Governance Framework

The formal process for submitting, discussing, and approving changes to the protocol. This includes on-chain voting (e.g., token-weighted, quadratic) and off-chain signaling (e.g., Snapshot). Key components are:

• Proposal Threshold: Minimum stake required to submit a proposal.
• Voting Period: Fixed window for casting votes.
• Quorum: Minimum participation required for a vote to be valid.
• Execution Delay: Time between vote approval and on-chain execution for safety.

Governance rights are typically derived from ownership of a governance token (e.g., UNI, COMP, MKR). This system defines:

• Voting Power: Usually proportional to token holdings, sometimes with time-locking boosts.
• Delegation: Allows token holders to delegate their voting power to experts or representatives without transferring custody.
• Sybil Resistance: Mechanisms to prevent one entity from splitting tokens into many wallets to gain disproportionate influence.

The rules and processes for controlling the protocol's on-chain treasury, which holds assets (often native tokens and stablecoins) for grants, development, and incentives. Governance oversees:

• Budget Allocation: Funding for grants, core development, marketing.
• Multisig Wallets: Secure execution of approved transactions, often requiring signatures from elected multisig signers.
• Vesting Schedules: Controlled release of funds for long-term commitments.

Mechanisms to modify the protocol's smart contract logic or adjustable parameters without a hard fork. This includes:

• Timelocks: A mandatory delay between a governance vote passing and its execution, allowing users to react or exit.
• Proxy Patterns: Using proxy contracts where the logic address can be upgraded via governance vote.
• Parameter Gauges: Governance control over variables like interest rates, fee percentages, or collateral factors in DeFi protocols.

Systems to handle conflicts, ensure security, and prevent governance attacks. These are critical safety features:

• Veto or Guardian Powers: A temporary safety mechanism (e.g., MakerDAO's Governance Security Module) that can pause or reverse malicious proposals.
• Forum & Discourse: Off-chain discussion platforms for deliberation before on-chain votes.
• Constitutional Principles: A foundational document or set of immutable rules that guide proposal validity and community ethos.

The defined roles within the governance ecosystem, which may be formalized through elections or delegation:

• Core Developers: Implement technical changes approved by governance.
• Delegates: Elected or self-appointed representatives who vote on behalf of token holders.
• Grant Committees: Sub-governance bodies that review and recommend funding proposals.
• Security Auditors: Entities tasked with reviewing the code of governance-approved upgrades.

A system where governance proposals and voting are executed directly on the blockchain using smart contracts. Votes are typically weighted by token holdings, and approved changes can be automatically enacted.

• Key Mechanism: Proposal submission, voting period, quorum, and execution.
• Examples: Compound's COMP token holders vote on parameter changes; Uniswap's UNI token for treasury management.
• Advantage: Transparent, automated, and reduces reliance on off-chain coordination.

Governance processes that occur through social consensus and informal channels outside the blockchain, such as forums, developer calls, and social media, with code changes implemented by core developers.

• Key Mechanism: Discussion on forums (e.g., Ethereum Magicians, governance forums), rough consensus among developers, and client implementation.
• Examples: Bitcoin's Bitcoin Improvement Proposal (BIP) process and Ethereum's Ethereum Improvement Proposal (EIP) process.
• Characteristic: More flexible and discursive but can be slower and less transparent than on-chain models.

The most common voting mechanism where voting power is proportional to the number of governance tokens a participant holds or has delegated to them.

• Variants: One-token-one-vote (simple stake-based), Quadratic Voting (cost increases quadratically with votes to reduce whale dominance), and Conviction Voting (vote weight increases over time).
• Delegation: Token holders can delegate their voting power to experts or representatives.
• Critical Parameter: Quorum, the minimum participation threshold required for a vote to be valid.

The process by which a decentralized autonomous organization (DAO) or protocol governs its community treasury, which holds funds (often from protocol fees or token reserves) for grants, development, and incentives.

• Purpose: Fund ecosystem growth, pay contributors, provide liquidity incentives, and ensure long-term sustainability.
• Governance Flow: Community proposes funding requests (e.g., grants), token holders vote on disbursements.
• Examples: Uniswap Grants Program, Aave's Ecosystem Reserve, and Compound Treasury.

The technical processes for implementing approved governance decisions, particularly changes to the protocol's smart contract code.

• Timelock: A mandatory delay between a vote passing and execution, allowing users to review or exit.
• Proxy Patterns: Use of proxy contracts (e.g., TransparentProxy or UUPS) where the logic address can be upgraded while preserving the contract's state and address.
• Multisig Execution: A multi-signature wallet controlled by elected delegates or a foundation often executes the final upgrade code.

A system allowing token holders to delegate their voting power to other addresses, enabling participation by experts and reducing voter apathy.

• Delegates: Individuals or entities (often teams) who research proposals and vote on behalf of delegators.
• Incentives: Delegates may build reputation; some protocols offer direct incentives for participation.
• Transparency: Delegate platforms (like Tally or Boardroom) track voting history and statements, allowing informed delegation choices.

An attack where a malicious actor offers financial incentives to token holders to vote a specific way, subverting the intended governance mechanism. This is a direct assault on the one-token-one-vote principle and can lead to decisions that extract value from the protocol for the attacker's benefit.

• Example: An attacker offers to pay voters a premium if they delegate their voting power to a proposal that drains a treasury or changes fee parameters.
• Mitigation: Implementing vote escrow models, time-locked votes, or conviction voting to increase the cost of short-term manipulation.

The acquisition of a majority of governance tokens, allowing an entity to unilaterally pass any proposal, including malicious upgrades or treasury theft. This differs from a consensus-layer 51% attack as it targets the protocol's upgrade keys, not the blockchain's history.

• Mechanism: An attacker accumulates tokens on the open market or via a flash loan to temporarily gain majority voting power.
• Consequence: Can result in the complete hijacking of a protocol's smart contracts and funds.
• Defense: Multisig timelocks, delegated voting with reputation, and progressive decentralization to reduce token concentration.

An attack that floods the governance system with low-quality or malicious proposals to create noise, waste community resources, and obscure legitimate votes. This exploits gas costs and voter attention as limited resources.

• Tactics: Submitting numerous proposals with high gas-cost execution to drain proposer deposits or voter wallets.
• Impact: Causes voter fatigue, increases decision latency, and can make governance economically prohibitive for small token holders.
• Solution: Implementing proposal deposits, pre-proposal discussion forums, and delegate curation to filter spam before on-chain voting.

Manipulating the delay between a governance vote passing and its execution. While timelocks are a security feature, attackers can use this window to perform arbitrage or exit scams if the pending change is detectable.

• Front-running: An attacker sees a passed vote to change pool fees, then front-runs the execution with large trades.
• Exit Scam: A malicious upgrade passes; the timelock gives the attacker time to promote the protocol before the draining code executes.
• Best Practice: Combining timelocks with immutable core contracts and using emergency shutdown mechanisms controlled by separate, slower governance.

A systemic vulnerability, not a direct attack, where a small minority of token holders control decisions due to widespread non-participation. This centralizes power and makes the system susceptible to manipulation by a motivated, well-funded minority.

• Cause: High complexity, lack of incentives (voter rewards), or gas fees making voting costly.
• Risk: A whale or small cartel can easily pass proposals without genuine community support.
• Improvements: Gasless voting signatures (like EIP-712), delegated democracy, and protocol-owned liquidity to fund voter incentives.

Core mechanisms designed to secure decentralized governance systems against the listed attack vectors.

• Multisig & Timelocks: A multisignature wallet requires multiple approvals for execution, and a timelock enforces a mandatory delay, providing a final review period.
• Conviction Voting: Voting power increases the longer tokens are locked in support of a proposal, resisting short-term bribery.
• Futarchy: A governance model where markets are used to make decisions; traders bet on the outcome of proposed changes, theoretically aggregating wisdom.
• Minimum Quorum: A requirement that a certain percentage of total tokens must vote for a proposal to be valid, combating low participation.