Last week I talked to someone designing their own DAO with a particular emphasis on getting the incentives right. One of their pieces of feedback for Foundry’s current design is: what prevents an attacker from buying a bunch of FRY, then depositing it into Governance, such that they instantaneously attain de-facto veto power?
Let’s start with a silly but instructive example. Foundry embarks on an Operation Freedom Finger, and decides to begin paying hundreds of people by the hour to stand outside the US White House, holding up their middle finger.
This enrages the US government, and they call all their experts together to discuss how to stop this.
The US throws a bunch of money at accumulating FRY on the open market. Assuming Foundry proposals have a pass threshold of 66%, and 10% of total FRY is already in governance, if the US government accumulates 15% of FRY they could enter Foundry governance and stop the middle finger mischief, vetoing any proposal to pay out the wage of those hard-working middle-finger-wavers. Operation Freedom Finger would be shut down.
More seriously, the government could then also capture all Foundry assets held in the Treasury. This includes not just coins but also .eth domains and potentially influence over Foundry products.
It’s important to note that this is not an economically motivated attack. If it were, our design criteria would be simpler: the cost of the attack (buying up all that FRY) must remain greater than the payoff (control over Treasury assets). But in this scenario, the adversary is both incredibly wealthy and enraged. Capturing the Treasury is only a means to an end: to bash and bully Foundry into stopping what it’s doing.
For Foundry to be unbullyable, this attack must be neutered.