1 - Introduction

In recent years, DAOs have come under attack due to some weaknesses that token voting using compound governance shows over time. Specialized groups have captured DAOs, approving proposals that have even wiped out some of them—literally.

To address these critical vulnerabilities, Blockful has been working to build tools and an anti-capture framework that helps DAOs protect themselves from malicious actors. It's important to take actions to lower risks, as well as real-time information to follow up on information focused on capturing your governance.

2 - Governance Security Review methodology and approach

Step 1: Study Uniswap Governance

Gather context to understand how we can adapt our anti-capture framework in the DAO, with its current token and delegation distribution, product parameters, main participants, governance processes, and smart contract structure.

Step 2: Implementation of the Anti-Capture Framework

Blockful has created a framework composed of different parameters and questions to identify signs that a DAO may be susceptible to capture. Each organization has its own individualities, but several pieces of on-chain, off-chain, and structural information are useful to get a deep view of a DAO's governance.

We will use the following data (but we won't limit ourselves to them):

• Collective and individual participation of delegates and the cost of attack in governance.
• A realistic analysis of Uniswap's risk of capture. Some of the data points used:
  • Average DAO turnout.
  • Average delegate turnout.
  • Average quorum to approve a proposal.
  • Profitability of the attack in the different scenarios.
    • Maximum & minimal attack costs
    • Maximum & minimal attack profit
• Parameters of proposal lifecycle (Governor, Timelock).
• The concentration of power in the main stakeholders and their degree of alignment with the DAO - whether they are known delegates at Uniswap. Identifying these wallets is important, since the attack risk is in the unknown part of token holders/delegates.
• Monitoring the purchase/loan of governance tokens at exchanges (centralized and decentralized).
• Historical analysis of the changes in voting delegations on Uniswap - and real-time monitoring of the changes.
• Monitoring the funding rate in order to identify attackers trying to profit from token price manipulation.
• Mapping the most influential groups in the DAO, monitoring behavior, the main stakeholders involved, and the voting power of these groups.
• Map the risks and possible attacks using Unistaker - measuring the problems of encouraging delegations. Analyzing risk and cost optimization for “Basilisk Attacks”, creating incentives enough for other players to cooperate on the attack.

Step 3: Identify Attack Vectors