Governance is a fundamental process for the functioning of decentralized finance systems (DeFi). In this context, governance refers to a set of processes and mechanisms that enable users to participate in decision-making on the DeFi platform.
Types of Governance
Governance can be of two types: off-chain and on-chain.
Off-chain governance is a process in which users discuss the decisions needed to improve a DeFi platform in forums or social networks, without the need to use the blockchain. In other words, the discussion and decision-making takes place outside the system itself.
This approach is very common in smaller DeFi platforms, which may not have the infrastructure to implement more complex on-chain governance. Off-chain governance may also be an option when the platform is still in an early stage of development and a more formal governance mechanism has not yet been established. Off-chain governance can be considered unstructured because there is no formal framework or established process for discussions. Users can participate in open discussions, public forums, chat groups or social networks, which can lead to a lot of different conversations and ideas.
Although off-chain governance can be unstructured, it can be an effective way for users to voice their opinions and discuss changes needed to improve the platform. This approach allows for greater user participation in decision-making, as they can participate in discussions from anywhere in the world without having a financial stake in the platform.
However, off-chain governance can have its disadvantages. It can be difficult for users to follow ongoing discussions and be aware of decisions made, which can lead to confusion and a lack of transparency in the process. In addition, discussions can take a long time and may not always lead to a clear solution or final decision.
On the other hand, on-chain governance is a process where decisions are made directly on the blockchain using a specific set of mechanisms. This means that decision-making is done within the DeFi platform itself, which allows for greater transparency and security in the process.
In on-chain governance, users can participate in decision-making using staked nodes. Staked nodes are nodes that have a certain number of tokens on the DeFi platform, allowing them to participate in voting on proposals and changes. Users who have more tokens have more voting power, which means they have more influence on decisions made on the platform.
In addition to staked nodes, smart contracts can also be used to automate the voting and decision-making processes on the DeFi platform. Smart contracts are computer programs that run automatically on the blockchain, meaning that they do not require human intervention to perform specific tasks.
Smart contracts are used in on-chain governance to automate the voting and decision-making process. Users can submit proposals for change to the platform, and the smart contracts take care of verifying whether they meet the necessary requirements. If the proposal meets the requirements, users can vote for or against it. Once a certain threshold of votes has been reached, the smart contract automatically executes the proposal and makes the necessary changes to the platform. This means that decision-making is transparent and automated, which increases the efficiency of the process.
In summary, governance is a key component in the operation of DeFi platforms. Through governance, users can voice their opinions and participate in decision-making to improve the platform and make it more efficient and secure. Governance can be off-chain or on-chain, and each has its own advantages and disadvantages depending on the platform and its users.
Governance today
Governance is a very important topic today, especially in the world of decentralized finance (DeFi). In the DeFi ecosystem, governance is fundamental to make decisions about the direction the platform should take and the policies that should be implemented.
Today, governance in DeFi is mainly done through Smart Contracts. Smart Contracts are software that run on the blockchain and can be used to automate a wide range of processes, including decision-making, on the platform.
The governance process starts with an off-chain discussion, where the DeFi platform user community discusses and proposes changes or improvements to the platform. Once a proposal has been agreed upon, it is moved to a Smart Contract so that users can vote on it. DeFi platform users can vote on proposals using their tokens. This means that users with more tokens have more voting power and therefore have more influence on the decisions made on the platform.
Through this system, a wide range of decisions can be made on the DeFi platform, including minting new tokens, blacklisting accounts suspected of fraudulent activity, allocating funds, modifying platform fees and much more.
DeFi cyber-attacks
Unfortunately, security on DeFi platforms is not always perfect, and hackers often attempt to exploit weaknesses in governance to steal large amounts of cryptocurrencies. The most common attacks include exploiting vulnerabilities in the source code of Smart Contracts, exploiting human errors in the platform’s configuration, and using phishing techniques to trick users and obtain their credentials.
One of the most well-known cases of theft on a DeFi platform occurred in 2020, when the bZx platform lost around $1 million in cryptocurrencies as a result of a flash lending attack. The attack exploited a vulnerability in the platform’s Smart Contract source code and allowed the attacker to borrow a large amount of unsecured funds. Another case occurred in 2021, when lending platform DeFi Alpha Homora lost more than $37 million in cryptocurrencies as a result of a vulnerability exploit in its governance system. Attackers managed to manipulate the voting system to pass a malicious proposal that allowed them to steal a large amount of funds.
However, the hack of the DeFi Beanstalk platform in April 2022 was one of the most surprising in cryptocurrency history. Despite the platform having decentralized governance, the hacker managed to exploit a vulnerability in the platform to steal all the network’s assets.
In this case, the hacker used a flashloan to obtain numerous tokens from the platform. He then created a malicious proposal in the form of a Smart Contract that, when activated, would transfer all the network’s tokens to his account. The hacker used the tokens he had obtained from the flashloan to support his own proposal, and due to the lack of participation of the other token holders in the vote, he automatically won the majority of the votes. Once the proposal was approved and the Smart Contract was executed, the hacker was able to steal all the tokens from the network without being detected. Although the platform had decentralized governance and the token holders were well distributed, the hacker managed to exploit a vulnerability and carry out the theft undetected.
This hack highlights the importance of maintaining rigorous security in the governance of DeFi platforms. Developers of DeFi platforms must continually work to identify and fix vulnerabilities in the platform to prevent hackers from exploiting them and stealing users’ assets.
Preventive measures
Some of the measures that can be taken to prevent attacks like the ones described above are:
– Consensus algorithm that requires at least 3 or more participants to approve a proposal: This measure helps to prevent a single individual or group from having total control of the DeFi platform. By requiring a minimum number of participants to approve a proposal, it promotes decentralization and avoids centralization of power.
– Longer voting period: A longer voting period can give users more time to review and debate proposals, which increases the likelihood that potential fraud or errors in the voting process will be detected.
– Delayed execution of contracts: By introducing a delay in the execution of contracts, attacks such as the Beanstalk Hack can be prevented. In this case, if there had been a delay in the execution of the Smart Contract, users would have had time to detect the fraudulent proposal and act before the theft occurred.
– Guardian accounts: Guardian accounts can help prevent hacker attacks. These accounts are special accounts that have the ability to take corrective action in case suspicious activity is detected on the platform. Guardian accounts can be managed by trusted individuals in the community or by a trusted third party.
– Smart Contracts audit: Performing a Smart Contracts audit is one of the most important measures to prevent hacker attacks. A Smart Contracts audit is a technical review of the source code of a Smart Contract to detect possible programming errors, vulnerabilities and possible attacks. The audits are performed by specialized IT security companies and are a significant measure to ensure the security and reliability of Smart Contracts on the DeFi platform.