In the "Code is Law" paradigm, whoever controls the majority of votes controls the treasury. Historically, acquiring 51% of the tokens required immense capital, making attacks economically irrational.
Flashloans changed the math. Today, an attacker does not need to buy the tokens; they only need to borrow them for a single transaction. If your DAO governance allows immediate voting and execution, your treasury is free for the taking.
The Beanstalk Farms Case ($182M)
The Beanstalk exploit is the textbook example of a governance attack.
- The Flaw: The protocol allowed a proposal to be executed immediately upon passing, without a TimeLock delay.
- The Attack: The hacker borrowed ~$1 billion in assets via Flashloan to acquire 67% of the governance voting power.
- The Execution: They proposed a malicious transaction ("Send all funds to me"), voted "Yes" with the borrowed tokens, executed the transfer, and repaid the loan—all within one block.
The protocol functioned exactly as written. The vulnerability was not in the Solidity syntax, but in the governance architecture.
Checkpointing: The First Line of Defense
To prevent Flashloan voting, the contract must check the user's balance in the past, not the present. Using getPriorVotes(account, blockNumber - 1) ensures that tokens bought or borrowed in the current block cannot be used to vote.
However, checking past balances alone is insufficient if an attacker can buy tokens, wait one block, vote, and sell. This mitigates Flashloans but not well-capitalized whales.
TimeLock: The Real Protection
No governance decision should be executable immediately. A TimeLock contract is mandatory.
- Queuing: After a vote passes, the action is queued for a set period (e.g., 48 hours).
- Veto/Exit: This delay allows the community to detect malicious proposals and either veto them (if a "Guardian" role exists) or rage-quit (withdraw assets) before the exploit occurs.
If your DAO allows atomic execution of proposals, it is already hacked; you just haven't noticed yet.