How to prevent governance attacks in DAOs?

Theoretically, DAOs built on the blockchain have high security.However, as a technology that has only been developed for more than ten years, blockchain still has defects in many places, which also makes the blockchain ecology in actual operation not achieve the ideal security.

Similarly, DAOs often face malicious attacks from the Internet.As a decentralized autonomous organization, sometimes, a malicious proposal may bring the DAO to collapse.

There are a large number of real cases of governance attacks against DAOs. For example, in a protocol called Beanstalk, an attacker used a loan to quickly obtain a large number of Beanstalk governance tokens, made a malicious proposal and passed it quickly, stealing $182 million in Beanstalk funds before other members of the protocol responded.

DAO's governance attack has two different ways: light and dark. The above example is a case that happened in a public place.Within a period of time, the accumulation of governance tokens through some anonymous accounts is basically the same as that of normal users. When the time is right, it will show its fangs and launch an attack on DAO.

How to prevent governance attacks in DAOs, the most effective solution is to identify malicious attackers.However, judging from the protocol adopted by the current DAO, the two groups of normal contributors in the DAO and the attackers who want to destroy the DAO for profit are indistinguishable.This has also led to the fact that the higher the autonomy DAO provides to members of the organization, the easier it is for attackers to do evil.However, decentralization is the core idea of ​​DAO, and it is inevitable to provide members with a high degree of autonomy.Therefore, preventing DAO governance attacks requires other means before the technology fails to identify malicious attackers.

After the underlying technology could not be improved to prevent governance attacks, some people proposed a solution to the problem from the governance level. In short, there are three main types:

One, reduce the attack value.When the value of a thing is very low, it is natural that the attacker will not spend a lot of energy and cost to attack it.Although the development of a DAO will naturally lead to an increase in its value, the value of an attack can naturally be reduced by limiting the corresponding governance power when the DAO is initially designed.

Second, increase the cost of voting. Generally speaking, the governance of DAO requires the acquisition of tokens to obtain voting rights. When the cost of acquiring tokens becomes high, attackers are generally reluctant to spend high costs to launch governance attacks on DAO.The DAO community can establish some incentives to reduce the circulation of the token, thereby increasing its value.

Third, increase the attack cost.When the attacker obtains a large number of governance tokens, DAO can also make it difficult for the attacker to launch an attack by increasing the attack cost.For example, common KYC authentication or reputation authentication can make some anonymous attackers have to give up their attacks.In addition, some projects use time locks to prevent the acquired tokens from participating in governance for a period of time. This time lock gives members and the community time to reflect, and can be better dealt with when an attacker launches an attack after releasing the time lock.