The Vulnerable Nature of Decentralized Governance in DeFi

TL;DR

This paper investigates the vulnerabilities of decentralized governance in DeFi, revealing low participation, centralization, and transferability issues that threaten platform security and integrity.

Contribution

It uncovers how governance tokens are misused and exploited, highlighting design flaws and potential attack vectors in DeFi governance protocols.

Findings

Low voting participation among users

Voting rates decrease with higher gas prices

Governance is highly centralized and tokens are transferred for short-term gains

Abstract

Decentralized Finance (DeFi) platforms are often governed by Decentralized Autonomous Organizations (DAOs) which are implemented via governance protocols. Governance tokens are distributed to users of the platform, granting them voting rights in the platform's governance protocol. Many DeFi platforms have already been subject to attacks resulting in the loss of millions of dollars in user funds. In this paper we show that governance tokens are often not used as intended and may be harmful to the security of DeFi platforms. We show that (1) users often do not use governance tokens to vote, (2) that voting rates are negatively correlated to gas prices, (3) voting is very centralized. We explore vulnerabilities in the design of DeFi platform's governance protocols and analyze different governance attacks, focusing on the transferable nature of voting rights via governance tokens. Following the movement and holdings of governance tokens, we show they are often used to perform a single action and then sold off. We present evidence of DeFi platforms using other platforms' governance protocols to promote their own agenda at the expense of the host platform.