Abstract: The frequency of DAO acquisitions will increase as larger and more established players and institutions enter the space. We will go through several recent examples and a hypothetical example of the hostile takeover of the Lido DAO (LDO) and the subsequent vampire attack on Lido’s liquid staking pool.
Recent hostile takeovers
The rise of DeFi-focused DAOs with large capital, which could lead to more frequent attempts at hostile governance takeovers. Extremely low governance participation (mostly driven by speculative investors) forces DAOs to accept lower thresholds for proposal approval.
At the beginning of April, DAO funding has reached nearly 13 billion US dollars, an increase of 4 billion US dollars month-on-month. While we haven’t seen a slew of acquisitions yet, two examples from the past few months portend some experimentation as the DAO space reaches unprecedented levels of value.
In mid-February, Build Finance suffered a governance takeover, in which the attacker successfully passed a vote to hand over full control of the governance contract, minting keys, and vault to others. After a failed attempt, the attacker sends BUILD tokens to another wallet and submits a takeover proposal again. By disabling gitbook and the proposal bot, and having enough tokens to reach the minimum approval, the attacker successfully passed the proposal, created 1.1 million BUILD, and drained the LP pool on Uniswap and Balancer, making a profit of $500,000 .
Build Finance’s on-chain governance model allows one proposal to transfer ownership of a single smart contract to mint Build tokens and control the vault. Other DAOs use a combination of off-chain voting and committee-controlled multi-signature wallets to make on-chain and off-chain decisions. These governance settings can defend against apparently malicious proposals (e.g., via a multi-signature veto), but have other assumptions of trust and risk malicious key holders changing the protocol against the will of the community. Last December, members of FortressDAO (a fork of Olympus) approved a proposal to create FUSD (the new yield-yielding stablecoin) with a grant from the Fortress vault (about $14 million at the time). While the community believes they can control the distribution of FUSD, in reality, Eisenberg, the sole technologist and controller of the keys, has full control over the FUSD in the vault.
Assuming that a small number of key holders adhere to a multi-signature governance structure also introduces unnecessary risk. Ideally, governance should happen on-chain, and accepted proposals should be executable code that interacts directly with existing marketplaces, or adding newly supported tokens from standardized templates. Self-executing proposals, however, create an opportunity for cumulative holders of DAO tokens to prudently submit and approve irreversible proposals that could drain their coffers or otherwise act maliciously. The low percentage of DAO token holders actively voting on proposals (historically below 10%) means these acquisitions are easier than one might think.
Hypothetical Takeover Example – Lido DAO
For fun, we’ll look at an example of a hypothetical Lido DAO being taken over and the subsequent vampire attack on its liquidity staking pool. Lido is a liquid staking protocol on Ethereum. Lido has pledged nearly 3 billion ETH, accounting for more than 80% of all liquid staking balances in the network, and more than 27% of all ETH pledged in validators and pools. ETH deposits in the Lido liquidity staking pool can be rewarded with stETH, which can be deposited into the LP pool on Curve or used as collateral in lending protocols such as Aave, Maker, Compound, and Alpha. Liquidity staking provides ETH holders with much-needed liquidity and allows holders to earn additional rewards on top of Lido pool rewards. Even large stakers who are able to run their own validator nodes have little incentive to do so given the economic risks, except for altruistic reasons (such as providing security to the network).
There are currently 104 million LDO tokens in circulation (with a circulating market capitalization of approximately $463 million). Token holders can vote on a number of proposals, including approving incentives for parties that contribute to achieving the DAO’s goals (e.g., stETH liquidity providers). In addition to 50% approval, approval of at least 5% of the total token supply is required for a proposal to pass. Since the SUSHI-Uniswap incident, the DAO tokens required to approve liquidity providers have largely prevented vampire attacks. However, with a sufficiently large economic incentive, DAO acquisitions become a possibility of liquidity drying up.
In our example, it is unrealistic to assume that an attacker with 5% of the token supply can pass a malicious proposal. However, due to the low percentage of holder votes, we may only need 10% of the LDO token supply ($46.3 million) to approve without a huge community effort to incentivize “no” votes. Our attacker can launch a new DeFi protocol and approve a proposal in the Lido DAO for acceptance of this new protocol in the Lido ecosystem. The protocol can then launch a new token that will be issued to users who deposit stETH (i.e. something like $SUSHI in exchange for Uniswap LP tokens). With a high enough incentive, this new protocol will see massive stETH deposits, which can then be used to exchange ETH in Lido pools. By draining these pools, attackers can quickly accumulate nearly 30% of the ETH stake in the network.
This is highly unlikely for a number of reasons. First, it would require an upfront cost of $50 million to get enough votes to pass a proposal. Second, the exchange rate between stETH and the token of the new protocol will be very low unless the token appreciates significantly after launch (or a full-fledged DeFi project executes this strategy with a token of value). Third, the negative public perception of the attempt could limit stETH deposits and destroy the native token value.
Prevent DAO from being taken over
However, with many DAO libraries rapidly amassing huge sums of money, the risk of a malicious governance takeover in the DeFi space is definitely increasing. Creating a governance structure that prevents takeover attempts while maintaining the decentralized spirit of DeFi is a tricky proposition.
- Governance should happen on-chain, and proposals should include automated code execution where possible – in most cases, the multi-signature compliance risk is greater than the risk of centralized token accumulation.
- Proposals that are automatically executed should conform to a standardized template voted on by the community.
- Analytical tools should be implemented to assess proposal compliance (to guide less technically savvy members) and to monitor proposal activity (such as a DAO analyzer).
- Adequate defensive bots or tools should be introduced to raise proposal awareness to prevent malicious proposals from passing.
- A DAO token limit on the wallet (e.g. 5% of the total supply) can be written into the contract. In practice, this presents some challenges in the initial token distribution, but can be limited by time or reduction of vault growth (eg 20% -> 5%).
Growing pains are to be expected in a new field like The DAO. However, DAOs that manage large vaults should take appropriate precautions to ensure funds are safe and the protocol is protected from malicious actors. We are likely to see more hostile governance takeovers as the number of established market players with significant capital increases. As DAOs increasingly manage value at the same level as their TradFi counterparts, thoughtful implementation of governance structures and suites of analytical tools to mitigate these risks will likely become increasingly important.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/what-can-we-do-about-the-hostile-takeover-of-the-dao/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.