A Nouns Governance Attack

  • Capital Allocation

In this post we analyze a hypothetical attack on Nouns, a generative non-fungible token (NFT) project mixed with a DAO on Ethereum. Nouns is a relatively simple but powerful idea, that can be credited with running an interesting new experiment in the NFT space.

Every 24 hours, the Nouns Auction Contract sells one new Noun, the proceeds for this sale are all send to the NounsDAO. The founders, who call themselves "Nounders" are: @cryptoseneca, @supergremplin, @punk4156, @eboyarts, @punk4464, solimander, @dhof, @devcarrot, @TimpersHD & @lastpunk9999.

As all of the proceeds of the sales go to the DAO, the Nounders have decided to compensate themselves by minting every 10th Noun to themselves for the first 5 years of the project. Their Nouns are sent to the Nounder's multisig to then be vested and shared amongst themselves.

Nounder distributions don't interfere with the cadence of 24 hour auctions. Nouns are sent directly to the Nounder's Multisig, and auctions continue on schedule with the next available noun ID.

For a full deep-dive into how Nouns works, make sure to check out their wiki.

Now let's look at some data, as of writing, Noun #65 is being auctioned and the Nouns DAO treasury contains 8,536 ETH equivalent to $30,8M. Of the 65 nouns minted so far, 7 belong to the Nounders.

During the last 5 auctions, the moving average of the purchase prices fluctuated between 120.53 - 148.5 ETH. And the current distribution looks a like this, we're only showing the top 7 (all more than 1 Noun) for convenience:

As you can see above, we were only able to identify some of the wallets using their ENS records.

Next we look at Nouns governance, which is a fork of Compound's governance module and therefore inherits all its features:

- Nouns can vote on proposals or delegate their vote to a third party

- A minimum threshold of 1% of the total NOUN supply is required to submit proposals

- A proposal needs the simple majority to pass, as a minimum of 10% of total votes is reached (quorum)

- A two-days waiting time before the proposal is executed

In addition to this Nounders have a special veto right to ensure that no malicious proposals can be passed while the noun supply is low. This veto right will only be used if an obviously harmful governance proposal has been passed, and is intended as a last resort.

Nounders will provably revoke this veto right when they deem it safe to do so. This decision will be based on a healthy noun distribution and a community that is engaged in the governance process.

The attack

Now comes the fun part, the attack. This attack was conceived while taking a deeper-dive into Nouns as a whole, and this post is meant to start the discussion on how to potentially solve attack vectors such as this one.

The obvious thing a malicious actor would try to attack is the projects treasury which we spoke about previously, draining that could yields an incredibly large bounty for all parties involved. The easiest way one could do this would be by way of the governance process, which would be achieved by acquiring Nouns both on the primary and secondary market.

To perform the attack with 100% certainty one would need to acquire 50% + 1 Nouns. This would mean that as of writing, if you acquire 33 Nouns (supposed veto is not active anymore) you could potentially drain out the entire treasury. The amount you spend doesn't matter as you will recover the entire amount plus the previous treasury as your profit. At the same time it should be noted that the required upfront capital in order to perform such attack grows linearly as the days pass because more Nouns are needed to reach the absolute majority. Therefore the longer the veto remains, the higher the attacker's required capital.

Additionally Noun holders could collude to reach the majority required. This collusion could be motivated in a trustless fashion by automatically paying bribes (funded by the treasury) to the users who delegated their vote once the treasury is dissolved.

Both the attacks are not feasible today thanks to the veto power that Nounders currently maintain but there is the possibility that malicious actors are already controlling the majority of the Nouns supply and plan to perform such an attack as soon as the veto power will be removed. Unfortunately it's hard to protect against sybil attacks on public blockchains.

If we assume, for example, that the MA of the last 5 auctions will be the price for the next 50 Nouns. If a malicious actor starts to collect Nouns today they will need 33 Nouns to control the absolute majority of the voting power, therefore the cost of an attack would 33 x 148.5 ETH = 4,900.5 ETH. Once the absolute majority of the voting power will be collected, the treasury would be worth 13,436.5 ETH, netting 8,536 ETH to the attacker.

With a simple projection we can see under a free market on the auctions how the EV of an attack increases if the settlement price of the auctions remains stable or even decreases.

The solution we think fits best to solving this attack is Ragequitting.

MolochDAO pioneered the onchain governance design space. A mitigation against bad proposals is the ragequit mechanism, which works as follows: once a proposal passes any member of the DAO who has voted against can exit by redeeming their share of the treasury during the grace period before the proposal execution. The same could be applied to NounsDAO where everyone against the proposal can redeem their pro-rata share of the treasury.

Someone could argue that this is unfair because the price paid per Noun differs vastly among buyers, for example Noun #1 was purchased for 613.37 ETH, while Noun #3 was purchased for 36.69 ETH. We conclude however that this is the most correct approach since each Noun is worth one vote. Buyers who bought a Noun below the average price (131.32 ETH) - currently 23 buyers - can potentially perform an arbitrage redeeming their share, but they can achieve the same goal selling the Noun in the secondary market.

The ragequitting approach can additionally help stabilize the price, leaving room for a potential premium of the Nouns whereas it will become more and more exclusive to be part of the NounsDAO.

We must note however that Ragequitting opens up a new form of attack vector wherein an attacker could perpetually open bad proposals until all or most members have ragequit.

We also explored an upgrade to the Moloch approach where Noun Holders against a certain proposal can redeem their purchase price (net of expenses DAO sustained) but in this case entering the NounsDAO would be a risk-free leverage long bet to ETH, which would worsen both the quality of the DAO outcomes and the price discovery process itself.

It's important to note that other common solutions used by DAOs such as Reserve Price and a Dynamic Quorum are not effective as there is already a treasury standing and it's impossible to prove that an ongoing sybil attack is not happening right now.

An extra measure we would suggest to implement is a Timelock Increase. The current 2 day threshold is considerably low, as it cannot be assumed that all members are always able to engage on-chain in such a short time span. Additionally, for external DAOs like SharkDAO getting their DAO to be able to vote within the Nouns proposal could take prior coordination that would extend beyond 2 days. Therefore we propose to increase the timelock to at least 7 days.


At Dialectic we believe that Nouns is a truly unique project, a fully autonomous self-governed organization with a transparent and permissionless perpetual onboarding mechanism for new members. On top of that every vote comes with a randomly generated beautiful 8-bit art, completely stored on the Ethereum blockchain.

We see Nouns as an interesting case study in on-chain governance, and it comes with its own challenges as the ever growing treasury represent an huge bounty for malicious actors. However, we truly believe the space is maturing enough to overcome them and we are so excited to see the future!

Thanks to Solimander and Jorge Izquierdo for their feedback on this article.

For any further feedback or ideas please ping us on Twitter.