~/defi/dao $ cat governance-ataki-zahvat-golosov.md
DAO Takeover: How Voting Attacks Work and What We Learned from the Beanstalk Case
A governance attack is a heist by the book: the attacker secures a majority of votes and legally votes the treasury to themselves. No bugs-just pure economics.
Case Study: Beanstalk (2022)
The attacker took out a flash loan, used it to buy a majority of the governance tokens, and in the same transaction passed an “emergency” proposal to drain the treasury (~$180 million in losses, ~$76 million in gains), then repaid the loan. The whole “democratic” process took 13 seconds. The protocol had no time lock on emergency proposals-and that was the entire vulnerability.
The Math Behind the Attack
An attack is profitable when the cost of a majority of votes is less than the available treasury. Dangerous configurations: a cheap token + a large treasury; a token available for borrowing in lending pools (votes can be rented); low turnout (a majority based on voters, not on the total supply); no time lock between voting and execution.
Standard safeguards
- Time lock: days between adoption and execution-time to notice and evacuate.
- Past vote snapshots: flash loans are useless if vote weight is fixed before the proposal.
- Quorums and veto councils: an emergency brake against blatant plundering (at the cost of decentralization-an honest compromise).
Things to check before buying a governance token: treasury/market cap, whether there’s a time lock, and whether the token can be borrowed. If the treasury can be bought for less than its contents, someone will eventually do it.