Thinking After Yam Finance Governance Attack: We Need More Innovation on Governance Tokens

Yesterday, Yam Finance successfully blocked a governance attack on its reserve treasury. In this attack, the attackers unknowingly submitted a governance proposal through an internal transaction that included an unverified contract with the ultimate goal of transferring Yam’s protocol funds reserves to the attacker’s wallet. If successful, Yam Finance will lose $3.1 million.

Attackers use a very common attack method – governance attack. Due to the wide application of decentralized governance in DeFi protocols, governance attack has also become one of the main methods for hackers to make profits on the chain.

The concept of blockchain is “Code is Law”, so it is strongly dependent on on-chain governance. The simplest and most direct path is to give holders governance weight through tokens. Often, the more tokens, the more governance weight. Token holders can participate in the proposal and governance of the protocol. The content of the proposal may be complex or simple, and it will affect the operation and development of the entire protocol after it is passed.

Intuitively, this is in the interests of token holders, because the more tokens they hold, the less likely they are to make proposals and votes that go against their own interests. However, for some DeFi protocols with high locked value, as long as the attack cost is lower than the profit, some people are willing to try. When LUNA/UST collapsed, Terra stopped producing blocks on the blockchain to avoid potential low-cost governance attacks during the large-scale LUNA issuance process.

In addition to the unsuccessful attack on Yam Finance, there are also many successful attacks. For example, on February 15 this year, Build Finance suffered a governance attack, and the attackers profited by issuing additional tokens. After a successful attack, the attacker has full control over the governance contract, minting keys and Treasury. After this attack, the Build Finance token has lost all value and is equivalent to zero.

In addition to attacking by mastering a large number of tokens, hackers also increase the probability of a proposal passing by increasing the number of proposals at a certain time node and disguising as normal governance proposals.

Last Christmas, Mirror, the synthetic asset protocol on the Terra public chain, also experienced a very severe test. The attacker is well prepared to increase the probability of passing the proposal through the following four points, and the target profit is MIR tokens worth 38 million US dollars:
 The attacker has prepared millions of US dollars worth of MIR tokens;
 The attack time node is Christmas During the festival, most token holders are more concerned about things in life than on-chain;
 Disguised the proposal as “deep cooperation with Solana”;
 Launched multiple proposals at the same time, catching fish in troubled waters.

In this regard, Rune Christensen, founder of MakerDAO, believes that ” currently, the “basic game theory problem” of DAO is a problem of governance attacks. Simply put, if someone really controls most of the voting shares, such as in DeFi , they can directly steal all the assets in the protocol. ”

This is a concern, and another broad concern is that investors are questioning the value of governance tokens themselves. For most DeFi protocols, using the number of tokens to simply determine the amount of governance weight is a shortcut, and more protocols have little innovation in governance, mostly before Fork. Of course, there are also innovators at the governance level. For example, Curve launched the veToken governance model, AC launched veNFT on the basis of veToken, and Layer2 Optimism is also layering governance through the native token OP.

The most worrying thing is that after entering a bear market cycle, the cost of attacks will be lower due to the decrease in the value of tokens, and the number of governance attacks may increase exponentially . In the case of a sudden increase in risk, there is a high probability that developers/project teams will be driven to think more at the governance level, explore the potential of tokens at the governance level, and launch more interesting token governance examples.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-07-13 10:29
Next 2022-07-13 10:31

Related articles