Executive Vote

An Executive Vote is a smart contract transaction that, upon approval, directly modifies the protocol's parameters or code. This is distinct from a Signal Vote, which is merely advisory. Key characteristics:

• Immutable Record: All proposals and votes are permanently recorded on the blockchain.
• Automatic Implementation: Passing the vote threshold triggers the execution script within the proposal.
• Security: The proposal's bytecode is publicly auditable before voting.

This model, pioneered by MakerDAO, requires a proposal to maintain a majority of the voting power to stay active. It's a dynamic defense against governance attacks.

• Active Mandate: The leading proposal must continuously have more votes than any other proposal.
• Vote Delegation: Users can delegate their voting power to Recognized Delegates or MKR holders to maintain the proposal's majority.
• Emergency Shutdown: If no proposal holds a majority, the system can be triggered into an emergency state.

A critical security feature, the Governance Security Module (GSM) Pause introduces a mandatory time delay between a vote passing and its execution.

• Time Lock: Typically 24-72 hours where the approved changes are queued but not live.
• Security Audit Window: Allows stakeholders a final period to review the exact code that will run.
• Emergency Response: Provides time to react if a malicious proposal somehow passes, enabling governance to take preventative action.

Executive Votes generally fall into two technical categories:

• Parameter Changes: Adjust existing system variables (e.g., stability fees, debt ceilings, collateral ratios). These are often simpler calls to protocol contracts.
• Spells: More complex proposals that execute arbitrary logic via a DS-Chief or similar governance contract. Spells can upgrade core contracts, add new collateral types, or distribute funds from the treasury.

Approval is based on the balance of voting tokens, not the number of voters.

• Token-Weighted: One token equals one vote. In MakerDAO, this is based on MKR balance.
• No Fixed Quorum: The "continuous approval" model means the quorum is effectively the amount needed to surpass any competing proposal.
• Stake-Based Security: The economic stake (value of the voting token) required to pass a malicious proposal acts as a financial deterrent.

Executive Votes exist within a broader governance framework:

• Governance Forum: Where proposals are drafted and discussed before becoming on-chain votes.
• Signal Votes (Polls): Used to gauge sentiment on non-binding ideas before crafting an Executive.
• Constitutional Documents (Maker Constitution): Provide high-level rules and principles that proposals should align with.
• Delegation: Voters can delegate their power to experts, reducing voter apathy and increasing participation.

Executive votes are the primary tool for on-chain treasury management. This includes:

• Approving multi-million dollar budget allocations from the DAO treasury.
• Funding grants programs (e.g., Uniswap Grants, Aave Grants).
• Authorizing payments to service providers, auditors, or legal entities, moving funds from the treasury multisig to specified addresses.

Most major DAOs use a Timelock Controller contract to execute passed proposals. This introduces a mandatory delay between vote conclusion and execution, providing a final safety review period. The process is:

1. Vote passes and is queued in the timelock.
2. After the delay (e.g., 48 hours), anyone can execute the transaction.

• This prevents malicious or buggy code from being instantly deployed.

Executive votes can lead to governance conflicts. A notable example was a 2022 MakerDAO vote where a community member used a flash loan to acquire temporary voting power, passing a proposal that would have drained funds. While defeated by a subsequent emergency vote, it highlighted vulnerabilities in token-weighted voting and the need for robust governance security measures like vote delay and quorum requirements.

Unlike a Signaling Vote, an Executive Vote's approval triggers an on-chain transaction. This could be a contract upgrade, treasury transfer, or parameter change. The primary security risk is that malicious or buggy code is deployed directly to the live protocol, potentially causing irreversible damage. This necessitates rigorous pre-vote auditing and timelock delays.

A timelock is a critical security feature that mandates a mandatory waiting period between a vote's approval and the execution of its payload. This delay provides a final line of defense, allowing:

• Community review of the final executable code.
• Emergency response time for token holders to exit positions if a malicious proposal passes.
• Governance attack mitigation by creating a window to counter a hostile takeover.

Executive Votes often use a snapshot of token holdings at a specific block to determine voting power. This creates attack vectors:

• Flash loan attacks: Borrowing vast sums to manipulate voting power snapshot.
• Vote buying: Collusion where large holders (whales) rent out their voting power.
• Snapshot timing: Strategic proposal submission to capture a favorable voter distribution. Mitigations include vote-locking tokens and using time-weighted voting.

Low voter turnout is a systemic security risk. A proposal can pass with support from a small, potentially malicious faction of total token holders. This enables:

• Minority rule, where a concentrated group controls the protocol.
• Voter fatigue, leading to decreased scrutiny of complex proposals.
• Delegation risks, where voters rely on delegates who may act against their interests. Solutions include quorum requirements and incentivized voting.

The security of an Executive Vote depends entirely on the integrity of its underlying smart contracts. Key risks include:

• Governance contract bugs: Flaws in the voting logic or execution mechanism.
• Upgrade mechanism flaws: Vulnerabilities in the proxy pattern used for contract upgrades.
• Calldata injection: Malicious payloads hidden within the proposal data. These risks are mitigated through extensive audits, bug bounty programs, and formal verification.

Many DAOs retain a multisig wallet or security council with emergency powers. This acts as a circuit breaker if a catastrophic proposal passes. Considerations:

• Centralization trade-off: Introduces a trusted group, contradicting pure decentralization.
• Key compromise: The multisig itself becomes a high-value target.
• Scope of power: Clearly defined guardian powers (e.g., pausing contracts) versus overreach. The goal is to balance safety with credible neutrality.

A cryptographic asset that grants its holder voting power in a protocol's governance system. It is the primary tool for participating in Executive Votes and other proposals.

• Purpose: Represents ownership and decision-making rights in a decentralized organization (DAO).
• Examples: MKR for MakerDAO, COMP for Compound, UNI for Uniswap.
• Mechanism: Votes are typically weighted by the number of tokens a voter holds or has delegated to them.

An informal, non-binding vote used to gauge community sentiment before a formal Executive Vote. It acts as a filter for ideas.

• Purpose: To test support for a potential change without executing on-chain code.
• Typical Threshold: Lower than a formal vote, often a simple majority of votes cast.
• Outcome: A successful signal proposal typically graduates to a binding Executive Vote for final ratification.

A mandatory delay period between when an Executive Vote passes and when its changes are executed on-chain. This is a critical security feature.

• Purpose: Provides a final review window for the community to identify malicious proposals before they take effect.
• Security: Allows token holders to exit the system or prepare a defensive response if a harmful vote passes.
• Duration: Commonly set between 24 hours and 14 days, depending on the protocol's risk parameters.

The process where a governance token holder assigns their voting power to another address (a delegate) to vote on their behalf.

• Purpose: Enables participation for less active users and concentrates expertise; delegates become professional voters.
• Mechanism: Non-custodial; the user retains ownership of their tokens but grants voting rights.
• Impact: Central to representative democracy models in DAOs, influencing the outcome of Executive Votes.

The two primary technical methods for conducting governance votes like Executive Votes.

• On-Chain Voting: Votes are written directly to the blockchain as transactions. Binding and transparent, but can be expensive due to gas fees. Used for final Executive Votes.
• Off-Chain Voting: Votes are collected via signed messages (e.g., Snapshot) without blockchain gas costs. Cheaper and faster, used for Signal Proposals. The result must be executed by a trusted party.

A last-resort safety mechanism that can override or neutralize the effect of a passed Executive Vote in extreme circumstances.

• Purpose: To protect the protocol from a governance attack or a catastrophic bug in an approved proposal.
• Activation: Often requires a separate, higher-threshold vote or is vested in a designated security module (e.g., MakerDAO's Governance Security Module).
• Outcome: Can freeze the system or revert changes, preserving user funds.