The Perspective of Ordinary Users: How to Avoid Governance Attack Risk in the Downward Period of the Crypto Market

Author: K Erica k

The current market situation is very similar to the fusion condensed version of 2019 and 2022. Various problems explode together, and the difficulty is comparable to that of hell-level dungeons.

Compared to 2019, it feels very similar, but the dream atmosphere that some friends shouted at DeFi was coming, and the physical feeling is even worse.

The off-market environment is removed from virtual and real, there are only small hot spots in the market and no major trends. In essence, it is based on limited intra-market liquidity, and there is a large amount of ecological segmentation liquidity.

Every local bull market forced by a specific ecosystem is like a reduced $trump effect. Every small hot spot is another chance to escape in the eyes of many people.

Compared to 2022, it feels like it is also taking away the dross and removing the essence.

There are a lot of uncertainty, but at least one thing is certain:

Next, there should be a governance attack that goes far beyond the last round of bear markets - during market garbage time, it is best to make some adjustments to positions and on-chain interaction based on this.

What is a governance attack?

Governance Attack, the so-called Governance Attack, which means that an attacker uses the vulnerability or capital advantages of the governance mechanism to influence project decision-making in order to seek personal gain or destroy the system. It usually occurs during a period of low governance token prices and exhaustion of market liquidity, and the attacker is able to control decision-making power at low cost.

The most common thing in the last round of bear market is:

Many governance tokens (or NFTs) of the agreement are ignored and are falling continuously, but Treasury still has a lot of assets. When there is a clear imbalance between the two, there will be people with bad intentions.

Attackers usually accumulate large amounts of governance token chips at very low prices (small protocols are more common), or may temporarily borrow large amounts of governance tokens through flash loans and other methods to complete the voting directly corresponding to the on-chain operation.

The purpose of the attack is usually two: one is to steal funds, and the other is to change the contract logic.

For example, directly transferring all assets of treasury will result in some small projects that could have survived the bear market being unable to sustain, the value of the governance tokens in your hands will naturally decline, and the entire project will even die out.

For example, for some full-chain governance projects with Proxy mechanism, once the permissions are seized by the governance attacker and the contract logic is maliciously rewrite, and you happen to authorize some assets during the bull market, your assets will be in danger, especially the stablecoin assets that are the first to be affected.

Here is a little popular science: Proxy allows the protocol to update the contract logic without changing the original contract address. This is common in DeFi, but if governance permissions are taken by attackers, they can modify Proxy to allow the contract to execute malicious logic, such as transferring assets or modifying transaction rules.

The most common thing is that when you play some DeFi, you usually authorize assets such as USDC, USDT, and DAI, and have not been manually cancelled. During the market downturn, if you encounter this situation and there are these assets in your address, then the modified malicious contract logic can directly transfer all of your USDC, USDT, and DAI.

The crypto space during the market downturn, with the dissipation of most people's attention, it is easy to turn into a dark forest full of hunters.

I remember that in the bear market, even if some small agreements only have arbitrage space of tens of thousands of U, some people are willing to ambush them, and ultimately achieve governance attacks and completely kill the agreement.

In the downward range of this cycle, in addition to the governance attacks from external attackers, in the atmosphere of the collapse of Taoist heart, some project parties themselves will do so by relying on their voting advantages to rob the community. The most common behavior is to issue tokens out of thin air.

Holder's perspective, it is really easy to lose money if you hold a large amount of coins but insist on not paying attention to governance changes.

Recent cases, such as the governance proposal issued by CRO in early March.

Known as the "New Golden Age of Cronos", based on the original total of 30 billion, it was printed out 70 billion out of thin air. It was unlikely that it would be passed. In the end, because the official took the field to invest in YES, this weird proposal was almost passed two days ago.

Subsequently, the project party issued a proposal to destroy 50M $CRO, which was very absurd.

(Remember when I said that when I was managing information arbitrage, the project mentioned was a tweet that could be arbitrage from Binance’s additional issuance and researcher? The current market stage and environment have changed. If you see the additional issuance, it is difficult to think from a positive perspective, and you need to combine other factors to deduce why this is the case. What kind of person is the team, and are you really considering the community? I believe that these are your own scale in everyone’s mind.)

How to avoid it for ordinary users?

1. In daily interactions, avoid long-term and unlimited authorization of USDC and other stablecoin assets: It is recommended to select a limit every time you authorize, and when the GAS fee is low, take some time to check authorization with tools such as revoke.cash to cancel unnecessary parts, and at the same time to change the address regularly;

2. Screen participating projects to avoid participating in projects with opaque governance mechanisms, especially those that Proxy changes unaudited and lack of supervision. For some new DeFi projects, you should force yourself to pay attention to this, avoid having a lucky mentality, and form habits;

3. For projects with high position relevance, rely on themselves or entrust other researchers to regularly view DAO governance proposals, pay attention to malicious proposals in a timely manner, and be able to fight back together; for example, @byobu4, the Protector they once established, did a lot of this kind of governance and maintenance work during the last bear market.

Thinking of this for the time being, I will record it. Recently, I have been communicating with several whale friends and I feel that everyone is pessimistic about the future market.

Many friends originally thought that DeFi may have some new tricks in the loosening of US policies, but as mentioned above, the BSC's forced bull market these days is another reduced $trump effect. It is difficult to see the possibility of improvement in the market liquidity. If the overall liquidity is further divided and exhausted, the industry will enter the stage of frequent governance attacks. Is it worse if it is really bad?

The background of the era of getting rid of virtual and real, and the absurdity and bottom line of the virtual world are likely to be just a preview of the more absurdity of the real world in the future. No matter what the future holds, take a step back first, make the worst plans, and avoid some potential risks with high certainty. You will never be wrong.