low-participation governance votes enable protocol parameter manipulation through flash loan voting power

# low-participation governance votes enable protocol parameter manipulation through flash loan voting power On-chain governance allows token holders to vote on protocol parameters. The security model assumes broad participation, but most proposals see single-digit percentage participation, creating two compounding attack surfaces: **Flash loan governance attacks**: If vote weight uses token balance at voting time (rather than a snapshot at proposal creation), an attacker can borrow governance tokens via flash loan, vote, and return them in the same block. A delegation chain variant (identified in Cyfrin's DeXe audit) bypasses direct-voting restrictions: a "Master" contract flash-loans tokens, deposits into the DAO, and delegates to a "Slave" that votes, defeating mitigations targeting direct voting. **Low quorum exploitation**: A moderately capitalized attacker can acquire enough tokens to win votes that legitimate holders ignore. Build Finance DAO (February 2022) lost ~$470,000 when an attacker passed a malicious proposal through chronic voter apathy alone. Since [[access control vulnerabilities are the leading cause of smart contract financial losses]], governance is a sensitive access control surface; changes require no code bug, only insufficient participation. The available flash loan capital for such attacks compounds with each governance-approved eligibility expansion: more eligible asset types mean more borrowable pools from which transient voting power can be assembled. The Beanstalk exploit is the canonical quantified instance: the high-capital flash loan execution path (350M DAI, 500M USDC, 150M USDT from Aave; 32.1M BEAN from Uniswap V2; 11.6M LUSD from SushiSwap) combined with LP token deposit-conversion to reach 78% voting power. Mitigations: vote-by-snapshot (balances at proposal creation), time-locked execution, and quorum thresholds. Lock-up-based governance (veToken models) is an alternative structural defense against the flash loan vector, though it introduces a different capture surface via bribe markets and aggregator concentration. --- Relevant Notes: - [[access control vulnerabilities are the leading cause of smart contract financial losses]]: governance is the meta-level access control that determines all other parameters - [[flash loan oracle manipulation enables price feed attacks against defi protocols]]: flash loans enable both oracle manipulation and governance attacks in the same atomic transaction framework - [[allowing governance voting and execution in the same transaction makes any governance system unconditionally vulnerable to flash loan attack regardless of quorum threshold]]: identifies same-transaction execution as the structural root cause enabling all flash loan governance attacks - [[snapshot-based voting power measurement at proposal creation time prevents flash loan governance attacks by decoupling token acquisition from voting eligibility]]: the primary mitigation; requires persistent holdings rather than single-block flash loan rentals - [[governance capture cost depends on acquisition method with slow accumulation and vote buying being cheaper than direct market purchase due to price impact avoidance]]: models the economic cost of each governance acquisition method; flash loans are the cheapest but snapshot defenses force attackers to more expensive persistent strategies Topics: - [[vulnerability-patterns]] - [[protocol-mechanics]]