# Treasury-drain scenario family (TD-001 .. TD-030) # # Each scenario encodes an attack whose objective is to extract value from # the shared treasury, or to encumber it so that future extraction is # inevitable. Every scenario asserts two things: # # 1. Under the kernel's default parameters (constitution/parameters.yaml) # the attack is BLOCKED, and `expect.mechanism` names the rule that # blocks it. # 2. Under the `weakened` parameter set — the kind of change a hostile # amendment PR would smuggle in — the attack SUCCEEDS. This proves the # scenario has teeth: a PR that weakens these parameters flips the # expected outcome and the harness fails the build. # # Empathy metric: every scenario declares the worst-off participant group, # the welfare metric used, the pre-attack baseline, and the floor (fraction # of baseline the worst-off must retain even while the attack is in flight). # The harness grades the empathy floor BEFORE grading whether the attack was # blocked. A constitution that blocks the attack but immiserates the # worst-off while doing so still fails. # # Action vocabulary (see docs/dsl-spec.md): propose, vote, abstain, # schedule_vote, withdraw, transfer, mint, admit_members, expel_member, # declare_emergency, extend_emergency, define_term, delay, adjourn, # reconvene, walkout, challenge_credentials, fork. family: treasury-drain version: "0.1.0" description: > Attacks that extract, dilute, encumber, or launder the common treasury through formally legal moves. Covers naked majority drains, structuring below thresholds, self-dealing, dilution by issuance, obligation ratchets, conflict-of-interest grant capture, and end-game defection. defaults: population: 100 resources: treasury: 1000.0 parameters_ref: constitution/parameters.yaml scenarios: - id: TD-001 title: Simple-majority total drain taxonomy: treasury-drain tags: [majority-tyranny, spending, baseline] severity: critical precedent: | Garrett Hardin, "The Tragedy of the Commons" (1968), and Elinor Ostrom's response in "Governing the Commons" (1990): an unconstrained majority over a common-pool resource extracts it to exhaustion because the gains are concentrated and the losses diffused. This is the canonical attack the project description names: "if a 51% faction can drain the commons under your wording, the test fails." actors: - { id: drain_faction, size: 51, objective: maximize_extraction } - { id: minority, size: 49, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: drain_faction, action: propose, kind: spend, amount: 1000.0, beneficiary: drain_faction } - { actor: drain_faction, action: vote, choice: yes } - { actor: minority, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.treasury-supermajority rationale: > A spend exceeding spend_supermajority_trigger of the treasury requires a supermajority; 51/100 fails the gate. weakened: parameters: { spend_threshold: 0.50, spend_supermajority_trigger: 1.01 } outcome: attack_succeeds empathy: worst_off: minority metric: resource_share baseline: 0.49 floor: 0.95 note: > Minority members hold a 49% claim on the commons before the attack; the blocked outcome must leave that claim essentially intact. - id: TD-002 title: Salami-slice structuring below the supermajority trigger taxonomy: treasury-drain tags: [structuring, thresholds, aggregation] severity: critical precedent: | "Structuring" / "smurfing" in anti-money-laundering law (31 U.S.C. § 5324): splitting transactions to stay under per-transaction reporting thresholds. Any per-proposal spending limit that does not aggregate across proposals and beneficiaries is trivially defeated by N small proposals. actors: - { id: drain_faction, size: 51, objective: maximize_extraction } - { id: minority, size: 49, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: drain_faction, action: propose, kind: spend, amount: 90.0, beneficiary: drain_faction, repeat: 11 } - { actor: drain_faction, action: vote, choice: yes, repeat: 11 } - { actor: minority, action: vote, choice: no, repeat: 11 } expect: outcome: attack_blocked mechanism: kernel.art4.aggregate-spend-window rationale: > Spending to a common beneficiary aggregates over the rolling aggregation window; the eleventh slice crosses the supermajority trigger and the gate applies to the aggregate. weakened: parameters: { spend_aggregation_window_days: 0 } outcome: attack_succeeds empathy: worst_off: minority metric: resource_share baseline: 0.49 floor: 0.90 - id: TD-003 title: Flash-membership governance raid taxonomy: treasury-drain tags: [sybil, membership, flash-attack] severity: critical precedent: | Beanstalk Farms exploit (April 2022): an attacker used a flash loan to acquire a transient supermajority of governance tokens, passed a proposal transferring ~$182M of protocol assets to themselves, and repaid the loan in the same transaction. The membership analogue is a wave of new members admitted and voting on a drain in the same session. actors: - { id: raiders, size: 60, objective: maximize_extraction, joined_at: 0 } - { id: citizens, size: 40, objective: preserve_commons, joined_at: -365 } resources: { treasury: 1000.0 } moves: - { actor: raiders, action: admit_members, count: 60, sponsor: raiders } - { actor: raiders, action: propose, kind: spend, amount: 1000.0, beneficiary: raiders } - { actor: raiders, action: vote, choice: yes } - { actor: citizens, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art2.voting-eligibility-seasoning rationale: > Members may not vote on treasury matters until membership_seasoning_days has elapsed; the raiders' votes are ineligible and the proposal fails for lack of support. weakened: parameters: { membership_seasoning_days: 0 } outcome: attack_succeeds empathy: worst_off: citizens metric: resource_share baseline: 1.00 floor: 0.95 note: Incumbent citizens hold the entire pre-raid claim. - id: TD-004 title: Timelock evasion via same-session execution taxonomy: treasury-drain tags: [timelock, execution, flash-attack] severity: critical precedent: | The decisive difference between Beanstalk (no timelock, drained) and Compound-style governance (multi-day timelock, never flash-drained): a mandatory delay between ratification and execution lets the community observe, exit, or counter-propose. Attacks that pass a vote and execute in the same breath defeat every after-the-fact remedy. actors: - { id: drain_faction, size: 70, objective: maximize_extraction } - { id: minority, size: 30, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: drain_faction, action: propose, kind: spend, amount: 800.0, beneficiary: drain_faction } - { actor: drain_faction, action: vote, choice: yes } - { actor: drain_faction, action: withdraw, amount: 800.0, at_day: 0 } expect: outcome: attack_blocked mechanism: kernel.art4.execution-timelock rationale: > Execution before execution_timelock_days elapse is invalid even for a ratified proposal; the withdrawal is rejected and the minority's fork right (kernel.art9) remains exercisable during the window. weakened: parameters: { execution_timelock_days: 0 } outcome: attack_succeeds empathy: worst_off: minority metric: exit_option_value baseline: 0.30 floor: 1.00 note: > The empathy metric here is the minority's preserved ability to fork with their pro-rata share before execution — it must be fully intact. - id: TD-005 title: Self-dealing contract award without recusal taxonomy: treasury-drain tags: [conflict-of-interest, self-dealing] severity: high precedent: | Tammany Hall under William "Boss" Tweed: the New York County Courthouse, budgeted at $250,000, ultimately cost ~$13M (1860s dollars), with inflated invoices paid to ring-controlled contractors approved by ring-controlled boards. The structural failure: the people voting on the payment were its beneficiaries. actors: - { id: ring, size: 55, objective: maximize_extraction } - { id: public, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: ring, action: propose, kind: spend, amount: 400.0, beneficiary: ring, purpose: "infrastructure contract" } - { actor: ring, action: vote, choice: yes } - { actor: public, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.inv.no-self-dealing rationale: > Members who are direct beneficiaries of a spend must recuse; with the ring recused, the proposal fails 0–45. weakened: parameters: { conflict_of_interest_recusal: false } outcome: attack_succeeds empathy: worst_off: public metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-006 title: Logrolled mutual drain by two sub-majority factions taxonomy: treasury-drain tags: [logrolling, coalition, vote-trading] severity: high precedent: | Buchanan & Tullock, "The Calculus of Consent" (1962), on vote trading: two factions, each below a majority, exchange support for each other's extractive proposals, producing a combined outcome neither could pass alone and that a majority opposes in aggregate. Classic pork-barrel omnibus dynamics in US appropriations. actors: - { id: faction_a, size: 30, objective: maximize_extraction } - { id: faction_b, size: 25, objective: maximize_extraction } - { id: public, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: faction_a, action: propose, kind: spend, amount: 300.0, beneficiary: faction_a } - { actor: faction_b, action: propose, kind: spend, amount: 300.0, beneficiary: faction_b } - { actor: faction_a, action: vote, choice: yes, on: all } - { actor: faction_b, action: vote, choice: yes, on: all } - { actor: public, action: vote, choice: no, on: all } expect: outcome: attack_blocked mechanism: kernel.inv.no-self-dealing rationale: > Recusal applies per-proposal to each beneficiary faction; each proposal then faces 25–45 and 30–45 votes respectively and fails. Aggregation (kernel.art4.aggregate-spend-window) backstops the pair if recusal is contested. weakened: parameters: { conflict_of_interest_recusal: false, spend_aggregation_window_days: 0 } outcome: attack_succeeds empathy: worst_off: public metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-007 title: Single-bundle omnibus drain taxonomy: treasury-drain tags: [bundling, riders, single-subject] severity: high precedent: | Rider practice in US omnibus bills, and the single-subject rules that 41 US state constitutions adopted in response (e.g., Florida Const. art. III §6). Bundling a popular measure with an extractive rider forces voters to accept the drain to get the benefit. actors: - { id: bundlers, size: 40, objective: maximize_extraction } - { id: moderates, size: 35, objective: support_popular_measure } - { id: minority, size: 25, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: bundlers, action: propose, kind: spend, amount: 350.0, beneficiary: bundlers, bundled_with: { kind: spend, amount: 50.0, beneficiary: commons, purpose: "popular infrastructure" } } - { actor: bundlers, action: vote, choice: yes } - { actor: moderates, action: vote, choice: yes } - { actor: minority, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art3.single-subject rationale: > Proposals must be severable and single-subject; the bundle is split, the rider faces its own vote with recusal applied, and fails. weakened: parameters: { single_subject_rule: false } outcome: attack_succeeds empathy: worst_off: minority metric: resource_share baseline: 0.25 floor: 0.90 - id: TD-008 title: Dilution drain by minting new units taxonomy: treasury-drain tags: [issuance, dilution, inflation] severity: critical precedent: | The Weimar hyperinflation (1921–23) as the limit case of seigniorage as expropriation; in DAO form, governance proposals that mint new tokens to a faction (the attempted Build Finance DAO takeover, February 2022, where a captured governance key minted and dumped the BUILD supply). Dilution drains the treasury without touching it. actors: - { id: minters, size: 55, objective: maximize_extraction } - { id: holders, size: 45, objective: preserve_commons } resources: { treasury: 1000.0, units_outstanding: 100 } moves: - { actor: minters, action: propose, kind: mint, amount: 900, beneficiary: minters } - { actor: minters, action: vote, choice: yes } - { actor: holders, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.issuance-is-kernel-change rationale: > Changing the unit supply is a kernel-level (major version) change requiring kernel_amendment_threshold; 55% fails the supermajority. weakened: parameters: { issuance_requires_kernel_amendment: false } outcome: attack_succeeds empathy: worst_off: holders metric: resource_share baseline: 0.45 floor: 0.95 - id: TD-009 title: Self-voted compensation taking immediate effect taxonomy: treasury-drain tags: [compensation, self-dealing, 27th-amendment] severity: high precedent: | The 27th Amendment itself — drafted 1789, ratified 1992 — exists precisely because legislators voting themselves immediately-effective raises is a recognized drain: "No law, varying the compensation for the services of the Senators and Representatives, shall take effect, until an election of Representatives shall have intervened." actors: - { id: officers, size: 10, objective: maximize_extraction, role: elected } - { id: allies, size: 45, objective: support_officers } - { id: public, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: officers, action: propose, kind: recurring_spend, amount_per_period: 50.0, beneficiary: officers, purpose: "officer compensation" } - { actor: officers, action: vote, choice: yes } - { actor: allies, action: vote, choice: yes } - { actor: public, action: vote, choice: no } - { actor: officers, action: withdraw, amount: 50.0, at_period: 0 } expect: outcome: attack_blocked mechanism: kernel.art4.compensation-intervening-election rationale: > Compensation changes for sitting officers cannot take effect until after the next regular election of those officers; the period-0 withdrawal is invalid. weakened: parameters: { compensation_deferral: false } outcome: attack_succeeds empathy: worst_off: public metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-010 title: Expense reimbursement padding under a vague category taxonomy: treasury-drain tags: [reimbursement, definitional, audit] severity: medium precedent: | UK parliamentary expenses scandal (2009): claims for moat cleaning, duck houses, and phantom mortgages were technically processable because "expenses wholly, exclusively and necessarily incurred" was self-certified with no adversarial audit. A reimbursement category without itemization and challenge rights is a slow drain. actors: - { id: claimants, size: 20, objective: maximize_extraction } - { id: members, size: 80, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: claimants, action: withdraw, amount: 5.0, purpose: "operational expenses", repeat: 40 } expect: outcome: attack_blocked mechanism: kernel.art4.itemized-disbursement-ledger rationale: > All disbursements land itemized on the public ledger; aggregate per-member withdrawals above expense_audit_trigger require ex-ante approval, which the claimants never obtained. weakened: parameters: { expense_audit_trigger: 1.0e9 } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.80 floor: 0.90 - id: TD-011 title: Emergency appropriation bypassing spend gates taxonomy: treasury-drain tags: [emergency, bypass, cross-family] severity: critical precedent: | Roman dictatorship's evolution from Cincinnatus (legitimate emergency magistracy, voluntarily relinquished) to Sulla (indefinite dictatorship funding proscriptions from confiscated estates). Modern echo: emergency declarations used to redirect appropriated funds (US National Emergencies Act, 2019 border-wall reprogramming litigation). actors: - { id: executive_faction, size: 51, objective: maximize_extraction } - { id: minority, size: 49, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: executive_faction, action: declare_emergency, justification: "fiscal crisis" } - { actor: executive_faction, action: withdraw, amount: 600.0, under: emergency_powers } expect: outcome: attack_blocked mechanism: kernel.art5.emergency-spend-cap rationale: > Emergency authority caps cumulative emergency spending at emergency_spend_cap_fraction of the treasury and never suspends the disbursement ledger; the 600-unit withdrawal exceeds the cap. weakened: parameters: { emergency_spend_cap_fraction: 1.0 } outcome: attack_succeeds empathy: worst_off: minority metric: resource_share baseline: 0.49 floor: 0.85 - id: TD-012 title: Grant-program capture by recipient voters taxonomy: treasury-drain tags: [grants, conflict-of-interest, capture] severity: high precedent: | Documented failure mode across DAO grant programs (e.g., the 2021–22 wave of grants-committee self-allocation controversies): when grant recipients sit on or vote for the committee that renews their grants, the program converges to paying its own evaluators. Public-choice term: client politics (Wilson, "Bureaucracy", 1989). actors: - { id: grantees, size: 15, objective: maximize_extraction, role: committee } - { id: members, size: 85, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: grantees, action: propose, kind: spend, amount: 200.0, beneficiary: grantees, purpose: "grants round 2", approver: committee } - { actor: grantees, action: vote, choice: yes, as: committee } expect: outcome: attack_blocked mechanism: kernel.inv.no-self-dealing rationale: > Delegated approval authority inherits the recusal invariant; a committee cannot approve spends to its own members, and the proposal escalates to the full membership where it fails. weakened: parameters: { recusal_applies_to_delegates: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.85 floor: 0.90 - id: TD-013 title: Sybil grant recipients laundering a drain taxonomy: treasury-drain tags: [sybil, grants, identity] severity: high precedent: | Collusion and sybil attacks documented in Gitcoin's quadratic-funding rounds (Buterin/Hitzig/Weyl's "Liberal Radicalism" mechanism is explicitly sybil-fragile): one operator behind many nominal recipients converts per-recipient caps into an uncapped aggregate. actors: - { id: operator, size: 5, objective: maximize_extraction, sybils: 30 } - { id: members, size: 95, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: operator, action: propose, kind: spend, amount: 10.0, beneficiary: sybil_pool, repeat: 30 } - { actor: members, action: vote, choice: yes, on: all, belief: "independent small grants" } expect: outcome: attack_blocked mechanism: kernel.art2.one-person-one-identity rationale: > Beneficiary identity resolution collapses the sybil pool to its operator; aggregation then trips the audit trigger and approvals are void for material misrepresentation. weakened: parameters: { identity_resolution: false, spend_aggregation_window_days: 0 } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.95 floor: 0.90 - id: TD-014 title: Treasury swap into an insider's illiquid asset taxonomy: treasury-drain tags: [diversification, insider, valuation] severity: high precedent: | Wonderland DAO (January 2022): treasury management concentrated in a pseudonymous insider later revealed as a convicted fraudster; and the broader pattern of "treasury diversification" proposals that sell the commons' liquid assets for an insider's illiquid token at insider-set valuations. The drain happens at the pricing step, not the vote. actors: - { id: insider, size: 8, objective: maximize_extraction } - { id: allies, size: 47, objective: support_insider } - { id: members, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: insider, action: propose, kind: asset_swap, pay: 500.0, receive: { asset: insider_token, valuation_source: insider } } - { actor: insider, action: vote, choice: yes } - { actor: allies, action: vote, choice: yes } - { actor: members, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.counterparty-recusal-and-independent-valuation rationale: > The counterparty to a treasury transaction must recuse, and swaps above the supermajority trigger require an independent valuation; with the insider recused the proposal fails 47–45 short of the supermajority, and lacks a valid valuation regardless. weakened: parameters: { conflict_of_interest_recusal: false, independent_valuation_required: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-015 title: Endowment-principal invasion disguised as yield taxonomy: treasury-drain tags: [endowment, accounting, definitional] severity: medium precedent: | The pre-UPMIFA era of US endowment law: institutions spent "income" while redefining realized principal gains as income, hollowing out endowments in flat markets. UPMIFA (2006) replaced the income/principal line with a prudence standard precisely because the definitional line was gameable. actors: - { id: spenders, size: 55, objective: maximize_extraction } - { id: stewards, size: 45, objective: preserve_commons } resources: { treasury: 1000.0, designated_principal: 800.0 } moves: - { actor: spenders, action: define_term, term: "income", as: "all realized gains including principal sales" } - { actor: spenders, action: propose, kind: spend, amount: 300.0, beneficiary: spenders, purpose: "income distribution" } - { actor: spenders, action: vote, choice: yes } - { actor: stewards, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art6.definitions-are-amendments rationale: > Redefining a term used by a spending rule is itself an amendment to that rule and requires the amendment threshold; the 55% redefinition fails, so the spend exceeds permissible draw and is rejected. weakened: parameters: { definitions_require_amendment: false } outcome: attack_succeeds empathy: worst_off: stewards metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-016 title: Obligation ratchet — recurring payment with no sunset taxonomy: treasury-drain tags: [recurring, sunset, future-binding] severity: high precedent: | Unfunded pension obligations as slow-motion treasury capture: a one-time majority binds all future treasuries (e.g., the 2003–2013 Detroit trajectory into the largest US municipal bankruptcy, driven substantially by retirement obligations no later council could legally revisit). A recurring spend approved once is a drain with a delay line. actors: - { id: beneficiaries, size: 51, objective: maximize_extraction } - { id: future_members, size: 49, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: beneficiaries, action: propose, kind: recurring_spend, amount_per_period: 40.0, beneficiary: beneficiaries, sunset: none } - { actor: beneficiaries, action: vote, choice: yes } - { actor: future_members, action: vote, choice: no } - { actor: beneficiaries, action: withdraw, amount: 40.0, repeat: 25 } expect: outcome: attack_blocked mechanism: kernel.art4.recurring-spend-sunset rationale: > Recurring disbursements carry a mandatory sunset of at most recurring_spend_max_periods and must be re-ratified; the drain stops at the sunset and the re-ratification (with recusal) fails. weakened: parameters: { recurring_spend_max_periods: 1000000 } outcome: attack_succeeds empathy: worst_off: future_members metric: resource_share baseline: 0.49 floor: 0.80 note: > Worst-off here is explicitly the future cohort that never voted on the obligation — the empathy metric is evaluated at period 25. - id: TD-017 title: Debt issuance to evade the spending cap taxonomy: treasury-drain tags: [debt, off-balance-sheet, caps] severity: high precedent: | Greece's 2001 cross-currency swaps (arranged with Goldman Sachs) that kept reported debt under Maastricht ceilings, and Enron's special-purpose entities: when a cap binds the measured quantity, attackers move the liability off the measure. Borrowing against the treasury extracts present value while the cap reads compliant. actors: - { id: borrowers, size: 55, objective: maximize_extraction } - { id: members, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: borrowers, action: propose, kind: debt_issuance, principal: 600.0, proceeds_to: borrowers, secured_by: treasury } - { actor: borrowers, action: vote, choice: yes } - { actor: members, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.encumbrances-count-as-spend rationale: > Pledges, guarantees, and debt secured by the treasury count against spend thresholds at face value; the issuance trips the supermajority gate and the beneficiary recusal, and fails. weakened: parameters: { encumbrances_count_as_spend: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-018 title: Denominator gaming — cap measured at a stale peak taxonomy: treasury-drain tags: [definitional, measurement, caps] severity: medium precedent: | Goodhart's Law applied to fiscal rules: caps defined against a reference quantity the spender can choose (peak treasury value, projected revenue) stop binding. EU Stability and Growth Pact deficit ceilings were repeatedly satisfied via optimistic growth projections (Commission ex-post revisions, 2002–2004 France/Germany episodes). actors: - { id: spenders, size: 51, objective: maximize_extraction } - { id: members, size: 49, objective: preserve_commons } resources: { treasury: 400.0, historical_peak: 2000.0 } moves: - { actor: spenders, action: propose, kind: spend, amount: 350.0, beneficiary: spenders, cap_basis: historical_peak } - { actor: spenders, action: vote, choice: yes } - { actor: members, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.cap-basis-current-balance rationale: > All fractional spend thresholds are computed against the current treasury balance at proposal time; 350/400 = 87.5% trips the supermajority gate and beneficiary recusal kills the vote. weakened: parameters: { spend_cap_basis: "self_declared" } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.49 floor: 0.85 - id: TD-019 title: Admission-wave exit scam taxonomy: treasury-drain tags: [membership, exit, flash-attack] severity: critical precedent: | The "rug pull" pattern formalized: AnubisDAO (October 2021) raised ~13,556 ETH and was drained within 20 hours of launch. Governance version: a cohort joins, contributes nothing, votes a distribution, and exits. Distinct from TD-003: here the drain is framed as a lawful pro-rata distribution to members. actors: - { id: wave, size: 60, objective: maximize_extraction, joined_at: 0 } - { id: founders, size: 40, objective: preserve_commons, joined_at: -400 } resources: { treasury: 1000.0 } moves: - { actor: wave, action: propose, kind: distribution, amount: 1000.0, basis: per_capita } - { actor: wave, action: vote, choice: yes } - { actor: founders, action: vote, choice: no } - { actor: wave, action: exit, after: distribution } expect: outcome: attack_blocked mechanism: kernel.art2.voting-eligibility-seasoning rationale: > Seasoning blocks the wave's votes on treasury matters; the distribution fails 0–40. Dissolution-style distributions additionally require kernel_amendment_threshold. weakened: parameters: { membership_seasoning_days: 0 } outcome: attack_succeeds empathy: worst_off: founders metric: resource_share baseline: 1.00 floor: 0.95 - id: TD-020 title: Standing-order pre-approval evading per-spend review taxonomy: treasury-drain tags: [delegation, standing-orders, scope] severity: high precedent: | The "lump-sum appropriation" problem in administrative law (Stith, "Congress' Power of the Purse", 97 Yale L.J. 1343 (1988)): a broad standing authorization ("the operations committee may spend as needed") converts one vote into unbounded future spends with no further review. actors: - { id: committee, size: 7, objective: maximize_extraction } - { id: allies, size: 48, objective: support_committee } - { id: members, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: allies, action: propose, kind: delegation, to: committee, authority: "spend as needed", cap: none, sunset: none } - { actor: allies, action: vote, choice: yes } - { actor: committee, action: vote, choice: yes } - { actor: members, action: vote, choice: no } - { actor: committee, action: withdraw, amount: 100.0, repeat: 9, under: delegation } expect: outcome: attack_blocked mechanism: kernel.art7.bounded-delegation rationale: > Delegated spending authority must carry an explicit cap and sunset; an unbounded delegation is void ab initio and every withdrawal under it is invalid. weakened: parameters: { delegation_requires_cap_and_sunset: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-021 title: Buyback of the faction's own claims above fair value taxonomy: treasury-drain tags: [buyback, pricing, insider] severity: high precedent: | The recurring DeFi "treasury buys back tokens from exiting insiders at a premium" pattern (e.g., the contested FEI/Rari Capital merger unwind votes, 2022): a buyback at an above-market price is a transfer from remaining members to the sellers, dressed as treasury management. actors: - { id: sellers, size: 51, objective: maximize_extraction } - { id: remainers, size: 49, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: sellers, action: propose, kind: buyback, pay: 500.0, fair_value: 200.0, counterparty: sellers } - { actor: sellers, action: vote, choice: yes } - { actor: remainers, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.inv.no-self-dealing rationale: > Counterparty recusal applies; without the sellers' votes the buyback fails 0–49, and the above-fair-value premium independently violates the independent-valuation requirement. weakened: parameters: { conflict_of_interest_recusal: false, independent_valuation_required: false } outcome: attack_succeeds empathy: worst_off: remainers metric: resource_share baseline: 0.49 floor: 0.90 - id: TD-022 title: Insider-loss bailout from the commons taxonomy: treasury-drain tags: [bailout, moral-hazard, insider] severity: high precedent: | FTX's use of customer assets to backstop Alameda's losses (per the 2023 trial record) as the limit case; in governance form, a proposal to "make whole" a faction's private losses from the shared treasury. Moral-hazard literature: Kareken & Wallace (1978) on deposit insurance without supervision. actors: - { id: losers, size: 30, objective: maximize_extraction } - { id: sympathizers, size: 25, objective: support_losers } - { id: members, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: losers, action: propose, kind: spend, amount: 400.0, beneficiary: losers, purpose: "loss restitution" } - { actor: losers, action: vote, choice: yes } - { actor: sympathizers, action: vote, choice: yes } - { actor: members, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.inv.no-self-dealing rationale: > With the loser faction recused the vote is 25–45; the spend also exceeds the supermajority trigger. Bona fide mutual-aid transfers remain possible through the userland mutual-aid module, which caps per-event payouts. weakened: parameters: { conflict_of_interest_recusal: false, spend_supermajority_trigger: 1.01 } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.45 floor: 0.90 - id: TD-023 title: Last-period defection before scheduled dissolution taxonomy: treasury-drain tags: [endgame, backward-induction, dissolution] severity: high precedent: | Backward induction in finitely repeated games (Selten, 1978, chain store paradox): cooperation unravels when the end is known. A group with a scheduled dissolution date faces a final-period majority with nothing to lose from defecting and voting itself the residual. actors: - { id: defectors, size: 55, objective: maximize_extraction } - { id: minority, size: 45, objective: preserve_commons } resources: { treasury: 1000.0 } parameters: dissolution_scheduled: true moves: - { actor: defectors, action: propose, kind: distribution, amount: 1000.0, basis: "to voters in favor" } - { actor: defectors, action: vote, choice: yes } - { actor: minority, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art10.dissolution-pro-rata rationale: > Dissolution distributions are constitutionally fixed at equal per-capita shares for all members in good standing; a distribution keyed to vote choice violates the equal-membership invariant and is void regardless of the vote. weakened: parameters: { dissolution_pro_rata: false } outcome: attack_succeeds empathy: worst_off: minority metric: resource_share baseline: 0.45 floor: 1.00 note: At dissolution the floor is absolute — equal shares or nothing. - id: TD-024 title: Matching-funds collusion drain taxonomy: treasury-drain tags: [matching, collusion, mechanism-design] severity: medium precedent: | Quadratic funding's known collusion vulnerability (acknowledged in Buterin, Hitzig & Weyl, "A Flexible Design for Funding Public Goods", 2019, §5): coordinated small contributions extract a superlinear match. Any treasury match rule turns coordination into leverage on the commons. actors: - { id: colluders, size: 25, objective: maximize_extraction } - { id: members, size: 75, objective: preserve_commons } resources: { treasury: 1000.0, matching_pool: 300.0 } moves: - { actor: colluders, action: transfer, amount: 1.0, to: colluder_project, repeat: 25 } - { actor: colluders, action: propose, kind: match_claim, project: colluder_project, computed_match: 250.0 } expect: outcome: attack_blocked mechanism: kernel.art4.match-cap-and-collusion-discount rationale: > Matching claims are capped at match_per_project_cap of the pool and pairwise-correlated contributions are discounted; the computed match collapses below the cap and the colluders recuse from approving their own claim. weakened: parameters: { match_per_project_cap: 1.0, collusion_discount: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.75 floor: 0.90 - id: TD-025 title: Custodial key-person concentration taxonomy: treasury-drain tags: [custody, key-person, single-point-of-failure] severity: critical precedent: | QuadrigaCX (2019): sole custody of exchange cold wallets by one founder; his death (and the subsequent OSC finding of fraud) stranded C$215M. Constitutionally: any rule that lets one officer hold sole effective control of the treasury is a drain waiting for a pretext. actors: - { id: custodian, size: 1, objective: maximize_extraction, role: officer } - { id: members, size: 99, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: custodian, action: propose, kind: custody_change, signers_required: 1, signers: [custodian] } - { actor: custodian, action: vote, choice: yes } - { actor: members, action: abstain, fraction: 0.6 } - { actor: custodian, action: withdraw, amount: 1000.0, under: custody } expect: outcome: attack_blocked mechanism: kernel.art4.multi-key-custody-floor rationale: > Custody arrangements require at least custody_min_signers independent signers from distinct factions; a 1-of-1 custody change is void regardless of vote outcome, so the withdrawal never has a valid authorization path. weakened: parameters: { custody_min_signers: 1 } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.99 floor: 0.95 - id: TD-026 title: Fee-routing drain — revenue diverted upstream of the treasury taxonomy: treasury-drain tags: [revenue, routing, upstream] severity: high precedent: | SushiSwap's 2020 "chef Nomi" episode: control of the fee/dev-fund routing let one actor convert ~$14M of protocol revenue to personal assets without touching the visible treasury. Diverting inflows is economically identical to draining the stock. actors: - { id: router, size: 5, objective: maximize_extraction, role: operator } - { id: allies, size: 47, objective: support_router } - { id: members, size: 48, objective: preserve_commons } resources: { treasury: 1000.0, revenue_per_period: 50.0 } moves: - { actor: allies, action: propose, kind: revenue_routing, destination: router, fraction: 1.0 } - { actor: allies, action: vote, choice: yes } - { actor: router, action: vote, choice: yes } - { actor: members, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.revenue-routing-is-spend rationale: > Redirecting revenue streams is treated as a recurring spend of the diverted amounts: beneficiary recusal applies (router), the aggregate trips the supermajority trigger, and the mandatory sunset applies even if it passes. weakened: parameters: { revenue_routing_is_spend: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.48 floor: 0.90 - id: TD-027 title: In-kind drain — below-market sale of treasury assets taxonomy: treasury-drain tags: [in-kind, pricing, disposal] severity: high precedent: | Russian loans-for-shares privatizations (1995): state assets worth billions sold to insiders at a fraction of value through auctions the buyers administered. The treasury balance barely moves; the value does. actors: - { id: buyers, size: 52, objective: maximize_extraction } - { id: members, size: 48, objective: preserve_commons } resources: { treasury: 200.0, asset_book_value: 800.0 } moves: - { actor: buyers, action: propose, kind: asset_sale, asset: commons_asset, price: 80.0, fair_value: 800.0, counterparty: buyers } - { actor: buyers, action: vote, choice: yes } - { actor: members, action: vote, choice: no } expect: outcome: attack_blocked mechanism: kernel.art4.counterparty-recusal-and-independent-valuation rationale: > The buying faction recuses as counterparty (vote fails 0–48), and a disposal below independent fair value by more than the disposal_discount_tolerance is void even if ratified. weakened: parameters: { conflict_of_interest_recusal: false, independent_valuation_required: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.48 floor: 0.90 - id: TD-028 title: Two-step laundering through a friendly external entity taxonomy: treasury-drain tags: [indirection, laundering, related-party] severity: high precedent: | The "independent" intermediary pattern in related-party-transaction law (Delaware's entire-fairness doctrine, Weinberger v. UOP, 1983): a spend to a nominally unrelated entity that contracts back with the faction defeats naive beneficiary checks. One hop of indirection should not defeat recusal. actors: - { id: faction, size: 51, objective: maximize_extraction, controls: shell_entity } - { id: members, size: 49, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: faction, action: propose, kind: spend, amount: 400.0, beneficiary: shell_entity, purpose: "services agreement" } - { actor: faction, action: vote, choice: yes } - { actor: members, action: vote, choice: no } - { actor: faction, action: transfer, from: shell_entity, to: faction, amount: 380.0 } expect: outcome: attack_blocked mechanism: kernel.inv.no-self-dealing rationale: > Beneficiary identity is resolved through control relationships (declared or ledger-evidenced); the shell collapses to the faction, recusal applies, and the proposal fails 0–49. weakened: parameters: { beneficial_ownership_resolution: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.49 floor: 0.90 - id: TD-029 title: Quorum-timed spend vote taxonomy: treasury-drain tags: [scheduling, quorum, cross-family] severity: high precedent: | The Standard Oil-era technique of calling shareholder votes when opposition holders could not attend, and its DAO descendant: posting a treasury proposal with a minimal voting window during a holiday (multiple 2021–22 DAO controversies over 24–72h windows). The drain is enabled by when the vote happens, not what it says. actors: - { id: schedulers, size: 30, objective: maximize_extraction, role: officers } - { id: members, size: 70, objective: preserve_commons, available_at_vote: 0.2 } resources: { treasury: 1000.0 } moves: - { actor: schedulers, action: schedule_vote, notice_days: 0, window_days: 1 } - { actor: schedulers, action: propose, kind: spend, amount: 500.0, beneficiary: schedulers } - { actor: schedulers, action: vote, choice: yes } - { actor: members, action: vote, choice: no, turnout: 0.2 } expect: outcome: attack_blocked mechanism: kernel.art3.notice-and-window-floors rationale: > Votes scheduled below notice_period_days of notice or below vote_window_days of duration are void; the recusal and supermajority gates apply besides. weakened: parameters: { notice_period_days: 0, vote_window_days: 0 } outcome: attack_succeeds empathy: worst_off: members metric: participation_rate baseline: 1.00 floor: 0.80 note: > Metric is the worst-off cohort's effective opportunity to vote; scheduling that suppresses it below 80% of baseline fails even before the resource outcome is graded. - id: TD-030 title: Inflation of an internal price the treasury must pay taxonomy: treasury-drain tags: [administered-prices, indexation, slow-drain] severity: medium precedent: | Regulatory capture of administered prices (Stigler, "The Theory of Economic Regulation", 1971): when the body setting a price the commons must pay is controlled by the payees, the price ratchets. Governance form: a faction controls the "standard rate" for reimbursed work and indexes it upward each period. actors: - { id: rate_setters, size: 20, objective: maximize_extraction, role: committee } - { id: members, size: 80, objective: preserve_commons } resources: { treasury: 1000.0 } moves: - { actor: rate_setters, action: define_term, term: "standard_rate", as: "previous rate * 1.5", repeat: 4 } - { actor: rate_setters, action: withdraw, amount: standard_rate, repeat: 8 } expect: outcome: attack_blocked mechanism: kernel.art6.definitions-are-amendments rationale: > The standard rate is a definitional input to a spending rule; changing it requires the amendment threshold with rate-recipient recusal, which the committee cannot meet, freezing the rate. weakened: parameters: { definitions_require_amendment: false } outcome: attack_succeeds empathy: worst_off: members metric: resource_share baseline: 0.80 floor: 0.85