Essential definitions and common exploit methods related to flash loans in governance contexts.
LABS
Flash Loan Resistance in Governance Systems
Chainscore © 2025
Core Concepts and Attack Vectors
Flash Loan Mechanics
Flash loans are uncollateralized loans that must be borrowed and repaid within a single transaction block.
- Atomic execution ensures funds are returned or the entire transaction reverts.
- They provide massive, temporary capital from liquidity pools like Aave or dYdX.
- This matters because it allows anyone to execute complex financial maneuvers without upfront capital, creating novel attack surfaces for governance.
Governance Tokenomics
Governance tokenomics refers to the economic design and distribution of voting power in a DAO.
- Voting weight is often proportional to the number of tokens held or staked.
- Mechanisms include vote delegation, quadratic voting, and time-locked boosts.
- This matters as concentrated, borrowed voting power can distort governance outcomes, making systems vulnerable to short-term attacks.
Vote Manipulation Attack
A vote manipulation attack uses flash-loaned capital to temporarily acquire voting power and sway a governance proposal.
- An attacker borrows tokens, votes, and repays the loan, leaving no permanent stake.
- This can be used to pass malicious proposals or extract value from the treasury.
- This matters as it undermines the legitimacy of decentralized decision-making by enabling cheap, fraudulent influence.
Economic Finality & Time
Economic finality is the point where reversing a governance decision becomes cost-prohibitive.
- Attacks often exploit the delay between a vote snapshot and execution.
- Defenses include vote execution delays (timelocks) and enforcing a voting period longer than loan availability.
- This matters because it defines the critical window where flash-loaned influence must be neutralized to ensure legitimate outcomes.
Resistance Strategies
Flash loan resistance strategies are protocol design choices to mitigate governance attacks.
- Implementing vote weight based on time-weighted average balances, not instantaneous holdings.
- Requiring tokens to be locked (e.g., in a vesting contract) to gain voting power.
- This matters as it forces attackers to bear long-term economic stake, aligning incentives with genuine protocol stakeholders.
Oracle Manipulation Vector
Oracle manipulation is an indirect attack where flash loans distort price feeds to trigger governance actions.
- An attacker could borrow assets to crash or pump an oracle price, activating a governance condition.
- This might force a treasury liquidation or enable a malicious parameter change.
- This matters because it highlights the need for robust, time-weighted oracles and circuit breakers in governance logic.
Mechanics of a Flash Loan Governance Attack
Process overview
1
Acquire Voting Power via Flash Loan
Borrow a massive amount of governance tokens to temporarily control voting weight.
Detailed Instructions
The attacker initiates the attack by taking out a flash loan from a lending protocol like Aave or dYdX. The loan is denominated in the native governance token (e.g., UNI, COMP) or a liquid asset that can be instantly swapped for it. The key is that no upfront capital is required, as the loan is taken and repaid within a single transaction block.
- Sub-step 1: Call the
flashLoanfunction on the lending pool, specifying the governance token address and the desired amount (e.g., 1,000,000 tokens). - Sub-step 2: In the same transaction, use a decentralized exchange (DEX) like Uniswap to swap any borrowed non-governance assets for the target governance token.
- Sub-step 3: The contract now holds a temporary, outsized balance of governance tokens, granting it significant voting power for proposals currently in the voting period.
solidity// Example snippet for initiating a flash loan interface ILendingPool { function flashLoan( address receiverAddress, address[] calldata assets, uint256[] calldata amounts, uint256[] calldata modes, address onBehalfOf, bytes calldata params, uint16 referralCode ) external; }
Tip: The borrowed amount must be large enough to swing the vote outcome, often targeting proposals with low quorum or participation.
2
Cast the Decisive Vote
Use the borrowed voting power to pass or defeat a specific proposal.
Detailed Instructions
With the temporary tokens deposited into the attacker's contract, the next step is to interact with the governance contract. The attacker's contract calls the castVote function, voting on a live proposal that benefits them. This could be a proposal to drain the treasury, change protocol parameters, or approve a malicious contract.
- Sub-step 1: The contract calls
governanceToken.delegate(address(this))to self-delegate the voting power of the borrowed tokens, if the system uses delegate-based voting. - Sub-step 2: Execute
governance.castVote(proposalId, support), wheresupportis1(for) or0(against) the target proposal. - Sub-step 3: Verify the vote was recorded by checking the
getReceiptfunction or an emittedVoteCastevent. The attacker's vote weight should now be the dominant factor in the proposal's tally.
solidity// Example of casting a vote in a typical governance system interface IGovernor { function castVote(uint256 proposalId, uint8 support) external returns (uint256); } // After delegating votes to self IGovernor(governanceAddress).castVote(targetProposalId, 1); // Vote FOR
Tip: Attackers often target proposals in the final hours of the voting period to minimize the chance of a community counter-attack.
3
Execute the Malicious Proposal
If the vote succeeds, trigger the proposal's execution to extract value.
Detailed Instructions
After the voting period ends and the proposal passes (due to the attacker's manipulated vote), the state of the proposal transitions to "Queued" or "Executable." The attacker's contract then calls the execute function on the governance contract. This triggers the encoded actions within the proposal, which could transfer funds, upgrade contracts to malicious versions, or mint tokens.
- Sub-step 1: Wait for the governance timelock (if any) to expire after the vote ends. Monitor the proposal's state via
state(proposalId). - Sub-step 2: Call
governance.execute(proposalId)to execute the proposal's calldata. This function will perform the low-level calls specified in the proposal. - Sub-step 3: Confirm execution success by checking that the target action occurred (e.g., treasury funds were sent to a specified address) and that the proposal state is now
Executed.
solidity// Example of executing a proposal interface IGovernorTimelock { function execute( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) external payable returns (uint256); }
Tip: The proposal's calldata is public on-chain before the vote, allowing the attacker to craft a proposal that directly sends assets to their controlled address.
4
Repay the Flash Loan and Profit
Liquidate acquired assets to repay the loan and secure the profit, all in one transaction.
Detailed Instructions
This final step must occur before the initial transaction ends. The attacker's contract uses the proceeds from the executed malicious proposal to repay the flash loan principal plus a fee. Any remaining assets constitute the attacker's profit. The entire sequence is atomic; if any step fails, the transaction reverts, and the loan is not repaid, protecting the lender.
- Sub-step 1: Swap any profit earned (e.g., stolen ETH, stablecoins) back into the asset originally borrowed, using a DEX for liquidity.
- Sub-step 2: Approve the lending pool to take back the borrowed amount plus the flash loan fee (e.g., 0.09% on Aave).
- Sub-step 3: Call the function that concludes the flash loan, typically a callback like
executeOperation, which transfers the owed amount back to the lending pool. The contract then transfers the remaining profit to the attacker's EOA.
solidity// Inside the flash loan callback function `executeOperation` function executeOperation( address[] calldata assets, uint256[] calldata amounts, uint256[] calldata premiums, address initiator, bytes calldata params ) external returns (bool) { // ... Attack logic happens here (Steps 2 & 3) ... // Repay the flash loan uint256 amountOwed = amounts[0] + premiums[0]; IERC20(assets[0]).approve(address(LENDING_POOL), amountOwed); // Transfer profit to attacker IERC20(profitToken).transfer(attacker, profitBalance); return true; }
Tip: The profit is only realized if the value extracted from the governance attack exceeds the flash loan fee and all gas costs for the complex transaction.
Defense Mechanisms and Their Trade-offs
Comparison of technical approaches to mitigate flash loan governance attacks.
| Mechanism | Time-Lock Voting | Vote Delegation (e.g., veTokens) | Quorum-Based Execution |
|---|---|---|---|
Attack Vector Mitigated | Flash loan vote acquisition | Sybil/vote farming | Low-participation hijacking |
Key Implementation | Votes are locked for 1-7 days post-proposal | Voting power decays linearly over 4 years | Requires >20% of total supply to pass |
User Experience Impact | High (delayed execution, capital lockup) | Medium (requires long-term commitment) | Low (simple participation threshold) |
Capital Efficiency | Low (locked capital is unproductive) | Medium (capital productive, power decays) | High (no capital lockup required) |
Governance Attack Cost | High (must maintain loan for lock period) | Very High (requires long-term capital stake) | Medium (depends on quorum size) |
Sybil Resistance | Low (does not prevent multiple addresses) | High (tied to long-term token lock) | None (based on token count only) |
Typical Gas Overhead | ~150k gas for lock + claim | ~200k gas for lock creation | ~80k gas for standard vote |
Adoption Examples | Compound (Timelock), Uniswap | Curve Finance, Balancer | Aave, MakerDAO |
Secure Implementation Patterns
Understanding the Attack Vector
A flash loan attack in governance occurs when an attacker borrows a large amount of governance tokens to temporarily gain voting power, passes a malicious proposal, executes it, and repays the loan—all within a single transaction. This exploits the lack of time-delayed execution and the fungibility of voting power. The core defense is to break the atomicity between the vote and the execution.
Key Principles
- Time Locks: Enforce a mandatory delay between a proposal's approval and its execution, preventing immediate exploitation of borrowed capital.
- Vote Weight Snapshot: Lock voting power to a specific block number (e.g., the proposal creation block), making newly acquired tokens irrelevant for that vote.
- Execution Separation: Decouple the voting and execution functions so they cannot be part of the same atomic transaction sequence.
Real-World Example
Compound's governance uses a two-step process with a timelock. A proposal must first pass a voting period, then it sits in a queue for a minimum of 2 days before it can be executed, nullifying flash loan attacks.
Governance Security Audit Checklist
Process overview for evaluating a governance system's resilience against flash loan-based manipulation.
1
Analyze Proposal Power and Voting Weight
Identify and evaluate the mechanisms that determine voting influence.
Detailed Instructions
Begin by mapping the voting power calculation. Determine if it's based on a token snapshot, a continuous balance, or a time-weighted metric like veTokens. This is the primary attack surface for flash loans.
- Sub-step 1: Trace the
getVotes(address account)function and any delegation logic. Verify it reads from a storage variable set by a snapshot, not the live balance. - Sub-step 2: Check the timing of the snapshot. It must be taken at the proposal creation block, not during the voting period. Look for a function like
snapshot(). - Sub-step 3: Audit any time-lock or cooldown mechanisms for acquiring voting power. A minimum token holding period is a strong defense.
solidity// Example of a secure snapshot-based voting power function function getVotes(address account) public view override returns (uint256) { // Uses a historical snapshot, not current balance return _votingSnapshots[proposalSnapshotId][account]; }
Tip: Use a tool like Slither to trace all state variable reads in the voting logic to ensure no direct
balanceOfcalls.
2
Review Proposal Submission and Queuing
Examine the barriers to creating a proposal, focusing on economic thresholds.
Detailed Instructions
A sufficiently high proposal threshold is the first line of defense. Evaluate if it's static, dynamic, or based on a percentage of circulating supply. The cost must exceed the profit from a potential malicious proposal passed via flash loan.
- Sub-step 1: Locate the
propose()function and its requirement, e.g.,require(votes >= proposalThreshold). Calculate the current threshold value. - Sub-step 2: Assess the economic feasibility. If the threshold is 1% of supply, a flash loan for that amount on a major protocol is likely impossible. If it's 0.1%, it may be viable.
- Sub-step 3: Verify the threshold logic cannot be bypassed. Check for any alternative proposal paths or admin functions that could lower the barrier.
solidity// Example of a percentage-based threshold check function propose(address[] memory targets, uint256[] memory values, bytes[] memory calldatas, string memory description) public override returns (uint256) { require(getVotes(msg.sender) > (totalSupply() * 5) / 1000, "Governor: proposer votes below 0.5% threshold"); // ... proposal creation logic }
Tip: Model the attack: Estimate the maximum flash loan size available (e.g., from Aave, dYdX) and compare it to the proposal threshold cost.
3
Audit Voting Period and State Transitions
Ensure the governance lifecycle provides adequate time for community response.
Detailed Instructions
A short voting period enables a time-bound attack where the loan is repaid before the vote ends. The system must prevent state changes during the voting window.
- Sub-step 1: Confirm the voting period is long enough (e.g., 3-7 days) to allow detection and reaction. Check
votingDelay()andvotingPeriod()functions. - Sub-step 2: Verify that the proposal's state (e.g.,
ProposalState.Active) is immutable during voting. No function should allow early execution or cancellation without a timelock. - Sub-step 3: Examine the
state()function logic. Ensure it correctly returnsDefeatedif the quorum or vote differential is not met, preventing a malicious proposal from succeeding with low turnout.
solidity// Example checking proposal state transition function state(uint256 proposalId) public view override returns (ProposalState) { // ... if (block.number <= proposalSnapshot(proposalId) + votingDelay) { return ProposalState.Pending; } if (block.number <= proposalDeadline(proposalId)) { return ProposalState.Active; // State is locked as Active during voting } // ... determine if passed or defeated }
Tip: A proposal that is
Activeshould not have itscalldataortargetsmodifiable. Validate all storage writes are restricted.
4
Evaluate Execution Safeguards and Timelocks
Assess the final barriers before a proposal's actions are performed on-chain.
Detailed Instructions
A timelock controller is critical. It introduces a mandatory delay between a proposal passing and its execution, allowing time to analyze and potentially cancel malicious transactions.
- Sub-step 1: Identify the contract that executes passed proposals. It should be a distinct Timelock contract, not the governor itself.
- Sub-step 2: Review the timelock delay period. A minimum of 24-48 hours is standard. Verify it's set via governance, not an admin key.
- Sub-step 3: Check for a
cancel()function in the timelock that allows a guardian or the community to halt a queued transaction. Ensure themsg.senderpermissions are correctly restricted.
solidity// Example of a Timelock execution path interface ITimelock { function queueTransaction(address target, uint256 value, string memory signature, bytes memory data, uint256 eta) external; function executeTransaction(address target, uint256 value, string memory signature, bytes memory data, uint256 eta) external; // delay and cancel functions are crucial }
Tip: The timelock should hold all protocol treasury funds and have exclusive upgrade rights. The governor should only have the
PROPOSERrole, notEXECUTOR.
5
Stress Test with Attack Simulations
Model and simulate potential flash loan attack vectors against the live system.
Detailed Instructions
Theoretical analysis must be complemented with practical simulation. Use forked mainnet state and attack scripts to test resilience.
- Sub-step 1: Fork mainnet at a recent block using Foundry or Hardhat. Impersonate an attacker account with zero initial capital.
- Sub-step 2: Script the attack: Take a flash loan from a major lender, use the funds to meet the proposal threshold, create and vote on a malicious proposal (e.g., draining the treasury), repay the loan, and attempt to execute.
- Sub-step 3: Monitor key metrics: Did the proposal succeed? Was the timelock delay sufficient for the community to see and react? Could a guardian cancel it? Document the break-even cost for the attacker.
solidity// Foundry test snippet for simulating a flash loan function testFlashLoanAttack() public { vm.createSelectFork(mainnetRpcUrl, blockNumber); address attacker = makeAddr("attacker"); // 1. Get flash loan from Aave V3 Pool // 2. Use borrowed tokens to propose/vote // 3. Assert proposal state and execution outcome }
Tip: Calculate the profitability condition:
(Cost of Flash Loan Fee + Gas) < (Potential Profit from Malicious Proposal). If false, the system is likely secure.
SECTION-CASE-STUDIES-FAQ
Case Studies and Common Questions
Further Technical Resources
Ready to Start Building?
Let's bring your Web3 vision to life.
From concept to deployment, ChainScore helps you architect, build, and scale secure blockchain solutions.