Balancing Security and Liquidity: A Time-Weighted Snapshot Framework for DAO Governance Voting
Zayn Wang, Frank Pu, Vinci Cheung, Robert Hao
TL;DR
This paper addresses governance vulnerabilities in DAOs arising from flash loans and token-weighted voting. It proposes a time-weighted snapshot framework that combines snapshot-based voting with aging-weighted token weighting, formalized via $S_m$, $t_d$, $w$, and $p_d$, to compute voting power $p_d = f(t_d)$ and outcomes $v_a$, $v_d$ under a rule $V(v_a,v_d)$. Through Beanstalk, UPCX, and Curve case studies, the work analyzes temporal misalignment and demonstrates that Curve’s long-hold, decaying voting power provides greater security against rapid attacks, while others exhibit liquidity-security tradeoffs. The contributions include a concrete defense architecture, empirical analysis of multi-vector attacks, and guidelines for balancing security and liquidity, with future directions toward adaptive weight tuning and potential ML-assisted optimization.
Abstract
As new project upgrading the blockchain industry, novel forms of attack challenges developers to rethink about the design of their innovations. In the growth stage of the development, Decentralized Autonomous Organizations (DAO) introduces different approaches in managing fund through voting in governance tokens. However, relying on tokens as a weight for voting introduces opportunities for hackers to manipulate voting results through flash loan, allowing malicious proposals - fund withdrawal from DAO to hacker's wallet - to execute through the smart contract. In this research, we learned different defense mechanism against the flash loan attack, and their weakness in accessibility that compromise the security of different blockchain projects. Based on our observation, we propose a new defensing structure and apply it with cases.
