β¨Anticapture Framework
[FRAMEWORK] The Anticapture Framework //
The Anticapture Framework evaluates DAO governance security by mapping common attack vectors and defining protective metrics. It translates complex risks into measurable indicators, enabling DAOs to anticipate vulnerabilities before they escalate.
By assigning risk levels (low, medium, high), it categorizes each DAO into stages of security maturity. This structured approach makes governance security visible, comparable, and actionable across the ecosystem.
These metrics were developed based on the study of more than 30 real-world governance attacks. While we act as an independent risk assessor, applying this framework does not guarantee that every DAO will adopt it or remain fully secure (though they should).
Metrics we analyze
The Anticapture framework was designed with different types of attacks in mind.
From our knowledge base of past attacks on DAOs, we see what the most common attack vectors are β and check which metrics can help anticipate them.
Proposal Flash Loan Protection
Voting Flash Loan Protection
Timelock Delay
Voting Delay
Proposal Threshold
Veto Strategy
Proposer Voting Power Retention Check
Voting Period
Vote Mutability
Voting Subsidy
Spam Resistance
Audited Contracts
Interface Hijack
Extractable Treasury Value
Security Council
Timelock Admin
Stages
Our stages are based on the highest risk point in the DAO.
A DAO stage will always be equal to the worst metric they have. That means that any metric matching Stage 0 will make the DAO Stage 0, while to be Stage 1 the DAO canβt have any stage 0 metrics and has at least one that doesnβt match the criteria for Stage 2
Half of Active Power Supply and delegated supply β€ DAO treasury assets β except gov tokens
Half of delegated supply β€ DAO treasury assets β except gov tokens
There is no Proposal Flash Loan Protection
There is no Voting Flash Loan Protection
No timelock
Voting Delay < 2 days
Proposal Threshold < 0.5% market supply
Veto Strategy managed by external entity
There is no Proposal Threshold Cancel
Voting Period β€ 3 days
No subsidy for voters/delegates
There is no limit for submit proposals
Governance contract were not audited
DAO Domains and third parties donβt follow protection standards
Half of Active Power Supply and delegated supply β€ DAO treasury assets β except gov tokens
Has a Security Council, but with insufficient security measures
Governor controlled by entity outside of DAO/Foundation
Timelock Delay is less than 1 day
Voting Delay > 2 days
Proposal Threshold β₯ 0.5% market supply
Veto Strategy managed by Foundation/Labs
Voting Period between 4 and 6 days
Voter can't change their vote
Audited, but not passed on the audit tests or the report isnβt public
DAO domains fail to meet DNS protection standards
Half of Active Power Supply β€ DAO treasury assets β except gov tokens, but delegated supply > DAO treasury
Has a Security Council, but use L2 Beat Legacy Standards
Timelock controlled by the DAO, audited contracts, but a Foundation/OpCo
Proposal Flash Loan Protection
Voting Flash Loan Protection
Timelock Delay > 1 day
Voting Delay > 2 days + Protection Plan
Proposal Threshold β₯ 1% market supply
Veto Strategy managed by the DAO
Proposal Threshold Cancel
Voting Period β₯ 7 days
Voter can change their vote
Subsidy for "gas free" votes
Proposal limit imposed by the DAO
Contracts audited and a public report
DAO Domains and third parties follow protection standards
Half of Active Power Supply > DAO treasury assets β except gov tokens
Has a Security Council and follow L2 Beat Standards
Timelock controlled by the DAO and audited contracts
The Anticapture Framework is still evolving to adapt to more types of organizational structure. See something that doesnβt make sense for your DAO? Reach out!
Last updated