Get Tokenomics

Voting Models in Tokenomics

DAO voting mechanisms compared: token-weighted, quadratic, conviction voting, ve-model. Quorum formulas, governance attacks, and practical recommendations.

11 min read

Governance is the decision-making system of a protocol. The architecture of voting determines who manages the treasury, changes parameters, and steers the project’s development. Poorly designed governance becomes voting theater, where decisions are made before the formal process even begins.

Why Governance Matters

A protocol is a set of parameters that someone must change:

  • Economic parameters: fees, interest rates, emission size, reward distribution
  • Technical parameters: smart contract upgrades, new markets, collateral factors
  • Treasury decisions: expenditures, grants, investments, incentive programs
  • Strategic decisions: integrations, partnerships, mission changes

In a centralized company, management makes these decisions. In a decentralized protocol — token holders do, through governance.

Scope
This article focuses on active-voting models, where token holders cast votes to approve or reject proposals: token-weighted, quadratic, conviction, and ve-model. Defensive governance patterns — optimistic governance (default-approve with a veto window, as in Optimism’s Security Council) and rage-quit (Moloch-style exit with a pro-rata treasury share) — are complementary safeguards rather than standalone voting models. They appear in the attack-defense table below but deserve their own treatment. Related governance experiments worth knowing about but out of scope here: Optimism’s bicameral Token House + Citizens’ House, Arbitrum’s Security Council, and Nouns auction-based governance.
200+ parameters
A typical DeFi protocol has 200+ parameters potentially managed through governance: from trading pair fees to liquidation thresholds. Not all of them should be voted on — some are delegated to committees or automated through algorithms.

Model 1: Token-Weighted Voting (1 Token = 1 Vote)

The simplest and most common model. Vote weight is proportional to token holdings.

Mechanics

  1. A holder locks tokens for voting (or uses Snapshot for off-chain voting)
  2. Each token grants one vote
  3. A proposal passes if it reaches quorum and a majority of votes

Quorum Formulas

Participation_quorum = V / G
  • V — number of tokens that voted
  • G — total tokens with voting rights
Approval_quorum = V_for / (V_for + V_against)
  • V_for — votes in favor
  • V_against — votes against
  • Typical threshold: 50% (simple majority) or 66.7% (supermajority)

Example quorum calculation for a DAO with 100M tokens:

  • Participation quorum: 4% (4M tokens must vote)
  • Approval quorum: >50% (simple majority)
  • Proposal creation threshold: 0.1% (100K tokens) or delegated votes

Problems

Plutocracy. Large holders (whales) control voting outcomes. If 3 wallets hold 40% of tokens, they can block or push through any decision.

Apathy. Typical DAO voting turnout is 3–5% of eligible tokens. With a 4% quorum, a small group can gain control.

Vote-renting (flash-loan attacks). An attacker borrows tokens via flash loan, votes, and returns the loan in the same transaction — the attack cost equals loan interest, not the token price. This is distinct from bribery: here the attacker controls the vote directly for a single block. MakerDAO was exposed to a flash-loan governance attack in 2020; Beanstalk lost $182M to one in 2022.

Bribery (gauge wars). A separate phenomenon: markets like Votium, Hidden Hand, and Convex pay ve-token holders to direct emissions toward specific pools. Unlike vote-renting, bribery is an economically legitimate long-term payment to vote directors — the attacker doesn’t take control of the tokens, they pay the legitimate holders to vote a certain way.

Flash loan governance attack
In 2022, Beanstalk DAO lost $182M in TVL drained from the protocol (attacker net profit $80M in non-Bean assets). The attacker borrowed tokens via flash loan ($1B from Aave, Uniswap, and Sushi), voted to drain the treasury, received the funds, and returned the loan — all in a single transaction. The incident reinforced and accelerated the adoption of timelocks between proposal creation and voting, plus balance snapshots at a prior block. Many Governor-pattern protocols (Compound’s Governor Bravo at 0xc0Da02939E1441F497fd74F78cE7Decb17B66529, Uniswap’s Governor Bravo at 0x408ED6354d4973f66138C91495F2f2FCbd8724C3) already had timelocks pre-2022; Beanstalk specifically lacked a meaningful voting delay.

When It Fits

Token-weighted voting works for simple, low-risk decisions: adding a new market, changing minor parameters. For treasury decisions and contract upgrades, additional safeguards are needed (timelock, multisig veto, quorum guards).

Model 2: Quadratic Voting (QV)

Quadratic voting reduces whale influence by making each additional vote more expensive.

Mechanics

In QV, votes are purchased with “voice credits.” The cost grows quadratically:

Cost = votes²
  • 1 vote = 1 credit
  • 2 votes = 4 credits
  • 3 votes = 9 credits
  • 10 votes = 100 credits
Votes = √credits
  • Inverse formula: a holder with 100 credits gets 10 votes
  • A holder with 10,000 credits gets 100 votes (not 100x more)

Comparison with Token-Weighted

For illustration, we assume 1 token = 1 voice credit (pedagogical simplification — in a real QV system, credits are typically allocated separately from token holdings).

Token countVotes (1T=1V)Votes (QV)Difference
1001001010x less
1,0001,000~31.631.6x less
10,00010,000100100x less
1,000,0001,000,0001,0001,000x less

QV radically narrows the gap: in token-weighted voting, a whale with 1M tokens has 10,000x more influence than a holder with 100. In QV — only 100x.

The Sybil Attack Problem

QV’s main vulnerability is sybil attacks: an attacker distributes tokens across many wallets and gains more votes in aggregate than from a single address.

Attack: N · √(S/N) = √(N·S) > √S
  • N — number of sybil wallets
  • S — total tokens held by the attacker
  • One wallet with S tokens gets √S votes in QV
  • N sybil wallets with S/N tokens each get N · √(S/N) = √N · √S = √(N·S) votes in aggregate
  • For N > 1, √(N·S) > √S, so splitting into sybils gains the attacker more voting power
  • Without sybil protection, QV collapses back toward linear (token-weighted) voting as N grows

Solutions:

  • Proof of personhood (Gitcoin Passport, Worldcoin) — tying to real identity
  • Social graph — analyzing connections between addresses
  • Participation threshold — minimum transaction history or staking to vote

Examples

Gitcoin Grants. Uses quadratic funding — an extension of QV for grant distribution. Many small donations carry more weight than one large one.

When It Fits

QV is effective for resource allocation (grants, budgets) and prioritization (which of 10 projects to fund). For binary decisions (yes/no), QV’s advantages are less pronounced. Requires a sybil protection mechanism.

Model 3: Conviction Voting

Conviction voting introduces a time factor: the longer votes are directed at a proposal, the stronger their “conviction.”

Mechanics

  1. A holder directs tokens toward a proposal
  2. Conviction accumulates exponentially using a half-life formula
  3. When conviction reaches a threshold dependent on the requested amount, the proposal executes
  4. Switching votes to another proposal resets accumulated conviction
C(t) = C_prev × α + tokens × (1 − α)
  • C(t) — conviction at time t
  • C_prev — conviction at the previous time step
  • α — decay parameter (0.9 for slow accumulation)
  • tokens — number of tokens directed
Threshold = ρ × S / (1 − (Amount / Fund)^β)
  • ρ — minimum confidence parameter
  • S — total token supply
  • Amount — requested amount
  • Fund — total fund size
  • β — sensitivity to request size

Advantages

  • Flash attack protection — instant vote buying is useless, conviction accumulates slowly
  • Continuous voting — no hard deadlines, proposals live until reaching threshold or vote withdrawal
  • Proportional threshold — large treasury requests require more conviction than small ones

Examples

1Hive / Gardens. Uses conviction voting for DAO treasury distribution. Small requests execute quickly; large ones require lengthy and broad consensus.

When It Fits

Conviction voting is ideal for continuous treasury allocation and situations where manipulation protection matters. Not suitable for urgent decisions (security updates) — conviction accumulation takes days or weeks.

Model 4: Vote-Escrow (ve-Model)

The ve-model ties vote weight to lock duration. Longer lock = more votes and rewards. For a detailed economic analysis, see the veTokenomics article.

Mechanics

veToken = Token × (t_lock / t_max)
  • veToken — voting token balance
  • Token — locked tokens
  • t_lock — lock duration
  • t_max — maximum lock duration
  • ve-tokens decay linearly until unlock

ve-token holders receive three benefits:

  1. Governance vote — proportional to ve-token holdings
  2. Fee share — revenue share from protocol income
  3. Boost — enhanced LP rewards

Gauge Voting

The key ve-model mechanic is gauge voting: ve-token holders vote on how emissions are distributed across liquidity pools.

ve-Model Cycle

ve-Model cycleCircular diagram: 6 steps from token locking through voting and emissions back to lockingToken lockingCRV → veCRVReceive ve-tokenvoting powerVote for poolsgauge votingEmission distributionCRV to poolsAttract LPsTVL growthProtocols incentivizebribes

Vote Wars

Gauge voting creates a bribe ecosystem: protocols pay ve-token holders to direct emissions toward their pools. Convex Finance aggregates veCRV and lets CVX holders vote on emission direction, creating “meta-governance” — governing the governors.

Examples

Curve Finance (veCRV). The ve-model standard. Lock up to 4 years. Historically a majority of circulating CRV has been locked in veCRV (typically 40–50%+ depending on the incentive cycle — check Curve UI / DefiLlama for the current snapshot), radically reducing circulating supply.

Velodrome / Aerodrome. ve-model for DEXs on Optimism and Base. veVELO holders vote on emission distribution and receive 100% of fees from the pools they voted for (not distributed across all pools).

When It Fits

The ve-model is for protocols with established TVL and revenue. It’s complex to implement and requires a critical mass of participants. For early-stage projects, the ve-model may be overkill.

Model Comparison

Four voting models

Four voting models2x2 grid: Token-weighted, Quadratic, Conviction voting, ve-ModelToken-weighted1 token = 1 votesimple and clearQuadraticsquare root of voice creditsfairer for small holdersConviction votingtime × tokensattack-resistantve-Modellock = influencestrong incentives
ParameterToken-WeightedQuadraticConvictionve-Model
ComplexityLowMediumHighHigh
Whale resistanceNoYesPartialPartial (time)
Flash attack protectionTimelockTimelockBuilt-inBuilt-in (lock)
Sybil protection neededNoCriticalNoNo
Decision typeBinaryResource allocationContinuous fundingEmission control
Decision speed3–7 days3–7 daysDays–weeks1 epoch (7 days)
Participation incentiveLowMediumMediumHigh (revenue)
ExamplesCompound, UniswapGitcoin1HiveCurve, Velodrome

Architecture: On-Chain vs Off-Chain

On-Chain Governance

Voting occurs on the blockchain. Results are executed automatically by smart contract.

ComponentDescription
GovernorSmart contract for creating and executing proposals (OpenZeppelin Governor, Compound Governor Bravo, Uniswap Governor Bravo)
TimelockDelay between approval and execution (typically 24–48 hours)
TokenVoting token (ERC-20Votes) with delegation

Advantages: full transparency, automatic execution, censorship-resistant results. Disadvantages: high gas costs, low turnout, rigid process.

Off-Chain Governance (Snapshot)

Voting via signatures without transactions. Results are executed manually (multisig) or via a bridge.

Advantages: free for voters, flexible voting strategies, higher turnout. Disadvantages: execution depends on multisig trust, no execution guarantee.

Hybrid Model

Most mature DAOs use a hybrid:

  • Snapshot for signal voting (temperature check)
  • On-chain Governor for final approval and execution
  • Multisig (5/9 or 4/7) as an emergency mechanism and for operational decisions

Typical governance pipeline: from idea to execution

Governance pipeline: from idea to executionHorizontal flowchart: 6 steps — Proposal, Discussion, Snapshot, On-chain vote, Timelock, ExecutionProposalDiscussionSnapshotOn-chain voteTimelockExecution

Governance Security

Common Attacks

AttackDescriptionDefense
Flash loanBorrow tokens → vote → return in one blockSnapshot balance N blocks before voting
BriberyBuying votes via bribe protocolsConviction voting, long lock periods
Treasury captureProposal to withdraw funds to selfTimelock + veto + per-transaction limits
Governance stalemateBlocking voting with a controlling stakeOptimistic governance (veto instead of approval)
Poison pillDisguised malicious proposalMandatory code audit + timelock for review

Security Checklist

Governance Security Checklist

  • Timelock between approval and execution (minimum 24 hours)
  • Balance snapshot several blocks before voting begins
  • Participation quorum at least 4% of voting tokens
  • Proposal threshold 0.1–1% of supply
  • Veto mechanism for Security Council (multisig)
  • Limits on single treasury expenditures (no more than 10% of treasury)
  • Code audit for all proposals modifying smart contracts

    • Designing Governance: A Framework

    Step 1: Classify Parameters

    Divide all governance-managed parameters into categories by risk level:

    CategoryExamplesGovernance mechanism
    CriticalContract upgrades, treasury changes >10%On-chain vote + timelock + veto
    SignificantFees, collateral factors, new marketsOn-chain or Snapshot + multisig execution
    RoutineSmall grants, reward parametersDelegated committees
    TechnicalOracles, gas limitsAutomation (algorithms)

    Step 2: Choose the Voting Model

    The choice depends on the types of decisions the DAO makes:

    Choosing a voting model by decision type

    Choosing a voting model by decision typeDecision tree: question at top, 4 branches with recommendations belowPrimary decision type?Binary(yes / no)Token-weighted+ timelockBudgetallocationQuadraticContinuousfundingConviction votingEmissioncontrolve-Model(gauge voting)

    Step 3: Set Parameters

    Practical recommendations:

    • Participation quorum: 4–10% — lower is rarely achievable, higher paralyzes governance
    • Approval quorum: 50% for routine, 66.7% for critical decisions
    • Timelock: 24 hours for routine, 48–72 hours for critical
    • Voting period: 3–5 days (enough for awareness, not too long)
    Voting theater
    In real DeFi governance, factions often negotiate in advance, large holders vote predictably, and formal voting merely ratifies a pre-made decision. Recognizing this is the first step to designing sustainable governance. The goal is not to eliminate politics (impossible) but to make the process transparent and protect minorities from majority tyranny.

    Need to design governance?

    We'll select the voting model, calculate quorum parameters, and architect the DAO structure for your protocol.

    Get in touch
    #tokenomics #governance #dao #voting #quadratic voting

    Related Articles