★ Flash-loanable voting weight

Euler V2's assessment for RD-F-036 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

EUL uses ERC20Votes with block-based checkpoints (getPastVotes). Same-block flash loan governance attack is theoretically possible (borrow tokens, delegate, vote in same block before delegation checkpoint updates). Key mitigants: 48h timelock post-vote-passage; quorum 815,480 EUL (~$1.1M at $1.40/EUL) not flash-loanable at scale; no major EUL flash-loan venue identified. Not green because checkpoint pattern has known theoretical vulnerability.

Sources #

GitHub
Eul.sol — ERC20Votes checkpoint-based voting (getPastVotes)euler-xyz/euler-governance/blob/master/contracts/governance/Eul.solretrieved 2026-05-04
Docs
Euler DAO Governance — 815,480 EUL quorum, 2-day voting periodeuler.foundation/euler-DAO/governanceretrieved 2026-05-04

Methodology #

Determine whether governance voting power is a function of current token balance of a transferable token with no lock or checkpoint, making it flash-loan susceptible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol euler-v2 factor RD-F-036 score yellow collected_at 2026-05-04 19:56:06