# low-participation governance votes enable protocol parameter manipulation through flash loan voting power On-chain governance allows token holders to vote on protocol parameters: collateral factors, liquidation incentives, fee structures, asset listings, and code upgrades. The security model assumes broad, informed participation. In practice, voter apathy is endemic — most governance proposals see single-digit percentage participation of eligible token supply. This creates two compounding attack surfaces: **Flash loan governance attacks**: Governance tokens are typically ERC-20 tokens. If vote weight is determined by token balance at the moment of voting (rather than a snapshot at proposal creation), an attacker can borrow an enormous quantity of governance tokens via flash loan, vote on an active proposal, and return the tokens in the same block. The result: an attacker with zero capital in governance tokens can cast a decisive vote on any active proposal. **Low quorum exploitation**: Even without flash loans, low voter participation means that a moderately capitalized attacker can acquire enough governance tokens to win votes that legitimate holders don't bother to counter. Critical parameter changes — lowering collateral factors to enable over-borrowing, listing malicious collateral assets, enabling backdoors in upgrade paths — can pass through governance when participation is 3-5% of total supply. Since [[access control vulnerabilities are the leading cause of smart contract financial losses]], governance-controlled parameters are a particularly sensitive access control surface because they can be changed without exploiting any code bug — purely through the designed governance mechanism operating as intended but without sufficient participation. Mitigations include: vote-by-snapshot (snapshot token balances at proposal creation, preventing flash loan attacks), time-locked governance execution (delays between vote and execution allow monitoring and response), and quorum thresholds (proposals require minimum participation to pass). **Flash loan mitigation bypass via delegation chains**: Direct voting restrictions on flash-loaned tokens can be circumvented through indirect delegation. In the pattern identified in Cyfrin's DeXe Protocol audit, a "Master" contract flash-loans governance tokens, deposits them into the DAO, and delegates voting power to a separate "Slave" contract. The Slave votes and reaches quorum, then the Master undelegates and repays the flash loan. This defeats flash loan mitigations that focus on preventing direct voting by borrowed tokens — the borrower never votes directly, only delegates. **Real-world named instances**: - **Build Finance DAO (February 2022)**: An attacker passed a governance proposal to mint and sell governance tokens for approximately 160 ETH (~$470,000) through chronic low participation — there were simply not enough engaged voters to produce countervotes. No flash loans needed; persistent voter apathy was sufficient. - **GreenField DAO (April 2025)**: An attacker flash-borrowed 9 million GOV tokens, passed a malicious governance proposal, and drained $31 million from the treasury in a single block — the canonical recent instance of the basic flash loan governance attack against a system without snapshot protection. --- Relevant Notes: - [[access control vulnerabilities are the leading cause of smart contract financial losses]] — governance is the meta-level access control that determines all other parameters - [[flash loan oracle manipulation enables price feed attacks against defi protocols]] — flash loans enable both oracle manipulation and governance attacks in the same atomic transaction framework - [[allowing governance voting and execution in the same transaction makes any governance system unconditionally vulnerable to flash loan attack regardless of quorum threshold]] — identifies same-transaction execution as the structural root cause enabling all flash loan governance attacks - [[snapshot-based voting power measurement at proposal creation time prevents flash loan governance attacks by decoupling token acquisition from voting eligibility]] — the primary mitigation; requires persistent holdings rather than single-block flash loan rentals Topics: - [[vulnerability-patterns]] - [[protocol-mechanics]]