A Comprehensive Study of Governance Issues in Decentralized Finance Applications
Wei Ma, Chenguang Zhu, Ye Liu, Xiaofei Xie, Yi Li
TL;DR
The paper addresses governance challenges in DeFi by building a taxonomy from literature and industry sources and validating it on a large audit-report corpus. It combines qualitative taxonomy development with quantitative analysis of 26,037 issues extracted from 4,446 reports across 17 security firms, highlighting ownership and incentive mechanisms as central governance concerns. It further investigates consistency between whitepapers and implementations using an AI-assisted detector, achieving a 56.14% F1 score and 80% recall on eight projects to illustrate feasibility and gaps. The results inform researchers, developers, investors, and regulators about robust governance design, implementation practices, and the need for automated consistency verification to support trustworthy and sustainable DeFi ecosystems.
Abstract
Decentralized Finance (DeFi) is a prominent application of smart contracts, representing a novel financial paradigm in contrast to centralized finance. While DeFi applications are rapidly emerging on mainstream blockchain platforms, their quality varies greatly, presenting numerous challenges, particularly in terms of their governance mechanisms. In this paper, we present a comprehensive study of governance issues in DeFi applications. Drawing upon insights from industry reports and academic research articles, we develop a taxonomy to categorize these governance issues. We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies, categorizing their governance issues according to our constructed taxonomy. We conducted a thorough analysis of governance issues and identified vulnerabilities in governance design and implementation, e.g., voting sybil attack and proposal front-running. Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues. As an initial step to address the challenges of code-whitepaper consistency checks for DeFi applications, we built a machine-learning-based prototype, and validated its performance on eight widely used DeFi projects, achieving a 56.14% F1 score and a 80% recall. Our study culminates in providing several key practical implications for various DeFi stakeholders, including developers, users, researchers, and regulators, aiming to deepen the understanding of DeFi governance issues and contribute to the robust growth of DeFi systems.