Legitimate Overrides in Decentralized Protocols

Nimrod Talmon; Oghenekaro Elem

arxiv: 2602.12260 · v2 · submitted 2026-02-12 · 💻 cs.CR · cs.CY· cs.DC

Legitimate Overrides in Decentralized Protocols

Oghenekaro Elem , Nimrod Talmon This is my paper

Pith reviewed 2026-05-16 02:11 UTC · model grok-4.3

classification 💻 cs.CR cs.CYcs.DC

keywords decentralized protocolsemergency overridesscope authority taxonomyexploit containmentblockchain governanceintervention designstochastic decision framework

0 comments

The pith

Narrower emergency interventions contain exploits as effectively as broader ones while responding faster at the median.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper maps emergency overrides such as chain freezes, protocol pauses, and account quarantines onto a two-dimensional Scope by Authority taxonomy. It formalizes the resulting tradeoffs in centralization cost, response speed, and collateral damage inside a stochastic decision framework, then tests three derived hypotheses against 705 real exploit incidents. The data show heavy-tailed losses, authority-dependent containment times, and no performance penalty for narrower interventions, supporting the view that override design is an engineering choice rather than an ideological one.

Core claim

A Scope by Authority taxonomy classifies emergency mechanisms by intervention precision and authority concentration; when applied to 705 documented exploits, it shows that containment time varies systematically with authority type, losses follow a heavy-tailed distribution with exponent approximately 1.33, community sentiment modulates the effective cost of override capability, and narrower Account or Module interventions achieve containment success rates and median speeds comparable to or better than Protocol or Network interventions.

What carries the argument

The Scope by Authority taxonomy, which organizes intervention design along precision of action and concentration of trigger authority to quantify standing centralization cost, containment speed, and collateral disruption.

If this is right

Containment success does not require protocol- or network-level interventions.
Account- and module-level actions can reduce median response time without sacrificing success.
Heavy-tailed loss distributions concentrate most risk in rare catastrophic events.
Community sentiment directly affects the practical cost of maintaining override mechanisms.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Protocols could adopt finer-grained intervention defaults to limit unnecessary disruption while preserving response options.
The taxonomy could be applied to governance disputes or upgrade disputes beyond technical exploits.
Live testing with randomized scope levels on controlled incidents would provide stronger causal evidence.

Load-bearing premise

The 705 documented exploit incidents can be classified into scope and authority categories without systematic bias or missing context that would alter the containment-time and success comparisons.

What would settle it

A new collection of exploit cases in which narrower-scope interventions show measurably lower success rates or longer median times than broader-scope interventions would falsify the reported empirical support.

Figures

Figures reproduced from arXiv: 2602.12260 by Nimrod Talmon, Oghenekaro Elem.

**Figure 1.** Figure 1: Stratification of Losses (2016-2026). We stratify losses into four layers: Systemic Failures (dark grey, e.g., Terra), Other NonAddressable (light grey, e.g., rug pulls), Intervention-Eligible (blue), and Actually Intervened (green). This reveals that while systemic events dominate 2022, addressable technical exploits represent a consistent baseline of risk. 2. Other Non-Addressable (94 cases, $7.41B): In… view at source ↗

**Figure 2.** Figure 2: Pareto Distribution of Intervention-Eligible Losses. Approximately 80% of cumulative losses in our addressable dataset are attributable to fewer than 50 incidents. This extreme concentration implies that intervention capability is most valuable against rare, catastrophic events (“super-hacks”). Note that this chart excludes $70B+ in systemic economic failures (e.g., Terra, FTX) which are not addressable b… view at source ↗

**Figure 3.** Figure 3: Top 10 Intervention-Eligible Exploits. The breakdown of the largest technical exploits reveals that a handful of “super-hacks” drive the vast majority of preventable losses, reinforcing the power law finding. Stacked bars show losses prevented (green) versus lost (red). flash loan attacks (which unfold in a single transaction block) require fastestresponse mechanisms (Signer Set or Delegated Body), while … view at source ↗

**Figure 4.** Figure 4: Attack Vector Distribution. We observe that while ‘Logic Errors’ and ‘Access Control’ issues are frequent and account for significant losses; complex ‘Oracle Manipulation’ and ‘Flash Loan’ attacks often result in the highest severity incidents, necessitating rapid intervention capabilities. This ordering aligns with intuition: concentrated authority enables faster response, while distributed authority intr… view at source ↗

**Figure 5.** Figure 5: Authority Distribution. Signer Set dominates incident count (executing frequent, smaller interventions), while Governance interventions achieve significant loss prevention through negotiation and recovery of highvalue assets. Left: interventions by count. Right: value protected by authority type. minutes between detection and mechanism execution (pause/freeze/halt). The data supports Prediction 1: faster … view at source ↗

**Figure 6.** Figure 6: Intervention Success Rates. Comparison of containment success across authority types. In our verified sample, Delegated Body interventions show a higher containment success rate than Signer Set interventions, while Governance-tagged cases represent a small, mixed subset that often includes recovery after earlier containment or offchain negotiation. Right panel shows total losses prevented by authority type… view at source ↗

**Figure 7.** Figure 7: Scope × Authority Heatmap. Intervention effectiveness (containment success %) across the taxonomy. Protocol-scope interventions are most frequent, while account-scope actions show high precision. • Emergency-Pause (Twitter): 50 posts, avg sentiment -0.128 (skeptical – concerns about pause mechanisms) • Recovery-Actions (Twitter): 50 posts, avg sentiment +0.236 (supportive – community favors recovery eff… view at source ↗

**Figure 8.** Figure 8: Speed-Effectiveness Trade-off. Relationship between time-tocontainment (log scale, hours) and loss prevented. Faster interventions (left side) consistently preserve more value, empirically validating the model’s containment term. Bubble size represents loss prevented. 6.8 Empirical Support for the Political Analogy: The Speed-Scope-Success Paradox The empirical performance data strongly supports the polit… view at source ↗

read the original abstract

Decentralized protocols claim immutable, rule-based execution, yet many embed emergency mechanisms such as chain-level freezes, protocol pauses, and account quarantines. These overrides are crucial for responding to exploits and systemic failures, but they expose a core tension: when does intervention preserve trust and when is it perceived as illegitimate discretion? With approximately \$10 billion in technical exploit losses potentially addressable by onchain intervention (2016-2026), the design of these mechanisms has high practical stakes, but current approaches remain ad hoc and ideologically charged. We address this gap by developing a Scope $\times$ Authority taxonomy that maps the design space of emergency architectures along two dimensions: the precision of the intervention and the concentration of trigger authority. We formalize the resulting tradeoffs of standing centralization cost, containment speed, and collateral disruption as a stochastic decision support framework, and derive three empirical hypotheses from it. Assessing the framework against 705 documented exploit incidents, we find that containment time varies systematically by authority type, that losses follow a heavy-tailed distribution ($\alpha \approx 1.33$) concentrating risk in rare catastrophic events, and that community sentiment plausibly modulates the effective cost of maintaining intervention capability. Using scope breadth as a practical proxy for blast potential, we also find that narrower interventions (Account/Module) do not underperform broader ones (Protocol/Network) on containment success and are slightly faster at the median, giving partial empirical support to the scope-blast hypothesis. The analysis yields design guidance for emergency governance and reframes the problem as one of engineering tradeoffs rather than ideological debate.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

A Scope x Authority taxonomy plus 705-incident analysis that treats blockchain overrides as measurable tradeoffs rather than ideology, with the narrow-vs-broad comparison as the main empirical hook.

read the letter

The paper puts forward a Scope x Authority taxonomy for emergency overrides and runs it against 705 documented exploits. It reports that narrower Account/Module interventions match or slightly beat broader Protocol/Network ones on containment success and median time, alongside a heavy-tailed loss distribution with alpha around 1.33. That is the core new piece: a simple two-axis map plus testable hypotheses derived from a stochastic framing, then checked on real incidents instead of left as abstract argument. The practical framing around ten billion dollars in potential losses is also useful for anyone who actually ships protocols. The work is clearest when it stays on the engineering tradeoffs of speed, collateral, and authority concentration. The empirical patterns give at least directional support for preferring narrower scope when possible. The soft spot is the classification step itself. The abstract and stress-test note both leave the mapping rules, inter-rater checks, and sensitivity to edge cases unspecified. If incidents with large losses are harder to bin cleanly, the time and success comparisons could shift. The sentiment modulation claim also sits on thinner evidence. Full methods would need to show the codebook and robustness tables before the results feel solid. This is for protocol designers and blockchain security researchers who want a structured way to discuss overrides beyond the usual immutability debate. A reader already working on governance or incident response would get concrete hypotheses to test or adapt. It is worth sending to peer review so the classification and robustness details can be examined properly.

Referee Report

2 major / 2 minor

Summary. The paper develops a Scope × Authority taxonomy for emergency override mechanisms (e.g., freezes, pauses, quarantines) in decentralized protocols, formalizes trade-offs among centralization cost, containment speed, and collateral damage as a stochastic decision framework, derives three testable hypotheses, and evaluates them on 705 documented exploit incidents (2016-2026). It reports that containment time varies by authority concentration, losses follow a heavy-tailed distribution with α ≈ 1.33, community sentiment modulates effective costs, and narrower-scope interventions (Account/Module) match or exceed broader ones (Protocol/Network) on success rates while showing modestly lower median containment times.

Significance. If the empirical comparisons survive methodological scrutiny, the work supplies a structured, non-ideological lens for designing emergency governance in DeFi and blockchain systems, backed by the largest incident dataset yet assembled for this question. The heavy-tail characterization and partial confirmation of the scope-blast hypothesis offer actionable design guidance that could reduce the roughly $10B exposure window while preserving decentralization properties.

major comments (2)

[Empirical Analysis section] Empirical evaluation of the 705 incidents: the mapping of each incident to one of the four Scope bins (Account/Module/Protocol/Network) is described only at a high level; no codebook, inter-rater reliability statistic, or sensitivity table is supplied. Because the headline result—that narrower interventions do not underperform broader ones on containment success and are faster at the median—rests entirely on this partition, any systematic misclassification correlated with loss size would directly bias both the success-rate and time-distribution comparisons.
[Loss Distribution subsection] Loss-distribution analysis: the fitted tail index α ≈ 1.33 is stated without the estimation procedure (MLE, Hill, etc.), confidence intervals, or robustness checks against truncation, winsorization, or removal of the largest events. Given that the paper emphasizes risk concentration in rare catastrophic incidents, the absence of these diagnostics leaves the quantitative claim load-bearing yet unverifiable from the reported material.

minor comments (2)

[Abstract] The abstract lists three empirical hypotheses but does not enumerate them; a one-sentence listing would improve readability.
[Taxonomy and Framework sections] Notation for the Scope × Authority matrix and the stochastic decision variables should be introduced once with a compact table or diagram rather than scattered across paragraphs.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments, which identify key areas where additional methodological transparency will strengthen the paper. We address each point below and will incorporate the requested details in the revised manuscript.

read point-by-point responses

Referee: [Empirical Analysis section] Empirical evaluation of the 705 incidents: the mapping of each incident to one of the four Scope bins (Account/Module/Protocol/Network) is described only at a high level; no codebook, inter-rater reliability statistic, or sensitivity table is supplied. Because the headline result—that narrower interventions do not underperform broader ones on containment success and are faster at the median—rests entirely on this partition, any systematic misclassification correlated with loss size would directly bias both the success-rate and time-distribution comparisons.

Authors: We agree that the classification procedure requires fuller documentation to allow readers to assess potential bias. In the revision we will add: (1) an explicit codebook with decision rules and examples for assigning each incident to the four Scope categories; (2) inter-rater reliability statistics (Cohen’s κ or equivalent) computed on a randomly sampled subset of incidents independently classified by two authors; and (3) a sensitivity table showing how the success-rate and median-time comparisons change under plausible alternative classifications or when incidents with ambiguous scope are excluded. These additions will directly address the concern that systematic misclassification could affect the scope-blast results. revision: yes
Referee: [Loss Distribution subsection] Loss-distribution analysis: the fitted tail index α ≈ 1.33 is stated without the estimation procedure (MLE, Hill, etc.), confidence intervals, or robustness checks against truncation, winsorization, or removal of the largest events. Given that the paper emphasizes risk concentration in rare catastrophic incidents, the absence of these diagnostics leaves the quantitative claim load-bearing yet unverifiable from the reported material.

Authors: We accept that the tail-index claim needs supporting diagnostics. In the revised version we will: (1) state the precise estimation method (maximum-likelihood fitting of a Pareto tail above a chosen threshold, with the threshold-selection procedure described); (2) report bootstrap or asymptotic confidence intervals for α; and (3) include robustness checks that vary the minimum threshold, apply winsorization at the 99th and 99.5th percentiles, and recompute α after sequentially dropping the largest 1 %, 5 %, and 10 % of events. These additions will make the heavy-tail characterization verifiable and will clarify the sensitivity of the result to the most extreme observations. revision: yes

Circularity Check

0 steps flagged

No significant circularity: taxonomy and hypotheses derived from first principles then tested on external data

full rationale

The paper constructs its Scope × Authority taxonomy and stochastic decision-support framework directly from first-principles definitions of intervention precision and authority concentration. It then derives three empirical hypotheses from that framework and evaluates them against an external corpus of 705 documented incidents. No equations reduce a prediction to a fitted parameter within the same model, no self-citation supplies a load-bearing uniqueness theorem, and no ansatz is smuggled in via prior work. The central empirical comparison (narrower vs. broader interventions) is obtained by partitioning the external incident data along the pre-defined taxonomy dimensions rather than by any internal fitting that would force the result.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 1 invented entities

The central claim rests on a newly introduced taxonomy treated as an invented framework, one fitted distribution parameter, and an assumption that incident classifications are unbiased.

free parameters (1)

alpha ≈ 1.33
Fitted parameter for the heavy-tailed loss distribution across the 705 incidents.

axioms (1)

domain assumption The 705 documented exploit incidents are representative and classifiable into scope and authority categories without systematic bias.
Used to test the three empirical hypotheses and the scope-blast claim.

invented entities (1)

Scope × Authority taxonomy no independent evidence
purpose: To map the design space of emergency override architectures along precision and trigger concentration.
New two-dimensional framework introduced to organize previously ad-hoc mechanisms.

pith-pipeline@v0.9.0 · 5585 in / 1308 out tokens · 48590 ms · 2026-05-16T02:11:34.550828+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We formalize the resulting tradeoffs of standing centralization cost, containment speed, and collateral disruption as a stochastic decision support framework... ExpectedCost(m) := CentralizationCost(m) + ∑ Pr[h]·(Time(m)·DamageRate(h) + BlastRate(m))
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Using scope breadth as a practical proxy for blast potential, we also find that narrower interventions (Account/Module) do not underperform broader ones (Protocol/Network) on containment success

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

57 extracted references · 57 canonical work pages

[1]

Full deprecation of dpi across aave deployments, 2025

Aave Governance. Full deprecation of dpi across aave deployments, 2025

work page 2025
[2]

Aave protocol guardians, 2023

Aave Protocol. Aave protocol guardians, 2023

work page 2023
[3]

Aave v3 acl manager: Role-based access control, 2023

Aave Protocol. Aave v3 acl manager: Role-based access control, 2023. 35 Case Revised authority Reason for reclassification Aave v2 guardian pause Delegated Body The operative intervention was a Guardian pause, which is better described as bounded delegated authority than as collective governance, even though later governance discussion followed. Alpha Hom...

work page 2023
[4]

Emergency Measures for Restoring Terra Peg, May 2022

Anchor Protocol Community. Emergency Measures for Restoring Terra Peg, May 2022. Emergency governance proposals during UST collapse

work page 2022
[5]

Blockchain-based Bug Bounty Framework

Lital Badash, Nachiket Tapas, Asaf Nadler, Francesco Longo, and Asaf Shabtai. Blockchain-based Bug Bounty Framework. InProceedings of the 36th Annual ACM Symposium on Applied Computing (SAC ’21), pages 239–248, New York, NY, USA, 2021. ACM

work page 2021
[6]

Balancer v3 governance: Emergency subdao, 2024

Balancer Foundation. Balancer v3 governance: Emergency subdao, 2024

work page 2024
[7]

Nov 3 exploit post-mortem, Nov 2025

Balancer Foundation. Nov 3 exploit post-mortem, Nov 2025. Detailed technical breakdown of CSP rounding bug,94.8Mtheft,45.7M recov- ered/protected

work page 2025
[8]

Berachain post-mortem: Validator halt and recovery, Nov 2025

Berachain Foundation. Berachain post-mortem: Validator halt and recovery, Nov 2025

work page 2025
[9]

Ethereum classic: keep censorship-resistant ethereum going,

Bit Novosti. Ethereum classic: keep censorship-resistant ethereum going,

work page
[10]

Ethereum Classic announcement following the DAO fork

work page
[11]

Bnb chain: A decentralized response, Oct 2022

BNB Chain. Bnb chain: A decentralized response, Oct 2022

work page 2022
[12]

Blockchain security report 2024: Asset freezing land- scape, 2025

ByBit Research. Blockchain security report 2024: Asset freezing land- scape, 2025. Analysis of chain-level freezing capabilities

work page 2024
[13]

A decade of cryptocurrency “hacks”: 2011–2021, 2021

Ben Charoenwong and Mario Bernardi. A decade of cryptocurrency “hacks”: 2011–2021, 2021. SSRN working paper, revised 2025-11-02. 36

work page 2011
[14]

Circle usdc terms of service: Blocked addresses, 2025

Circle Internet Financial. Circle usdc terms of service: Blocked addresses, 2025

work page 2025
[15]

World liberty financial blacklists justin sun’s address with $107m wlfi, Sep 2025

CoinDesk. World liberty financial blacklists justin sun’s address with $107m wlfi, Sep 2025

work page 2025
[16]

Cork protocol post-mortem, May 2025

Cork Protocol. Cork protocol post-mortem, May 2025

work page 2025
[17]

Seal 911: A few lessons from the frontlines, 2025

Dedaub. Seal 911: A few lessons from the frontlines, 2025. Accessed: February 2026

work page 2025
[18]

A Novel Classification of Attacks on Blockchain Layers: Vulner- abilities, Attacks, Mitigations, and Research Directions, 2024

Kaustubh Dwivedi, Ankit Agrawal, Ashutosh Bhatia, and Kamlesh Tiwari. A Novel Classification of Attacks on Blockchain Layers: Vulner- abilities, Attacks, Mitigations, and Research Directions, 2024

work page 2024
[19]

dydx: Sushi/yfi market incident report, Nov 2023

dYdX. dydx: Sushi/yfi market incident report, Nov 2023. YFI market paused during large position liquidation. Module-level circuit breaker

work page 2023
[20]

The poly network hack: $600 million in crypto stolen and returned in 24 hours, Aug 2021

Elliptic. The poly network hack: $600 million in crypto stolen and returned in 24 hours, Aug 2021

work page 2021
[21]

Critical update re: Dao vulnerability, 2016

Ethereum Foundation. Critical update re: Dao vulnerability, 2016. The DAO was a smart contract on Ethereum that raised $150M and was exploited in June 2016, leading to the Ethereum hard fork

work page 2016
[22]

The dao hard fork (2016): Ethereum foundation blog, 2016

Ethereum Foundation. The dao hard fork (2016): Ethereum foundation blog, 2016

work page 2016
[23]

War & Peace: Behind the Scenes of Euler’s $240M Exploit Recovery, April 2023

Euler Finance. War & Peace: Behind the Scenes of Euler’s $240M Exploit Recovery, April 2023. No emergency pause; recovery via negotiation. Attacker returned $143M after negotiation

work page 2023
[24]

holy grail

Euler Finance and Phylax Systems. Euler finance "holy grail" assertion: Account liquidity invariant, 2026. Euler deployed five assertions to protect lending protocol; primary assertion prevents healthy accounts from becoming liquidatable

work page 2026
[25]

The law of the exception: A typology of emergency powers.International Journal of Constitutional Law, 2(2), 2004

John Ferejohn and Pasquale Pasquino. The law of the exception: A typology of emergency powers.International Journal of Constitutional Law, 2(2), 2004. 37

work page 2004
[26]

Flow network recovery: Technical implementation plan, Dec 2025

Flow Foundation. Flow network recovery: Technical implementation plan, Dec 2025. Technical details of the Isolated Recovery plan

work page 2025
[27]

Flow security incident 27th december: Technical post-mortem, Jan 2026

Flow Foundation. Flow security incident 27th december: Technical post-mortem, Jan 2026

work page 2026
[28]

Law and emergencies: A comparative overview, the minerva center for the rule of law under extreme con- ditions.Available online also at: http://minervaextremelaw

Ilana Gimpelson, G Karavokkyris, I Lachman, G Lurie, M Pachol- ska, T Shwartz, Y Orpeli, A Reichman, E Salzberger, G Barzi- lai, et al. Law and emergencies: A comparative overview, the minerva center for the rule of law under extreme con- ditions.Available online also at: http://minervaextremelaw. haifa. ac. il/images/Emergency_Laws_and_Regulations_-in_Ja...

work page 2016
[29]

Bridge board decision: Freeze outflow of major tokens on canonical bridges, Nov 2025

Gnosis Bridge Governance Board. Bridge board decision: Freeze outflow of major tokens on canonical bridges, Nov 2025. Due to BalancerV2 exploit, halted outflow of major tokens on Omnibridge & xDAI bridge as precautionary measure

work page 2025
[30]

Balancer hack hard fork proposal, Dec 2025

GnosisDAO. Balancer hack hard fork proposal, Dec 2025

work page 2025
[31]

Explained: The Harmony Horizon Bridge Hack (June 2022), June 2022

Halborn. Explained: The Harmony Horizon Bridge Hack (June 2022), June 2022. Horizon bridge compromised via key theft. $100M loss

work page 2022
[32]

Vader: A parsimonious rule-based model for sentiment analysis of social media text

Clayton Hutto and Eric Gilbert. Vader: A parsimonious rule-based model for sentiment analysis of social media text. InProceedings of the International AAAI Conference on Web and Social Media, volume 8, pages 216–225, 2014

work page 2014
[33]

Proposal 44: Grant core team power to rapidly deal with emergencies, March 2024

Liqwid Finance Governance. Proposal 44: Grant core team power to rapidly deal with emergencies, March 2024. Proposal 44, Executed March 14, 2024

work page 2024
[34]

Curve finance exploit analysis: Emergency subdao response, Jul 2023

LlamaRisk. Curve finance exploit analysis: Emergency subdao response, Jul 2023. Emergency DAO freeze CRV gauge emissions to affected pools

work page 2023
[35]

Understanding Security Issues in the DAO Governance Process

Junjie Ma, Muhui Jiang, Jinan Jiang, Xiapu Luo, Yufeng Hu, and Yajin Zhou. Understanding Security Issues in the DAO Governance Process. IEEE Transactions on Software Engineering, 51(4):1188–1204, April 38

work page
[36]

Analysis of 3,348 DAOs across 9 blockchains revealing governance contract backdoors and malicious proposals

work page
[37]

Hack track: Analysis of the bnb smart chain exploit, Oct 2022

Merkle Science. Hack track: Analysis of the bnb smart chain exploit, Oct 2022

work page 2022
[38]

A framework for the future: Structured intervention criteria for gnosisdao, Jan 2026

Elem Oghenekaro. A framework for the future: Structured intervention criteria for gnosisdao, Jan 2026. Response to GnosisDAO consultation on emergency intervention criteria, formalizing decision parameters into a structured framework with pre-defined thresholds and weighted scoring

work page 2026
[39]

Phylax partners with linea: Bringing network-native security to the home of eth capital, Jan 2026

Phylax Systems. Phylax partners with linea: Bringing network-native security to the home of eth capital, Jan 2026. Linea integrates Cred- ible Layer for pre-execution exploit prevention via sequencer-enforced assertions

work page 2026
[40]

Security alliance proposes whitehat safe harbor to secure web3, 2025

Piper Alderman. Security alliance proposes whitehat safe harbor to secure web3, 2025. Accessed: February 2026

work page 2025
[41]

Strengthening DAO Governance: Vulnerabilities and Solutions

Lori Qian. Strengthening DAO Governance: Vulnerabilities and Solutions. The National High School Journal of Science, 2025. Case study analysis of Uniswap, GnosisDAO, and ArbitrumDAO governance vulnerabilities including flash loan exploitation and off-chain voting manipulation

work page 2025
[42]

Binance-linked blockchain hit by $570 million crypto hack, Oct 2022

Reuters. Binance-linked blockchain hit by $570 million crypto hack, Oct 2022

work page 2022
[43]

Seal-911 github repository, 2024

Security Alliance. Seal-911 github repository, 2024. Accessed: February 2026

work page 2024
[44]

Md Kamrul Siam, Bilash Saha, Md Mehedi Hasan, Md Jobair Hossain Faruk, Nafisa Anjum, Sharaban Tahora, Aiasha Siddika, and Hossain Shahriar. Securing Decentralized Ecosystems: A Comprehensive System- atic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies.Future Internet, 17(4):183, 2025

work page 2025
[45]

Emergency shutdown (deprecated): Sky protocol doc- umentation, 2025

Sky / MakerDAO. Emergency shutdown (deprecated): Sky protocol doc- umentation, 2025. Official documentation for the deprecated Emergency Shutdown Module (ESM). 39

work page 2025
[46]

Back to Building: Ronin Security Breach Post-Mortem, March 2022

Sky Mavis. Back to Building: Ronin Security Breach Post-Mortem, March 2022. $625M bridge exploit. $30M recovered via law enforcement

work page 2022
[47]

Emergency proposal: Risk and governance parameter changes (march 11, 2023), Mar 2023

Sky Money Forum. Emergency proposal: Risk and governance parameter changes (march 11, 2023), Mar 2023. Emergency governance vote to pause PSM during USDC depeg

work page 2023
[48]

Sonic chain: Defensive measures and the freeze post-mortem, Nov 2025

Sonic Labs. Sonic chain: Defensive measures and the freeze post-mortem, Nov 2025

work page 2025
[49]

Post-mortem: Stakewise dao recovery of $20.7m os- tokens from balancer v2 exploiter, Nov 2025

StakeWise DAO. Post-mortem: Stakewise dao recovery of $20.7m os- tokens from balancer v2 exploiter, Nov 2025. Emergency multisig (7 members) used token controller roles to burn hijacked osETH/osGNO and re-mint to DAO addresses

work page 2025
[50]

Response to the cetus incident - onchain community vote, May 2025

Sui Foundation. Response to the cetus incident - onchain community vote, May 2025

work page 2025
[51]

Cetus relaunches protocol after recovering $162m from exploit, Jun 2025

Unchained Crypto. Cetus relaunches protocol after recovering $162m from exploit, Jun 2025

work page 2025
[52]

Vechain refutes bybit’s allegations: Clarifying freezing vs blocking, 2025

VeChain Foundation. Vechain refutes bybit’s allegations: Clarifying freezing vs blocking, 2025. Official clarification on freezing capabilities

work page 2025
[53]

Understanding DAOs: An Empirical Study on Governance Dynamics.IEEE Transactions on Computational Social Systems, 12(5):2814–2832, October 2025

Qin Wang, Guangsheng Yu, Yilin Sai, Caijun Sun, Lam Duc Nguyen, and Shiping Chen. Understanding DAOs: An Empirical Study on Governance Dynamics.IEEE Transactions on Computational Social Systems, 12(5):2814–2832, October 2025. Empirical analysis of 581 DAO projects and 16,246 proposals from Snapshot

work page 2025
[54]

Blockchain Governance in the Wild.Cryptoeconomic Systems, April

Kevin Werbach, Primavera De Filippi, Joshua Tan, and Gina Pieters. Blockchain Governance in the Wild.Cryptoeconomic Systems, April

work page
[55]

Comparative questionnaire study of governance practices at 23 blockchain projects examining on-chain and off-chain mechanisms

work page
[56]

Tether freezes $182m usdt in largest-ever freeze, Jan 2026

Yahoo Finance. Tether freezes $182m usdt in largest-ever freeze, Jan 2026. Tether froze wallets linked to Venezuelan state oil company PDVSA

work page 2026
[57]

Yearn finance post-mortem: yeth exploit and recovery, Nov 2025

Yearn Finance Security Team. Yearn finance post-mortem: yeth exploit and recovery, Nov 2025. 40

work page 2025

[1] [1]

Full deprecation of dpi across aave deployments, 2025

Aave Governance. Full deprecation of dpi across aave deployments, 2025

work page 2025

[2] [2]

Aave protocol guardians, 2023

Aave Protocol. Aave protocol guardians, 2023

work page 2023

[3] [3]

Aave v3 acl manager: Role-based access control, 2023

Aave Protocol. Aave v3 acl manager: Role-based access control, 2023. 35 Case Revised authority Reason for reclassification Aave v2 guardian pause Delegated Body The operative intervention was a Guardian pause, which is better described as bounded delegated authority than as collective governance, even though later governance discussion followed. Alpha Hom...

work page 2023

[4] [4]

Emergency Measures for Restoring Terra Peg, May 2022

Anchor Protocol Community. Emergency Measures for Restoring Terra Peg, May 2022. Emergency governance proposals during UST collapse

work page 2022

[5] [5]

Blockchain-based Bug Bounty Framework

Lital Badash, Nachiket Tapas, Asaf Nadler, Francesco Longo, and Asaf Shabtai. Blockchain-based Bug Bounty Framework. InProceedings of the 36th Annual ACM Symposium on Applied Computing (SAC ’21), pages 239–248, New York, NY, USA, 2021. ACM

work page 2021

[6] [6]

Balancer v3 governance: Emergency subdao, 2024

Balancer Foundation. Balancer v3 governance: Emergency subdao, 2024

work page 2024

[7] [7]

Nov 3 exploit post-mortem, Nov 2025

Balancer Foundation. Nov 3 exploit post-mortem, Nov 2025. Detailed technical breakdown of CSP rounding bug,94.8Mtheft,45.7M recov- ered/protected

work page 2025

[8] [8]

Berachain post-mortem: Validator halt and recovery, Nov 2025

Berachain Foundation. Berachain post-mortem: Validator halt and recovery, Nov 2025

work page 2025

[9] [9]

Ethereum classic: keep censorship-resistant ethereum going,

Bit Novosti. Ethereum classic: keep censorship-resistant ethereum going,

work page

[10] [10]

Ethereum Classic announcement following the DAO fork

work page

[11] [11]

Bnb chain: A decentralized response, Oct 2022

BNB Chain. Bnb chain: A decentralized response, Oct 2022

work page 2022

[12] [12]

Blockchain security report 2024: Asset freezing land- scape, 2025

ByBit Research. Blockchain security report 2024: Asset freezing land- scape, 2025. Analysis of chain-level freezing capabilities

work page 2024

[13] [13]

A decade of cryptocurrency “hacks”: 2011–2021, 2021

Ben Charoenwong and Mario Bernardi. A decade of cryptocurrency “hacks”: 2011–2021, 2021. SSRN working paper, revised 2025-11-02. 36

work page 2011

[14] [14]

Circle usdc terms of service: Blocked addresses, 2025

Circle Internet Financial. Circle usdc terms of service: Blocked addresses, 2025

work page 2025

[15] [15]

World liberty financial blacklists justin sun’s address with $107m wlfi, Sep 2025

CoinDesk. World liberty financial blacklists justin sun’s address with $107m wlfi, Sep 2025

work page 2025

[16] [16]

Cork protocol post-mortem, May 2025

Cork Protocol. Cork protocol post-mortem, May 2025

work page 2025

[17] [17]

Seal 911: A few lessons from the frontlines, 2025

Dedaub. Seal 911: A few lessons from the frontlines, 2025. Accessed: February 2026

work page 2025

[18] [18]

A Novel Classification of Attacks on Blockchain Layers: Vulner- abilities, Attacks, Mitigations, and Research Directions, 2024

Kaustubh Dwivedi, Ankit Agrawal, Ashutosh Bhatia, and Kamlesh Tiwari. A Novel Classification of Attacks on Blockchain Layers: Vulner- abilities, Attacks, Mitigations, and Research Directions, 2024

work page 2024

[19] [19]

dydx: Sushi/yfi market incident report, Nov 2023

dYdX. dydx: Sushi/yfi market incident report, Nov 2023. YFI market paused during large position liquidation. Module-level circuit breaker

work page 2023

[20] [20]

The poly network hack: $600 million in crypto stolen and returned in 24 hours, Aug 2021

Elliptic. The poly network hack: $600 million in crypto stolen and returned in 24 hours, Aug 2021

work page 2021

[21] [21]

Critical update re: Dao vulnerability, 2016

Ethereum Foundation. Critical update re: Dao vulnerability, 2016. The DAO was a smart contract on Ethereum that raised $150M and was exploited in June 2016, leading to the Ethereum hard fork

work page 2016

[22] [22]

The dao hard fork (2016): Ethereum foundation blog, 2016

Ethereum Foundation. The dao hard fork (2016): Ethereum foundation blog, 2016

work page 2016

[23] [23]

War & Peace: Behind the Scenes of Euler’s $240M Exploit Recovery, April 2023

Euler Finance. War & Peace: Behind the Scenes of Euler’s $240M Exploit Recovery, April 2023. No emergency pause; recovery via negotiation. Attacker returned $143M after negotiation

work page 2023

[24] [24]

holy grail

Euler Finance and Phylax Systems. Euler finance "holy grail" assertion: Account liquidity invariant, 2026. Euler deployed five assertions to protect lending protocol; primary assertion prevents healthy accounts from becoming liquidatable

work page 2026

[25] [25]

The law of the exception: A typology of emergency powers.International Journal of Constitutional Law, 2(2), 2004

John Ferejohn and Pasquale Pasquino. The law of the exception: A typology of emergency powers.International Journal of Constitutional Law, 2(2), 2004. 37

work page 2004

[26] [26]

Flow network recovery: Technical implementation plan, Dec 2025

Flow Foundation. Flow network recovery: Technical implementation plan, Dec 2025. Technical details of the Isolated Recovery plan

work page 2025

[27] [27]

Flow security incident 27th december: Technical post-mortem, Jan 2026

Flow Foundation. Flow security incident 27th december: Technical post-mortem, Jan 2026

work page 2026

[28] [28]

Law and emergencies: A comparative overview, the minerva center for the rule of law under extreme con- ditions.Available online also at: http://minervaextremelaw

Ilana Gimpelson, G Karavokkyris, I Lachman, G Lurie, M Pachol- ska, T Shwartz, Y Orpeli, A Reichman, E Salzberger, G Barzi- lai, et al. Law and emergencies: A comparative overview, the minerva center for the rule of law under extreme con- ditions.Available online also at: http://minervaextremelaw. haifa. ac. il/images/Emergency_Laws_and_Regulations_-in_Ja...

work page 2016

[29] [29]

Bridge board decision: Freeze outflow of major tokens on canonical bridges, Nov 2025

Gnosis Bridge Governance Board. Bridge board decision: Freeze outflow of major tokens on canonical bridges, Nov 2025. Due to BalancerV2 exploit, halted outflow of major tokens on Omnibridge & xDAI bridge as precautionary measure

work page 2025

[30] [30]

Balancer hack hard fork proposal, Dec 2025

GnosisDAO. Balancer hack hard fork proposal, Dec 2025

work page 2025

[31] [31]

Explained: The Harmony Horizon Bridge Hack (June 2022), June 2022

Halborn. Explained: The Harmony Horizon Bridge Hack (June 2022), June 2022. Horizon bridge compromised via key theft. $100M loss

work page 2022

[32] [32]

Vader: A parsimonious rule-based model for sentiment analysis of social media text

Clayton Hutto and Eric Gilbert. Vader: A parsimonious rule-based model for sentiment analysis of social media text. InProceedings of the International AAAI Conference on Web and Social Media, volume 8, pages 216–225, 2014

work page 2014

[33] [33]

Proposal 44: Grant core team power to rapidly deal with emergencies, March 2024

Liqwid Finance Governance. Proposal 44: Grant core team power to rapidly deal with emergencies, March 2024. Proposal 44, Executed March 14, 2024

work page 2024

[34] [34]

Curve finance exploit analysis: Emergency subdao response, Jul 2023

LlamaRisk. Curve finance exploit analysis: Emergency subdao response, Jul 2023. Emergency DAO freeze CRV gauge emissions to affected pools

work page 2023

[35] [35]

Understanding Security Issues in the DAO Governance Process

Junjie Ma, Muhui Jiang, Jinan Jiang, Xiapu Luo, Yufeng Hu, and Yajin Zhou. Understanding Security Issues in the DAO Governance Process. IEEE Transactions on Software Engineering, 51(4):1188–1204, April 38

work page

[36] [36]

Analysis of 3,348 DAOs across 9 blockchains revealing governance contract backdoors and malicious proposals

work page

[37] [37]

Hack track: Analysis of the bnb smart chain exploit, Oct 2022

Merkle Science. Hack track: Analysis of the bnb smart chain exploit, Oct 2022

work page 2022

[38] [38]

A framework for the future: Structured intervention criteria for gnosisdao, Jan 2026

Elem Oghenekaro. A framework for the future: Structured intervention criteria for gnosisdao, Jan 2026. Response to GnosisDAO consultation on emergency intervention criteria, formalizing decision parameters into a structured framework with pre-defined thresholds and weighted scoring

work page 2026

[39] [39]

Phylax partners with linea: Bringing network-native security to the home of eth capital, Jan 2026

Phylax Systems. Phylax partners with linea: Bringing network-native security to the home of eth capital, Jan 2026. Linea integrates Cred- ible Layer for pre-execution exploit prevention via sequencer-enforced assertions

work page 2026

[40] [40]

Security alliance proposes whitehat safe harbor to secure web3, 2025

Piper Alderman. Security alliance proposes whitehat safe harbor to secure web3, 2025. Accessed: February 2026

work page 2025

[41] [41]

Strengthening DAO Governance: Vulnerabilities and Solutions

Lori Qian. Strengthening DAO Governance: Vulnerabilities and Solutions. The National High School Journal of Science, 2025. Case study analysis of Uniswap, GnosisDAO, and ArbitrumDAO governance vulnerabilities including flash loan exploitation and off-chain voting manipulation

work page 2025

[42] [42]

Binance-linked blockchain hit by $570 million crypto hack, Oct 2022

Reuters. Binance-linked blockchain hit by $570 million crypto hack, Oct 2022

work page 2022

[43] [43]

Seal-911 github repository, 2024

Security Alliance. Seal-911 github repository, 2024. Accessed: February 2026

work page 2024

[44] [44]

Md Kamrul Siam, Bilash Saha, Md Mehedi Hasan, Md Jobair Hossain Faruk, Nafisa Anjum, Sharaban Tahora, Aiasha Siddika, and Hossain Shahriar. Securing Decentralized Ecosystems: A Comprehensive System- atic Review of Blockchain Vulnerabilities, Attacks, and Countermeasures and Mitigation Strategies.Future Internet, 17(4):183, 2025

work page 2025

[45] [45]

Emergency shutdown (deprecated): Sky protocol doc- umentation, 2025

Sky / MakerDAO. Emergency shutdown (deprecated): Sky protocol doc- umentation, 2025. Official documentation for the deprecated Emergency Shutdown Module (ESM). 39

work page 2025

[46] [46]

Back to Building: Ronin Security Breach Post-Mortem, March 2022

Sky Mavis. Back to Building: Ronin Security Breach Post-Mortem, March 2022. $625M bridge exploit. $30M recovered via law enforcement

work page 2022

[47] [47]

Emergency proposal: Risk and governance parameter changes (march 11, 2023), Mar 2023

Sky Money Forum. Emergency proposal: Risk and governance parameter changes (march 11, 2023), Mar 2023. Emergency governance vote to pause PSM during USDC depeg

work page 2023

[48] [48]

Sonic chain: Defensive measures and the freeze post-mortem, Nov 2025

Sonic Labs. Sonic chain: Defensive measures and the freeze post-mortem, Nov 2025

work page 2025

[49] [49]

Post-mortem: Stakewise dao recovery of $20.7m os- tokens from balancer v2 exploiter, Nov 2025

StakeWise DAO. Post-mortem: Stakewise dao recovery of $20.7m os- tokens from balancer v2 exploiter, Nov 2025. Emergency multisig (7 members) used token controller roles to burn hijacked osETH/osGNO and re-mint to DAO addresses

work page 2025

[50] [50]

Response to the cetus incident - onchain community vote, May 2025

Sui Foundation. Response to the cetus incident - onchain community vote, May 2025

work page 2025

[51] [51]

Cetus relaunches protocol after recovering $162m from exploit, Jun 2025

Unchained Crypto. Cetus relaunches protocol after recovering $162m from exploit, Jun 2025

work page 2025

[52] [52]

Vechain refutes bybit’s allegations: Clarifying freezing vs blocking, 2025

VeChain Foundation. Vechain refutes bybit’s allegations: Clarifying freezing vs blocking, 2025. Official clarification on freezing capabilities

work page 2025

[53] [53]

Understanding DAOs: An Empirical Study on Governance Dynamics.IEEE Transactions on Computational Social Systems, 12(5):2814–2832, October 2025

Qin Wang, Guangsheng Yu, Yilin Sai, Caijun Sun, Lam Duc Nguyen, and Shiping Chen. Understanding DAOs: An Empirical Study on Governance Dynamics.IEEE Transactions on Computational Social Systems, 12(5):2814–2832, October 2025. Empirical analysis of 581 DAO projects and 16,246 proposals from Snapshot

work page 2025

[54] [54]

Blockchain Governance in the Wild.Cryptoeconomic Systems, April

Kevin Werbach, Primavera De Filippi, Joshua Tan, and Gina Pieters. Blockchain Governance in the Wild.Cryptoeconomic Systems, April

work page

[55] [55]

Comparative questionnaire study of governance practices at 23 blockchain projects examining on-chain and off-chain mechanisms

work page

[56] [56]

Tether freezes $182m usdt in largest-ever freeze, Jan 2026

Yahoo Finance. Tether freezes $182m usdt in largest-ever freeze, Jan 2026. Tether froze wallets linked to Venezuelan state oil company PDVSA

work page 2026

[57] [57]

Yearn finance post-mortem: yeth exploit and recovery, Nov 2025

Yearn Finance Security Team. Yearn finance post-mortem: yeth exploit and recovery, Nov 2025. 40

work page 2025