Flash Loan Governance Attack: Definition, Smart Contract Example & Audit Notes

Flash Loan Governance Attack

A flash loan governance attack uses borrowed voting power to influence or execute governance actions before the loan is repaid.

An attacker borrows votes for a moment and uses them to push through a harmful decision.

Flash Loan Governance Attack Explained in Detail

In a flash loan governance attack, the attacker borrows governance tokens, uses them to vote or trigger a governance action, and repays the loan quickly. The attack works when governance measures voting power at the wrong time or has weak timing controls.

Snapshots, voting delays, and timelocks are common defenses.

Smart contract example

borrow votes -> vote or execute -> repay loan

If all steps can happen in one transaction or short window, governance is exposed.

Flash Loan Governance Attack in Auditing

Governance power should usually reflect durable economic stake, not momentary borrowed balances. If current balances decide voting, flash liquidity can distort control.

Auditors test whether voting power can be borrowed, delegated, and used before users can react.

Red flags in code

Voting uses current token balances instead of snapshots.
There is no voting delay.
There is no timelock before execution.
Quorum is low relative to available liquidity.
Governance token transfers and delegation can be abused around votes.

How to test or review it

Borrow or simulate a large temporary token balance.
Try propose, vote, queue, and execute in the shortest allowed path.
Check snapshot block behavior.
Test delegation timing.
Verify timelock delay gives users time to exit or respond.

Sources

https://docs.openzeppelin.com/contracts/api/governance