Augmented Governance: What If the Math Could Veto a Bad Vote?

English News and Announcements
1

Nervos Talks Post — Faraday1**March 2026

TL;DR

Governance capture is the #1 killer of DeFi DAOs. Compound lost $25M to a single whale vote. Beanstalk lost $182M to a flash loan governance attack. Curve Wars turned governance into a bribery market. The problem isn’t democracy — it’s that democracy without constitutional limits lets majorities extract from minorities. We built a system where Shapley fairness math acts as an autonomous constitutional court, vetoing governance proposals that violate fairness axioms. No judges. No multisig overrides. Just math.

The Problem Nobody Solved

Every DeFi DAO eventually faces the same question:

What if the voters are the ones extracting?

Protocol What Happened Root Cause
Compound Whale voted themselves $25M from treasury No limit on governance scope
Beanstalk Flash loan funded 67% governance attack No time-lock, no veto mechanism
Curve Wars Convex/Yearn bribe market for gauge weights Governance as rent extraction
MakerDAO Repeated attempts to drain surplus buffer Majority vs minority conflict

The standard responses are:

  • Timelocks — delay execution but don’t prevent bad proposals
  • Multisigs — add humans as vetoes, which is just centralization with extra steps
  • Optimistic governance — assume proposals are good, challenge bad ones (requires someone to notice in time)

All of these are patches. None address the root cause: governance has no constitutional limits.

The Insight: Same Pattern as Augmented Mechanism Design

We already solved this problem for markets. Our Augmented Mechanism Design pattern says: keep the core mechanism, add mathematical armor.

  • Pure bonding curve → Augmented with exit tributes and commit-reveal
  • Pure AMM → Augmented with batch auctions and TWAP validation
  • Pure governance → Augmented with Shapley fairness invariants

The pattern is identical. Don’t replace governance. Augment it.

How It Works: Three Layers

Layer 1: Physics (Cannot Be Overridden)

Five Shapley axioms are encoded as on-chain invariants:

  1. Efficiency: Total distributed = total available (no value created or destroyed)
  2. Symmetry: Equal contributors get equal rewards
  3. Null Player: Zero contribution = zero reward
  4. Pairwise Proportionality: Allocations proportional to marginal contribution
  5. Time Neutrality: When you contributed doesn’t create unfair advantage

These aren’t guidelines. They’re mathematical constraints enforced at the contract level. Like conservation of energy — you can’t legislate your way around it.

Layer 2: Constitution (P-000 + P-001)

Two axioms that sit above governance:

  • P-000 (Fairness Above All): If something is unfair, amending the code is a responsibility, a credo, a law, a canon.
  • P-001 (No Extraction Ever): If extraction is mathematically provable on-chain, the system self-corrects autonomously.

P-000 is the human-side credo. P-001 is the machine-side enforcement. Together they form a closed loop: human intent crystallized into machine physics.

Layer 3: Governance (Free Within Bounds)

The DAO votes freely on everything that doesn’t violate Layers 1 and 2:

:white_check_mark: Governance CAN :cross_mark: Governance CANNOT
Adjust LP fee tiers per pool Extract LP fees to treasury
Fund initiatives from priority bid revenue Redirect swap fees to non-LP destinations
Change circuit breaker thresholds Break Shapley axiom enforcement
Approve grants and partnerships Give rewards to non-contributors
Modify emission parameters Override the null player axiom

The Constitutional Court Analogy

A constitutional court can strike down a law that violates the constitution. The legislature has full power to legislate — but within constitutional bounds.

Augmented Governance is the same, except:

  • The constitution is P-000 + P-001
  • The court is Shapley math
  • The ruling is autonomous (no judges needed)
  • The enforcement is on-chain (no appeals)

A constitutional court staffed by math, not humans. Incorruptible by definition.

Proof: The Extraction Detection Simulation

We didn’t just theorize this. We built a Foundry simulation (test/simulation/ExtractionDetection.t.sol) with 9 tests proving the math catches every extraction attempt:

[PASS] test_P001_DetectsProtocolFeeSkimming     — protocol takes 5%, Shapley says 0 → DETECTED
[PASS] test_P001_DetectsWhaleOverallocation     — whale claims 95% deserving 90% → DETECTED
[PASS] test_P001_DetectsAdminFeeExtraction      — admin sets 10% fee → null player violation → DETECTED
[PASS] test_P001_NullPlayerGetsNothing          — 0 contribution + any allocation → EXTRACTION
[PASS] test_P001_SymmetricPlayersGetEqual       — unequal allocation to equal contributors → DETECTED
[PASS] test_P001_EfficiencyConservesTotal       — sum of Shapley values = total value (conservation)
[PASS] test_P001_SelfCorrectionRestoresFairness — unfair state → selfCorrect() → fair state
[PASS] testFuzz_ExtractionAlwaysDetected        — 256 random runs: extraction ALWAYS caught
[PASS] testFuzz_CorrectionConservesValue        — 256 random runs: correction ALWAYS conserves

The same Shapley computation that distributes rewards also detects extraction. Symmetric proof — if the math can tell you what’s fair, it can also tell you when something isn’t.

Why CKB’s Cell Model Is Perfect For This

Augmented Governance needs three properties that CKB’s cell model provides natively:

  1. State isolation: Each governance proposal is a cell. The Shapley check runs as a type script that validates the cell transition. If the check fails, the transaction is invalid — not “challenged” or “delayed” or “flagged.” Invalid. The CKB consensus layer rejects it.

  2. Composable verification: The Shapley fairness check composes with other type scripts (token logic, timelock, multisig) without coordination. Each script independently verifies its invariant. If any fails, the whole transaction fails.

  3. Deterministic execution: CKB’s RISC-V VM executes the Shapley calculation deterministically across all nodes. No oracle. No off-chain computation. No “trust the committee.” The math runs on-chain, identically, everywhere.

On EVM, you’d need a governance wrapper contract that calls the Shapley contract before executing proposals — possible but expensive (gas) and fragile (upgradeability). On CKB, it’s structural. The type script IS the constitution.

The Hierarchy in Practice

┌─────────────────────────────────────────┐
│  PHYSICS (Shapley Invariants)            │ ← Cannot be overridden
│  Efficiency | Symmetry | Null Player     │
│  Pairwise Proportionality | Time Neutral │
├─────────────────────────────────────────┤
│  CONSTITUTION (P-000 + P-001)            │ ← Amendable only when math agrees
│  Fairness Above All | No Extraction Ever │
├─────────────────────────────────────────┤
│  GOVERNANCE (DAO Proposals)              │ ← Free within bounds
│  Fees | Grants | Parameters | Upgrades   │
└─────────────────────────────────────────┘

Gravity doesn’t ask permission to pull. Conservation of energy doesn’t take a vote. Fairness, when encoded correctly, shouldn’t either.

What This Means

  1. Governance capture is structurally impossible — every extraction attempt is detected by the same math that distributes rewards

  2. The protocol can outlive its founders — the Cincinnatus endgame: walk away and the math keeps enforcing fairness

  3. Trust is mathematical, not social — you don’t need to trust the team, the voters, or the multisig. You need to trust arithmetic.

  4. Augmentation > replacement — we didn’t remove governance. We made it safe. The DAO still has full power over everything that doesn’t violate fairness.

Links

*VibeSwap — 1,840+ commits, 351 contracts, 15,155 CKB tests, $0 funding. Built in a cave.

1 Like