Defining Governance Risk

Governance risk for a DeFi protocol refers to the vulnerabilities arising from the mechanisms and processes that govern decision-making, rule changes, and conflict resolution that could threaten the long-term sustainability and integrity of the protocol.

Specifically, the key governance risks include:

Voter apathy: Lack of participation in governance proposals and elections by token holders leads to low voter turnout. This raises the risk of vote buying, governance attacks, and unrepresentative changes being made.


A proposal to migrate an existing lending protocol to a layer 2 solution to reduce fees has low turnout of only 5% of token holders participating. Lack of community input raises risks of capture by special interests.

Plutocracies and whales: Governance tokens granted on a proportional basis can concentrate voting power in the hands of a few large token holders ("whales"). This allows a small set of token holders to control decisions.


The top 1% DAO token holders have more than 50% of voting power due to large token allocations from the initial distribution. They collude to vote down a proposal raising withdrawal fees which hurts their profits.

Short-term priorities: Governance participants may prioritize short-term profits over long-term protocol stability and security. For example, blocking bug bounties or avoiding investing in infrastructure.


During high farming yields and profits, a proposal to divert funds from emissions to audits and bug bounties is rejected because it may lower staking rewards in the short term.

Fork execution: Faulty code execution, coordination issues, or chain splits during fork upgrades of the protocol's software can disrupt operations.


A protocol fork to expand cross-chain bridges leads to a temporary chain split with two variant token versions which brings operations to a halt until resolved manually by core developers.

Centralization creep: Gradually increasing centralization/reduced decentralization of development teams, oracles, bridges or other external ecosystem dependencies poses risks of single points of failure.


Most price oracles relied on by a lending protocol get acquired by a single crypto firm. This poses infrastructure centralization risks as oracle failures could cripple the entire lending protocol.

Custodial Risks

Key management risks - ronin network, harmony bridge

governance risk - beanstalk 181M

Last updated