.
This is especially important for protocols managing billions in TVL, where even small parameter changes can materially affect user funds.
GOVERNANCE CONTROLS
Frequently Asked Questions
Common questions and troubleshooting for developers implementing on-chain governance for economic parameters like fees, inflation, or rewards.
A typical system requires three core smart contract components:
- Governance Token: The asset used for voting (e.g., veCRV, xSUSHI).
- Proposal Contract: Handles the creation, voting, and execution of proposals to change parameters.
- Target Contracts: The protocol's core contracts (e.g., staking, fee distributor) whose parameters (like
rewardRateorprotocolFee) are being governed.
Proposals are often executed via a Timelock Controller, which enforces a mandatory delay between proposal approval and execution. This delay allows users to react to potentially harmful changes. The flow is: 1) Proposal creation, 2) Voting period, 3) Timelock queue, 4) Execution.
conclusion
IMPLEMENTATION SUMMARY
Conclusion and Next Steps
You have now configured the core governance controls for managing your protocol's economic parameters. This guide has covered the essential steps from proposal creation to execution.
The governance framework you've implemented provides a structured, on-chain process for enacting economic changes. Key components include a timelock contract to enforce a mandatory delay, a voting mechanism (e.g., token-weighted or quadratic) to gauge community sentiment, and clearly defined proposal thresholds for submission and quorum. This structure mitigates risks like rushed decisions or governance attacks by introducing deliberate process steps. For a real-world example, review Compound's Governor Bravo implementation, which popularized this pattern.
Your next steps should focus on operational security and community engagement. First, conduct a comprehensive audit of the entire governance module, including the voting token, governor, and timelock contracts. Use tools like Slither or Mythril for static analysis and consider a professional audit from firms like Trail of Bits or OpenZeppelin. Second, create clear, public documentation for your community. This should detail the proposal lifecycle, voting periods, and the specific economic parameters (e.g., fee rates, reward emissions, debt ceilings) that are governable. Transparency here builds trust and participation.
Finally, consider advanced governance features to enhance the system. Treasury management modules, like those in Gnosis Safe, can allow for multi-signature execution of approved proposals. Delegate registries can track voting power delegation off-chain to save gas. For protocols with subDAOs or working groups, look into fractal governance models or optimistic governance (like Optimism's Citizen House) to delegate specific powers. Continuously monitor proposal activity and voter turnout, using analytics from platforms like Tally or Boardroom, to iteratively improve the system's parameters and participation incentives.