DAO Attack Highlights Governance Vulnerabilities

The vulnerabilities in DAO governance were revealed after a recent incident where the community didn’t pay enough attention. This case is similar to an earlier incident where Compound was attacked and shows the persistent vulnerabilities in decentralized governance.

How Apathy Enabled the DAO Attack

The latest episode of Unchained reveals that the DAO hack occurred because the hacker monitored the inactivity of the project and saw an opportunity to exploit the weakness in the community. The weakness was the complete apathy toward the issue and lack of action from stakeholders, which allowed the hacker to manipulate the governance system and take over the DAO tokens.

Another factor that made this even worse is that the DAO project is run by various university clubs and organizations. The unsupervised attack happened to occur over a national holiday, which allowed the hacker to pull off the hack while everyone involved in the project was distracted.

Lessons from Compound’s Similar Incident

The vulnerability seen in DAO governance is not something new; there have been many instances of significant breaches caused by such weaknesses in the past as well. Compound suffered a similar attack where a person called Humpy took advantage of a lapse in community participation. This shows that whenever there is a lack of vigilance, the chances of DAOs being compromised increase.

Thus, both of the above incidents highlight that there is a flaw in the system regarding decentralized governance, as whenever there are fewer individuals participating, the defense mechanism of that project weakens.

Prevention and the Importance of Timelocks

The DAO could have easily avoided the attack if there had been an improved timelock mechanism. At the moment, the DAO utilizes a simple one-day timelock, which is not enough time for the community to react properly. According to the Unchained report, having a timelock of two days would allow enough time for stakeholders to detect and respond to any attack.

The findings from this study point to the necessity for the DAO to review its governance structures and procedures. Proper timelock configuration and engagement with the community ahead of time are necessary for preventing risks from attacks like this one.

Source — Unchained: https://www.youtube.com/watch?v=IkfNYJN4QpY