QX DeFi Risks Compass
  • 💡GETTING STARTED
    • About
    • License
    • How to Give Attribution For Usage of QX DeFi Risks Compass
  • 🏦Risks in TradFI
    • Global Finance - Key Framework
    • Risk Frameworks
    • Basics I - Terminology & Concepts
  • ⛓️RISKS IN DEFI
    • Deciphering DeFi Risks
    • DeFi Risk Management
    • EEA DeFi Risk Assessment Guidelines
    • Basics II - DeFi
  • 🥷Systematic Risks
    • Market Risk
      • Defining Market Risk
      • Assessing Market Risk
      • Managing Market Risk
      • In Practice
      • Liquidity Risk
        • Defining Liquidity Risk
        • Assessing Liquidity Risk
        • Managing Liquidity Risk
        • In Practice
    • Compliance & Legal Risk
      • Defining Compliance & Legal Risk
      • Assessing Compliance Risk
      • Managing Compliance Risk
      • In Practice
    • Bridge Risk
      • Defining Bridge Risk
      • Assessing Bridge Risk
      • Mitigating Bridge Risk
      • In Practice
    • Oracle Risk
      • Defining Oracle Risks
      • Assessing Oracle Risks
      • Managing Oracle Risks
      • In Practice
  • 🥷UNSYSTEMATIC RISKS
    • Software Risk
      • Defining Software Risks
      • Assessing Software Risks
      • Managing Software Risks
      • In Practice
    • Economic/Financial Risks
      • Defining Economic Risks
      • Assessing Economic Risks
      • Managing Economic Risks
      • Tokenomics Risk
        • Defining Tokenomics Risks
        • Assessing Tokenomics Risk
        • Managing Tokenomics Risk
      • MEV Risk
        • Defining MEV Risk
        • Assessing MEV Risk
        • Managing MEV Risk
      • Credit Risk
        • Defining Credit Risk
        • Assessing Credit Risk
        • Managing Credit Risk
    • Governance Risk
      • Defining Governance Risk
      • Assessing Governance Risk
      • Managing Governance Risk
    • Standards Conformance Risks
      • Defining Standards Conformance Risks
      • Assessing Standards Conformance Risks
      • Managing Standards Conformance Risks
    • Security Risk
      • Security Risk Assessment
      • Security Risk Mitigation
Powered by GitBook
On this page
  1. UNSYSTEMATIC RISKS
  2. Governance Risk

Defining Governance Risk

Governance risk for a DeFi protocol refers to the vulnerabilities arising from the mechanisms and processes that govern decision-making, rule changes, and conflict resolution that could threaten the long-term sustainability and integrity of the protocol.

Specifically, the key governance risks include:

Voter apathy: Lack of participation in governance proposals and elections by token holders leads to low voter turnout. This raises the risk of vote buying, governance attacks, and unrepresentative changes being made.

Example:

A proposal to migrate an existing lending protocol to a layer 2 solution to reduce fees has low turnout of only 5% of token holders participating. Lack of community input raises risks of capture by special interests.

Plutocracies and whales: Governance tokens granted on a proportional basis can concentrate voting power in the hands of a few large token holders ("whales"). This allows a small set of token holders to control decisions.

Example: 

The top 1% DAO token holders have more than 50% of voting power due to large token allocations from the initial distribution. They collude to vote down a proposal raising withdrawal fees which hurts their profits.

Short-term priorities: Governance participants may prioritize short-term profits over long-term protocol stability and security. For example, blocking bug bounties or avoiding investing in infrastructure.

Example: 

During high farming yields and profits, a proposal to divert funds from emissions to audits and bug bounties is rejected because it may lower staking rewards in the short term.

Fork execution: Faulty code execution, coordination issues, or chain splits during fork upgrades of the protocol's software can disrupt operations.

Example:

A protocol fork to expand cross-chain bridges leads to a temporary chain split with two variant token versions which brings operations to a halt until resolved manually by core developers.

Centralization creep: Gradually increasing centralization/reduced decentralization of development teams, oracles, bridges or other external ecosystem dependencies poses risks of single points of failure.

Example: 

Most price oracles relied on by a lending protocol get acquired by a single crypto firm. This poses infrastructure centralization risks as oracle failures could cripple the entire lending protocol.

Custodial Risks

Key management risks - ronin network, harmony bridge

governance risk - beanstalk 181M

PreviousGovernance RiskNextAssessing Governance Risk

Last updated 1 year ago

🥷