The Tally Newsletter, Issue 46

September 24, 2021

Welcome back for issue 46 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen. 

This week we cover: 

  • Fei Protocol uses Index Coop stake to support Aave integration

  • Venus Protocol faces governance attack

Plus brief updates from around the ecosystem.


Fei Protocol Uses Metagovernance Power to Drive Aave Proposal

TL;DR: Fei’s recently acquired INDEX token stake helped support their defi integration efforts.

One common critique of governance tokens is that their embedded voting rights are not particularly valuable. With a large share of tokens in most DAOs still controlled by founders, team members, and early investors, the tokens available on the open market can seem insignificant in comparison. But Fei’s recent successful proposal to integrate with Aave has helped demonstrate the value of protocol voting power. 

Fei had recently conducted an OTC trade with Pulse Inc (the company behind DefiPulse and several of Index Coop’s indexes) to acquire 100,000 INDEX tokens. This gave Fei DAO a significant share of voting power in Index, which in turn controls metagovernance votes on behalf of the DPI. With the help of the DPI’s share of AAVE tokens, Fei was able to meet the 0.5% proposal submission threshold required by Aave governance and swing over 20% of the final total vote count in their favor.

Source: Aave Proposal 37

The DPI’s participation in the Aave vote was in turn authorized by an Index Coop snapshot poll where Fei protocol made up nearly 50% of total votes cast.

Source: Index Coop Snapshot

Fei’s partnership with Index Coop allowed them to have significant leverage on their governance influence. With less than $4 million worth of INDEX tokens, they were able to effectively direct over $30 million worth of Aave tokens towards their preferred outcome and ensure FEI was successfully onboarded. 

This example of voting leverage is fairly innocuous, with all parties fairly well aligned on an uncontroversial decision. But the pattern of small voting blocks having outsize influence can be problematic and distort outcomes - this is somewhat similar to how America’s electoral college vote counting system for presidential elections puts most of the campaigning focus on a select few “swing states” that decide the outcome. 

Other examples of protocol voting mechanisms that can increase leverage include pooled voting mechanisms like Compound’s cUNI snapshot, PoolTogether’s plPOOL, and Idle Finance’s stkIDLE. In each case, small voting power shifts affecting the outcome of a pooled voting system could have a deciding influence on much larger proposal outcomes. DAO’s will need to keep a close eye on these areas to mitigate risk of manipulation or governance attacks.

Binance Smart Chain’s Venus Protocol Faces Novel Governance Attack

TL;DR: A recent proposal would have siphoned assets out of the protocol treasury, with a promise to share some of the funds with those voting in favor.

Venus Protocol has already faced significant difficulties over the past months, with management turnover and significant protocol losses from bad loans. We previously covered the series of events leading to insolvency for Venus in newsletter issue 32 back in May. 

Poor risk management and parameter selection allowed attackers to pump and then dump the price of the protocol’s native XVS token, with attackers reaping significant profits at the protocol’s expense. This in turn forced the abrupt exit of Swipe as the lead development team. 

While recently the price of Venus’s VAI stablecoin had begun to stabilize, indicating growing confidence in the protocol’s solvency, this was disrupted by a malicious proposal. 

Essentially, the proposal would have transferred much of the protocol’s reserves to an external address - purportedly to fund a new operations team to take over management of the protocol given the lack of contributors following Swipe’s exit. But the entity in question had no track record or public reputation, and also promised to use some funds from the proposal to bribe any voters who supported the funding proposal.

Because the Venus deployers had not yet renounced the guardian function built into Governor Alpha style DAOs, they were able to cancel the proposal before execution, avoiding loss of funds. But the fact that so many voters were willing to support the measure is cause for concern for the future of the Venus ecosystem. 

This episode also surfaces some risks that apply to DAOs more generally. The public nature of current blockchain voting mechanisms makes them vulnerable to bribery attacks - similar historical events are the primary driver behind the use of secret ballots in many existing voting systems. But private voting is difficult to reconcile with the use of delegation to help scale governance participation, as delegators need to ensure their chosen representative is aligned with their preferences. 

We’ve also seen that bribery attacks can have extremely low capital requirements. Here, the attackers didn’t provide any outside capital to finance their vote buying activities, instead drawing from the target protocol itself. Even proposal thresholds could be subverted by using an autonomous proposal contract, which would pool votes from many users until there was sufficient support to meet the vote requirement and start a proposal. 

For most protocols, the risk of a hostile takeover attack remains low due to concentration of voting power with a few key investors. But DAO’s will need to address gaps in governance security as their ownership grows more decentralized over time.


In Brief:

  • DAO service provider Llama Community publishes first Aave financial statements:

  • Gnosis Safe releases Zodiak suite of DAO tools:

  • 3 Arrows Capital makes initial DAO participation with DYDX protocol proposal:

  • Curve Finance deploys to Arbitrum amid continuing rise in L2 TVL:

Twitter avatar for @DefiMoonDefiMoon 🦇🔊 @DefiMoon
Looks like Curve have already been deployed to @arbitrum@arbitrum2day
arbitrum.curve.fi 👀 2pool: arbitrum.curve.fi/2pool Tricrypto pool: arbitrum.curve.fi/tricrypto Please don't use until Curve gives the OK! #DeFi $CRV $CVX
Image

Curve Finance @CurveFinance

[α] Dear @etherscan, can you add support for new vypers (0.2.15, 0.2.16) on arbiscan? 👀
  •  DAO for research on crypto’s cultural impact launches crowdfunding campaign:


Thanks for joining us for issue 46 of the Tally Newsletter. Be sure to check out the Tally governance app and join us on Discord for the latest updates!

Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at newsletter@withtally.com 

Best,

Nate, Tally