Governance Attack Explained in Detail
A governance attack abuses the rules that let a protocol make decisions. The attacker may gain voting power, pass a malicious proposal, bypass a timelock, or abuse an executor role.
The attack can be fully on-chain and still look like a valid governance action.
Smart contract example
propose -> vote -> queue -> execute
Each step needs clear authorization, timing, and threshold rules.
Governance Attack in Auditing
Governance often controls upgrades, treasuries, emergency actions, fees, and risk parameters. A governance bug can give an attacker protocol-level control.
Auditors treat governance as an admin surface, not a separate political process.
Red flags in code
-
No timelock for high-impact actions.
-
Voting power can be borrowed or moved at the wrong time.
-
Quorum is too low for treasury or upgrade actions.
-
Executors can call unintended targets.
-
Proposal cancellation and emergency controls are unclear.
How to test or review it
-
Trace proposal creation, voting, queueing, execution, and cancellation.
-
Check voting snapshots and delegation behavior.
-
Test malicious proposal targets and calldata.
-
Verify timelock delay and role separation.
-
Model what happens if one large holder or multisig is compromised.