Delegated voting, or liquid democracy, allows token holders to vote directly on proposals or delegate their voting power to a representative. This combines direct democracy's engagement with representative democracy's efficiency. On-chain implementation requires a smart contract that manages a delegation graph, tracks vote weights, and ensures the integrity of the voting process. The core data structures typically include a mapping from voter addresses to their chosen delegate and a record of each address's voting power, which is often derived from a token balance or stake.
LABS
Guides
How to Implement a Secure Delegated Voting System
This guide provides a technical blueprint for building a secure delegated voting system. It covers smart contract architecture for delegation, managing delegation changes, and preventing delegation-related attacks like vote freezing.
Chainscore © 2026
introduction
DEVELOPER GUIDE
How to Implement a Secure Delegated Voting System
A technical walkthrough for building a secure on-chain delegated voting mechanism using smart contracts, covering delegation logic, vote weighting, and key security considerations.
The delegation mechanism must handle several states: an address voting for itself (self-delegation), delegating to another address, or being a delegate for others. A critical implementation detail is preventing circular delegation, where A delegates to B and B delegates to A, which can be resolved by flattening the delegation chain to find the final delegate. When a user delegates, the contract must recalculate voting power for all affected addresses in the chain. A common pattern is to use a pull-over-push model for state updates to save gas, where vote weight calculations are performed lazily when a vote is cast.
Here is a simplified Solidity snippet showing core delegation logic:
soliditymapping(address => address) public delegateOf; mapping(address => uint256) public voteWeight; function delegate(address to) external { require(to != msg.sender, "Cannot delegate to self"); require(delegateOf[to] != msg.sender, "Circular delegation"); address currentDelegate = delegateOf[msg.sender]; if (currentDelegate != address(0)) { // Remove weight from old delegate chain _updateDelegateWeight(currentDelegate, -int256(balanceOf(msg.sender))); } delegateOf[msg.sender] = to; // Add weight to new delegate chain _updateDelegateWeight(to, int256(balanceOf(msg.sender))); }
This function updates the delegation mapping and adjusts weights, though a production system would need more robust cycle detection and batch updates.
Security is paramount. Contracts must guard against vote manipulation through techniques like snapshotting. A snapshot of token balances or delegated weights should be taken at a specific block number before voting begins, freezing the state to prevent users from acquiring tokens, delegating, voting, and then transferring tokens away (a "flash loan" attack on governance). The OpenZeppelin Governor contract uses this pattern with a getVotes function that reads from a historical snapshot. Additionally, implement timelocks on execution and a delay between proposal submission and voting to allow for community review.
For production systems, consider integrating with existing standards like EIP-5805 (Delegation Utilities) and EIP-6372 (Clock for block numbers/timestamps). Use established libraries such as OpenZeppelin Governor as a foundation. Key metrics to monitor include delegation participation rate, the concentration of voting power among top delegates, and proposal execution success rate. Always conduct thorough audits and consider implementing a bug bounty program before mainnet deployment, as governance contracts are high-value targets.
prerequisites
FOUNDATIONAL KNOWLEDGE
Prerequisites for This Guide
Before building a secure delegated voting system, you need a solid foundation in blockchain development and smart contract security.
This guide assumes you have intermediate experience with Ethereum or EVM-compatible blockchain development. You should be comfortable writing, testing, and deploying smart contracts using a framework like Hardhat or Foundry. Familiarity with the Solidity programming language is essential, including concepts like function modifiers, access control, and event emission. You'll also need a basic understanding of how to interact with contracts using a library like ethers.js or web3.js.
A core prerequisite is understanding the ERC-20 token standard, as it's commonly used to represent voting power. You should know how to check balances, transfer tokens, and implement approvals. Since our system involves delegation, you must grasp the difference between token ownership and delegated voting power. We'll build upon these concepts to create a system where users can delegate their voting rights to other addresses without transferring the underlying assets.
Security is paramount in any on-chain voting mechanism. You should be aware of common smart contract vulnerabilities such as reentrancy, integer overflows/underflows, and improper access control. We will implement safeguards against these, but a foundational knowledge helps you understand why certain patterns are used. Familiarity with OpenZeppelin's contracts library, especially their Ownable and AccessControl utilities, will be beneficial as we'll use them for secure role management.
For testing and deployment, you'll need a development environment set up. This includes Node.js (v18+), a package manager like npm or yarn, and access to a testnet (e.g., Sepolia) for deployment. You should have test ETH on a testnet to pay for gas during deployment. We will write comprehensive tests to verify delegation logic, vote tallying, and security checks, so understanding unit testing with Hardhat or Foundry is required.
Finally, understand the basic mechanics of on-chain governance. This includes knowing the difference between snapshot voting (off-chain, gasless) and on-chain execution. Our guide focuses on the on-chain component, where votes are cast directly in a transaction and can trigger executable proposals. We'll cover how to structure a proposal, manage voting periods, and securely execute passed proposals using a timelock pattern.
core-architecture
CORE SMART CONTRACT ARCHITECTURE
How to Implement a Secure Delegated Voting System
A technical guide to building a gas-efficient and secure on-chain voting mechanism using delegation, inspired by systems like Compound's Governor Bravo.
A delegated voting system allows token holders to vote directly on proposals or delegate their voting power to a representative. This architecture is fundamental to many Decentralized Autonomous Organizations (DAOs). The core contract structure typically involves three main components: the voting token (ERC-20 or ERC-5805), a delegation registry to track voting power, and a governor contract that manages proposal lifecycle and vote tallying. Security considerations must be addressed from the start, including protection against double voting, flash loan attacks, and improper state transitions.
The delegation mechanism is powered by a vote weight snapshot. When a user delegates, either to themselves or another address, their voting power is calculated based on their token balance at a specific block number, usually the proposal creation block. This prevents manipulation by transferring tokens after a proposal is live. Implement this by storing a checkpoints array for each delegatee, where each checkpoint is a struct containing a block number and the cumulative voting power delegated to that address at that time. The getVotes function then performs a binary search on this array to find the historical voting power.
Proposal state management follows a strict sequence: Pending, Active, Canceled, Defeated, Succeeded, Queued, and Executed. Introduce timelocks and delays between states to allow for community review. For example, a proposal must remain in the Active state for a minimum voting period (e.g., 3 days) before moving to Succeeded. The castVote function should only be callable during the Active phase and must use the getVotes function with the proposal's snapshot block to determine the voter's weight, ensuring historical consistency.
To optimize for gas efficiency, avoid storing individual votes in a mapping from voter to proposal. Instead, consider storing vote data in a compact uint256 where bits represent support (for, against, abstain) and the voter's address can be derived from an event log. For tallying, increment storage variables for forVotes, againstVotes, and abstainVotes directly. Always use the Checks-Effects-Interactions pattern and implement reentrancy guards on state-changing functions, especially execute, which may interact with external contracts to enact the proposal's calldata.
Thorough testing is non-negotiable. Write tests for edge cases: delegation changes mid-vote, voting with a delegated balance, and attempting to vote on canceled proposals. Use forked mainnet tests to simulate real token distributions. Finally, consider integrating with OpenZeppelin's Governor contracts (like Governor.sol) as a secure, audited base to build upon, which implements many of these patterns and provides modular hooks for customization.
key-concepts
ARCHITECTURE
Key Concepts for Delegated Voting
Delegated voting systems, or liquid democracy, combine direct and representative governance. These are the core technical components for building a secure implementation.
01
Delegation Registry & Snapshotting
The delegation registry is the core smart contract that maps delegators to their chosen delegates. A critical security practice is to use a snapshot mechanism (like OpenZeppelin's ERC20Snapshot) to record token balances at a specific block number before a vote. This prevents manipulation through token transfers during the voting period. Key considerations include:
- Gas efficiency for updating delegation links.
- Support for partial delegation of voting power.
- A delay period between delegation changes and voting eligibility to prevent last-minute attacks.
02
Vote Aggregation Algorithms
The algorithm tallies votes, accounting for delegated power. The basic formula sums a voter's direct tokens plus all tokens delegated to them. For security, the system must correctly handle:
- Nested delegation (delegates who further delegate). This requires graph traversal to avoid double-counting or cycles.
- Partial delegation splits, where a user delegates 50% of power to A and 50% to B.
- Vote execution on-chain via Governor contracts (e.g., OpenZeppelin Governor) or off-chain via standards like EIP-712 for gasless voting.
03
Sybil Resistance & Identity
Preventing one entity from controlling multiple voting identities (Sybil attacks) is fundamental. Common approaches include:
- Token-weighted voting: Using existing tokens (ERC-20, ERC-721) as the cost of identity. This is the most common method in DeDAO.
- Proof-of-Personhood: Integrating with systems like Worldcoin or BrightID to establish unique human identity, often used for one-person-one-vote models.
- Reputation-based systems: Assigning non-transferable voting power based on past contributions or staking duration. A hybrid model might combine token weight with a reputation multiplier.
04
Security & Attack Vectors
Understanding and mitigating specific threats is essential for a production system.
- Vote Buying & Coercion: Mitigated by using commit-reveal schemes or privacy-preserving tech like zero-knowledge proofs.
- Delegate Collusion: Addressed through bonding and slashing mechanisms, where delegates stake assets that can be lost for malicious behavior.
- Flash Loan Attacks: Where an attacker borrows a large amount of tokens to manipulate a snapshot. Defended against by using time-weighted average balances or requiring tokens be held for a minimum duration before voting.
06
Audit Frameworks & Tooling
Before deployment, rigorous testing and auditing are non-negotiable. Essential tools include:
- Formal Verification: Using tools like Certora or Solidity SMTChecker to mathematically prove contract correctness.
- Fuzz Testing: Frameworks like Foundry's fuzzer or Echidna to generate random inputs and find edge cases in voting logic.
- Audit Checklists: Reviewing delegation logic for reentrancy, proper access control, and correct state updates during complex delegation graph changes. Always plan for multiple independent audit rounds.
implementation-steps
SMART CONTRACT GUIDE
How to Implement a Secure Delegated Voting System
This guide provides a step-by-step implementation of a secure, on-chain delegated voting system using Solidity, covering contract architecture, delegation logic, and security best practices.
A delegated voting system, or liquid democracy, allows token holders to vote directly on proposals or delegate their voting power to a trusted representative. This combines direct democracy's transparency with representative democracy's efficiency. On-chain implementation requires a smart contract that securely manages token balances, delegation links, and vote tallies. The core components are a vote token (often an ERC-20 or ERC-1155), a registry for proposals, and a mapping to track delegations from voters (delegator) to their chosen representatives (delegatee).
Start by defining the state variables and data structures. You'll need a VoteToken contract for the governance token and a DelegatedVoting contract for the voting logic. Key mappings include delegations (address => address) to store who an address has delegated to, and delegateVotingPower (address => uint256) to cache the total voting power a delegate has received. It's critical to use the check-effects-interactions pattern and guard against reentrancy when updating these state variables, as they directly control governance power.
The delegation function must handle several states: registering a new delegation, changing an existing delegate, or revoking delegation to vote personally. Implement a function like delegate(address to) that updates the delegations mapping and recalculates the voting power for both the previous and new delegatee. To optimize for gas and prevent loops, maintain a cached voting power for each delegate instead of summing balances on-chain for every vote. When a user transfers tokens, the voting power of their delegate must be adjusted accordingly.
Voting on a proposal should consume the delegate's cached voting power. If Alice delegates to Bob, then Bob's votes use the combined weight of his own tokens plus Alice's. The castVote(uint proposalId, uint8 support) function should check the caller's voting power via their delegatee's cached total. Use OpenZeppelin's ReentrancyGuard and implement snapshot mechanisms (like ERC-20Snapshot) to lock voting power at a specific block number, preventing manipulation via token transfers during an active vote.
Security is paramount. Common vulnerabilities include vote selling (mitigated by secret ballots like commit-reveal schemes), delegation loops (prevent self-delegation cycles with checks), and 51% attacks (addressed through quorums and timelocks). Use established libraries such as OpenZeppelin Contracts for access control (Ownable, AccessControl) and consider implementing a timelock controller for executing passed proposals. Always conduct thorough testing, including scenarios for token transfers during active delegation and voting periods.
For production, integrate with a front-end using a library like wagmi or ethers.js. The UI should display a user's current delegate, allow delegation changes, and show live proposal status. Tools like Tally or Snapshot (for off-chain signaling) can provide reference implementations. Remember to verify and publish your contract source code on block explorers like Etherscan. A complete example repository is available on the Chainscore Labs GitHub.
ARCHITECTURE
Delegation Pattern Comparison
Comparison of common delegation patterns used in on-chain governance systems.
| Feature / Metric | Direct Delegation | Proxy Delegation | Delegation with Slashing |
|---|---|---|---|
Vote Power Transfer | Direct token transfer | Vote via proxy contract | Delegated via staking contract |
Delegator Control | Full revocable control | Revoke via proxy update | Subject to unbonding period |
Smart Contract Complexity | Low | Medium | High |
Gas Cost for Delegate | $5-10 | $15-25 | $20-35 |
Slashing Risk | |||
Supports Vote Delegation | |||
Typical Use Case | Snapshot, early DAOs | Compound Governor | Cosmos Hub, Lido |
security-considerations
ARCHITECTURE GUIDE
How to Implement a Secure Delegated Voting System
Delegated voting systems, where users can assign their voting power to representatives, are common in DAOs and DeFi protocols. This guide details the critical security considerations and attack vectors to mitigate when building one.
The core of a delegated voting system is the vote delegation mechanism. Users call a function to delegate their voting power (often based on token balance) to another address, which then accumulates voting weight. A naive implementation stores a simple mapping like delegates[user] = delegatee. The primary security consideration here is ensuring delegation updates are processed before any snapshot of voting power is taken for a proposal. If a user can change their delegate after a snapshot, they could engage in double-voting or manipulation. The standard pattern, used by protocols like Compound and Uniswap, is to move delegated tokens on every transfer, ensuring the delegate's voting weight is always current and cannot be retroactively altered for past proposals.
A critical attack vector is delegation front-running. Consider a scenario where a malicious actor monitors the mempool for a user's transaction to delegate tokens to a specific address. The attacker could front-run this transaction by delegating their own (possibly borrowed) tokens to the same target, temporarily becoming the delegatee's largest supporter and influencing their actions, before the user's legitimate delegation lands. To mitigate this, systems can implement a delegate-by-signature feature (EIP-712), allowing users to submit a signed message that can be processed without being front-run, or enforce a timelock on delegation changes relative to proposal creation.
Another major risk is the nothing-at-stake problem for delegates. A delegate with significant voting power borrowed from others has no direct economic stake in the outcome of their votes, which can lead to apathy or voting for personal gain at the community's expense. While partially a game-theoretic issue, smart contract design can introduce skin-in-the-game mechanisms. For example, requiring delegates to bond a stake (in protocol tokens) that can be slashed for malicious behavior, or implementing vote delegation with expiry where delegations automatically revert after a set period unless explicitly renewed, forcing ongoing accountability.
Smart contract logic must also guard against gas griefing attacks and block stuffing. If calculating a user's voting power requires iterating over all delegators (an O(n) operation), an attacker could create thousands of micro-delegations to a target address. When the contract tries to tally votes, the gas cost could exceed the block limit, causing the transaction to fail and denial-of-service to the voting process. The solution is to maintain a checkpointed balance system for each delegate. On every token transfer or delegation change, a new checkpoint (block number, vote weight) is pushed to the delegate's history. Reading voting power at a past block then uses binary search (O(log n)), making it gas-efficient and resistant to griefing.
Finally, consider the proposal lifecycle and execution. A secure system must have clear, immutable stages: a timelock between proposal creation and voting start to prevent snapshot manipulation, a fixed voting period, a quorum requirement to ensure sufficient participation, and a timelock again between vote conclusion and execution. The execution step itself should use a executeProposal(id) pattern that can only succeed if all prior conditions are met, preventing premature or re-entrant execution. All parameter changes, especially to quorum, voting period, or timelock durations, should themselves be governed by the voting process, creating a closed security loop.
DELEGATED VOTING
Common Implementation Mistakes
Delegated voting systems are a cornerstone of on-chain governance, but subtle implementation errors can lead to security vulnerabilities, gas inefficiency, or broken user experiences. This guide addresses frequent developer pitfalls.
This error typically occurs when the delegation logic does not handle the initial state or self-delegation correctly. A common mistake is not setting a default delegate upon token minting or transfer.
Key Fixes:
- In the token's
_beforeTokenTransferhook, check if thefromaddress is delegating to itself (or a zero address) and update the delegation registry. For example, when minting to a new user, they should be auto-delegated to themselves. - Use a mapping like
mapping(address => address) public delegates;and ensure it's populated. The OpenZeppelinERC20Votescontract handles this by overriding_mintand_burn.
solidity// Example check in _beforeTokenTransfer function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override { super._beforeTokenTransfer(from, to, amount); // Move voting power when tokens are transferred _moveVotingPower(delegates[from], delegates[to], amount); }
Failing to manage these state transitions can permanently break vote tracking.
resource-links
DEVELOPER RESOURCES
Resources and Further Reading
These tools, standards, and references provide concrete implementation guidance for building a secure delegated voting system on Ethereum and compatible chains. Each resource focuses on a specific attack surface or architectural decision.
DEVELOPER FAQ
Frequently Asked Questions
Common technical questions and solutions for implementing secure delegated voting systems on-chain.
A delegated voting system is a governance model where token holders can delegate their voting power to representatives, called delegates. On-chain, this is implemented using smart contracts that track delegation mappings and tally votes.
Core Mechanics:
- Delegation Registry: A mapping (e.g.,
address voter => address delegate) stores delegation choices. - Vote Weight Calculation: When a vote is cast, the contract calculates the delegate's voting power as the sum of tokens from all their delegators.
- Proposal & Execution: Proposals are created as contract transactions. Delegates submit votes, which are weighted and recorded immutably. Successful proposals can trigger automated execution.
Protocols like Compound Governance and Uniswap use this model, where COMP and UNI holders delegate to participate in protocol upgrades.
conclusion
IMPLEMENTATION SUMMARY
Conclusion and Next Steps
This guide has outlined the core components and security considerations for building a secure delegated voting system on-chain. The next steps involve integrating these patterns, exploring advanced features, and connecting with the broader governance ecosystem.
You now have the foundational knowledge to implement a secure delegated voting system. The key components are: a VotingToken contract for delegation power, a VotingRegistry to manage delegate relationships and vote tallying, and a ProposalManager to execute on-chain decisions. Security is paramount; always implement safeguards like a timelock on executed proposals, delegate vote decay over time to prevent stagnation, and rigorous access controls. For production, consider using battle-tested libraries like OpenZeppelin's governance modules as a starting point to reduce audit surface area.
To move from a basic implementation to a robust system, explore advanced patterns. Quadratic voting can mitigate whale dominance by making vote cost proportional to the square of the votes cast. Snapshot integration allows for gas-free off-chain voting signaling with on-chain execution. Implementing a delegate incentive mechanism, such as a small protocol fee share, can encourage active participation. For complex decisions, consider fractionalizing delegation, allowing a voter to split their voting power between multiple delegates on a per-proposal basis using systems like ERC-1155.
Thorough testing is non-negotiable. Use a framework like Foundry or Hardhat to write comprehensive unit and integration tests. Simulate attack vectors: front-running delegate changes, double-voting exploits, and governance capture via flash loan accumulation of tokens. Services like Tenderly or OpenZeppelin Defender can be used for monitoring and automating governance operations. Always budget for multiple professional audits from firms like Trail of Bits, Quantstamp, or Code4rena before a mainnet deployment.
Your system does not exist in a vacuum. Look to successful implementations for design inspiration: Compound's Governor Bravo for a modular upgradeable structure, Uniswap's use of Snapshot for temperature checks, and ENS's multi-mechanism delegation. Consider making your contract's vote data available via subgraphs for easy front-end integration. Engage with the community early through testnets to gather feedback on the user experience of delegation and voting.
The final step is launching and iterating. Start with a guarded launch using a timelock-controlled multisig as the executor, granting full control only to the governance system after proven stability. Use governance itself to vote on parameter upgrades, like proposal thresholds and voting periods. Remember, a decentralized governance system is never truly "finished"; it evolves with its community. Continue to monitor emerging research from places like the Ethereum Foundation's Fellowship of Ethereum Magicians to incorporate new best practices into your protocol's future.