CC ResearchBack to OCC Research
CHAINFLOWChainflow · Feb 2025

The MakerDAO Governance Attack

An analysis of the emergency proposal that raised borrowing limits, reduced collateral requirements, and shortened governance delay, and the community concerns it sparked about censorship and power concentration.

By Othman Gbadamassi· OCC Research
Read on Chainflow
MakerDAOGovernanceSecurity

Summary

MakerDAO, one of the oldest and most established DeFi protocols, faced a governance crisis when an emergency proposal was submitted that would significantly alter the protocol's risk parameters. The proposal sought to raise borrowing limits, reduce collateral requirements, and shorten the governance delay, all in a single expedited action. The incident raised fundamental questions about the security of token-weighted governance and the concentration of power in DeFi protocols.

The Emergency Proposal

The emergency proposal was framed as a necessary response to evolving market conditions. However, the scope and speed of the changes raised alarm bells across the community. By bundling multiple significant parameter changes into a single proposal and utilizing the emergency governance pathway, the proposer sought to bypass the normal deliberation process.

The use of the emergency governance mechanism was particularly contentious. This mechanism was designed for time-critical security responses, not for sweeping changes to economic parameters. Its invocation for this purpose set a concerning precedent.

Proposed Changes

The proposal included three major changes:

  1. Raised borrowing limits: Significantly increased the debt ceiling across multiple vault types, expanding the protocol's risk exposure.
  2. Reduced collateral requirements: Lowered the minimum collateral ratio, allowing borrowers to take on more leverage with less backing. This directly impacts the protocol's safety margin during market downturns.
  3. Shortened governance delay: Reduced the time between proposal approval and execution, limiting the window for the community to identify and respond to problematic governance actions.

Each of these changes individually carries significant risk. Combined, they represented a substantial weakening of the protocol's risk management framework.

Community Concerns

The community response was swift and critical. Key concerns included:

  • Censorship concerns: Some community members reported that critical commentary about the proposal was being removed or suppressed in official channels, raising questions about the openness of governance discourse.
  • Expedited process: The use of the emergency pathway for non-emergency changes was seen as a governance attack vector. If successful, it would demonstrate that well-resourced actors could push through sweeping changes before the community could organize a response.
  • Power concentration: The incident highlighted the degree to which MKR token concentration allows a small number of holders to drive governance outcomes, even on controversial proposals.
  • Precedent risk: If the proposal succeeded through the emergency pathway, it would establish a template for future governance attacks on MakerDAO and similar protocols.

Governance Implications

The MakerDAO governance attack underscores several broader challenges facing DeFi governance:

  • Token-weighted voting is vulnerable to actors who accumulate governance tokens specifically to influence protocol parameters in their favor.
  • Emergency mechanisms require guardrails. Without strict criteria for what constitutes an emergency, these fast-track pathways become attack surfaces.
  • Governance participation asymmetry means that a motivated minority can dominate outcomes when the broader community is passive or disengaged.
  • Time delays are a security feature, not a bureaucratic inconvenience. Shortening governance delays reduces the community's ability to respond to malicious proposals.

These lessons extend well beyond MakerDAO. Any protocol that relies on token-weighted governance with emergency mechanisms faces similar vulnerabilities.

Conclusion

The MakerDAO governance attack serves as a wake-up call for the DeFi ecosystem. While the protocol's governance framework has been battle-tested over years, this incident revealed that emergency mechanisms, token concentration, and community apathy can combine to create serious governance vulnerabilities. Strengthening governance requires not just better smart contract design but also active community participation and robust procedural safeguards.

Read on Chainflowoccresearch.org

Governance that remembers. Institutional Memory as a Service.

Have thoughts or feedback on this research?

Othman@occresearch.org