DeFi is one of the most revolutionized applications of blockchain technology.
The development of conventional financial instruments in the past decade was increasing the number of services that investors can choose from, which provides more financial autonomy for investors. However, the governance rights of investors were barely improved, and the value of their assets was determined by the institutions.
A paradigm shift started when decentralized finance first boomed in 2020. DeFi, as a combination of blockchain technology, algorithmic automation, and community governance structure, removed the intermediates from the financial system and allow investors to interact with their funds directly.
DeFi is decentralized not only because it utilizes blockchain technologies and peer-to-peer transactions, but also because it distributes the governance rights to a community of âshareholdersâ.
Currently, the most popular governance pattern implemented in DeFi protocols is the on-chain governance system with a single type of governance token. In this system, all protocol changes will be voted directly on the blockchain. Proposals are smart contracts, and they will be executed if they lock enough amount of governance tokens.
In this system, governance tokens are initially distributed to users who interact with the protocols for a certain amount of time before being listed on exchanges, which incentivize platform users and help protocols pass the cold-start stage.
Value of Governance Token
The governance token captures the value of a DeFi protocol from different aspects, and its value is determined by the governance rights, speculation/expectation, and incentive.
Letâs take a look at the rights of governance tokens in MakerDAO, Uniswap, and Compound.
From the governance perspective, the governance token generally has three major value captures.
Cash Flow: Most DeFi projects will distribute a certain portion of their revenue regularly to a treasury in their ecosystem, which is the insurance funds or for dividend purposes. The holders of governance tokens can determine the rate of dividend they received by proposing a new poll on-chain.
Protocol Changes: The intrinsic value of a governance token is its power to determine the future of a protocol. Token holders can vote on smart contract modifications, business direction changes, and many other factors that will fundamentally influence the performance of a protocol.
Future Token Distributions: This type of value is usually related to yield farming/liquidity mining services in the DeFi protocol. Governance token holders can determine the rate of minting/vesting of new tokens that will be distributed via yield farming. This activity will influence the future engagement of a DeFi protocol.
Risk of DeFi Governance
The weight carried by a vote is proportionate to the number of governance tokens that the voter holds. This logic makes sense in general cases as the more tokens they hold, they are less likely to initiate malicious proposals against their benefits.
However, the skyrocketing TVL of DeFi protocol makes governance attacks highly profitable. As the DAO becomes increasingly popular these days, governance attacks are more common.
There are several on-chain governance attacks.
Yam Finance
Yam Finance, a DeFi protocol that rose in the DeFi summer of 2020, prevented a governance attack in July 2022, which was seeking to control its treasury that contains $3M worth of cryptocurrencies.
On July 7th, attackers initiated a governance proposal via internal transaction, and they hid an unverified smart contract into this proposal. This malicious smart contract will cede the control of the reserve to attackers once the proposal executes.
Before the Yam Finance Team was able to freeze this proposal, it achieved a quorum of the proposal and was in danger of being passed.
Build Finance DAO
Build Finance DAO is a decentralized investment organization, and they fund other projects through its $BUILD token. The most well-known investment made by them is the MetricExchange. Although the slow progression of investments makes the community inactive, it still has about $500K worth of cryptocurrencies locked in its treasury.
Build Finance DAO has a special govern mechanism that allows the owner of a specific smart contract to mint $BUILD tokens and controls its treasury. This vulnerable system makes Build Finance DAO become a good target for governance attacks.
On Feb 10th, 2022, attackers acquired enough amount of governance tokens themselves to pass a malicious proposal that will grant them control of the treasury, and keep the community unnoticed. After taking control of the protocol, the attackers minted and sold various tokens from the treasury by leveraging smart contracts and draining funds from liquidity pools on other DEXs that listed $BUILD and $METRIC.
According to The Blockâs estimations, attackers gained the equivalent of 160 $ETH in this governance attack.
Mirror
Mirror protocol is an on-chain synthetic assets protocol on the Terra network.
Last Christmas, Mirror on the Terra network got attacked. The attacker disguised the malicious governance proposal by declaring it is a request for cooperation with the Solana network, but it will send $64.2M worth of $MIR tokens to the attacker. Other than this main attack, attackers also initiated multiple other malicious proposals that tried to drain the treasury to distract the Mirror team.
The Mirror team stopped this attack by initiating a new proposal to alert unwary users about such a scam.
The development of the DeFi governance system at the current stage is incompetent with its TVL increasing. Most protocols require centralized and manual protection from the team against governance attacks rather than a decentralized system.
When simply calculating the voting power based on the number of governance tokens that hold by voters, the protocol can have a higher systematic risk rate than a governance structure with a staking mechanism. Lacking a quantitatively analyzing method of governance proposals, the governance tokens can easily be misvalued in a bear market. The inconsistency between the TVL of protocol and the Market Cap of governance tokens is increased when the price of governance tokens is getting dumped. The cost of governance attacks got deeply reduced, and this opportunity will attract speculators to make governance attacks.
The Future of DeFi Governance
We always say a bear market is a good time for building. Now is a good time for builders to explore the future of the DeFi governance structures.
veToken model that originates from Curve Finance is an innovative governance system for DeFi protocols. It creates a veToken to replace the protocolâs native token for governance purposes. Users need to lock their native token for a certain amount of time to get the corresponding amount of veTokens. Since veToken is Non-transferable and intrinsic economic value is zero, Curve separates its utility token from the governance and reduces the systematic risk of governance attack.
However, the success of veToken in Curve Finance can hardly be replicated by other DeFi protocols. Curve Finance has a well-designed financial system that generates stable revenue for its liquidity providers, and its strong composability makes it extends its user base by integrating with many projects. In this case, the governance token can sacrifice a portion of its property as an incentive for stronger governance stability.
The veToken model was mostly criticized for Bribery (Curve War). This governance model is pretty fragile when engaging in lending or borrowing services, as it allows substandard assets to become collateral.
The future DeFi governance structure needs to prevent malicious attacks from both the technical and social sides. Also, the movement made by dYdX that they plan to deploy their blockchain on Cosmos shows the future of DeFi governance needs a multi-chain solution.
Disclaimer: This research is for information purposes only. It does not constitute investment advice or a recommendation to buy or sell any investment and should not be used in the evaluation of the merits of making any investment decision.
đŠ @SoxPt50
đ 19 July 2022
