Foundational models and mechanisms that define how decentralized organizations coordinate, make decisions, and manage resources.
LABS
Guides
DAO Governance Frameworks and Tooling
Chainscore © 2025
concepts
Core Governance Concepts
01
Token-Based Voting
One-token-one-vote is the most common model, where voting power is proportional to a user's token holdings. Governance tokens are often staked or delegated to participate.
- Enables direct, on-chain execution of proposals via smart contracts.
- Can include vote delegation to representatives or experts.
- Creates clear economic alignment but can lead to plutocracy.
- Why this matters: It underpins most DAOs, requiring users to understand tokenomics and delegation strategies.
02
Proposal Lifecycle
The structured process from idea to execution, typically involving drafting, temperature checks, formal submission, voting, and implementation.
- Snapshot is commonly used for off-chain signaling to gauge sentiment.
- On-chain proposals execute code changes or treasury transactions automatically.
- Includes timelocks for security and veto periods for review.
- Why this matters: Users must navigate each stage's requirements and deadlines to participate effectively.
03
Treasury Management
The protocols and tools for overseeing a DAO's pooled capital, which can include native tokens, stablecoins, and other digital assets.
- Managed via multi-signature wallets or specialized modules like Gnosis Safe.
- Proposals often require detailed budgets and payment schedules.
- Involves asset diversification and yield-generating strategies.
- Why this matters: Effective governance directly impacts the organization's financial sustainability and ability to fund initiatives.
04
Delegation & Representatives
A system where token holders can delegate their voting power to other addresses, often to experts or dedicated delegates.
- Reduces voter apathy by allowing participation without constant engagement.
- Delegates publish platforms and voting histories for transparency.
- Used in systems like Compound and Uniswap governance.
- Why this matters: Users must assess delegate credibility and alignment to ensure their stake is represented well.
05
Forking & Exit Mechanisms
The ultimate governance lever, allowing dissenting groups to create a new instance of the protocol with a different direction or token distribution.
- Requires copying the protocol's code and state, then launching a new chain or instance.
- Serves as a credible threat to keep core governance accountable.
- Historic examples include the Uniswap and SushiSwap ecosystems.
- Why this matters: It defines the real power dynamics and consequences of contentious governance decisions.
06
Governance Minimization
A design philosophy aiming to reduce the need for frequent, active human governance by encoding rules and parameters into immutable or slowly-updating smart contracts.
- Limits governance surface area and attack vectors.
- Often employs gradual, automated parameter adjustments (like MakerDAO's stability fee).
- Shifts focus from daily proposals to long-term system design.
- Why this matters: Users engage with systems that are more predictable and resistant to capture or manipulation.
Governance Framework Implementations
Understanding Governance Frameworks
A governance framework is the set of rules and processes a DAO uses to make decisions. It defines how proposals are created, voted on, and executed. Think of it as the DAO's constitution.
Key Components
- Proposal Lifecycle: The stages a proposal goes through, from ideation and discussion to voting and execution. This often includes a temperature check, formal proposal, and timelock.
- Voting Mechanisms: How voting power is allocated and counted. Common methods include token-weighted voting (one token, one vote) and delegation, as seen in Compound and Uniswap.
- Execution Paths: How passed proposals are implemented. This can be manual (via a multi-sig) or automatic through on-chain smart contracts.
Example: Snapshot Voting
Many DAOs, like Aave, use Snapshot for off-chain, gas-free voting. Members connect their wallets, see proposals, and vote with their token balance. While the vote result is not automatically executed, it serves as a strong social signal for the core team or multi-sig to act upon.
On-Chain Voting Mechanisms
Process overview
1
Proposal Creation and Submission
Draft and submit a governance proposal to the DAO's smart contract.
Detailed Instructions
Proposal creation begins by drafting the executable transaction data or descriptive text. For on-chain proposals, you must encode the target contract address, function selector, and calldata. Use a library like ethers.js to construct the transaction. The proposer must hold the minimum required voting power (e.g., 0.25% of total supply) to submit.
- Sub-step 1: Connect your wallet to the DAO's governance interface (e.g., Tally, Boardroom).
- Sub-step 2: Select "Create Proposal" and fill in the title, description, and on-chain actions.
- Sub-step 3: Specify the target contract (e.g.,
0x...) and the encoded function call for execution upon passage. - Sub-step 4: Pay any required proposal deposit and sign the transaction to submit it to the
Governorcontract.
solidity// Example: Encoding a call to a Treasury contract bytes memory data = abi.encodeWithSignature("transfer(address,uint256)", recipient, amount); governor.propose(targets, values, calldatas, description);
Tip: Thoroughly test proposal calldata on a forked network using tools like Tenderly or Foundry's
castto prevent execution failures.
2
Voting Period and Delegation
Token holders delegate voting power and cast votes during the active period.
Detailed Instructions
During the voting period, which typically lasts 3-7 days, delegated voters cast their ballots. Voting power is derived from token balances, often using a snapshot of block numbers to prevent manipulation. Users who haven't delegated retain their own voting power. Votes are cast as For, Against, or Abstain, and may use quadratic voting to reduce whale dominance.
- Sub-step 1: Check your delegated voting power on the governance dashboard. If undelegated, delegate to yourself or a trusted delegate.
- Sub-step 2: Review the live proposal details, including the discussion forum link and on-chain actions.
- Sub-step 3: Connect your wallet and select your vote choice (
1for For,0Against,2for Abstain). - Sub-step 4: Sign the vote transaction, which calls the
castVotefunction on the governance contract.
solidity// Casting a vote in a typical Governor contract function castVote(uint256 proposalId, uint8 support) public returns (uint256) { return _castVote(proposalId, msg.sender, support, ""); }
Tip: Voting power is often snapshotted at the proposal creation block. Ensure your tokens are delegated before that block to participate.
3
Quorum and Vote Tallying
Determine if the proposal meets participation thresholds and calculate the final result.
Detailed Instructions
After the voting period ends, the proposal must meet a quorum—a minimum percentage of total voting power that participated. The result is determined by simple majority of the votes cast, unless a supermajority (e.g., 66%) is required for sensitive actions. The tally is performed on-chain, making it immutable and verifiable.
- Sub-step 1: The governance contract's
state()function returns the proposal status (e.g.,Succeeded,Defeated). - Sub-step 2: Verify the quorum is met by checking
quorum()against the totalforVotes + againstVotes + abstainVotes. - Sub-step 3: Confirm the vote differential; for a standard majority,
forVotesmust exceedagainstVotes. - Sub-step 4: For supermajority proposals, check that
forVotesmeets the threshold (e.g., >66% of total cast votes).
solidity// Pseudocode for checking quorum and majority bool quorumReached = (forVotes + againstVotes + abstainVotes) >= quorum(proposalId); bool majorityWon = forVotes > againstVotes; bool supermajorityWon = forVotes * 100 > (forVotes + againstVotes) * 66;
Tip: Quorum requirements can be based on total token supply or a fixed number. Check the DAO's governance parameters.
4
Proposal Execution and Timelock
Queue and execute the successful proposal's on-chain actions after a mandatory delay.
Detailed Instructions
A successful proposal does not execute immediately. It is first queued in a Timelock contract, which enforces a mandatory delay (e.g., 48 hours) to allow token holders to react to malicious actions. After the delay, any address can call the execute function to run the proposal's encoded transactions.
- Sub-step 1: Call the
queuefunction on the Governor contract, providing the proposal ID. This submits actions to the Timelock. - Sub-step 2: Wait for the Timelock delay to elapse. Monitor the
getTimestampmethod on the Timelock for the ETA. - Sub-step 3: After the delay, call the
executefunction on the Governor contract to trigger the proposal's transactions. - Sub-step 4: Verify execution success by checking that the proposal state is
Executedand the target contract state changed as expected.
solidity// Example sequence for a GovernorAlpha-style contract GovernorAlpha gov = GovernorAlpha(0xGovernorAddress); gov.queue(proposalId); // Queues to Timelock // Wait for delay... gov.execute(proposalId); // Executes the calldata on target contracts
Tip: The Timelock contract address is usually the
adminorexecutorof the core protocol contracts, providing a security layer.
5
Post-Execution Verification and Challenge
Audit the execution and understand mechanisms for challenging malicious proposals.
Detailed Instructions
After execution, verify the on-chain state changes and be aware of governance safeguards. Some DAOs implement a veto guardian or a security council with limited powers to cancel malicious proposals in the Timelock. Others rely on forking the protocol as a last-resort challenge. Monitoring tools like OpenZeppelin Defender can track governance events.
- Sub-step 1: Use a block explorer to verify all transactions from the
executecall succeeded and had the intended effect. - Sub-step 2: Review the proposal's target contract state (e.g., treasury balance, parameter value) to confirm the change.
- Sub-step 3: Understand the DAO's specific challenge process, such as a veto multisig address or a forking procedure documented in the governance forum.
- Sub-step 4: Set up alerts for new proposals and state changes to monitor governance activity proactively.
solidity// Example: A Timelock contract may have a guardian cancel function function cancel(bytes32 txHash) public { require(msg.sender == guardian, "Timelock::cancel: caller is not guardian"); require(queuedTransactions[txHash], "Timelock::cancel: transaction hasn't been queued"); delete queuedTransactions[txHash]; }
Tip: The most robust security is social. Active community scrutiny during the voting and timelock period is the primary defense.
DAO Tooling Stack Comparison
Comparison of major DAO governance frameworks and their technical specifications.
| Governance Feature | Aragon OSx | OpenZeppelin Governor | Compound Governor Bravo |
|---|---|---|---|
Voting Delay | Minimum 1 block | Configurable, typically 1 block | Configurable, typically 1 block |
Voting Period | Configurable, default 5 days | Configurable, typical 3-7 days | Configurable, default 3 days |
Proposal Threshold | Token-based or NFT-based | Token-based quorum | Token-based, e.g., 25,000 COMP |
Quorum Requirement | Configurable absolute quorum | Configurable, often vote-based | Configurable, e.g., 400,000 COMP |
Upgrade Mechanism | Plugin-based upgradeability | Transparent proxy patterns | Timelock-controlled upgrades |
Gas Cost for Proposal | ~500k-1M gas (varies) | ~300k-700k gas (varies) | ~400k-800k gas (varies) |
Native Token Standards | ERC-20, ERC-721, ERC-1155 | Primarily ERC-20 | Primarily ERC-20 |
Timelock Execution Delay | Configurable, e.g., 24 hours | Configurable, e.g., 2 days | Configurable, e.g., 2 days |
security-considerations
Governance Security and Attack Vectors
Understanding the technical vulnerabilities and adversarial strategies that threaten decentralized governance systems, from smart contract exploits to social engineering.
01
Vote Manipulation
Sybil attacks and vote buying undermine the one-person-one-vote principle. Attackers create many identities or bribe token holders to sway outcomes. Platforms like Snapshot mitigate this with proof-of-personhood or token-weighted voting. This matters as it directly compromises the legitimacy and fairness of governance decisions, leading to treasury theft or protocol hijacking.
02
Smart Contract Exploits
Governance logic bugs and reentrancy vulnerabilities in the voting or execution contracts can drain treasuries. For example, a flawed proposal execution function might allow unauthorized fund transfers. This is critical because the governance contract often holds significant assets and controls critical protocol parameters, making it a high-value target.
03
Governance Delay Attacks
Time-based attacks exploit proposal timelines. An attacker might spam the system with proposals to delay critical security updates or execute a rage-quit attack during a voting period. This matters as it can prevent a DAO from responding swiftly to emergencies, leaving vulnerabilities unpatched.
04
Treasury Management Risks
Multisig vulnerabilities and rug pulls by core team members. If a proposal grants excessive permissions, signers can drain funds. Real cases involve compromised private keys in Gnosis Safe modules. This is fundamental as the treasury's security is paramount; its compromise often leads to irreversible loss of community assets.
05
Tokenomics & Delegation Attacks
Whale dominance and delegation apathy can centralize power. A large holder or a malicious delegate can single-handedly pass proposals. Protocols like Compound use time-locked votes to mitigate this. This matters because it recreates centralized control, defeating the purpose of decentralized governance and skewing incentives.
06
Frontend & Interface Attacks
DNS hijacking or malicious frontends can spoof governance interfaces to trick users into signing malicious transactions. For instance, an attacker could replace a legitimate voting page. This is a critical vector as it targets the user's point of interaction, bypassing smart contract security entirely.
DAO Governance Implementation FAQ
Launching a functional DAO requires integrating several core technical components. The foundation is a governance token contract, typically an ERC-20 or ERC-1155, which defines membership and voting power. A voting mechanism contract, such as a Governor contract from OpenZeppelin or a custom Aragon OSx module, handles proposal creation and execution. A treasury contract, often a Gnosis Safe, secures the DAO's assets. Finally, a front-end interface like Tally or Boardroom is needed for user interaction. For example, a typical gas-optimized Governor contract deployment can cost between 0.5 to 2 ETH in gas fees on mainnet.