We categorize attacks on DAOs into four categories: (i) bribing (BR) attacks, (ii) token control (TC) attacks, (iii) human-computer interaction (HCI) attacks, and (iv) code and protocol vulnerability (CP) attacks.

Bribing (BR)

In a bribing (BR) attack, an attacker pays to change votes or to acquire voting power without acquiring the underlying governance tokens. The controlled votes and voting power are then utilized to pass a malicious proposal in a governance vote.

Token Control (TC)

With token control (TC) attacks, an attacker takes possession or is already in possession of a significant amount of governance tokens. The attacker then uses the voting power associated with these tokens to get their malicious proposal accepted in a governance vote.

Human-Computer Interaction (HCI)

Human-computer interaction (HCI) attacks aim to manipulate the voting process by exploiting user-facing interfaces and applications or human behaviors involved in the DAO's voting process.

Code & Protocol Vulnerability (CP)

Code and protocol vulnerability (CP) attacks exploit code or logic vulnerabilities, either in the governance smart contracts or the protocols they are connected to.