V3 Proposal: Use Kleros Governor to Defend Governance Attacks Post Veto Deactivation

I am a code4rena warden currently reviewing the addition of dynamic quorum on NounsDAOV2Logic.

Kleros Governor should prevent obviously malicious transactions from ever making it through even if the attacker has supermajority of the voting power without adding friction to day-to-day activities.

Figured I give a TLDR on how it works in case the Nouns community did not know of this option. If there is interest, I can elaborate more.

Kleros Governor Governance Flow

Snapshots (Optional)

First, use snapshots for vote signal. This gassless tool supports delegation and can be used to collect sentiment and raise awareness around a proposal.

Any proposal that did not go through snapshot could be immediately challenged and will be rejected by the court.

Kleros Governor Contract

  1. A proposal is submitted along with deposit and enters a challenge period (let’s say 5 days). A proposal is a list of [target, calldata, value];
  2. If the proposal passes the challenge period, anyone can execute it;
  3. Someone can challenge it with a deposit during the challenge period. If it is challenged, the proposal goes to court.
  4. The court analyses the contents of the proposal and checks if it violates (for example) NounDAO constitution.
  5. The court gives its ruling. The ruling can be appealed.
  6. Jurors that give incoherent rulings (e.g. clearly participating in an attack) get slashed if their ruling is inverted in the final ruling.
  7. Finally, if the proposal passes it will be executed and the challenger loses the deposit. Otherwise, it is not executed and the proposer loses the deposit.


  • The proposer’s deposit is a bounty awarded to a successful challenger. This incentivizes whistleblowers;
  • Similarly, the challenger’s deposit is a bounty to discourage attackers from preventing improvements to the protocol.


For an obviously malicious transaction such as the one executed on Build Finance DAO, the system forces the attacker to subvert the entire Kleros system which makes attacking the Nouns treasury unprofitable.

This system has been used to govern Kleros and Proof-of-Humanity for a while. It is battle tested.

Here are some Kleros docs to dive deeper.

Disclaimer: I understand how Kleros and Kleros Governor works because I was a kleros dev.

1 Like

So does the DAO have to create constitutional rules that would govern the court? It seems like giving up some of the decentralization in order to increase security. I could definitely see the value if the veto is ever lifted by the Nounders though. There will need to be more things in place to prevent different malicious attacks on the treasury.

Thank you! For those of us who are too lazy to read the docs :slight_smile: can you please explain a bit how you avoid the risk of enough Jurors being bribed such that there is no “incoherent ruling”?

1 Like

Hey, Kleros dev here! There is no need for a constitution for this. All the governor does is provide an optimistic mechanism for anyone to challenge any transaction intended to reflect an off-chain vote (eg. Snapshot).

For example, the DAO has voted on Snapshot to “change parameter x to 3” on some smart contract.

Without a Governor, one needs to trust a DAO member with access to an admin role on the smart contract to enforce the vote. That’s a significan trust assumption.

With a Governor, anybody who has an incentive in seeing the Snapshot vote executed on-chain can submit a transaction (its calldata) to the Governor with a predefined bond of several ETH. Now a challenge period of several days starts (that’s configurable).

  • If the submitter posted a transaction to the Governor to “change parameter x to 5”, or whatever other parameter, there is an incentive for anyone to challenge the transaction (with a bond in ETH) and possibly get rewarded with part of the submitter’s deposit. Such challenge starts a Kleros dispute: a randomly selected jury will be selected to rule on whether the submitted transaction reflected the intention of the Snapshot vote. In the rare cases where the jury rules incorrectly, it is possible to appeal, which draws a new jury increasing exponentially in number of jurors and makes honest errors increasingly unlikely.
  • If there was no challenge by the end of the challenge period, it is reasonable to consider that the submitted transaction reflects the Snapshot vote accurately. Therefore the Governor smart contract allows anyone (willing to pay for gas) to execute the calldata.

Effectively there is no need for any DAO member to be trusted to execute the transaction. The Governor is the only one allowed to assume an admin role on the DAO smart contracts. The Governor’s smart contract can be freely audited by anyone, there is no way for anyone (even from Kleros) to execute a transaction without going through the optimistic fraud-proof mechanism.


how you avoid the risk of enough Jurors being bribed such that there is no “incoherent ruling”?

Great question. The appeal mechanism draws a new set of twice as many jurors at each round (usually 3, 7, 15, 31 etc). The majority vote of the last round is regarded as the coherent ruling, so anyone who voted incoherently in the earlier rounds get slashed. Therefore the jurors are incentivized to do their own research into the dispute at stake, consider the evidence and vote honestly, since there might always be an appeal - as opposed to following the other jurors in the round.

This FAQ might answer some other questions :slight_smile:

The best person to discuss further is definitely Guangmian, I’m sure he’d be happy to schedule a call or a chat.

Hi @verb-e, this is Guangmian here, integrations lead at Kleros and colleague of @jaybuidl !

Looking at the solutions discussed in the two Nouns Governance Attack articles in the past year (here and here), most of them seem to have:

  • an enormous cost for at least some of the DAO members (e.g. ragequit)
  • a cost for the DAO that varies according to how high-stakes or contentious the transaction in question is (e.g. dynamic quorum or penalty)

In the ideal scenario:

  1. the cost of resolving these disputes should only vary according to how difficult it is to rule on a case (e.g. trying to drain a treasury without justification should be a no-brainer to decide, and should be trivial and cheap to resolve/block).
  2. the protection mechanism should be able to dynamically adjust the cost of an attack to match the stakes at hand.

Kleros achieves both of these things. As arbitration costs only vary according to the difficulty of the case at hand; if a case resolves in one round of arbitration, it should not cost more than a few hundred dollars even in the most difficult cases. On the other hand, large amounts of Kleros tokens are owned by our jurors and staked in our courts, making it very illiquid. Any attempt to buy enough tokens to overpower a specific case would cause a price spike that would make the attack cost prohibitive. The robustness of this protection mechanism is also further amplified by the appeal mechanism mentioned by @jaybuidl above.

FYI Kleros has solutions that already work off-the-shelf with Snapshot. Though Nouns DAO doesn’t use Snapshot at the moment, but we can make it work with Nouns once we understand its setup better.

If anyone wants to chat, we could connect on Telegram!

1 Like

Very interesting stuff! Thanks for the detailed reply. It was really helpful.

1 Like

I’d like to expand on security and walk through what a defending a bribery attack under kleros governor looks like.

I will focus on a change that is obviously bad and there is no contentiousness on the community, something like “transfer all treasury funds do some EOA” .

A couple of preliminary notes:

  • To be eligible to be selected a juror for a case, a candidate must stake PNK (Pinakion) on a court. This is done (among other things) to force an adversary to put skin in the game;
  • Courts are structured in a tree where staking on leaf courts also stakes on all courts above. At each appeal, the case goes up to a more general court.
  • All arbitration fees are paid in ETH. Arbitration clients (e.g. NounsDAO) don’t need to know what PNK is or hold it;

Kleros Attack-defense Game

  1. The attacker must submit the malicious transaction to kleros governor where it will sit for the challenge period (let’s say 5 days). Expecting the community will see and challenge the tx, the attacker will try to subvert the court the governor is using (e.g. blockchain technical court) beforehand. Several ways to approach this:

    • Buy and stake enough PNK on that court so that he have good chances of being selected as a juror. Alternatively, make a bribing contract promising returns to collect PNK from other users and use that to stake;
    • While holding a big % of the stake in a court increases your chances of being selected, it does not guarantee it, so if his submission indeed gets challenged, the attacker will also try to convince jurors selected by PNK he (the attacker) do not control into participating in the attack (vote in his favor).
  2. The attacker submits the tx to the governor with a deposit and it enters the 5 day challenge period. If 5 days pass and no one challenges it, it will drain all treasury funds to some EOA;

  3. Someone challenges it with a deposit and it goes to arbitration. The total funds collected is currently 2*arbitrationFee + submitter deposit + challenger deposit.

  4. 3 jurors are chosen.

  5. The attacker was ready to fund an appeal in case he lost the first round, but let’s say he wins: 2 out of 3 jurors vote in favor of the attacker.

    At this point, some 6 days have passed and the community is well aware of the attack.

  6. Defenders fund an appeal. This can be crowdfunded and the required deposit is:

    defenderAppealDeposit = appeal fee + (appeal fee * loserFeeStakeShare)

    If the defenders successfully fund their side, the attacker also must fund their side or he loses the case.

    attackerAppealDeposit = appeal fee + (appeal fee * winnerFeeStakeShare)

    The additional appeal fee * feeStakeShare is a bounty to parties that contribute the side that ultimately wins.

  7. The attacker funds their side of the appeal. The case moves to a higher court and 5 new jurors are selected;

  8. Let’s say this round the attacker lost. At each round the attacker (and whoever they convinced/bribed) must evaluate the if chances of winning the final round are high enough. The current cost of losing is the sum of:

    • The deposit sent to the governor;
    • The appeal fee stakes of each round;
    • All the arbitration and appeal fees;
    • All the PNK stake that was selected to vote for the attacker is locked.
  9. While more difficult to convince new jurors join or continue the attack, the attacker funds his side of the appeal again increasing bounty to defend against it.

  10. Each new appeal extends the time to react, we are now some 15 days into the attack. The number of jurors per round also increases 2^n+1 where n is the round.

  11. People that didn’t even know what Nouns or Kleros is, now rush to crowdfund the defense appeals hoping to get a slice of the crowdfunding bounty. PNK from stakeholders is also staked to defend the reputation and potentially get the attacker’s PNK when the case closes;

  12. Jurors are less willing to participate in the attack as it is clearer their chance of winning continues to go down with consensus around the issue. Even jurors that participated in the bribery in previous rounds now change sides to avoid further losses. The more the attacker tries to out buy honest participants, the greater the reward for defeating him.

Finally, the attacker gives up. Outcome:

  • Juror locked PNK that voted in favor of the attacker is transferred to jurors that voted in favor of the defender. In addition, they also get paid arbitration and appeal fees. This anti-fragile mechanism curates for high quality jurors;
  • People that contributed ETH to crowdfund defender’s appeals get their money back + are awarded with the attacker’s crowdfunding fee stake;
  • The challenger gets his money back and is awarded the attackers deposit.

The cost to attack kleros around a non contentious issue grows exponentially and not in the attacker’s favor.

1 Like

@warden @verb-e let us know if there is any interest in hoping on a call to discuss this. Would love to talk through the different ways Kleros can be part of the solution to governance attacks for Nouns.