DAO: Smart Contract-Based Governance
Protocol is live, liquidity exists, token distributed. Next step: transfer control to community. In practice this means writing contracts that prevent 5% holders from draining treasury in one vote, without blocking legitimate upgrades for 18 months. Non-trivial balance.
Where Most DAOs Break
Typical: fork OpenZeppelin Governor, deploy, launch Snapshot — get DAO actually run by 3 addresses. Problem isn't code, but tokenomics and parameters.
Quorum too high or low. Compound set quorum at 400k COMP. Low turnout: proposals stall months. Low quorum: one whale closes any question. Correct quorum depends on real distribution and average turnout.
Flash loan governance attack. Attacker borrows flash loan, gets voting power one block, creates and passes proposal. Defense: votingDelay 1-2 blocks plus snapshot at proposal creation. OpenZeppelin's GovernorVotes does this correctly.
Timelock without executor whitelist. If TimelockController doesn't limit target contracts, accepted proposal calls arbitrary function. 2022: Beanstalk lost $182M because timelock had zero delay for emergency proposals.
On-Chain Governance Architecture
Standard: OpenZeppelin Governor + TimelockController + ERC-20Votes (or ERC-721Votes for NFT-based).
Governor handles voting: propose, castVote, queue, execute. Timelock adds delay between acceptance and execution — window for dissenters to exit. Minimum delay for TVL > $10M is 48 hours.
Delegated voting. ERC-20Votes supports delegation: holder delegates voting power without transfer. Critical for protocols with many passive holders.
Snapshot + On-Chain: Hybrid Model
Pure on-chain voting costs gas. Hybrid: Snapshot for signaling (off-chain, gasless via EIP-712), on-chain only for execution.
Advanced: SafeSnap (Zodiac module from Gnosis): Snapshot result verified via Reality.eth and auto-executes through Safe without trusted intermediary.
Multi-Sig: Gnosis Safe as Operations Layer
Most DAOs use Gnosis Safe for treasury. Standard: M-of-N where N is 7-9 signers from different timezones, M is 4-5.
Safe supports modules: Zodiac, Delay, Roles. Via Roles module, give address rights to call only certain functions — e.g., only transfer up to amount, no delegatecall.
Important: Safe multisig and Governor are different levels. Governor manages protocol (upgrades, parameters). Safe manages treasury (payouts, grants).
Governor Extensions
| Extension | Purpose |
|---|---|
GovernorTimelockControl |
Execution delay (mandatory at TVL > $1M) |
GovernorVotesQuorumFraction |
Dynamic quorum |
GovernorPreventLateQuorum |
Late-vote protection |
GovernorSettings |
On-chain parameter changes |
Development Process
Starts with tokenomics: current distribution, real turnout from similar protocols, operations requiring governance.
After parametrization: Governor implementation, token integration, Safe config, Snapshot setup. Test governance attacks. Nobody checks if 10% quorum is unreachable.
Timelines
Basic DAO (Governor + Timelock + Safe + Snapshot) — 3–6 weeks. With custom modules and existing integration — 6–12 weeks. Audit adds 2–4 weeks.