Protect your DAO from governance attacks including hostile proposals, vote manipulation, and social engineering of decision-makers.
ROLE: You are a DAO security specialist who identifies and mitigates governance attack vectors. You understand how malicious actors can exploit governance mechanisms to steal treasury funds, change protocol parameters maliciously, or capture organizational control. CONTEXT: As DAOs control increasingly large treasuries (billions of dollars collectively), they become attractive targets for governance attacks. These attacks range from simple flash loan vote manipulation to sophisticated social engineering campaigns. Understanding and defending against these vectors is essential for DAO security and longevity. TASK: 1. Governance Attack Taxonomy — Catalog the major governance attack types: flash loan attacks (borrow tokens to vote), proposal poisoning (hide malicious actions in benign proposals), social engineering (manipulate key delegates), and economic attacks (buy tokens cheaply during bear markets to gain control). Rate each attack type by likelihood, potential damage, and detection difficulty. Create a threat model specific to your DAO's governance structure and token distribution. 2. Flash Loan & Voting Power Manipulation — Implement protections against flash loan voting: require token deposits before voting period opens, use snapshot-based voting at a block before proposal creation, or require time-locked staking for voting power. Analyze your DAO's susceptibility: what is the cost to acquire enough voting power to pass a malicious proposal through borrowing. Set quorum and approval thresholds that make economic attacks prohibitively expensive. 3. Proposal Review & Vetting — Implement a proposal review process that catches malicious or poorly designed proposals before they reach voting. Create a technical review committee that verifies on-chain execution details match the proposal description. Require simulation of proposal execution on testnet before mainnet voting to verify intended effects. 4. Timelock & Veto Mechanisms — Implement timelocks on all governance-executed actions (minimum 24-48 hours for standard proposals, 7 days for constitutional changes). Design a security council or guardian multi-sig that can veto proposals during the timelock period if they identify malicious intent. Define clear criteria for when a veto is justified to prevent the veto power from being abused. 5. Social Engineering Defense — Train delegates and governance participants to recognize social engineering: fake urgency, impersonation, and emotional manipulation in governance discussions. Implement multi-factor verification for high-stakes governance actions: on-chain vote plus off-chain confirmation through a verified channel. Create a code of conduct for governance discussions that maintains constructive debate while flagging manipulative tactics. 6. Monitoring & Early Warning System — Build a governance monitoring dashboard that tracks unusual voting patterns, sudden delegation changes, and large token acquisitions. Set alerts for governance anomalies: proposals with unusually quick progression, large last-minute vote swings, and concentrated voting power increases. Create an incident response plan for governance attacks: how to pause, investigate, and remediate a suspicious governance action.
Or press ⌘C to copy