A DAO's resilience level is determined by the framework, which evaluates the risk of its core governance protections — the weakest one defines the stage.
STAGE 0 [HIGH RISK]
STAGE 1 [MEDIUM RISK]
STAGE 2 [LOW RISK]
pending Criteria
5 fixes to reach Stage 1
Review the current setting and recommended fix for each metric.
Interface Resilience
Current
The domain is not signed with a valid signature (DNSSEC) and it is not possible to establish a secure connection to it (HTTPS).
Fix
The domain should be protected with standard security certificates, made public by its provider. Ideal security here includes a verified front-end, deployed in an immutable manner, linked to an ENS record by the DAO in a domain like vote.DAO.eth and made available through .limo or .link or equivalent.
Attack Profitability
Current
If Compound gets captured, the entire TVL of the protocol could be stolen — including users' funds.
Fix
The cost of acquiring voting power should exceed the potential profit from attacking the treasury. Security councils or veto mechanisms are recommended when treasury value is high.
Spam Resistance
Current
Compound governance is vulnerable to spam.
Fix
Mechanisms should be in place to limit the number of proposals that can be submitted by a single address to prevent governance spam attacks.
Voting Delay
Current
The Voting Delay is set to 1 day and 19 hours.
Fix
The waiting period between the proposal submission and the snapshot of voting power must be more than two days. In addition, the DAO needs to have an activation plan to contact delegates and stakeholders to mobilize their votes in case of an attack.
Voting Period
Current
The Voting Period is set to 2 days and 17 hours.
Fix
The period between the start and end of a proposal must be at least seven days.
Framework Overview
detailsThese metrics define the DAO's risk level. Select a metric to explore it, or open the full framework for more context.
HIGH RISK
MEDIUM RISK
LOW RISK