Skip to content

blockful/op-gov-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Governance Analysis.pdf
Governance Analysis.pdf
 
 
README.md
README.md
 
 

Repository files navigation

Optimism Collective Governance Security Analysis

Project Overview

This repository contains a comprehensive governance security analysis of the Optimism Collective, delivered by blockful.io . The project analyzes the OP Collective's governance vulnerabilities to different attacks, evaluates its bicameral voting structure, and provides recommendations for improving quality and security.

Deliverables

  1. Security Research & Analysis - Analysis of governance attack vectors and vulnerabilities
  2. Bicameral Governance Evaluation - Assessment of both plutocratic (Token House) and non-plutocratic (Citizens' House) systems
  3. Interactive Dashboard - Real-time tracking of governance capture risks, token distribution and vulnerability metrics at anticapture.com/op
  4. Improvement Recommendations - Suggestions on how to enhance decentralization without losing security

About Blockful

Blockful has been dedicated to researching and securing DAO governance, with notable achievement, including:

  • Identifying critical vulnerabilities in ENS DAO governance
  • Developing and proposing security council solutions now being implemented
  • Creating the Anticapture Framework for evaluating DAO governance risks

Executive Summary

The Optimism Collective operates a bicameral governance system:

  • Token House: Token-weighted voting mechanism
  • Citizens' House: One-person-one-vote system

Key Findings

The Optimism Foundation currently holds all real power in the governance system:

  • Only the Foundation can propose and execute actions onchain via its multisigs
  • Governance is more experimental than truly decentralized
  • The Foundation's central role provides security against hostile takeovers but creates single-entity dependency

Security Status: The system is secure against capture primarily due to centralization, but if the Foundation is compromised, the entire protocol and treasury are at risk.

The Anticapture Framework

The framework evaluates 16 key metrics across three risk levels (Low, Medium, High) to assess DAO vulnerability to various attack vectors, with the primary focus on Capital Raids - attacks aimed at stealing DAO treasuries through governance capture.

Key Metrics Include:

  1. Flash Loan Protection (Propose & Voting)
  2. Timelock Delay - Waiting period to execute proposals
  3. Voting Delay - Time between proposal submission and voting
  4. Proposal Threshold - Minimum votes required to submit proposals
  5. Veto Strategy - Ability to cancel malicious proposals
  6. Voting Period - Duration for voting on proposals
  7. Audited Contracts - Security audit status
  8. Extractable Value - Cost of attack vs. treasury value
  9. Security Council - Emergency response capabilities

Security Stages

DAOs are classified into three stages based on their security posture:

  • Stage 0: Vulnerable, high-risk metrics present
  • Stage 1: Not at immediate risk, but needs additional protections
  • Stage 2: Secure governance with all metrics at low risk

Research Findings

Token House Analysis (Plutocratic Governance)

Our research focused on vulnerabilities exposed by the token voting mechanism:

Current Security Posture:

  • Protected against flash loan attacks and proposal spam
  • Foundation-controlled proposal submission prevents most direct attack types
  • Foundation-controlled proposal execution allow, per documentation, the change or abandonement of malicious proposals

Key Vulnerabilities:

  • Complete centralization in Foundation multisigs
  • No autonomous execution capability
  • External oracle dependencies for quorum calculations
  • Lack of binding governance decisions

Citizens' House Analysis (Non-Plutocratic Governance)

Our analysis of the one-person-one-vote system revealed:

Opportunities:

  • RetroPGF voting algorithm needs to be constantly kept in check
  • Rapid expansion from ~200 to 1,250 citizens requires monitoring
  • Enhanced transparency in citizen selection and participation

Risks:

  • Potential for RetroPGF capture with expanded citizen base
  • Lack of clear documentation on EAS implementation
  • Dependency on Foundation for execution

Council & Commission Evaluation

Security Council Risks:

  • 4 out of 13 members can block critical upgrades
  • Still dependent on Foundation's cooperation for signing power

Other Councils:

  • Limited autonomous power
  • Budget execution controlled by Foundation
  • Advisory roles without enforcement capability

Recommendations for Enhanced Security & Decentralization

Based on our research, we propose the following improvements:

1. Token House Security Enhancements

  • Overcome Foundation Dependency for Security: Implement defenses on the contract level to allow for permisionless decentralized governance
  • Add Emergency Mechanisms: Implement pause functions and veto strategies
  • Implement Progressive Decentralization: Gradually transfer proposal powers from Foundation to token holders
  • Remove Oracle Dependencies: Use on-chain quorum calculations
  • Establish Binding Governance: Transfer treasury to timelock for executable decisions

2. Citizens' House Improvements

  • Citizen Monitoring System: Create trust scores and participation tracking
  • Algorithm Competition: Regular contests to improve RetroPGF voting mechanisms
  • Enhanced Documentation: Clear EAS implementation details and citizen lists
  • Conflict of Interest Management: Track citizen involvement in funded projects

3. Structural Governance Evolution

  • On-chain Rules: Codify governance processes that are currently markdowns and social agreements in smart contracts
  • Bicameral Checks: Implement enforceable veto powers between houses
  • Council Autonomy: Grant execution powers with appropriate safeguards
  • Gradual Foundation Exit: Create clear milestones for decentralization

Interactive Dashboard

Access the real-time governance security dashboard at: anticapture.com/op

The dashboard provides:

  • Live Metrics Tracking: Monitor security indicators in real-time
  • Risk Assessment: Visual representation of current vulnerability levels
  • Historical Data: Track governance evolution over time
  • Comparative Analysis: Benchmark against other DAOs using similar frameworks
  • Holders and Delegates board: Follow how power changes and its historical movements from address to address

Impact & Composability

This research benefits the broader Optimism ecosystem:

  • Open Source: All research, code, and methodologies are freely available
  • Reusable Framework: Other DAOs can fork and adapt the Anticapture Framework
  • Continuous Monitoring: Dashboard enables ongoing security assessment, with new features coming already integrating OP
  • Knowledge Sharing: Findings contribute to collective DAO security best practices

Repository Contents

  • PDF document.pdf - Complete governance security audit report

About the Anticapture Framework

The Anticapture Framework represents Blockful's systematic approach to DAO security, developed through:

  • Analysis of historical DAO attacks and vulnerabilities
  • Research into governance manipulation techniques
  • Collaboration with leading DAOs including ENS and Uniswap
  • Continuous refinement based on real-world implementations

This governance security analysis was delivered by Blockful to support the Optimism Collective's journey toward secure, decentralized governance.

About

Deliveries of the "Governance Audit and Dashboard by Blockful" grant given by Optimism

Topics

audit dao governance optimism

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors