Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Comprehensive Study of Governance Issues in Decentralized Finance Applications (2311.01433v3)

Published 2 Nov 2023 in cs.SE

Abstract: Decentralized Finance (DeFi) is a prominent application of smart contracts, representing a novel financial paradigm in contrast to centralized finance. While DeFi applications are rapidly emerging on mainstream blockchain platforms, their quality varies greatly, presenting numerous challenges, particularly in terms of their governance mechanisms. In this paper, we present a comprehensive study of governance issues in DeFi applications. Drawing upon insights from industry reports and academic research articles, we develop a taxonomy to categorize these governance issues. We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies, categorizing their governance issues according to our constructed taxonomy. We conducted a thorough analysis of governance issues and identified vulnerabilities in governance design and implementation, e.g., voting sybil attack and proposal front-running. Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues. As an initial step to address the challenges of code-whitepaper consistency checks for DeFi applications, we built a machine-learning-based prototype, and validated its performance on eight widely used DeFi projects, achieving a 56.14% F1 score and a 80% recall. Our study culminates in providing several key practical implications for various DeFi stakeholders, including developers, users, researchers, and regulators, aiming to deepen the understanding of DeFi governance issues and contribute to the robust growth of DeFi systems.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (121)
  1. 2019. How we Safeguard our Smart Contracts (and Governance). https://blog.oceanprotocol.com/making-ocean-protocols-smart-contracts-and-it-s-governance-unstoppable-45cf99dc1b65
  2. 2020. MOONGAME. https://www.coincarp.com/currencies/moongame/
  3. 2021. Bitchemicaldefi. https://github.com/Bitchemicaldefi
  4. 2021. PantherSwap. https://www.passiveincomewithdefi.com/yieldfarming-with-pantherswap-f0e4068f71b0
  5. 2022. ASENIXToken. https://asenix.org/
  6. 2022. Eternumland. https://eternumland.io/
  7. 2022. Hashflow. https://www.hashflow.com/
  8. 2022. SHIVA Token. https://coinmooner.com/coin/shiva-token-shiva
  9. 2023. ACM Digital Library. https://dl.acm.org/
  10. 2023. Biokript. https://biokript.com/
  11. 2023. Connected Papers. https://www.connectedpapers.com/
  12. 2023. Followeraudit. https://www.followeraudit.com/
  13. 2023. How to set up on-chain governance. https://docs.openzeppelin.com/contracts/4.x/governance
  14. 2023. IEEE Xplore. https://ieeexplore.ieee.org/Xplore/home.jsp
  15. 2023. Scopus. https://www.scopus.com/
  16. 2023. Smart Contracts Audit And Security. https://etherscan.io/directory/Smart_Contracts/Smart_Contracts_Audit_And_Security,timestamp19/07/2023
  17. Topic modeling algorithms and applications: A survey. Information Systems (2022), 102131.
  18. Darcy WE Allen and Chris Berg. 2020. Blockchain governance: what we can learn from the economics of corporate governance. Allen, DWE and Berg, C (Forthcoming)‘Blockchain Governance: What can we Learn from the Economics of Corporate Governance (2020).
  19. The exchange theory of web3 governance. Kyklos (2023).
  20. anonymous. 2023. The List of Searched Articles. https://docs.google.com/spreadsheets/d/1CzTdtF-4ufHBh9_js9U01PgLL4eus1LO/edit?usp=drive_link&ouid=111813213768125351842&rtpof=true&sd=true
  21. Blockchain technology and smart contracts in decentralized governance systems. Administrative Sciences 12, 3 (2022), 96.
  22. A decision model for decentralized autonomous organization platform selection: Three industry case studies. Blockchain: Research and Applications 4, 2 (2023), 100127. https://doi.org/10.1016/j.bcra.2023.100127
  23. Decentralised Finance’s timocratic governance: The distribution and exercise of tokenised voting rights. Technology in Society 73 (2023), 102251. https://doi.org/10.1016/j.techsoc.2023.102251
  24. Towards a Theory of Decentralized Finance. In Financial Cryptography and Data Security. FC 2021 International Workshops, Matthew Bernhard, Andrea Bracciali, Lewis Gudgeon, Thomas Haines, Ariah Klages-Mundt, Shin’ichiro Matsuo, Daniel Perez, Massimiliano Sala, and Sam Werner (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 227–232.
  25. Governance in the blockchain economy: A framework and research agenda. Journal of the association for information systems 19, 10 (2018), 1.
  26. Felix Bekemeier. 2021. Deceptive Assurance? A Conceptual View on Systemic Risk in Decentralized Finance (DeFi). In Proceedings of the 2021 4th International Conference on Blockchain Technology and Applications. 76–87.
  27. Felix Bekemeier. 2022. Deceptive Assurance? A Conceptual View on Systemic Risk in Decentralized Finance (DeFi). In Proceedings of the 2021 4th International Conference on Blockchain Technology and Applications (Xi’an, China) (ICBTA ’21). Association for Computing Machinery, New York, NY, USA, 76–87. https://doi.org/10.1145/3510487.3510499
  28. Siddharth Bhambhwani. 2023. Governing decentralized finance (DeFi). Available at SSRN 4513325 (2023).
  29. Siddharth M Bhambhwani. 2022. Governing Decentralized Finance (Defi). Available at SSRN 4225775 (2022).
  30. Binance. 2022a. What Are Governance Tokens? https://www.binance.com/bg/feed/post/42812
  31. Binance. 2022b. What Is Tokenomics and Why Does It Matter? https://academy.binance.com/en/articles/what-is-tokenomics-and-why-does-it-matter
  32. Binance. 2023. How DeFi Protocols Generate Revenue and Why It’s Important. https://academy.binance.com/en/articles/how-defi-protocols-generate-revenue-and-why-it-s-important
  33. BIS. [n. d.]. DeFi risks and the decentralisation illusion1. https://www.bis.org/publ/qtrpdf/r_qt2112b.pdf
  34. Som Biswas. 2023. Role of ChatGPT in Computer Programming.: ChatGPT in Computer Programming. Mesopotamian Journal of Computer Science 2023 (2023), 8–16.
  35. Certik. 2022a. NFN-02, Security Assessment Notable. https://certik-public-assets.s3.amazonaws.com/CertiK-Audit-for-Notable-v5.pdf
  36. Certik. 2022b. TFF-01, Tokensfarm. https://certik-public-assets.s3.amazonaws.com/CertiK-Audit-for-Tokensfarm-v5-v9.pdf
  37. Certik. 2023. Security Considerations When Designing Blockchain Governance Systems. https://www.certik.com/resources/blog/1oil2sf9hiNQL4ucVxqsrM-security-considerations-when-designing-blockchain-governance-systems
  38. CertikGovernance. 2021. Skynet Security Primitive 3: Governance. https://www.certik.com/resources/blog/SkynetGovernance
  39. Chainsulting. 2022. 6.6.1 Initialze Not Protected, CrowdSwap Staking. https://github.com/CrowdSwap/audits/blob/main/02_Smart_Contract_Audit_CrowdSwap_Staking.pdf
  40. Interest Rate Rules in Decentralized Finance: Evidence from Compound. In 4th International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2022). Schloss Dagstuhl-Leibniz-Zentrum für Informatik.
  41. Rob Churchill and Lisa Singh. 2022. The evolution of topic modeling. Comput. Surveys 54, 10s (2022), 1–35.
  42. DeFisec. 2023. How to spot hidden mint functions. https://defisec.info/how_to_spot_hidden_mint_functions
  43. Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018).
  44. Damiano Di Francesco Maesa and Paolo Mori. 2020. Blockchain 3.0 applications survey. J. Parallel and Distrib. Comput. 138 (2020), 99–114. https://doi.org/10.1016/j.jpdc.2019.12.019
  45. Laszlo Dobos. 2020. Build Finance DAO hostile takeover, treasury drained. https://cryptoslate.com/build-finance-dao-hostile-takeover-treasury-drained/
  46. Taner Dursun and Burak Berk Üstündağ. 2021. A novel framework for policy based on-chain governance of blockchain networks. Information Processing & Management 58, 4 (2021), 102556. https://doi.org/10.1016/j.ipm.2021.102556
  47. Hassan Hamid Ekal and Shams N Abdul-wahab. 2022. DeFi Governance and Decision-Making on Blockchain. Mesopotamian Journal of Computer Science 2022 (2022), 9–16.
  48. Maarten Everts (TNO) Erik Weitenberg (TNO). [n. d.]. Smart Governance for Smart Contracts. https://dutchblockchaincoalition.org/assets/images/default/DBC-Rapport-Smart-governance-for-smart-contracts.pdf
  49. esatya. 2018. All you want to know about DeFi Governance? https://esatya.io/blogs/all-you-want-to-know-about-defi-governance
  50. ethereum. 2023. Introduction to Ethereum governance. https://ethereum.org/en/governance/
  51. Ethereum. 2023. UPGRADING SMART CONTRACTS. https://ethereum.org/gl/developers/docs/smart-contracts/upgrading/
  52. Eurofi. 2022. DECENTRALIZED FINANCE (DeFi): OPPORTUNITIES, CHALLENGES AND POLICY IMPLICATIONS. https://www3.weforum.org/docs/WEF_DeFi_Policy_Maker_Toolkit_2021.pdf.https://www.eurofi.net/wp-content/uploads/2022/05/eurofi_decentralized-finance-defi_opportunities-challenges-and-policy-implications_paris_february-2022.pdf
  53. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8–15.
  54. Stefania Fiorentino and Silvia Bartolucci. 2021. Blockchain-based smart contracts as new governance tools for the sharing economy. Cities 117 (2021), 103325.
  55. Alessandro Fusco. 2021. Decentralized applications: an empirical analysis of their revenue models and governance systems. (2021).
  56. A Survey of Blockchain: Techniques, Applications, and Challenges. In 2018 27th International Conference on Computer Communication and Networks (ICCCN). 1–11. https://doi.org/10.1109/ICCCN.2018.8487348
  57. David Gogel. 2021. DeFi Beyond the Hype: The Emerging World of Decentralized Finance. In collab. with Wharton Blockchain and Digital Asset Project and World Economic Forum. Wharton. url: https://wifpr. wharton. upenn. edu/wp-content/uploads/2021/05/DeFi-Beyond-the-Hype. pdf.
  58. Upgrades governance. 2023. Upgrades governance. https://docs.zeppelinos.org/docs/2.4.0/upgrades_governance
  59. Maarten Grootendorst. 2022. BERTopic: Neural topic modeling with a class-based TF-IDF procedure. arXiv preprint arXiv:2203.05794 (2022).
  60. Applications of blockchain for the governance of integrated project delivery: A crypto commons approach. arXiv preprint arXiv:2207.07002 (2022).
  61. How decentralized is the governance of blockchain-based finance: Empirical evidence from four governance token distributions. arXiv preprint arXiv:2102.10096 (2021).
  62. An Introduction to Decentralized Finance (DeFi). Complex Syst. Informatics Model. Q. 26 (2021), 46–54. https://api.semanticscholar.org/CorpusID:234500185
  63. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. 259–269.
  64. Decentralized finance (DeFi): A survey. arXiv preprint arXiv:2308.05282 (2023).
  65. Wulf A Kaal. 2020. Blockchain-Based Corporate Governance. Stan. J. Blockchain L. & Pol’y 4 (2020), 3.
  66. Aggelos Kiayias and Philip Lazos. 2022. SoK: blockchain governance. arXiv preprint arXiv:2201.07188 (2022).
  67. Suntae Kim and Dongsun Kim. 2016. Automatic identifier inconsistency detection using code dictionary. Empirical Software Engineering 21 (2016), 565–604.
  68. Destan Kirimhan. 2023. Importance of anti-money laundering regulations among prosumers for a cybersecure decentralized finance. Journal of Business Research 157 (2023), 113558. https://doi.org/10.1016/j.jbusres.2022.113558
  69. Roman Kozhan and Ganesh Viswanath-Natraj. 2022. Fundamentals of the MakerDAO Governance Token. In 3rd International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2021) (Open Access Series in Informatics (OASIcs), Vol. 97), Vincent Gramoli, Hanna Halaburda, and Rafael Pass (Eds.). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 11:1–11:5. https://doi.org/10.4230/OASIcs.Tokenomics.2021.11
  70. Blockchain Governance: A Dynamic View. In Software Business, Xiaofeng Wang, Antonio Martini, Anh Nguyen-Duc, and Viktoria Stray (Eds.). Springer International Publishing, Cham, 66–80.
  71. StarCoder: may the source be with you! arXiv preprint arXiv:2305.06161 (2023).
  72. A survey of DeFi security: Challenges and opportunities. Journal of King Saud University - Computer and Information Sciences 34, 10, Part B (2022), 10378–10404. https://doi.org/10.1016/j.jksuci.2022.10.028
  73. PonziGuard: Detecting Ponzi Schemes on Ethereum with Contract Runtime Behavior Graph (CRBG). In 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 755–766. https://doi.ieeecomputersociety.org/
  74. Pre-Train, Prompt, and Predict: A Systematic Survey of Prompting Methods in Natural Language Processing. ACM Comput. Surv. 55, 9, Article 195 (jan 2023), 35 pages. https://doi.org/10.1145/3560815
  75. Towards Automated Verification of Smart Contract Fairness. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (Virtual Event, USA) (ESEC/FSE 2020). Association for Computing Machinery, New York, NY, USA, 666–677. https://doi.org/10.1145/3368089.3409740
  76. Defining blockchain governance principles: A comprehensive framework. Information Systems 109 (2022), 102090. https://doi.org/10.1016/j.is.2022.102090
  77. A systematic literature review on blockchain governance. Journal of Systems and Software 197 (2023), 111576. https://doi.org/10.1016/j.jss.2022.111576
  78. The Scope of ChatGPT in Software Engineering: A Thorough Investigation. arXiv preprint arXiv:2305.12138 (2023).
  79. Does GPT-3 know what the Most Important Issue is? Using Large Language Models to Code Open-Text Social Survey Responses At Scale. Using Large Language Models to Code Open-Text Social Survey Responses At Scale (December 22, 2022) (2022).
  80. messari. 2023. Governor Note: Evolving On-Chain Governance With Element Council. https://messari.io/report/governor-note-evolving-on-chain-governance-with-element-council
  81. Decentralized finance—A systematic literature review and research directions. ECIS.
  82. OECD. [n. d.]. Why Decentralised Finance (DeFi) Matters and the Policy Implications. https://www.oecd.org/daf/fin/financial-markets/Why-Decentralised-Finance-DeFi-Matters-and-the-Policy-Implications.pdf
  83. Deep just-in-time inconsistency detection between comments and source code. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 35. 427–435.
  84. PeckShield. 2020a. 3.2 Front-Running of Proposal Tally, SMART CONTRACT AUDIT REPORT for NODEEX HOLDINGS LIMITED. https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-OneSwap-v1.0.pdf
  85. PeckShield. 2020b. Voting Amplification With Sybil Attack, SMART CONTRACT AUDIT REPORT for LuckyChip Token. https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-ERC20-LuckyChip-v1.0.pdf
  86. Defining blockchain governance: A framework for analysis and comparison. Information Systems Management 38, 1 (2021), 21–41.
  87. Guidelines for conducting systematic mapping studies in software engineering: An update. Information and Software Technology 64 (2015), 1–18. https://doi.org/10.1016/j.infsof.2015.03.007
  88. Polygon. 2023. Polygon Introduces Governance 2.0 With Proposed Protocol Council For Smart Contract Upgrades. https://www.bitcoininsider.org/article/230047/polygon-introduces-governance-20-proposed-protocol-council-smart-contract-upgrades
  89. Quantstamp. 2020. QSP-3, DerivaDEX. https://certificate.quantstamp.com/full/deriva-dex.pdf
  90. Fazle Rabbi and Md Saeed Siddik. 2020. Detecting code comment inconsistency using siamese recurrent network. In Proceedings of the 28th International Conference on Program Comprehension. 371–375.
  91. A decade of code comment quality assessment: A systematic literature review. Journal of Systems and Software 195 (2023), 111515. https://doi.org/10.1016/j.jss.2022.111515
  92. EZRA REGUERRA. 2022. CertiK identifies Arbix Finance as a rug pull, warns users to steer clear. https://cointelegraph.com/news/certik-identifies-arbix-finance-as-a-rug-pull-warns-users-to-steer-clear
  93. Nils Reimers and Iryna Gurevych. 2019. Sentence-BERT: Sentence Embeddings using Siamese BERT-Networks. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing. Association for Computational Linguistics. http://arxiv.org/abs/1908.10084
  94. Pranav GarimidiScott Duke KominersTim Roughgarden. 2020. DAO governance attacks, and how to avoid them. https://a16zcrypto.com/posts/article/dao-governance-attacks-and-how-to-avoid-them/
  95. Djuri Baars Rowan van Pelt, Slinger Jansen and Sietse Overbeek. 2021. Defining Blockchain Governance: A Framework for Analysis and Comparison. Information Systems Management 38, 1 (2021), 21–41. https://doi.org/10.1080/10580530.2020.1720046 arXiv:https://doi.org/10.1080/10580530.2020.1720046
  96. Carlos Santana and Laura Albareda. 2022. Blockchain and the emergence of Decentralized Autonomous Organizations (DAOs): An integrative model and research agenda. Technological Forecasting and Social Change 182 (2022), 121806. https://doi.org/10.1016/j.techfore.2022.121806
  97. Decentralized Autonomous Organizations–Evolution, Challenges, and Opportunities. (2020).
  98. OPENZEPPELIN SECURITY. 2022. Everyone can deploy new Comet instances, Compound III Audit. https://blog.openzeppelin.com/compound-iii-audit#everyone-can-deploy-new-comet-instances
  99. A systematic review of decentralized finance protocols. International Journal of Intelligent Networks 4 (2023), 171–181. https://doi.org/10.1016/j.ijin.2023.07.002
  100. Understanding Rug Pulls: An In-Depth Behavioral Analysis of Fraudulent NFT Creators. ACM Trans. Web 18, 1, Article 8 (oct 2023), 39 pages. https://doi.org/10.1145/3623376
  101. Do We Need Subject Matter Experts? A Case Study of Measuring Up GPT-4 Against Scholars in Topic Evaluation. In Proceedings of the Seventh Workshop on Natural Language for Artificial Intelligence (NL4AI 2023) co-located with 22th International Conference of the Italian Association for Artificial Intelligence (AI* IA 2023).
  102. SOLIDIFIED. 2018. Audit Report for Coder Inc. https://drive.google.com/file/d/1EcY6rE5gVgfDa_XeI6_c7ud_0DLfifUT/view?usp=sharing
  103. Statista. 2022. Decentralized Finance (DeFi) - statistics & facts. https://www.statista.com/topics/8444/decentralized-finance-defi/#topicOverview
  104. Decentralization illusion in Decentralized Finance: Evidence from tokenized voting in MakerDAO polls. https://api.semanticscholar.org/CorpusID:257687911
  105. Detecting outdated code element references in software repository documentation. Empirical Software Engineering 29, 1 (2024), 5.
  106. The art of the scam: Demystifying honeypots in ethereum smart contracts. In 28th USENIX Security Symposium (USENIX Security 19). 1591–1607.
  107. Of degens and defrauders: Using open-source investigative tools to investigate decentralized finance frauds and money laundering. Forensic Science International: Digital Investigation 46 (2023), 301575.
  108. Marc Truchet. 2022. Decentralized Finance (DeFi): opportunities, challenges and policy implications. https://www.eurofi.net/wp-content/uploads/2022/05/eurofi_decentralized-finance-defi_opportunities-challenges-and-policy-implications_paris_february-2022.pdf
  109. Uniswap V1. 2018. The Uniswap V1 Smart Contracts. https://docs.uniswap.org/contracts/v1/overview
  110. Uniswap V2. 2020. Governance Reference. https://docs.uniswap.org/contracts/v2/reference/Governance/governance-reference
  111. A Large-Scale Empirical Study on Code-Comment Inconsistencies. In 2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC). 53–64. https://doi.org/10.1109/ICPC.2019.00019
  112. Towards a taxonomy for governance mechanisms of blockchain-based platforms. (2020).
  113. Sok: Decentralized finance (defi). In Proceedings of the 4th ACM Conference on Advances in Financial Technologies. 30–46.
  114. SoK: Decentralized Finance (DeFi). In Proceedings of the 4th ACM Conference on Advances in Financial Technologies (Cambridge, MA, USA) (AFT ’22). Association for Computing Machinery, New York, NY, USA, 30–46. https://doi.org/10.1145/3558535.3559780
  115. WIFPR. 2021. DeFi Beyond the Hype The Emerging World of Decentralized Finance. https://wifpr.wharton.upenn.edu/wp-content/uploads/2021/05/DeFi-Beyond-the-Hype.pdf
  116. Auto. gov: Learning-based on-chain governance for decentralized finance (defi). arXiv preprint arXiv:2302.09551 (2023).
  117. Decentralized finance (defi). Journal of Financial Regulation 6 (2020), 172–203.
  118. One small step for generative ai, one giant leap for agi: A complete survey on chatgpt in aigc era. arXiv preprint arXiv:2304.06488 (2023).
  119. Topic modelling meets deep neural networks: A survey. arXiv preprint arXiv:2103.00498 (2021).
  120. Blockchain challenges and opportunities: A survey. International journal of web and grid services 14, 4 (2018), 352–375.
  121. The State of Ethereum Smart Contracts Security: Vulnerabilities, Countermeasures, and Tool Support. Journal of Cybersecurity and Privacy 2, 2 (2022), 358–378. https://doi.org/10.3390/jcp2020019
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now