Tuesday, May 30, 2023

Be Careful What You Vote For

One big idea in cryptocurrencies is attempting to achieve decentralization through "governance tokens" whose HODLers can control a Decentralized Autonomous Organization (DAO) by voting upon proposed actions. Of course, this makes it blindingly obvious that the "governance tokens" are securities and thus regulated by the SEC. But even apart from that problem recent events, culminating in "little local difficulties" for Tornado Cash, demonstrate that there are several others.

Below the fold I look at these problems.

The DAO was the first major "smart contract". Even after it had been exploited on 17th June, 2016 for $50M of notional value, the front page of its web site announced:
The DAO’s Mission: To blaze a new path in business organization for the betterment of its members, existing simultaneously nowhere and everywhere and operating solely with the steadfast iron will of unstoppable code.
The basic idea was:
The DAO was intended to operate as "a hub that disperses funds (currently in Ether, the Ethereum value token) to projects". Investors received voting rights by means of a digital share token; they vote on proposals that are submitted by "contractors" and a group of volunteers called "curators" check the identity of people submitting proposals and make sure the projects are legal before "whitelisting" them.
As it turned out, although the code of the DAO was immutable, the Ethereum platform on which it ran wasn't. The Ethereum community decided to hard-fork so as to return the ETH in the DAO to its original owners. The exploited chain continued as Ethereum Classic, currently "worth" $18.03 versus the forked chain's ETH $1811.

The upshot was that people realized that deploying immutable software meant that any bugs could not be fixed, and that in the real world where the bounty for a bug might be in the millions of dollars this wasn't a risk worth running. So the concept of voting to govern a DAO's actions was extended to include voting to mutate the code, so they became IINO (Immutable In Name Only).

What are the problems with the idea of voting to control, and in particular to update, a DAO? Here is my list:
  • Voting takes time
  • Voting requires disclosure
  • Who are the voters?
  • Can the voters understand the proposal?
  • Will the vote be effective?

Voting takes time

In On Trusting Trustlessness I wrote:
If a "smart contract" needs to be upgraded to patch a bug or vulnerability, or to recover stolen funds, the multisig members need to (a) be told about it, and (b) be given time to vote, during which time anyone who knows about the reason can exploit it, so (c) keep it secret. Benjamin Franklin wrote “Three may keep a secret, if two of them are dead.” This was illustrated by the $162M Compound fiasco:
"There are a few proposals to fix the bug, but Compound’s governance model is such that any changes to the protocol require a multiday voting window, and Gupta said it takes another week for the successful proposal to be executed."
Compound built a system where, if an exploit was ever discovered, the bad guys would have ~10 days to work with before it could be fixed. This issue is all the more important in an era of flash loan attacks when exploits can be instantaneous.

Voting requires disclosure

I discussed this problem in last September's Responsible Disclosure Policies:
The fundamental problem ... is this:
  • Cryptocurrencies are supposed to be decentralized and trustless.
  • Their implementations will, like all software, have vulnerabilities.
  • There will be a delay between discovery of a vulnerability and the deployment of a fix to the majority of the network nodes.
  • If, during this delay, a bad actor finds out about the vulnerability, it will be exploited.
  • Thus if the vulnerability is not to be exploited its knowledge must be restricted to trusted developers who are able to ensure upgrades without revealing their true purpose (i.e. the vulnerability). This violates the goals of trustlessness and decentralization.
This problem is particularly severe in the case of upgradeable "smart contracts" with governance tokens. In order to patch a vulnerability, the holders of governance tokens must vote. This process:
  • Requires public disclosure of the reason for the patch.
  • Cannot be instantaneous.
If cryptocurrencies are not decentralized and trustless, what is their point? Users have simply switched from trusting visible, regulated, accountable institutions backed by the legal system, to invisible, unregulated, unaccountable parties effectively at war with the legal system. Why is this an improvement?

Who are the voters?

As with stocks, the idea of "one token one vote" sounds great but ignores the extreme Gini coefficients of cryptocurrencies. Andrew R. Chow quotes Vitalik Buterin as:
scornful of the dominance of coin voting, a voting process for DAOs that Buterin feels is just a new version of plutocracy, one in which wealthy venture capitalists can make self-interested decisions with little resistance. “It’s become a de facto standard, which is a dystopia I’ve been seeing unfolding over the last few years,” he says.
This ignores an even bigger problem, because it isn't just the VCs or the whales that hold huge stashes of these tokens, it is the exchanges holding them on account for their customers. Strangely, five years earlier Buterin had described a problem:
In a proof of stake blockchain, 70% of the coins at stake are held at one exchange.
Note that as I write four staking services control Ethereum, Lido, Coinbase, Binance, & Kraken. Justin Sun famously conspired with exchanges to vote their customers' coins to enable him to take over the Steem blockchain.

This problem is exacerbated by the availability of flash loans, allowing an attacker cheaply and instantaneously to acquire temporary voting power.

An October 2020 example of a flash loan attack on DAO governance was what BProtocol did to MakerDAO:
BProtocol used 50,000 ETH to borrow wrapped ETH from decentralized exchange dYdX. It put the wrapped ETH on Aave protocol to borrow $7 million in MKR governance tokens, which allow holders to vote on proposals affecting Maker’s operations. It locked those tokens to vote for its proposal, then unlocked them to return the funds to AAVE and dYdX.
A more recent example from April 2022 caused this — Beanstalk DeFi platform loses $182 million in flash-loan attack:
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets.

As a result of this attack, trust in Beanstalk's market has been compromised, and the value of its decentralized credit-based BEAN stablecoin has collapsed from a little over $1 on Sunday to $0.11 right now.

The decentralized finance (DeFi) platform detailed on its Discord channel that the attacker took a flash loan on Aeve, a liquidity protocol, and used their voting power from holding a large amount of the Stalk native governance token to pass a malicious proposal.
This attack should not have been a surprise, as Corin Faife reported in Beanstalk founders dismissed concerns about governance attacks before losing $182 million:
In the wake of the attack, chat logs and video evidence show that the founders were warned about the risk of exactly this kind of attack, but they dismissed community members’ concerns.
Though the attack shocked Beanstalk users — some of whom claimed to have lost six-figure sums of money — the threat of a governance attack was raised in Beanstalk’s Discord server months previously and in at least one public AMA session held by Publius, the development team behind the project.

Can the voters understand the proposal?

Whoever the voters may be, just as with a ballot proposition in California, they will be presented with a written description of the proposal. But this isn't what they are voting on. In California, it is a set of changes to the law. In the case of governance tokens, it is a set of changes to the code. It is notoriously difficult to read law or code and determine exactly how it will function in every case.

This was recently demonstrated, as Molly White reports in Tornado Cash DAO suffers hostile takeover:
A proposal ostensibly to penalize cheating network participants in the Tornado Cash crypto tumbler project successfully passed by DAO vote. However, the proposer had added an extra function, which they subsequently used to obtain 1.2 million votes. Now that they have more than the ~700,000 legitimate Tornado Cash votes, they have full control of the project.

The attacker has already drained locked votes and sold some of the $TORN tokens, which are governance tokens that both entitle the holder to a vote but also were being traded for $5–$7 around the time of the attack. The attacker has since tumbled 360 ETH (~$655,300) through Tornado Cash to obscure its final destination. Meanwhile, $TORN plummeted in value more than 30% as the attacker dumped the tokens.

The attacker now has full control over the DAO, which according to crypto security researcher Sam Sun grants them the ability to withdraw all of the locked votes (as they did), drain all of the tokens in the governance contract, and "brick" (make permanently non-functional) the router.
The full details of how this was done are in this thread by samczsun:
Be careful what you vote for! While we all know that proposal descriptions can lie, proposal logic can lie too! If you're depending on the verified source code to stay the same, make sure the contract doesn't have the ability to selfdestruct
Sam Reynolds reports that:
The Tornado Cash token (TORN) is up 10% after a proposal submitted by a wallet address linked to a recent attack on the decentralized autonomous organization’s (DAO) governance state looks to reverse the malicious changes.

“The attacker posted a new proposal to restore the state of governance," user Tornadosaurus-Hex wrote in the Tornado Cash community forum, adding that there is a "good chance" that the attacker would execute it.

Tornadosaurus-Hex said that the attacker is reverting the TORN tokens they gave themself – which gave them a controlling share of the governance votes – back to zero.
Maybe this time the proposal's code will actually do what he says it does.

Will the vote be effective?

If the vote is to mutate some "smart contract" controlled by a multisig of all the tokens, it can become effective once a quorum of votes has been cast. But in many cases although the vote is presented as binding, it is in effect advisory. Here are Molly White's reports on a couple of recent examples:
  • Aragon DAO faces governance crisis:
    In June and October 2022, the Aragon DAO — that is, all holders of the $ANT token or (later) their delegates — voted on several proposals supporting a move to place the Aragon treasury under DAO control. The treasury is a pool of crypto assets currently priced at around $174 million. However, the tokens continued to remain under control of the Aragon Association.

    On May 9, 2023, the Aragon Association announced that they would not be following through with the treasury change, and instead would be "repurposing the Aragon DAO into a grants program". They attributed the decision to "coordinated social engineering and 51% attack" on the DAO that began shortly after a small portion of the treasury assets were transferred.
  • First Arbitrum DAO vote spirals into disaster: DAO rejects $1 billion spending proposal, but Arbitrum already started spending:
    Arbitrum submitted a proposal for DAO members to vote on various governance processes, as well as the distribution of 750 million ARB tokens to an "Administrative Budget Wallet" — tokens that were priced at around $1 billion.

    The vote, which still has a day left before completion, is currently standing at 75% against and 25% in support. However, it was discovered that Arbitrum had already begun spending those 750 million tokens, including via the movement of a substantial amount of tokens, and "conversion of some funds into stablecoins for operational purposes".
As you can see, both of these are cases where the system is DINO (Decentralized In Name Only).


  1. I found myself trying to imagine what a TradFi version of the "borrow → buy DAO control → take over → hack rules → sell off tokens → repay loans" would look like. Say, Musk taking over Twitter. And my imagination failed me. I think, like LOCKSS, the key is in the time constants/minima associated with the process steps in TradFi, Disclosure is also important, but as you point out the comprehensibility of the disclosed information is critical.

  2. Right - I forgot to point out that the plain language summary of a CA proposition is prepared by a neutral party (legislative analyst) not by the proposer. Though given the fallibility of code audits I'm not sure it'd make much difference.

  3. Protos reports on three different heists in Latest round of DeFi exploits display its wide range of vulnerabilities:

    First the abandoned Atlantis Loans project:

    "With presumably little attention paid to Atlantis since the devs departed, the defunct project was susceptible to a governance attack targeting previous users.

    In order to deposit funds into a DeFi lending pool, users must grant the pool’s smart contract approval to spend a certain token in their wallet. These approvals are often, by default, for an infinite quantity and last until they’re manually revoked by the user.

    Any user who still had active approvals granted to Atlantis contracts, regardless of whether or not they had withdrawn their funds, was a potential victim if hackers took control of the contracts.

    This is exactly what the attacker did, publishing and voting for a proposal that allowed them to upgrade existing Atlantis contracts to their own malicious version.

    They then used the existing approvals to send around $1 million in a variety of tokens to their own address, directly from the wallets of previous Atlantis users."

    Second, Sturdy Finance:

    "The exploit involved the manipulation of Sturdy’s price oracle, a system designed to calculate the value of a deposit token based on the balance of underlying assets in its pool. The hacker tricked the protocol into overvaluing their collateral, allowing them to borrow excess funds. The process was repeated for various pools."

    Third, the Keep3r Network:

    "The Keep3r Network, itself a prime example of this composability, allows projects to outsource “Jobs” to a decentralized network of “Keepers” in order to effectively automate devops tasks, protocol maintenance, etc.

    However, an address with control over a number of Keeper contracts was created via Profanity, a tool for creating “vanity addresses,” which was discovered to be insecure last summer.

    On Monday morning, the compromised address was used to drain the contracts of around $200,000 worth of K3PR tokens to the attacker’s address."

  4. A wonderful example of Decentrialized In Name Only in Molly White's Party Parrot team prepares to "vote" to allocate themselves 80% of initial offering funds, around $60 million:

    "You almost have to hand it to the Party Parrot team, they really figured out how to take advantage of ostensibly "decentralized" governance to line their own pockets. After raising $80 million in an "IDO" — initial DEX offering — in September 2021, the project is now embarking on a governance "vote" that would cash out the project treasury and distribute it to PRT token holders. However, the project team also unilaterally decided to unlock tokens held by the team in November 2022, meaning that the project now has access to 80% of the token supply — the same tokens that will decide the outcome of the vote."

    The team and the VCs get $60M, the "community" gets $12M. Such a deal!

  5. Josephine Wolff's A Recent Court Ruling Will Help the U.S. Government Go After Cryptocurrency Criminals reports on Coinbase's effort to overturn the sanctions imposed on Tornado Cash:

    "But for Judge Robert Pitman, who ruled on the Coinbase-funded case against the Treasury, there was no First Amendment problem with the sanctions of Tornado Cash. For one thing, Pitman pointed out, people could still use other services to “make donations to important political and social causes.” And for another, the Treasury had already stated that its sanctions would “not restrict interaction with the open-source code unless these interactions amount to a transaction.” That meant that people could “lawfully analyze the code and use it to teach cryptocurrency concepts,” Pitman said, so long as they did not “execute it and use it to conduct cryptocurrency transactions.”

    As for the argument that Tornado Cash couldn’t be sanctioned because it was operated by a DAO rather than a centralized organization, Pitman pointed out that it wasn’t terribly convincing given that the DAO was capable of doing many of the same things as a company, including placing job advertisements and paying contributors to the code base."