SoK: Attacks on DAOs

Authors Rainer Feichtinger , Robin Fritsch , Lioba Heimbach , Yann Vonlanthen , Roger Wattenhofer



PDF
Thumbnail PDF

File

LIPIcs.AFT.2024.28.pdf
  • Filesize: 0.93 MB
  • 27 pages

Document Identifiers

Author Details

Rainer Feichtinger
  • ETH Zürich, Switzerland
Robin Fritsch
  • ETH Zürich, Switzerland
Lioba Heimbach
  • ETH Zürich, Switzerland
Yann Vonlanthen
  • ETH Zürich, Switzerland
Roger Wattenhofer
  • ETH Zürich, Switzerland

Acknowledgements

We thank Hubert Ritzdorf from ChainSecurity for his precious feedback.

Cite AsGet BibTex

Rainer Feichtinger, Robin Fritsch, Lioba Heimbach, Yann Vonlanthen, and Roger Wattenhofer. SoK: Attacks on DAOs. In 6th Conference on Advances in Financial Technologies (AFT 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 316, pp. 28:1-28:27, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.AFT.2024.28

Abstract

Decentralized Autonomous Organizations (DAOs) are blockchain-based organizations that facilitate decentralized governance. Today, DAOs not only hold billions of dollars in their treasury but also govern many of the most popular Decentralized Finance (DeFi) protocols. This paper systematically analyses security threats to DAOs, focusing on the types of attacks they face. We study attacks on DAOs that took place in the past, attacks that have been theorized to be possible, and potential attacks that were uncovered and prevented in audits. For each of these (potential) attacks, we describe and categorize the attack vectors utilized into four categories. This reveals that while many attacks on DAOs take advantage of the less tangible and more complex human nature involved in governance, audits tend to focus on code and protocol vulnerabilities. Thus, additionally, the paper examines empirical data on DAO vulnerabilities, outlines risk factors contributing to these attacks, and suggests mitigation strategies to safeguard against such vulnerabilities.

Subject Classification

ACM Subject Classification
  • Security and privacy → Economics of security and privacy
  • Human-centered computing → Collaborative and social computing
Keywords
  • blockchain
  • DAO
  • governance
  • security
  • measurements
  • voting systems

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Zack Abrams. Indexed dao to distribute remaining treasury after defeating hijack attempts. https://www.theblock.co/post/264679/indexed-dao-to-distribute-remaining-treasury-after-defeating-hijack-attempts, 2023.
  2. AnnabelTUSD. Open letter to the makerdao community from tusd. https://forum.makerdao.com/t/open-letter-to-the-makerdao-community-from-tusd/12753/1, 2022.
  3. Victor Araújo and Malu AC Gatto. Casting ballots when knowing results. British Journal of Political Science, 52(4):1709-1727, 2022. Google Scholar
  4. James Austgen, Andres Fabrega, Sarah Allen, Kushal Babel, Mahimna Kelkar, and Ari Juels. Daos must confront dark daos — or fall under their shadow. https://initc3org.medium.com/daos-must-confront-dark-daos-or-fall-under-their-shadow-b4c47cb6a1be, 2024.
  5. James Austgen, Andrés Fábrega, Sarah Allen, Kushal Babel, Mahimna Kelkar, and Ari Juels. Dao decentralization: Voting-bloc entropy, bribery, and dark daos, 2023. URL: https://arxiv.org/abs/2311.03530.
  6. Tom Barbereau, Reilly Smethurst, Orestis Papageorgiou, Johannes Sedlmeir, and Gilbert Fridgen. Decentralised finance’s timocratic governance: The distribution and exercise of tokenised voting rights. Technology in Society, 73:102251, 2023. URL: https://doi.org/10.1016/j.techsoc.2023.102251.
  7. Tom Josua Barbereau, Reilly Smethurst, Orestis Papageorgiou, Alexander Rieger, and Gilbert Fridgen. Defi, not so decentralized: The measured distribution of voting rights. In Proceedings of the Hawaii International Conference on System Sciences 2022, page 10, 2022. Google Scholar
  8. Rob Behnke. Explained: The mochi inu governance hack (november 2021). https://www.halborn.com/blog/post/explained-the-mochi-inu-governance-hack-november-2021 , 2021.
  9. Rob Behnke. Explained: The Tornado Cash Hack. https://www.halborn.com/blog/post/explained-the-tornado-cash-hack-may-2023, May 2023.
  10. Jan Behrens. The origins of liquid democracy. The Liquid Democracy Journal on electronic participation, collective moderation, and voting systems, 5, May 2017. URL: https://liquid-democracy-journal.org/issue/5/The_Liquid_Democracy_Journal-Issue005-02-The_Origins_of_Liquid_Democracy.html.
  11. Tom W Bell. Blockchain and authoritarianism: The evolution of decentralized autonomous organizations. In Blockchain and Public Law, pages 90-104. Edward Elgar Publishing, 2021. Google Scholar
  12. BIGCAP. Community alert! this is scam dao proposal. https://twitter.com/BIGCAPProject/status/1697958233204490494, 2023. Twitter post.
  13. Everything Blockchain. Beanstalk Exploit - A Simplified Post-Mortem Analysis. https://medium.com/coinmonks/beanstalk-exploit-a-simplified-post-mortem-analysis-92e6cdb17ace, 2022.
  14. BlockSec. Twitter post on temple dao attack. https://twitter.com/BlockSecTeam/status/1579843881893769222, 2022.
  15. Maria Borge, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, and Bryan Ford. Proof-of-personhood: Redemocratizing permissionless cryptocurrencies. In 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 23-26. IEEE, 2017. Google Scholar
  16. Boring Security. All About Proxy Contracts. https://boringsecurity.com/articles/all-about-proxy-contracts, 2023.
  17. James M. Buchanan. Simple majority voting, game theory, and resource use. Canadian Journal of Economics and Political Science, 27(3):337-348, 1961. URL: https://doi.org/10.2307/139591.
  18. BuildFinance. Twitter post on governance attack. https://twitter.com/finance_build/status/1493223190071554049, 2022.
  19. Vitalik Buterin. Notes on blockchain governance. https://vitalik.eth.limo/general/2017/12/17/voting.html, 2017.
  20. Vitalik Buterin. Moving beyond coin voting governance. https://vitalik.eth.limo/general/2021/08/16/voting3.html, 2021.
  21. Steven Callander. Bandwagons and momentum in sequential voting. The Review of Economic Studies, 74(3):653-684, 2007. Google Scholar
  22. Certik. Exploiting a smart contract without security vulnerabilities: Analysis of true seigniorage dollar attack event. https://www.certik.com/resources/blog/exploitingasmartcontractwithoutsecurityvulnerabilitiesanalysisoftrueseignioragedollarattackevent, 2021.
  23. Certik. Security Assessment GameDAO. https://skynet.certik.com/projects/gamedao, 2021.
  24. Certik. Securing The Web3 World. https://www.certik.com/, 2023.
  25. Certik. Top DAO Dashboards. https://skynet.certik.com/boards/dao, 2024.
  26. ChainSecurity. Security Audit of POA NETWORK’s Smart Contracts. https://chainsecurity.com/wp-content/uploads/2019/03/ChainSecurity_PoA.pdf, 2018.
  27. ChainSecurity. Code Assessment of the Hoprnet Token Smart Contracts. https://cdn.prod.website-files.com/65d35b01a4034b72499019e8/6644c996df51a11845ac7de3_210629_HOPR-Token_Smart-Contract-Audit-Report_ChainSecurity_compressed.pdf, 2021.
  28. ChainSecurity. Code Assessment of the Snapshot X Smart Contracts. https://cdn.prod.website-files.com/65d35b01a4034b72499019e8/6645a5f08d64f89be8ee4856_ChainSecurity_PoA_compressed.pdf, 2023.
  29. coinlive. Synthetify suffers $230,000 loss due to governance failure. https://www.coinlive.com/news-flash/298994, 2023.
  30. Cointelgraph. Hacker drains $1.08M from Audius following passing of malicious proposal. https://cointelegraph.com/news/hacker-drains-1-08m-from-audius-following-passing-of-malicious-proposal, 2022.
  31. Consensys. Ethereum Smart Contract Best Practices. https://consensys.github.io/smart-contract-best-practices/development-recommendations/general/external-calls/, 2023.
  32. Consensys. Ethereum smart contract best practices. https://consensys.github.io/smart-contract-best-practices/development-recommendations/, 2023.
  33. Tim Copeland. Steem vs tron: The rebellion against a cryptocurrency empire. https://decrypt.co/38050/steem-steemit-tron-justin-sun-cryptocurrency-war, 2020.
  34. Tim Copeland. Build finance dao suffers 'hostile governance takeover' loses $470,000. https://www.theblock.co/post/134180/build-finance-dao-suffers-hostile-governance-takeover-loses-470000, 2022.
  35. Phil Daian. Analysis of the dao exploit. https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/, 2016.
  36. Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In 2020 IEEE Symposium on Security and Privacy (SP), pages 910-927, 2020. URL: https://doi.org/10.1109/SP40000.2020.00040.
  37. Philip Daian, Tyler Kell, Ian Miers, and Ari Juels. On-chain vote buying and the rise of dark daos. https://hackingdistributed.com/2018/07/02/on-chain-vote-buying/, 2018.
  38. Mike Dalton. Build finance dao suffers governance takeover attack. https://cryptobriefing.com/build-finance-dao-suffers-governance-takeover-attack/, 2022.
  39. Roxana Danila. Responsible vulnerability disclosure. https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa, 2020.
  40. Decentraland. Change Gov Mechanism to Mitigate Last-Minute Voting in DAO. https://decentraland.org/governance/proposal/?id=00a79921-2dca-4bde-829e-3a503fc602c2, 2024.
  41. DeepDAO. Organizations. https://deepdao.io/organizations, 2023.
  42. Defillama. Dexes tvl rankings. https://defillama.com/protocols/dexes/Ethereum, 2023.
  43. True Seigniorage Dollar. Twitter post on TSD attack. https://twitter.com/TrueSeigniorage/status/1370956726489415683, 2021.
  44. Maya Dotan, Aviv Yaish, Hsin-Chu Yin, Eytan Tsytkin, and Aviv Zohar. The vulnerable nature of decentralized governance in defi. In Proceedings of the 2023 Workshop on Decentralized Finance and Security, DeFi '23, pages 25-31, New York, NY, USA, 2023. Association for Computing Machinery. URL: https://doi.org/10.1145/3605768.3623539.
  45. Quinn DuPont. Experiments in algorithmic governance: A history and ethnography of “the dao,” a failed decentralized autonomous organization. In Bitcoin and beyond, pages 157-177. Routledge, 2017. Google Scholar
  46. Ehterscan. Build Finance. https://etherscan.io/tx/0xf7709b0587d89b9d9b04ca04ce54fdc02a5a30435daf1fb4ba1174486e365c9f , 2022. Ethereum transaction.
  47. Avraham Eisenberg. Twitter post on mango markets. https://twitter.com/avi_eisen/status/1581326197241180160, 2022.
  48. Etherscan. Yuan Finance. https://etherscan.io/tx/0x4556acce865abe3304eefc7d055112afdcab0d64f838790b46fa0d6dde189c9b, 2021. Ethereum transaction.
  49. Ittay Eyal and Emin Gün Sirer. A Decentralized Escape Hatch for DAOs. https://hackingdistributed.com/2016/07/11/decentralized-escape-hatches-for-smart-contracts/, 2016.
  50. Corin Faife. How to stole an election: BeanStalk DAO $80million FlashLoan attack study case. https://blog.verichains.io/p/how-to-stole-an-election-beanstalk, 2022.
  51. Rainer Feichtinger, Robin Fritsch, Lioba Heimbach, Yann Vonlanthen, and Roger Wattenhofer. SoK: Attacks on DAOs, 2024. URL: https://arxiv.org/abs/2310.19201.
  52. Rainer Feichtinger, Robin Fritsch, Yann Vonlanthen, and Roger Wattenhofer. The hidden shortcomings of (d)aos - an empirical study of on-chain governance. In Financial Cryptography and Data Security. FC 2023 International Workshops, pages 165-185, Cham, 2024. Springer Nature Switzerland. Google Scholar
  53. Owen Fernau. Nouns NFT Holders Opt To ‘Rage Quit’ Through New Fork. https://thedefiant.io/nouns-nft-holders-opt-to-rage-quit-through-new-forky, September 2023.
  54. Bryan Alexander Ford. Delegative democracy. Technical report, EPFL scientific publications, May 2002. URL: https://infoscience.epfl.ch/record/265695.
  55. Cesare Fracassi, Moazzam Khoja, and Fabian Schär. Decentralized crypto governance? transparency and concentration in ethereum decision-making. Transparency and Concentration in Ethereum Decision-Making (January 10, 2024), 2024. Google Scholar
  56. Robin Fritsch, Marino Müller, and Roger Wattenhofer. Analyzing voting power in decentralized governance: Who controls daos?, 2022. URL: https://arxiv.org/abs/2204.01176.
  57. Noemi Glaeser, István András Seres, Michael Zhu, and Joseph Bonneau. Cicada: A framework for private non-interactive on-chain auctions and voting. Cryptology ePrint Archive, 2023. Google Scholar
  58. David Gogel, Bianca Kremer, Aiden Slavin, and Kevin Werbach. Decentralized autonomous organizations: Beyond the hype, June 2022. URL: https://www3.weforum.org/docs/WEF_Decentralized_Autonomous_Organizations_Beyond_the_Hype_2022.pdf.
  59. David Gogel, Bianca Kremer, Aiden Slavin, and Kevin Werbach. Decentralized autonomous organization toolkit, January 2023. URL: https://www3.weforum.org/docs/WEF_Decentralized_Autonomous_Organization_Toolkit_2023.pdf.
  60. Lewis Gudgeon, Daniel Perez, Dominik Harz, Benjamin Livshits, and Arthur Gervais. The decentralized financial crisis. In 2020 Crypto Valley Conference on Blockchain Technology (CVCBT), pages 1-15, 2020. URL: https://doi.org/10.1109/CVCBT50464.2020.00005.
  61. Hacken. DAO Maker Audit Report. https://hacken.io/audits/dao-maker/, 2021.
  62. Hacken. Consitution DAO Smart Contract Code Review and Security Analysis. https://wp.hacken.io/wp-content/uploads/2022/01/%D0%A1onstitution-DAO_11012022Audit_Report.pdf, 2022.
  63. Halborn. Explained: The ForceDAO Hack (April 2021). https://www.halborn.com/blog/post/explained-the-forcedao-hack-april-2021, 2021.
  64. Halborn. Explained: The Curio Hack (March 2024). https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024, 2024.
  65. Andrew Hayward. Nouns Fork: Disgruntled NFT Holders Exit With $27 Million From Treasury. https://decrypt.co/197400/nouns-fork-disgruntled-nft-holders-exit-27-million-from-treasury, 2023.
  66. Lioba Heimbach, Eric Schertenleib, and Roger Wattenhofer. DeFi Lending During The Merge. In 5th Conference on Advances in Financial Technologies (AFT), Princeton, NJ, USA, October 2023. Google Scholar
  67. Lioba Heimbach, Eric Schertenleib, and Roger Wattenhofer. Short Squeeze in DeFi Lending Market: Decentralization in Jeopardy? In 3rd Workshop on Decentralized Finance (DeFi), Bol, Brac, Croatia, May 2023. Google Scholar
  68. Louis Husney. Mango markets madness: A case study on the mango markets exploit. https://infotrend.com/mango-markets-madness-a-case-study-on-the-mango-markets-exploit/, 2023.
  69. Jimmy Aki. The curve wars. https://www.techopedia.com/definition/the-curve-wars, 2023.
  70. James S. Jordan. Majority rule with dollar voting, pages 211-220. Springer Berlin Heidelberg, Berlin, Heidelberg, 2003. URL: https://doi.org/10.1007/978-3-540-24784-5_13.
  71. Aggelos Kiayias and Philip Lazos. Sok: Blockchain governance. In Proceedings of the 4th ACM Conference on Advances in Financial Technologies, AFT '22, pages 61-73, New York, NY, USA, 2023. Association for Computing Machinery. URL: https://doi.org/10.1145/3558535.3559794.
  72. Stefan Kitzler, Stefano Balietti, Pietro Saggese, Bernhard Haslhofer, and Markus Strohmaier. The governance of decentralized autonomous organizations: A study of contributors' influence, networks, and shifts in voting power, 2023. URL: https://arxiv.org/abs/2309.14232.
  73. Kleros. Kleros Blocks Attack on POH Governor, Saves 46 ETH. https://typefully.com/Kleros_io/5yDM4vb, 2023.
  74. Oliver Knight. Defi protocol temple dao struck by $2.3m exploit. https://www.coindesk.com/business/2022/10/11/defi-protocol-temple-dao-struck-by-23m-exploit/, 2022.
  75. Jack Kubinec. Dao on solana loses $230k after ‘attack proposal’ goes unnoticed. https://blockworks.co/news/solana-exploit-dao-hacker, 2023.
  76. Luh Luh Lan and Loizos Leracleous. Shareholder votes for sale, July 2005. URL: https://hbr.org/2005/06/shareholder-votes-for-sale.
  77. Isabelle Lee. A crypto collective lost $470,000 after one individual amassed enough tokens to take control of the group’s treasury. https://markets.businessinsider.com/news/currencies/build-finance-dao-treasury-discord-crypto-build-token-metric-2022-2, 2022.
  78. Leland Lee and Ariah Klages-Mundt. Governance extractable value. https://ournetwork.substack.com/p/our-network-deep-dive-2, April 2021.
  79. Adam Levi. A technical analysis of the genesis alpha hack. https://medium.com/daostack/a-technical-analysis-of-the-genesis-alpha-hack-f8e34433c14b, 2019.
  80. Lido. Moving To Two-Phase Voting. https://blog.lido.fi/moving-to-two-phase-voting/, 2022.
  81. Lioba Heimbach. DAO Vulnerability. https://github.com/liobaheimbach/DAOVulnerability, 2024.
  82. Thomas Lloyd, Daire O'Broin, and Martin Harrigan. Emergent outcomes of the vetoken model. In 2023 IEEE International Conference on Omni-layer Intelligent Systems (COINS), pages 1-6, 2023. URL: https://doi.org/10.1109/COINS57856.2023.10189201.
  83. LongForWisdom. [Urgent] Flash Loans and securing the Maker Protocol. https://forum.makerdao.com/t/urgent-flash-loans-and-securing-the-maker-protocol/4901, 2020.
  84. Maker. Maker Protocol Emergency Shutdown. https://docs.makerdao.com/smart-contract-modules/shutdown, 2023.
  85. Shaurya Malwa. Binance denies allegations it intends to use users' uniswap tokens for voting. https://www.coindesk.com/tech/2022/10/20/binance-denies-allegations-that-it-intends-to-use-users-uniswap-tokens-for-voting/, 2022.
  86. Dino Mark, Vlad Zamfir, and Emin Gün Sirer. A call for a temporary moratorium on the dao. https://hackingdistributed.com/2016/05/27/dao-call-for-moratorium/, 2016.
  87. Matt Hussey. What is Snapshot? The Decentralized Voting System. https://decrypt.co/resources/what-is-snapshot-the-decentralized-voting-system, 2021.
  88. Reshef Meir, Kobi Gal, and Maor Tal. Strategic voting in the lab: compromise and leader bias behavior. Autonomous Agents and Multi-Agent Systems, 34:1-37, 2020. Google Scholar
  89. Johnnatan Messias, Vabuk Pahari, Balakrishnan Chandrasekaran, Krishna P. Gummadi, and Patrick Loiseau. Understanding blockchain governance: Analyzing decentralized voting to amend defi smart contracts, 2024. URL: https://arxiv.org/abs/2305.17655.
  90. Rebecca B Morton, Daniel Muller, Lionel Page, and Benno Torgler. Exit polls, turnout, and bandwagon voting: Evidence from a natural experiment. European Economic Review, 77:65-81, 2015. Google Scholar
  91. Konstantin Nekrasov. DAO Voting Vulnerabilities. https://mixbytes.io/blog/dao-voting-vulnerabilities#rec506108657, 2023.
  92. Neodyme. Twitter post on synthetify attack. https://twitter.com/Neodyme/status/1715149044794655145?s=20, 2023.
  93. Evan Van Ness. Aragon vote shows the perils of onchain governance. https://evanvanness.com/post/184616403861/aragon-vote-shows-the-perils-of-onchain-governance, 2019.
  94. Zach Obront. Agora Audit Report. https://github.com/voteagora/optimism-gov/blob/main/audits/23-05-12_zachobront.md, 2023.
  95. OpenZeppelin Security. Technical Description of Critical Vulnerability in MakerDAO Governance. https://blog.openzeppelin.com/makerdao-critical-vulnerability, 2019.
  96. Optimism. Citizens’ house overview. https://community.optimism.io/docs/governance/citizens-house/, 2023.
  97. Optimism. Token house history. https://community.optimism.io/docs/governance/token-house-history/, 2023.
  98. Paladin. Documentation. https://doc.paladin.vote/, 2023.
  99. Zubin Pratap. Reentrancy Attacks and The DAO Hack. https://blog.chain.link/reentrancy-attacks-and-the-dao-hack/, 2022.
  100. Rikta Mandal. Venus Protocol Prevented Hostile Takeover Attempt. https://www.cryptotimes.io/2021/09/18/venus-protocol-prevented-hostile-takeover-attempt/, 2021.
  101. Romain Rossello. Blockholders and strategic voting in daos' governance. Available at SSRN 4706759, 2024. Google Scholar
  102. SEC. SEC Charges Avraham Eisenberg with Manipulating Mango Markets’ “Governance Token” to Steal $116 Million of Crypto Assets. https://www.sec.gov/news/press-release/2023-13, 2023.
  103. Mundus Security. Typical governance vulnerabilities: from DAO building to DAO smart contract audit. https://mundus.dev/blog/typical-dao-and-governance-smart-contracts-vulnerabilities, 2023.
  104. Tanusree Sharma, Yujin Kwon, Kornrapat Pongmala, Henry Wang, Andrew Miller, Dawn Song, and Yang Wang. Unpacking how decentralized autonomous organizations (daos) work in practice, 2023. URL: https://arxiv.org/abs/2304.09822.
  105. Shashank. Temple dao hack analysis. https://blog.solidityscan.com/temple-dao-hack-analysis-c96db856322c, 2022.
  106. David Siegel. Understanding The DAO Hack. https://www.coindesk.com/learn/understanding-the-dao-attack/, 2023.
  107. Statemind. KP3R Vulnerability Report. https://statemind.io/blog/kp3r-vulnerability-report, 2019.
  108. Sujith Somraaj. Yam Finance Safeguards $3.1M Treasury From Governance Attack. https://decrypt.co/104848/yam-finance-safeguards-3-1m-treasury-governance-attack, 2022.
  109. Xiaotong Sun, Charalampos Stasinakis, and Georigios Sermpinis. Decentralization illusion in decentralized finance: Evidence from tokenized voting in makerdao polls, 2023. URL: https://arxiv.org/abs/2203.16612.
  110. Tally. Post mortem and impact summary: Tally voting bug. https://blog.tally.xyz/post-mortem-and-impact-summary-tally-voting-bug-6a12616ce717?gi=3bda9305d9b9, 2023.
  111. Joshua Z. Tan, Tara Merk, Sarah Hubbard, Eliza R. Oak, Joni Pirovich, Ellie Rennie, Rolf Hoefer, Michael Zargham, Jason Potts, Chris Berg, Reuben Youngblom, Primavera De Filippi, Seth Frey, Jeff Strnad, Morshed Mannan, Kelsie Nabben, Silke Noa Elrifai, Jake Hartnell, Benjamin Mako Hill, Alexia Maddox, Woojin Lim, Tobin South, Ari Juels, and Dan Boneh. Open problems in daos, 2023. URL: https://arxiv.org/abs/2310.19201.
  112. Team Audius. Audius Governance Takeover Post-Mortem 7/23/22. https://blog.audius.co/article/audius-governance-takeover-post-mortem-7-23-22, 2022.
  113. Andrew Thurman. How did a former quadriga exec end up running a defi protocol? wonderland founder explains. https://www.coindesk.com/tech/2022/01/27/how-did-a-former-quadriga-exec-end-up-running-a-defi-protocol-wonderland-founder-explains/, 2021.
  114. Andrew Thurman. Tron’s justin sun accused of ‘governance attack’ on defi lender compound. https://www.coindesk.com/tech/2022/02/04/trons-justin-sun-accused-of-governance-attack-on-defi-lender-compound/, 2022.
  115. TrailOfBits. Curve DAO Security Assessment. https://github.com/trailofbits/publications/blob/master/reviews/CurveDAO.pdf, 2020.
  116. Uniswap. GovernorBravoDelegate. https://github.com/gettty/uniswap-gov/blob/main/contracts/GovernorBravoDelegate.sol, 2024.
  117. Vitalik Buterin. DAOs, DACs, DAs and More: An Incomplete Terminology Guide. https://blog.ethereum.org/2014/05/06/daos-dacs-das-and-more-an-incomplete-terminology-guide, 2014.
  118. Thomas Walshe and Andrew Simpson. An empirical study of bug bounty programs. In 2020 IEEE 2nd International Workshop on Intelligent Bug Fixing (IBF), pages 35-44. IEEE, 2020. Google Scholar
  119. Aviv Yaish, Svetlana Abramova, and Rainer Böhme. Strategic vote timing in online elections with public tallies. arXiv preprint arXiv:2402.09776, 2024. Google Scholar
  120. Ryan Youngjoon Yi. Digixdao: A divorce story - a case study for voting systems and cryptonative arbitrage. https://blog.coinfund.io/digixdao-divorce-story-6ed74b00e2bd, February 2020.
  121. Yuan Finance. Yuan Governance Attack Update and Migration Plan. https://medium.com/yuan-finance/yuan-governance-attack-update-and-migration-plan-3b5d949ab466, 2021.
  122. zefram.eth. Twitter post on mochi. https://twitter.com/boredGenius/status/1458732732540854276 , 2021.
  123. Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais. Sok: Decentralized finance (defi) attacks. In 2023 IEEE Symposium on Security and Privacy (SP), pages 2444-2461. IEEE, 2023. Google Scholar
  124. James Zou, Reshef Meir, and David Parkes. Strategic voting behavior in doodle polls. In Proceedings of the 18th ACM conference on computer supported cooperative work & social computing, pages 464-472, 2015. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail