Proposal Spam

Spam proposals often lack substantive detail, technical specifications, or a clear ask. They may be characterized by:

• Ambiguous language with no concrete implementation plan.
• Copy-pasted templates or generic text with minimal customization.
• Missing critical components like budget breakdowns, timelines, or success metrics.
• Example: A proposal titled "Marketing Boost" with only a single sentence: "We should do more marketing."

This involves creating a large number of fake or low-stake identities to manipulate proposal visibility and outcomes.

• Sybil identities are used to meet proposal submission thresholds or create artificial discussion.
• Vote farming leverages airdropped or borrowed governance tokens to create the illusion of community support.
• The goal is often to dilute signal from legitimate proposals or to push through malicious changes under the cover of noise.

A primary motive is the direct or indirect extraction of treasury funds with little to no promised value in return.

• Proposals for excessive grants or salaries with no clear deliverables or oversight.
• "Tip jar" proposals that request funds for vague past contributions.
• Proposals that funnel funds to newly created or obscure entities controlled by the submitter.
• These often rely on voter apathy or fatigue to pass.

Spam is designed to overload and degrade the governance system itself.

• Flooding the forum and snapshot with proposals to drown out legitimate discourse.
• Exploiting proposal thresholds to force votes on trivial or nonsensical matters, causing voter fatigue.
• Wasting contributor time as community members must review, discuss, and vote on low-signal content.
• This can paralyze a DAO's decision-making capacity.

Spammers use specific on-chain and off-chain methods to execute their campaigns.

• On-chain: Spamming the blockchain with proposal creation transactions to increase gas costs for others.
• Off-chain: Automating forum post creation using bots to simulate discussion.
• Governance Mining: Repeatedly submitting similar proposals to farm any potential participation rewards.
• Cross-DAO Spam: The same individual or group targets multiple DAOs with identical, low-effort proposals.

DAOs employ various mechanisms to filter out spam and protect governance integrity.

• Proposal Deposits: Requiring a bond (in native tokens) to submit, which is forfeited if the proposal fails.
• Reputation Gates: Using proof-of-personhood systems or social graph analysis to limit submissions.
• Delegated Moderation: Empowering a council or sub-DAO to curate and filter proposals before a full vote.
• Staked Voting: Implementing conviction voting or time-locked votes to increase the cost of spam.

The primary goal is to overwhelm the governance process, causing voter fatigue and making it impossible for legitimate proposals to receive adequate attention or quorum. This can paralyze a DAO, preventing protocol upgrades, treasury management, or critical parameter changes.

• Tactics: Submitting many proposals with trivial or nonsensical content.
• Impact: Legitimate governance is drowned out, halting progress.

Attackers may use spam to pass malicious proposals disguised as legitimate ones. By flooding the system, they reduce scrutiny, increasing the chance a harmful proposal slips through. The goal is direct financial gain.

• Common Vectors: Proposals to drain the treasury, mint excessive tokens, or change fee parameters to benefit the attacker.
• Example: The 2022 Beanstalk Farms exploit involved a malicious governance proposal that passed during a flash loan attack, resulting in a $182M loss.

This attack aims to impose excessive costs on other participants. In systems where submitting or voting on proposals requires gas fees or locked capital, spam forces legitimate voters to spend significant resources to defend the status quo.

• Mechanism: Forces token holders to pay repeatedly to vote 'No' on spam.
• Goal: Griefing—imposing costs without direct profit—or depleting a competitor's war chest.

Spam can be used to damage the reputation of a protocol by creating a public perception of dysfunction and chaos. This can erode community trust, drive away developers, and negatively impact the token price.

• Tactic: Creating proposals that are offensive, divisive, or highlight protocol vulnerabilities.
• Secondary Effect: Creates information asymmetry, where savvy attackers can exploit the confusion for other gains.

Proposal spam is often executed via Sybil attacks, where an attacker creates many fake identities (Sybils) to meet proposal submission thresholds or simulate grassroots support. This bypasses token-weighted defenses.

• Prerequisite: Governance models with low-cost or 1-token-1-vote submission requirements are vulnerable.
• Combination: Sybil spam can be used to trigger snapshot voting on many fronts simultaneously.

Understanding proposal spam requires knowledge of adjacent governance mechanisms and attacks.

• Governance Capture: The long-term goal of acquiring enough voting power to control decisions, of which spam can be a tactic.
• Vote Sniping: Last-minute voting manipulation that spam can obscure.
• Quorum: The minimum participation threshold spam aims to make unattainable.
• Bonding Curves: A common anti-spam measure requiring a financial deposit to submit a proposal.

In 2021, a user submitted a proposal to Compound's governance forum titled "Troll," which contained no substantive content. This was a deliberate test of the proposal submission cost mechanism. The incident highlighted how a low-cost submission process could be exploited to flood the forum with nonsense, forcing the community to waste time filtering noise. It underscored the need for minimum proposal thresholds or deposit requirements to ensure serious submissions.

Uniswap's Snapshot-based temperature check stage has been targeted by spam proposals aiming to manipulate sentiment or test governance participation. Attackers create multiple low-effort proposals with similar titles to confuse voters and dilute attention from legitimate initiatives. This demonstrates how off-chain voting platforms without significant economic costs are particularly vulnerable to sybil attacks and spam, necessitating reputation systems or delegated voting to maintain signal quality.

A 2022 simulation by security researchers outlined a governance attack vector where an attacker could spam the voting portal with a high volume of proposals during a critical moment. The goal was to obfuscate a malicious proposal among the spam, hoping it would pass unnoticed due to voter fatigue. This case study is a classic example of using spam as a smokescreen, leading to the implementation of timelocks and mandatory executive vote delays to provide a review period.

Curve's veToken model (vote-escrowed tokens) inherently combats proposal spam by requiring users to lock their CRV tokens for long periods to gain voting power. This creates a high economic cost for attempting to spam the governance system, as an attacker's capital is immobilized. The system ensures that proposal creators and voters have skin in the game, making frivolous or malicious proposals economically irrational. This is a prime example of cryptoeconomic design solving the spam problem.

The Aragon client implements a formal proposal deposit system, where submitting a governance action requires staking a configurable amount of the native token. This deposit is slashed if the proposal fails to meet a minimum participation or approval threshold. This mechanism directly attaches a financial disincentive to spam, ensuring that only proposals with anticipated community support are submitted. It represents a clear, on-chain solution to the proposal spam problem.

Minimum participation requirements a proposal must meet to be considered valid and executable. These create a high bar for spam proposals to clear.

• Quorum: The minimum percentage of the total voting power that must participate in a vote for the result to be valid (e.g., 4% of all tokens).
• Approval Threshold: The minimum percentage of 'Yes' votes required for passage (e.g., 51% for a simple majority, 67% for a supermajority). Spam proposals typically fail to attract meaningful participation, causing them to fail quorum.

A minimum token ownership requirement to submit a proposal. This restricts proposal creation to stakeholders with significant skin in the game, as they are economically aligned with the protocol's success. For instance, a DAO may require a proposer to hold 0.5% of the governance token supply. This prevents Sybil attackers from creating infinite spam proposals without first acquiring a costly stake.

A system where token holders delegate their voting power to trusted experts or delegates. This concentrates voting power into fewer, more attentive hands, making it harder for spam to go unnoticed. Delegates, who often have reputational capital at stake, are incentivized to filter out noise and vote seriously. This reduces voter fatigue and increases the quality of governance participation.

An off-chain, informal discussion phase required before an on-chain proposal can be submitted. Proposers must first post their idea on a forum (like Discourse or Commonwealth) to gather community sentiment via polls and feedback. This social consensus layer filters out clearly unpopular or spammy ideas before they consume on-chain gas and formal voting attention. Many DAOs enforce this as a mandatory step in their governance process.

A foundational attack vector for proposal spam, where an attacker creates many fake identities (Sybils) to gain disproportionate voting power. This can be used to:

• Spam the proposal queue with nonsense to bury legitimate proposals.
• Meet proposal submission thresholds (e.g., a required number of supporting tokens) with fake accounts.
• Manipulate vote outcomes by coordinating a swarm of low-stake identities. Defenses include proof-of-personhood systems (like BrightID) and token-weighted voting, which make Sybil creation economically costly.

The intended consequence of proposal spam, where legitimate voters become overwhelmed and disengaged. Key impacts include:

• Voter apathy: Constant noise reduces participation, making the DAO less democratic.
• Increased risk: Important proposals may be rushed or overlooked.
• Operational slowdown: Core contributors spend excessive time moderating the proposal queue. This degradation of governance health is a primary goal of spammers seeking to weaken a protocol's defenses.

A primary technical defense against spam, requiring a monetary deposit to submit a proposal. This creates a crypto-economic disincentive.

• How it works: A proposer locks tokens (e.g., 100 ETH) which are slashed if the proposal fails to pass a minimum approval threshold or is deemed malicious.
• Example: Compound Governance requires a 100 COMP submission deposit, refunded only if the proposal reaches a voting quorum.
• Trade-off: High deposits can stifle legitimate participation; dynamic or reputation-based curves are emerging solutions.

These systems alter the attack surface for proposal spam.

• Delegated Voting (e.g., Uniswap): Token holders delegate voting power to representatives. Spam targets delegates, not the entire community, forcing them to sift through garbage.
• Snapshot: An off-chain voting tool that uses signed messages. While gas-free and flexible, it's vulnerable to spam proposals that cost the attacker nothing to create. Snapshot mitigates this with validation strategies and moderator multisigs to curate spaces.

Computational barriers used to deter spam by making proposal submission artificially expensive in time or processing power.

• Time-lock puzzle: Submitter must compute a sequential function (taking ~1 minute of CPU time) to generate a valid proposal ID. This prevents batch submission.
• Proof-of-Work: Requires a small amount of computational work, similar to Bitcoin mining, for each proposal.
• Use Case: Early Ethereum Name Service (ENS) governance used a time-lock puzzle to prevent squatting on proposal IDs.

Pre-moderation systems that filter proposals before they reach the full voter base.

• Multisig Curator: A trusted, elected committee (e.g., a 5-of-9 multisig) must approve a proposal for it to enter the official voting queue. Used by Optimism's Governance.
• Token-Gated Forums: Proposal discussion and temperature checks occur on platforms (like Discourse) that require a minimum token balance to post.
• Trade-off: Introduces centralization and curator bias but is highly effective against raw spam.