In the second module, we're going to talk about some other types of risk: governance risk, DNS, Oracle risk, DEX risk, and custodial risk. I'm going to start with governance risk. I've already highlighted previously an exploit called the rug pull. Let's actually go through an example here of governance risk. Indeed, it's interesting within this space, there were no governance attacks until this year. I'll highlight one of those attacks. What does governance risk mean? Well, it is a situation where the controllers of the protocol could make some changes that are unfavorable. There's many mechanisms to prevent that. It might be that the DeFi protocols launched, the developers have control and it's not fully decentralized. It could be that the developers do some things that basically just profit for themselves. Now, of course, the community could get very upset about that. Indeed, it is possible that a fork could be created in terms of like another protocol launched to undo some of these changes. It would be new protocol, but having the advantage that it didn't have these negative changes. There is some riskier. We've gone through different types of risk already in terms of smart contract risk. But even like MakerDAO, when we're talking about that, that's a decentralized credit facility. There is governance with the Maker token. It's a decentralized governance. Is it possible that a group of people could gain control of the governance token and do things that undermine the actual protocol? That's a type of governance risk. This is an area of DeFi that people really haven't figured out the perfect solution here. There's many different ideas as to how to do governance. There are many different ideas as to how to do consensus. Different protocols have different approaches. I mentioned one protocol that had a committee of up to 50 people and no fewer than 11. Another protocol might have a governance token that's available for anybody to vote. Another protocol might have governance token, but you need a sufficient number of token to be qualified to vote. Another protocol might have a rule that's different than 51 percent. It might be that there's a quorum that's necessary. Once you've got the quorum, then 51 percent of the quorum, I guess so, maybe the quorum is 50 percent, effectively, 26 percent of the holders could actually control a change. There's many different choices that go on here. All of this is under this idea of governance risk. In deep, we've talked about this idea of a 51 percent attack. In Bitcoin, if there is a minor that has got 51 percent, then probabilistically, they can do what they want. Of course, if they do what they want and try to drain funds, then people completely lose their faith in the protocol. But nevertheless, 51 percent in Bitcoin is enough and 51 percent and most of these profile protocols is enough to create problem. Again, I've mentioned this. I'll mention again because it's important. When the DeFi protocol is initially launched, it's usually not completely decentralized. There's a time period where the developers have a lot of control, which they need to clean up the protocol, to make changes, to make it more efficient, to fix bugs, and things like that. But to be truly decentralized, then you move to the next level, which would be, for example, issuing a governance token. Let's actually look at one particular example. This has to do with the protocol that you don't necessarily need the 51 percent to be successful. It is often the case that you do need to have some financial resources to do this. This is not like a flash attack. You actually have to have some capital behind you to actually be a player in a governance attack. Just think about if you're buying the governance token, you need some capital to actually do that. This is not a situation where you do a flash loan buy the capital and then the governance token and then pay back the loan, that's not going to work that way. You need to have some financial means to actually pull this off. You also need to worry about something that I've already mentioned. Remember I said that for Bitcoin, if somebody grabbed 51 percent, then people would lose all faith in Bitcoin and it would plunge in value. It doesn't make any sense even if you had to 51 percent to do anything nefarious because you spent all of the resources to get to that 51 percent and then you control it, but then it's worth nothing so you need to think of a way to actually monetize. Again, these governance attacks, there hasn't been anything like it until recently. I'm going to go through the details of an attack on True Seigniorage Dollar, so TSD. I've got basically the Twitter thread as to what happened, but I've summarized it. The hacker is going to amass governance token. Remember I said that for this type of exploit, you need to be financially equipped. TSD is not a big protocol, so it doesn't take a massive amount of money to do this, but nevertheless, this is what the hacker actually does. It turns out that the developers held only nine percent of the governance. The hacker got enough to actually put forward a proposal. Given that the hacker had effectively a large proportion of the governance token, the hacker decides to mint, so the vote is to mint him or herself. 11.5 quintillion TSDs, so that's obviously a direct benefit. Then you need to somehow monetize that. Immediately what happens is the hacker dumps as many of these TSDs as possible on Pancakeswap which is very much like Uniswap, the same idea. It's a DEX, it's a constant product automated market maker. Essentially, what's happening here is that as you sell that TSD, the price is going down and down and down. Even though the hacker has minted him or herself 11.5 quintillion TSD, by the time that they dump 11.8 billion, the price is already extremely close to zero, so it's no use going any further. You can see what happened in terms of the value, and this is the ride all the way down from about $23 to zero. Again, the price is going down on each sale, but this is how the hacker actually was able to essentially go in, take over the protocol, mint themselves, some of the TSDs, and then dump them quickly on an exchange. They dumped as many as they could. They walk away with the profit, and basically what happens to TSD, it's destroyed, this is what happens in terms of decentralized finance. This is a known situation that is exactly the way this works. Take a look at the very last sentence of this thread from the True Seigniorage Dollar developers. You can see the official site at Trueseigniorage, the last sentence, let me read it to you. I'll read the whole thing. In the implementation, the attacker added code to mint for himself 11.8 billion TSD. He then sold all of the tokens to Pancakeswap. That's sad, but it is an attack but it is how a decentralized DAO works. Actually, just to be clear, the tweet actually says 11.8 was minted, actually way more was minted. It was 11.5 quintillion, so it's a little inaccurate, but that's not the point here. The point here is that the people behind this protocol said, "Well, it's bad for us, but this is how Dev and a DAO actually works. If you lose a control to an adversary, then this is the risk that you actually face.
