A delegated voting model allows token holders to delegate their voting power to representatives, streamlining governance for large communities. This system is fundamental to protocols like Compound and Uniswap, where active participation from thousands of holders is impractical. The core smart contract must manage three key states: the list of delegates, the voting power of each address (factoring in delegation), and a record of cast votes. Implementing this requires careful consideration of state updates to minimize gas costs during frequent delegation changes.
LABS
Guides
How to Implement a Delegated Voting Model for Protocol Upgrades
This guide provides a technical walkthrough for building a delegated voting system using smart contracts. It covers contract architecture, delegation mechanics, and tracking delegate performance.
Chainscore © 2026
introduction
DEVELOPER GUIDE
How to Implement a Delegated Voting Model for Protocol Upgrades
A technical guide to building a gas-efficient, on-chain delegated voting system for DAOs and protocol governance.
The contract architecture typically involves a VotingToken that adheres to the EIP-20 standard with an added delegate function. When a user calls delegate(delegatee), the contract moves the delegator's voting power from their current delegate to the new one. It's critical to write this function to update historical vote tallies correctly for past proposals. A common pattern is to use a checkpointing system, as seen in OpenZeppelin's ERC20Votes library, which records voting power at each block to enable gas-efficient historical lookups and prevent manipulation.
For the voting mechanism itself, a standard approach is to create a Governor contract that uses the token's checkpointed voting power. When a proposal is created, users or their delegates can call castVote(proposalId, support). The contract should verify the voter's voting power at the proposal's creation block, not the current block, to prevent flash loan attacks. The proposal's lifecycle—Pending, Active, Succeeded/Defeated, Queued, Executed—must be clearly defined, with timelocks often added between success and execution for security.
Key implementation details include setting a proposal threshold (minimum tokens needed to propose), a voting delay, and a voting period. For gas optimization, consider using snapshotting via tools like Snapshot.org for off-chain voting with on-chain execution, separating the signaling and execution layers. Always include comprehensive event emissions (DelegateChanged, VoteCast) for indexers and frontends. Thorough testing with forked mainnet state is essential to simulate real delegation behavior and voter turnout.
prerequisites
DELEGATED VOTING IMPLEMENTATION
Prerequisites and Setup
Before building a delegated voting system for on-chain governance, you need the right tools, environment, and a clear understanding of the core components. This guide covers the essential setup for a secure and functional implementation.
The foundation of any on-chain voting system is a smart contract development environment. You will need Node.js (v18 or later) and a package manager like npm or yarn. For contract development, the Hardhat or Foundry frameworks are industry standards, providing testing, deployment, and scripting capabilities. You'll also need access to a blockchain node for testing; services like Alchemy, Infura, or a local Hardhat Network are ideal. Finally, ensure you have a code editor like VS Code with Solidity support installed.
Your voting contract will interact with the protocol's native governance token. You need the token's contract address and ABI (Application Binary Interface). The ABI defines how to call the token's functions, such as balanceOf to check voting power or getPastVotes for snapshot-based voting. Store these details in a configuration file (e.g., config.js or .env). If you're building from scratch, you can deploy a standard ERC-20Votes or ERC-5805 token, which includes built-in delegation and vote tracking logic essential for gas-efficient governance.
Delegated voting introduces key actors: token holders (delegators), delegates, and a governance contract. The core logic involves: 1) Allowing token holders to delegate their voting power to an address, 2) Recording delegate votes on proposals, and 3) Tallying votes based on delegated power at a specific block (a snapshot). You must decide on critical parameters like the voting delay (time between proposal submission and voting start), voting period (duration of the vote), and proposal threshold (minimum tokens required to submit a proposal).
Security is paramount. Use established libraries like OpenZeppelin Contracts to import battle-tested components such as Governor, GovernorCompatibilityBravo, Votes, and TimelockController. A Timelock is crucial; it introduces a delay between a proposal's approval and execution, giving users time to react to malicious upgrades. Always write comprehensive tests for edge cases: self-delegation, delegate changes mid-vote, and quorum calculations. Tools like Slither or MythX can help with static analysis and vulnerability detection.
For a practical start, initialize a Hardhat project (npx hardhat init) and install dependencies: npm install @openzeppelin/contracts. Import the Governor contract and your token. A minimal governor contract might extend Governor and GovernorSettings. You must implement the quorum() function and set the voting settings in the constructor. Test deployment on a local network first, using scripts to simulate delegation and proposal creation. Document every step and parameter clearly for future auditors and developers.
key-concepts
DELEGATED VOTING
Core Technical Concepts
A technical guide to implementing on-chain governance for protocol upgrades, covering key models, security considerations, and implementation patterns.
03
Proposal & Voting Lifecycle
A secure on-chain voting process follows a strict, multi-stage lifecycle managed by a Governor contract.
- Proposal Submission: A proposer with sufficient token threshold submits a calldata payload (target contract, function, arguments).
- Voting Delay & Period: A mandatory delay allows for review, followed by a fixed voting period (e.g., 3-7 days).
- Vote Casting: Delegates vote For, Against, or Abstain. Votes are weighted by their delegated token balance at the proposal's snapshot block.
- Quorum & Threshold: Proposal passes only if total votes meet a quorum (minimum participation) and For votes exceed a defined threshold.
- Timelock & Execution: Passed proposals are queued in a Timelock contract (e.g., 48 hours) before execution, providing a final safety review period.
04
Security & Attack Vectors
On-chain governance introduces unique risks that must be mitigated in the contract design.
- Flash Loan Attacks: An attacker borrows tokens to meet proposal thresholds. Mitigate with vote snapshots or high proposal deposits.
- Timelock Bypass: Ensure all privileged functions are routed through the Timelock executor.
- Governance Capture: A single entity accumulating >50% of tokens can force through proposals. Consider a multi-sig council for emergency pauses.
- Vote Snapshot Manipulation: The snapshot block must be fixed before voting starts; using
block.number - 1is a common pattern. - Gas Griefing: Long proposal descriptions can make voting prohibitively expensive. Store metadata off-chain (IPFS) and reference via hash.
06
Gas Optimization Strategies
Voting gas costs are a major barrier to participation. Implement these strategies to reduce fees.
- Checkpointing:
ERC20Votesuses a Merkle tree-like structure to create balance checkpoints only when balances change, not every block. - Signature Delegation: Allow
delegateBySigso users can delegate without an on-chain transaction. - Batched Proposal Execution: Design proposals to bundle multiple actions into a single transaction to amortize execution costs.
- Off-Chain Voting with On-Chain Execution: Use Snapshot for gasless voting and only execute passed proposals on-chain via the Governor.
- Vote Compression: For quadratic voting or similar complex schemes, consider using zk-SNARKs to verify votes off-chain with a single on-chain proof.
contract-architecture
SMART CONTRACT ARCHITECTURE
How to Implement a Delegated Voting Model for Protocol Upgrades
A technical guide to building a secure, gas-efficient delegated voting system for on-chain governance, using a modular contract architecture.
A delegated voting model allows token holders to delegate their voting power to representatives, improving participation and reducing gas costs for large-scale protocol governance. This architecture is fundamental to protocols like Compound and Uniswap. The core system comprises three main contracts: a voting token (often an ERC-20 with snapshot capabilities), a delegation registry to track voter-to-delegate mappings, and a governor contract that executes proposals based on delegated votes. Separating these concerns enhances security and upgradeability.
The delegation mechanism is typically implemented by extending the ERC-20Votes standard (EIP-5805) or using OpenZeppelin's Votes.sol library. This standard maintains a history of account checkpoints for votes, enabling gas-efficient lookups of voting power at any past block number. When a user delegates, their voting power is transferred to the delegate's checkpoint history. The key function is delegate(address delegatee), which updates the internal checkpoints and emits a DelegateChanged event. It's crucial that delegation does not transfer token ownership, only voting rights.
The governor contract, such as OpenZeppelin's Governor.sol, queries the voting token contract for an account's voting power at the proposal creation block. It uses the getVotes(address account, uint256 blockNumber) function defined by the token. When a delegate votes on a proposal, their voting power is the sum of all tokens delegated to them. This design ensures the voting logic is abstracted from the token mechanics. Proposals execute via a timelock contract, which queues successful votes for a delay period, providing a safety window for the community to react to malicious upgrades.
Security considerations are paramount. Implement vote delegation with a delay to prevent flash loan attacks where an attacker borrows tokens, delegates, votes, and repays within a single transaction. This can be mitigated by enforcing a minimum delegation period. Additionally, use quorum thresholds and proposal thresholds to ensure sufficient community engagement. Always employ a timelock executor for proposal execution to allow time to veto malicious transactions. Audit delegate call usage within proposals, as they execute in the governor's context.
Here is a simplified example of a Governor contract setup using OpenZeppelin's modular libraries:
solidityimport {Governor, GovernorSettings} from "@openzeppelin/contracts/governance/Governor.sol"; import {GovernorCountingSimple} from "@openzeppelin/contracts/governance/extensions/GovernorCountingSimple.sol"; import {GovernorVotes} from "@openzeppelin/contracts/governance/extensions/GovernorVotes.sol"; import {GovernorVotesQuorumFraction} from "@openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol"; contract ProtocolGovernor is Governor, GovernorSettings, GovernorCountingSimple, GovernorVotes, GovernorVotesQuorumFraction { constructor(IVotes _token) Governor("ProtocolGovernor") GovernorSettings(7200 /* 1 day */, 50400 /* 1 week */, 1000e18) GovernorVotes(_token) GovernorVotesQuorumFraction(4) // 4% quorum {} // ... core voting logic is inherited }
This contract uses a token implementing IVotes, has a 1-day voting delay, 1-week voting period, a 1000 token proposal threshold, and a 4% quorum requirement.
To test the system, simulate governance flows using a framework like Foundry or Hardhat. Key test scenarios include: successful delegation and vote casting, failed proposals due to insufficient quorum, execution via timelock, and edge cases like delegating to the zero address (which should revert). Monitor gas costs for critical functions like propose() and castVote() to ensure they remain accessible. For production, consider adding emergency cancellation mechanisms (e.g., a guardian role) and upgradeable contract patterns for the governor itself, allowing the governance framework to evolve as needs change.
delegation-mechanics
GOVERNANCE
How to Implement a Delegated Voting Model for Protocol Upgrades
A technical guide to building a secure and efficient delegation system for on-chain governance, enabling token holders to participate in protocol decisions without constant active voting.
A delegated voting model allows token holders to delegate their voting power to trusted representatives, or delegates, who vote on their behalf. This solves the voter apathy problem common in direct democracy models by consolidating decision-making power with informed participants. The core mechanics involve tracking delegation relationships, calculating vote weights based on delegated balances, and ensuring votes are cast before a proposal deadline. Smart contracts for this system are typically built on standards like OpenZeppelin's Governor contracts, which provide a modular foundation for proposal lifecycle management.
The implementation starts with a vote token (often an ERC-20 or ERC-20Votes) that tracks balances and historical snapshots. A critical function is delegate(address delegatee), which allows a user to assign their voting power. The contract must maintain a mapping, such as delegates[tokenHolder] = delegatee, and update the delegate's voting power accordingly. For gas efficiency and security, most systems use a snapshot mechanism (like ERC-20Votes) to record token balances at a specific block number when a proposal is created, preventing manipulation via token transfers during the voting period.
Here is a simplified core of a delegation contract using OpenZeppelin:
solidityimport "@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol"; contract GovernanceToken is ERC20Votes { constructor() ERC20("GovToken", "GOV") ERC20Permit("GovToken") {} // The `_afterTokenTransfer` hook automatically adjusts delegate voting power }
The ERC20Votes extension handles the complexity of tracking historical balances and delegate power. The actual governance contract (e.g., Governor) then uses getVotes(delegatee, blockNumber) to fetch the correct voting weight for any address at the proposal snapshot block.
Key security considerations include preventing double voting (a user voting both directly and through a delegate) and ensuring delegation changes are processed correctly. The system should allow delegates to vote on multiple proposals without requiring re-delegation. It's also essential to implement a timelock for executed proposals, giving users time to react to passed decisions. For transparency, events like DelegateChanged and DelegateVotesChanged should be emitted. Successful implementations can be studied in live protocols like Uniswap and Compound, which use similar delegate-based governance.
proposal-execution
GOVERNANCE
How to Implement a Delegated Voting Model for Protocol Upgrades
A delegated voting model allows token holders to delegate their voting power to representatives, balancing broad participation with efficient decision-making for on-chain governance.
A delegated voting model is a core governance pattern used by protocols like Compound and Uniswap. It addresses the voter apathy problem by allowing token holders to delegate their voting power to trusted community members or experts. This creates a system of representatives who actively participate in proposal creation and voting. The model is typically implemented using a Governor smart contract that manages proposal lifecycle and tracks delegate balances. Delegation is permissionless; a user can delegate to any Ethereum address, including themselves to self-custody voting power.
The implementation involves three key smart contracts: a voting token (often ERC-20Votes or ERC-5805), a Governor contract, and a Timelock controller. The token contract must track historical balances for each block to prevent vote manipulation via token transfers. The Governor contract defines the logic for proposal creation, voting periods, and quorum requirements. The Timelock executes passed proposals after a mandatory delay, providing a safety mechanism for protocol upgrades. This separation of powers is critical for security.
To create a proposal, a delegate must hold a minimum proposal threshold of tokens. They submit a transaction calling propose() on the Governor contract, which includes a list of target addresses, values, and calldata for the actions to be executed. The contract emits a ProposalCreated event with a unique ID. The proposal then enters a voting delay period, followed by an active voting period (e.g., 3-7 days). During this time, delegates cast votes with their delegated voting power, choosing options like For, Against, or Abstain.
Voting power is calculated at the block number when the proposal goes active, using the token's getPastVotes function. This snapshot mechanism prevents last-minute token borrowing to sway votes. A proposal passes if it meets a quorum (minimum voting power participation) and has more For than Against votes. After passing, it is queued in the Timelock and can be executed after the delay expires. Here is a simplified code snippet for a basic vote cast:
solidityfunction castVote(uint256 proposalId, uint8 support) external returns (uint256) { address voter = msg.sender; uint256 votingPower = token.getPastVotes(voter, proposalSnapshot(proposalId)); require(votingPower > 0, "No voting power"); // Record the vote _castVote(proposalId, voter, support, votingPower); }
Key parameters must be carefully configured: voting delay (time to review), voting period, proposal threshold, quorum, and Timelock delay. For a protocol upgrade, the calldata in a proposal would typically target a proxy admin contract to upgrade the implementation. Security best practices include using OpenZeppelin's Governor contracts, conducting audits, and implementing a bug bounty program. It's also advisable to run upgrades on a testnet first through a governance simulation to ensure the execution path is correct.
Successful delegated governance requires active community participation beyond the code. Protocols often use off-chain signaling platforms like Discourse or Snapshot for preliminary discussions before on-chain proposals. Transparency in delegate platforms and voter education are essential. The model's effectiveness hinges on incentivizing competent delegates and maintaining a low barrier for token holders to delegate or change their delegate, ensuring the system remains responsive and aligned with the protocol's long-term interests.
ARCHITECTURE
Delegation Model Comparison
Key design trade-offs for implementing delegated voting in DAOs and on-chain protocols.
| Feature | Token-Weighted Delegation | Expert Council | Hybrid (Liquid Democracy) |
|---|---|---|---|
Voter Participation | Low (requires active delegation) | High (small, appointed group) | Variable (flexible delegation) |
Sybil Resistance | Depends on token distribution | High (curated membership) | Depends on base layer |
Implementation Complexity | Low (common in Aragon, Compound) | Medium (requires council election logic) | High (needs delegation graphs) |
Gas Cost per Vote | High (delegates vote for many) | Low (fewer voting transactions) | Medium (variable delegation paths) |
Voter Accountability | Low (delegates can act autonomously) | High (council is explicitly responsible) | Medium (delegation is revocable) |
Typical Use Case | Token-based DAOs (e.g., Uniswap) | Technical governance (e.g., MakerDAO) | Large-scale community DAOs |
Attack Surface | Whale dominance, voter apathy | Council collusion, centralization | Delegation spam, complex incentives |
tracking-delegate-history
GOVERNANCE
Tracking Delegate Voting History
A technical guide to implementing and querying a delegate voting model for on-chain protocol upgrades, using Solidity and The Graph.
A delegate voting model is a core governance mechanism for decentralized protocols like Uniswap and Compound. Instead of each token holder voting directly, they can delegate their voting power to a representative, or delegate, who votes on their behalf. This model improves participation by reducing voter apathy and consolidating expertise. To track this history, you need an on-chain record of delegation events and a queryable index of all votes cast by each delegate. This creates a transparent, auditable trail of governance decisions.
The foundation is a smart contract that emits events for key actions. Your voting contract should emit a DelegateChanged event when a user updates their delegate and a VoteCast event for each proposal vote. For example, a simplified Solidity snippet:
solidityevent DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate); event VoteCast(address indexed voter, uint256 proposalId, uint8 support); function castVote(uint256 proposalId, uint8 support) external { address delegate = delegates[msg.sender]; // ... voting logic emit VoteCast(delegate, proposalId, support); }
These events are the raw, immutable logs that form your voting history.
To make this data usable, you need to index it off-chain. The most robust method is using The Graph, a decentralized protocol for querying blockchain data. You create a subgraph that defines entities like Delegate, Delegation, and Vote. The subgraph's mapping scripts listen for your contract's events and populate these entities with structured data. This allows you to run complex GraphQL queries, such as fetching all votes cast by a specific delegate across every proposal, or calculating a delegate's historical voting alignment with other participants.
Your subgraph schema defines the relationships. A Delegate entity has a one-to-many relationship with Vote entities. Each Delegation entity records the delegator, delegate, and the block number of the change. Here is a simplified schema definition in GraphQL:
graphqltype Delegate @entity { id: ID! # Delegate address votes: [Vote!]! @derivedFrom(field: "voter") delegations: [Delegation!]! @derivedFrom(field: "toDelegate") } type Vote @entity { id: ID! voter: Delegate! proposalId: BigInt! support: Int! # 0=against, 1=for, 2=abstain weight: BigInt! }
With the subgraph deployed, dApp frontends or analytics dashboards can query a delegate's complete history efficiently. A sample query to get a delegate's voting record and total voting power delegated to them would look like this:
graphqlquery GetDelegateHistory($id: ID!) { delegate(id: $id) { votes(orderBy: proposalId, orderDirection: desc) { proposalId support weight } delegations { delegator { id } amount } } }
This provides a full picture of a delegate's behavior and influence, which is critical for voters making informed delegation decisions.
For teams not using The Graph, a fallback is to use an indexing service like Alchemy's Notify or a custom listener script that processes events and stores them in a database. However, this introduces centralization and maintenance overhead. The key takeaway is that tracking delegate history requires: 1) emitting standardized events from your governance contract, and 2) building a reliable index to transform those logs into queryable data. This infrastructure is essential for transparent, accountable on-chain governance.
DELEGATED VOTING
Frequently Asked Questions
Common technical questions and implementation details for building a delegated voting model for on-chain governance and protocol upgrades.
A delegated voting model separates voting power from token ownership using a smart contract architecture. The core components are:
- Voting Token (e.g., ERC-20Votes/ERC-5805): A token standard that tracks historical balances for snapshot-based voting and delegation.
- Delegation Registry: A mapping that records which address (the delegate) can vote on behalf of a token holder (the delegator). A delegator can delegate to themselves or another address.
- Governor Contract: The primary contract (often using OpenZeppelin's Governor) that proposes, votes on, and executes upgrades. It reads voting power from the delegation registry.
When a proposal is active, the Governor contract checks the delegate's voting power at a specific block (using a snapshot), which is the sum of all tokens delegated to them. This design allows for gas-efficient participation, as only delegates need to interact with the governance system for voting.
resource-links
GUIDES AND TOOLS
Implementation Resources
Resources and building blocks for implementing a delegated voting model for protocol upgrades. These cards focus on production-tested governance contracts, off-chain voting systems, and operational patterns used by live DAOs.
security-considerations
SECURITY AND ATTACK VECTORS
How to Implement a Delegated Voting Model for Protocol Upgrades
A delegated voting model allows token holders to delegate their voting power to representatives, improving governance efficiency. This guide covers its implementation and critical security considerations.
A delegated voting model is a common pattern in DAOs and on-chain governance where token holders can delegate their voting power to a representative, or delegate, who votes on their behalf. This solves the voter apathy problem by consolidating decision-making power with engaged participants. The core contract architecture typically involves a VotingToken (often an ERC-20 or ERC-20Votes) and a Governor contract that manages proposals and tallies votes based on delegated balances. Key functions include delegate(address delegatee), propose(), castVote(), and execute(). This model is used by protocols like Compound Governor Bravo and Uniswap Governance.
Implementing the model starts with a token that tracks historical votes, such as OpenZeppelin's ERC-20Votes extension. This prevents double-voting by snapshotting balances at the start of a proposal. The Governor contract, often built using OpenZeppelin's Governor contracts, references this token. Here's a basic structure:
solidityimport "@openzeppelin/contracts/governance/Governor.sol"; import "@openzeppelin/contracts/governance/extensions/GovernorVotes.sol"; contract MyGovernor is Governor, GovernorVotes { constructor(IVotes _token) Governor("MyGovernor") GovernorVotes(_token) {} // Override voting delay, period, and quorum functions... }
The GovernorVotes module automatically uses the delegated balance from the token contract for vote weighting.
Several attack vectors are inherent to delegated voting. Vote buying and bribery is a major risk, where delegates are incentivized to vote against their delegators' interests. Flash loan attacks can manipulate voting power: an attacker borrows a large amount of tokens, delegates to themselves, votes on a proposal, and repays the loan—all within one transaction. Mitigations include enforcing a voting delay (e.g., 1 block) between proposal creation and the start of the voting period, which prevents instant flash loan votes. Using a timestamp or block number snapshot taken prior to the proposal's creation is also critical.
Another critical security consideration is quorum manipulation. Setting a quorum too low makes the system vulnerable to a small, coordinated group. A dynamic quorum based on historical participation, like Compound's quorum scaling, can help. Additionally, delegate coercion can occur if delegates are threatened to vote a certain way. Implementing secret voting (e.g., with zk-SNARKs) until votes are tallied is a robust defense but adds complexity. Always subject the governance contract to formal verification and rigorous audit by firms like Trail of Bits or OpenZeppelin before mainnet deployment.
To enhance security, integrate a timelock contract between the Governor and the protocol's executive functions. All successful proposals must queue actions in the timelock (e.g., for 48 hours), giving users a final window to exit if they disagree with an upgrade. Monitor for delegate concentration risk; if too much voting power centralizes with one entity, the system becomes less decentralized. Tools like Tally and Boardroom provide transparency into delegate platforms and voting history, helping token holders make informed delegation choices.
conclusion
IMPLEMENTATION SUMMARY
Conclusion and Next Steps
You have now explored the core components for building a secure and efficient delegated voting model for on-chain governance. This guide covered the smart contract architecture, delegation mechanics, and security considerations essential for a production-ready system.
The implemented model provides a foundation for scalable protocol governance. Key features include a snapshot-based voting system to prevent last-minute manipulation, a delegation registry that allows token holders to assign voting power to trusted delegates, and a timelock contract to enforce a delay between a proposal's approval and its execution. This structure balances voter participation with security, ensuring upgrades are deliberate and resistant to flash loan attacks. For a complete reference, review the example contracts in the OpenZeppelin Governor documentation.
To extend this system, consider integrating with off-chain voting platforms like Snapshot for gas-free signaling, which can increase participation before an on-chain vote is finalized. You could also implement quadratic voting to reduce the influence of large token holders or add a constitutional guardrail—a multi-sig that can veto proposals violating core protocol principles. Monitoring delegate performance with tools like Tally or Boardroom provides transparency, allowing token holders to make informed delegation decisions based on historical activity and voting alignment.
For production deployment, rigorous testing and auditing are non-negotiable. Use a framework like Foundry or Hardhat to simulate complex governance attacks, including proposal spam, delegation front-running, and timelock bypass attempts. Engage a professional audit firm to review the final code. Start with a testnet deployment on a network like Sepolia or Goerli, and consider a phased rollout using a proxy upgrade pattern (e.g., UUPS) to allow for future improvements. The next step is to define your governance parameters: proposal threshold, voting delay, voting period, and quorum, which will shape the pace and security of your protocol's evolution.