Moving To Two-Phase Voting

in Ethereum, Governance by Lido

There are several risks for governance in the world of DeFi protocols. Protocol capture and the ongoing need for governance improvements remain significant challenges for DAOs like Lido.

 

Among other measures to mitigate threats tracked on the Lido on Ethereum Scorecard, the concept of a Timelock was mentioned as a significant safeguard:

 

Currently, there is no timelock between DAO vote finalization and execution.

 

Now that the DAO has voted to proceed with this, it’s time to do it!

 

About The Lido DAO Voting Process

Most decisions made by the Lido DAO go through an on-chain voting phase (you can read more about the Lido DAO governance process here: https://lido.fi/governance).

 

There are two requirements for a vote to pass:

  • Minimum approval (a.k.a "quorum"): more than 5% of the total token supply must vote 'yes'.
  • Support: more than 50% of the tokens used to vote must vote 'yes'.

 

Consider the following hypothetical situation, which is of concern:

  • Before voting begins, an attacker has (or possibly buys) more than 5% of the total LDO supply. At the time of latest update (26.03.25) 1 LDO = $1.07, therefore 5% of the total supply = $53.5M.
  • An attacker submits a malicious proposal that clearly goes against Lido DAO's interests. No one votes for it (for obvious reasons), and everyone observing expects it to fail since minimal support has not been reached.
  • Just before the vote ends, there are minimal (possibly zero) "For" votes and some number of "Against" votes.
  • Just before the vote ends, the attacker deploys their LDO tokens, leaving the community no time to react. The voting period closes with both execution conditions now satisfied.
  • In the next block, the attacker enacts their sabotage vote, with the implicit consequences.

 

A solution has been identified that is both elegant and striking in its simplicity. To the best of current knowledge, this approach is unprecedented and has not been implemented elsewhere.

 

How Does It Work?

On-chain voting in the Lido DAO lasts 5 days (120 hours). The essence of the solution is that these 120 hours are divided into two parts:

  1. The main phase, lasting 72h, is conventional voting. Anyone with LDO can freely vote either 'for' or 'against'.
  2. The objection phase, lasting 48h, is when LDO holders can only vote 'against'  change their vote from 'for' to 'against'.

 

This schema prevents the specific scenario of “last block vote hijack”. Even if the votes sent in the last block before the end of the main phase changes the result of the vote to 'for', Lido DAO members have the 48-hour objection phase to vote against.

 

The on-chain voting duration was updated in March 2025 to improve voter participation and better align with current governance needs.

 

About Balance

Votes usually choose between a 'do something' and a 'do nothing'. In the classical implementation without the objection phase, those who support changes hold a more advantageous position. In the final block, with complete information available about the voting outcome, they can act in a way that ensures the vote aligns with their desired outcome. Meanwhile, those who do not support the proposal often don't vote at all when a proposal lacks backing and instead simply let the voting period run its course. Now, those who oppose the proposal also have access to open information and can vote against' rather than abstain 'against'.

 

Some concerns remain when using a two-step solution, but neither is as dangerous as the 'last block vote hijack' scenario that affects the current governance process.

These risks are:

  1. The 'last-minute' vote problem in this scheme still remains since anyone with enough LDO can now object and defeat any governance motion at the very last moment. However, the risk of suddenly passing sabotage proposals poses a far greater threat to the Lido DAO than having routine governance motions blocked at the last minute.
  2. A variation on the above could be where a malicious voter initially votes 'for', misleading other users about their intention, and then switch their vote to 'against' at the last moment to block the proposal.

 

A two-phase voting schema allows us to have timelock + veto-like behavior for votes. This way, in case something bad happens, the community will have 48 hours during the timelock to react.

 

Moving Forwards

This is an important step for Lido DAO to harden its governance process and mitigate against protocol capture or damage. It is an important safety measure that is part of a broader effort that also includes a novel  “dual governance” proposal, currently live on the Research forum. The community is welcome to share views and feedback on this topic.

 

Telegram | Discord | Twitter | Lido.fi

© Lido . All rights reserved