ZURICH — The governance structures underpinning the decentralized finance (DeFi) ecosystem are undergoing a significant period of maturation. On Friday, the developers behind World Liberty Financial—a prominent lending protocol—proposed a radical overhaul of their decentralized autonomous organization (DAO). The new proposal aims to combat the rising threat of “governance attacks” by requiring token holders to actively stake their assets for a predetermined duration before they are permitted to vote on critical protocol changes.
Historically, most DeFi protocols allowed any user holding a governance token to vote instantly on network proposals. This model was highly susceptible to manipulation; well-capitalized entities, often rival protocols or malicious actors, could easily borrow massive amounts of governance tokens via flash loans, temporarily seize majority control of a DAO, force a malicious vote to drain the protocol’s treasury, and repay the loan in a single transaction.
The proposed “time-locked staking” mechanism neutralizes this attack vector by forcing voters to have “skin in the game.” By requiring capital to be locked within the protocol for weeks or months, malicious actors can no longer utilize transient borrowed liquidity to hijack governance decisions. Their capital is exposed to the long-term consequences of their votes, heavily incentivizing actions that benefit the long-term health and stability of the network.
“We are moving away from purely plutocratic governance toward systems that prioritize long-term network alignment,” stated a core contributor to the World Liberty Financial protocol. “If you want to dictate the future of a billion-dollar lending market, you must prove that you are committed to its success.” As the TVL of major DeFi protocols continues to expand, implementing robust, attack-resistant governance architecture has become an absolute necessity for survival.
Flash loan governance attacks have been a known vulnerability since 2020. Surprising it took this long for a major protocol to implement time locks.
world liberty financial doing it is ironic given their own governance token distribution. pot meet kettle
flash_loan_no_ with the irony check. world liberty financial implementing time locks while their own governance token distribution was questionable. pot meet kettle indeed
Dariusz Krol flash loans for governance attacks were theorized in 2020 but took until 2025 for a major protocol to implement time locks. DeFi security moves painfully slow
2020 to 2025 for a major protocol to implement time locks is embarrassing. how many governance attacks happened in those 5 years
dariusz is right that flash loan attacks were a known vulnerability since 2020. but time-locked staking forces real skin in the game which changes governance dynamics fundamentally
skin_game_ makes the key point. time locked staking changes governance from who has the most tokens right now to who is committed long term. fundamental shift in DAO design
time locked staking changes governance from mercenary capital to committed capital. but it concentrates power among early adopters