Cost of Attack Analysis

• Attackers can use multiple channels to gather enough ARB tokens for a governance attack. Based on current participation rates and delegate votes, an attacker would need 200M ARB to pass a non-constitutional governance vote. Here are the various acquisition methods, ranked from least to most expensive:

  1. Borrowing ARB from lending protocols and CEXes is the cheapest way as users would only pay a small interest rate. Based on current market conditions we estimate that 50M could be borrowed.
  2. Using bribing platforms like LobbyFi, where the cost is a percentage of the proposal value. This method could secure 20M tokens.
  3. Acquiring tokens directly through CEXs and DEXs. Buyers face slippage costs that increase quadratically relative to average daily volume. Under current liquidity conditions, 100M ARB could be hedged at low cost through perpetuals and derivatives markets to limit depreciation risk.
  4. The remaining 30M ARB tokens would be unhedged, exposing the attacker to price fluctuations. With ARB’s historical weekly average depreciation of 13%, an attacker could lose approximately 3.9M ARB.

  Attack costs increase quadratically with the number of ARB tokens needed. For 200M ARB, the cost is relatively modest at 18M ARB (~$7M at current prices), making attacks profitable when governance proposals exceed 20M ARB in value. However, attackers must have substantial financial resources to provide loan collateral and purchase tokens, limiting this strategy to large players.

Estimated_Cost_of_Acquiring_ARB_using_Bribes_CEX_Loans_(3)864×533 9.55 KB

• The price of ARB is a crucial factor in determining attack profitability. A lower ARB price reduces the cost of attacks aimed at redirecting WETH from sequencer revenue.
• The number of ARB tokens an attacker needs to pass a vote depends on the expected participation rate.

Quorum Analysis

• Votable Supply Is Rapidly Increasing: Votable supply has grown 44.8% YoY, from 2.8B to 4.3B ARB, driven by token unlocks and DAO/Foundation expenditures. Projected votable supply could reach 5.9B ARB by Mar 2026, raising quorum thresholds proportionally.
• Quorum Thresholds Are Rising Faster Than Participation: By March 2026, the Constitutional quorum may increase from 210M to 295M ARB, while Non-constitutional quorum may rise from 126M to 177M ARB
• Participation Rates Are Stagnant or Declining: Delegated participation rates hover between 40–60%, with no clear upward trend. Participation as a % of votable supply dropped from 8% to 4–5% over the past year.
• Quorum Margin Is Eroding: The margin by which proposals reach quorum has been eroding. Non-constitutional quorum margin shrank from ~100% (2023) to ~35% (early 2025). Constitutional proposals now operate with just a 10% buffer over quorum, down from 30%—leaving little room for voter drop-off.
• Delegated Supply Is Falling as a % of Votable Supply: Delegated supply dropped from 15% to 7.5% of total votable supply in the past year. Total delegated votes decreased 12%, from 360M to 320M, despite an increase in token supply. This divergence threatens proposal success rates, especially as thresholds climb.
• Top Delegates Have Outsized Influence: Just 4 delegates failing to vote would have caused 25% of past proposals to fail. Top 5 delegates control ~40% of all votes cast—posing a moderate but real risk of proposal manipulation or unintentional governance fragility.
• Non-Constitutional Proposals Are Vulnerable to Lower Delegation: Base-case participation failure rate rises to 59–66% by 2026; under bear scenarios, failure hits 85–90%. Even slight drops in turnout (e.g., from 159M to 133M ARB) push proposals below quorum.
• Constitutional Proposals Face Systemic Failure Risk: Even in bullish delegation scenarios, constitutional proposals show >95% failure rate due to high quorum (e.g., 230M ARB). Base and Bear-case simulations show 100% failure likelihood for constitutional proposals without improved participation, requiring immediate attention.
• Increasing Delegation and Participation is Essential: If participation and delegation don’t scale along with quorum requirements, governance proposals will increasingly fail to meet quorum. Reliance on social coordination to pass critical proposals is not a sustainable governance model.

We propose the following potential suggestions for preventing governance attacks:

• Implement a monitoring dashboard. Track potential costs and attack likelihood in real-time as market conditions evolve, including CEX liquidity, borrowing costs, ARB delegation amounts, and price movements. This enables proactive risk identification.
• Partner with vote-buying platforms. LobbyFi, controlling 20M ARB, can help prevent governance attacks through their existing guardrails for proposal analysis. We recommend working with them to disable vote-buying and implement automatic “No” votes for proposals flagged by the Security Council or exceeding specific funding thresholds.
• Implement dynamic quorums. This balances the risk of not reaching quorum against having too low a threshold that enables attacks. Setting quorum requirements based on estimated attack costs reduces profitability. Smaller proposals can have lower quorums, with requirements increasing for larger proposals.
• Cap token transfers per governance proposal. While this might require splitting large proposals (e.g., 50M ARB) into multiple votes, it would limit the Foundation’s potential losses from governance attacks.
• Enhance Security Council oversight for high-stakes votes (+20M ARB). Review these proposals case-by-case and give the Council deterrent powers. Creating uncertainty deters attackers by reducing success probability. Potential tools include:
  • Assessing and communicating governance risks to educate delegates about dangerous proposals.
  • Implementing proposal-specific quorum adjustments—reducing requirements by 20% for low-risk DAO proposals while increasing them by 50% for higher-risk ones.
  • Delegating Treasury votes to high-Karma delegates, ensuring neutrality while raising attack costs.
• Establish a minimum delegation period. For high-stakes votes, count only votes delegated at least one month before the proposal. This prevents token accumulation solely for voting and increases attack costs by forcing longer holding periods, thereby increasing unhedged mark-to-market risk.
• Focus on increasing delegated participation rates. Currently, only 40-60% of delegates’ votes are cast on proposals. We need to increase this participation rate through incentives for active voting or consequences for non-participation. Higher participation from honest delegates increases the tokens needed for attacks. The cost rises quadratically with required tokens—a 10% increase in participation (30M ARB) could double attack costs from 18M to 34M ARB.
• Encourage Delegation. ARB staking is a step in the right direction, requiring token holders to delegate to receive rewards. Additional similar programs should be devised to encourage and grow the number of delegated votes.

These recommendations require further analysis to evaluate their effectiveness and could be explored in the second phase of this research.

Full Report

The reports, analyses, and other information and materials (“Materials”) provided by Nethermind are made available “AS IS” and “WITH ALL FAULTS.” YOU USE AND RELY ON THE MATERIALS AT YOUR OWN RISK. These Materials do not constitute financial, investment, tax, legal, regulatory, or professional advice, and no person should rely on them as such.

For the avoidance of doubt, unless otherwise set forth in a separate written agreement between Nethermind and you, Nethermind makes no representation or warranty with respect to the Materials or any services provided, nor for any actions or omissions by or on behalf of Nethermind or any other party, including but not limited to the Arbitrum Foundation, the Arbitrum Research and Development Committee (“ARDC”), the Arbitrum Decentralized Autonomous Organization (“DAO”), or any individual member of the foregoing entities (collectively, the “Arbitrum Parties”).

Nethermind does not endorse, validate, or guarantee the security, performance, or reliability of any protocol, project, technology, or team referenced in this analysis. Any observations or assessments provided should not be interpreted as a recommendation or assurance regarding the safety, legality, or viability of any specific implementation or operational decision.

Nethermind disclaims any and all representations and warranties, whether express, implied, statutory, or otherwise, including but not limited to warranties of merchantability, non-infringement, fitness for a particular purpose, or any warranties arising from the course of dealing or trade usage. Nethermind specifically does not represent that the Materials will be error-free. The Materials may include content, software, information, and data provided or made available by third parties, including Arbitrum Parties (“Third-Party Materials”). Nethermind has no obligation to investigate the source, accuracy, or security of such Third-Party Materials and makes no representation regarding their reliability or legality.

Any risk assessments, forecasts, or observations provided by Nethermind are based on available data at the time of analysis and should not be interpreted as guarantees of future performance, security, or regulatory compliance. Past performance and historical data are not reliable indicators of future outcomes. Assessments involving blockchain, smart contracts, and decentralized finance (DeFi) protocols are subject to inherent uncertainties, including evolving security vulnerabilities, regulatory developments, and market volatility. Nethermind does not provide assurances regarding the legality, stability, or long-term viability of any discussed technologies.

For the avoidance of doubt, Nethermind shall not be liable to you or any third party under any theory of liability for any claims or causes of action arising from or related to the actions or omissions of any Arbitrum Parties. By accessing and/or using the Materials, you agree that you will not, and will not permit any third party to, bring any claim against Nethermind in connection with any of the Arbitrum Parties’ actions or omissions. Nethermind is not, and shall not be deemed, a partner, fiduciary, or other legal representative or agent of any of the foregoing.