In 2024, the Blockful team got a grant from Uniswap Foundation to audit Uniswap DAO governance using the Anticapture governance security framework. After economic and smart contract reviews, we were able to identify robust security measures and well-configured parameters in place. However, Tally’s domains were still susceptible to DNS attacks. Uniswap delegates do most of their voting through Tally, and a compromised interface could render all security efforts useless and open the doors for a malicious proposal to sneak through.

DNS attacks are responsible for major losses across DeFi, and are one of the most overlooked risks in DAO governance. To close this gap, Tally helped to define and became the first to adopt Anticapture’s DNS risk reduction, enabling Uniswap to advance to Stage 1 in our security framework. The Tally team collaborated closely with our research team, providing critical input that helped refine this standard towards attainable milestones, ensuring governance interfaces are verifiably safe, as the contracts they interact with.

The days of bank robberies are counted. In the past, it was common to hear about robbers stealing fortunes from financial institutions. Police chases. Gunfights. A fear for both service providers and bank customers.

With the digitization of life, money has also gradually become digital.

A super app has the power to grant loans, make payments, and hold investments for individuals and companies. All in the palm of each person's hand.

Nowadays, bank robberies don't happen by breaking into safes. They happen by breaking passwords, social engineering, and, often forgotten, attacking DNSs.

DNS, or Domain Name Service, refers to the domain of a person or entity. It is the gateway to getting to know a company and, sometimes, using the services provided by them.

When you use Amazon.com's DNS, you can be sure that you are interacting with applications and features that have been curated and approved by Amazon. Your trust in the company allows you to make a credit card payment without fear of it being cloned.

But a DNS isn't fault-proof. The owner needs to take security measures to protect their DNS, preventing attacks that could harm all users relying on their services.

There are several types of DNS attacks, the most popular being DNS spoofing and DNS hijacking. Both aim to deceive people by directing them to a fake domain that looks like the real one in order to steal personal data, money, and whatever else they can.

This type of attack, focused on DNS, has been common in the market for years.

DeFi protocols have always been the main target of this type of attack in the web3 context. Projects with tens of millions of dollars in smart contracts, many far beyond the reach of any agency or state.

What keeps them going are their developers and users, with the guarantee of audits by competent and reputable security companies. Trustless contracts, with no intermediaries or managers, are still interacted with through websites that are often the weakest link in their security chain.

The attack on Badger DAO (2021), one of the largest in the market’s history, took $120 million from its users. The reason: a vulnerability in its front-end, specifically in its DNS. In this case, the hacker directed users to a fake website, leading them to approve an interaction with a contract, which allowed their money to be drained from the protocol's pools.

Other relevant DeFi protocols have suffered DNS attacks:

• Convex (2022): Convex's DNS host (Namecheap) was compromised, allowing a hacker to access it and direct its users to a malicious contract. The same attacker replicated the attack on Ribbon Finance, DefiSaver, and Allbridge

• Balancer (2023): $238K was stolen after Balancer's DNS was stolen.

• Curve (2025): Hackers took over Curve's DNS, redirecting users to another page capable of draining funds from users' wallets. $570K was stolen in this attack.

Recently, the strategy for DNS attacks has changed. Instead of attacking well-known DeFi protocols, attackers are looking for projects that have closed their doors and no longer maintain their domains.

This way, all you need to do is buy the domain of a “dead” protocol and trick its former users into interacting with it in order to steal from them. It is estimated that there are more than 475 applications in this situation, and 90 have already been targeted by hackers.

While DeFi protocols are a target for DNS attacks, there is another sector running the same risk: the governance of DAOs.

In DAOs, votes can decide the future of organizations. While votes can be cast directly in the contracts, they are usually carried out on an interface maintained by third parties, hired to provide a secure and practical voting tool for the DAO. Examples of service providers are Tally, Agora, Lighthouse, and Aragon.

These interfaces serve to facilitate interaction with the DAO's governance contracts. A delegate or holder of a governance token does not need to interact with the Governor: they simply click buttons to vote Yes, No, or Abstain, and leave their justification for their vote.

However, as intermediaries, interfaces become a risk vector for the DAO. A simple change in a governance front-end can cause disastrous results in the governance of a DAO.

This could become one of the best risk/return attack strategies in DAOs, especially in on-chain governance. DAOs like Uniswap, Arbitrum, Compound, Nouns, and ENS DAO depend on the quality and robustness of those interfaces for their members and delegates to cast their votes, delegate voting power, and keep track of what is going on with the system.

In July 2024, Compound had its governance captured by Humpy and the Golden Boys. Addresses bought millions in $COMP to approve a proposal that released money to the “attackers.”

If they wanted to improve the chances of the attack, they could’ve tried to attack Compound's DNS and create an identical voting interface, with minor changes in the background to trick the defenders into voting in favor of the proposal while they think they are rejecting it. It is a type of attack that would not need to affect delegates/voters individually, but would be able to drain a DAO's treasury. This attack vector is more technical, but comes at a lower cost than capturing a DAO by buying governance tokens.

The Anticapture team is aware of this potential vulnerability in governance.

When analyzing the security of a DAO, one of the elements analyzed is the ability of someone to attack the organization's DNS or its voting interface providers. It is one of the criteria for a DAO to advance to a higher security stage.

We start from our framework for analyzing a DNS, defining different risk profiles for DAO domains:

• 🔴 High Risk: A domain without any protection, such as DNSSEC, DANE, TLS, and CAA records, is considered high risk. It can easily be captured by an attacker, redirecting delegates/voters to a fake platform.

• 🟡 Medium Risk: Fit to web2 standards, with DNS protections, but a changeable, centrally managed interface. The domain follows DNSSEC, DANE, TLS, and CAA standards, but does not have a provably immutable platform approved by the DAO.

• 🟢 Low Risk: A DNS with DNSSEC, TLS, DANE, and CAA records, with an immutable domain verified by the DAO and verifiable on access.

The actions to reach a Low Risk level are complementary, meaning that it is not enough to have a domain registered on-chain: you must have all the DNS protections that precede it.

Our Medium Risk classification takes the best of web2 security practices and demands that providers of governance interfaces are at least at that level. However, this is not sufficient to claim the risk is at its minimum, as evidenced by the ByBit + Safe incident this year. Even with proper DNS security, a domain can be compromised if a team contributor is compromised.

For Low Risk classification, the voting platform needs to be audited or approved by the DAO, then made immutable and hosted through a resilient system. This could involve using IPFS, eth.limo, SRIs and hashing of the files to create proofs against code tampering. We are not aware at this point of any interface that would fully comply with those requirements, but Tally’s “Zero” interface is the best example of work towards that goal.

In our work with Uniswap, we identified a lack of “proof of protection” in Tally’s domain, making it a possible target for DNS spoofing or hijacking.

Our security definitions and Tally’s prompt action have made the DNS of many of the market's leading governance systems more secure.

Since it provides a voting interface for multiple organizations, it is responsible for projects such as Arbitrum, Uniswap, and Compound. The governance over billions of dollars can be accessed through its interface.

Aware of this risk, Tally’s team has heard our worries and stepped up, helping us define security metrics for Anticapture's DNS framework, enabling us to elevate Uniswap to Stage 1.

⚠️ Unsupported element removed

The Tally team worked closely with ours, contributing to refine the implementation from start to finish. Their collaboration was key to creating a standard that strengthens security for all DAOs, and that coming forward will define the base level of how we expect other governance platforms to define their domain security.

In doing so, Tally also demonstrates to the market the importance of concern for the security of governance front-ends. It sets a precedent for other providers of the same service to seek updates to protect their customers/DAOs from potential vulnerabilities in voting.

Now, this security standard is available not only to Uniswap, but to all DAOs compatible with Tally.

Check this out: https://anticapture.com/uni

Tally is leading the way in improving DNS security.

We are looking forward to connecting with other governance providers to verify their security setup and help them make it publicly available to users so that it can be easily checked before voting by all security-aware delegates and members.

We are happy to contribute to the security of the DAO ecosystem and help Tally, as well as Uniswap and all other DAOs they support, offer more secure systems to their users.

Congratulations to the Uniswap DAO and all its members for reaching Anticapture Stage 1, by working towards improving its resilience, securing its treasury, and protocol preemptively!