protocol-governance - Xerberus

# Protocol: Governance Domain Token voting, on-chain governance, admin keys, multisigs, timelocks, and emergency mechanisms. --- ## What This Domain Covers The governance domain evaluates how a protocol makes decisions and who controls what. This is where centralisation risk, governance attacks, and admin key exposure are measured. --- ## L1 Branches (AND-split) All six branches are independent — a protocol typically activates several simultaneously. | Branch | Gate Question | What It Measures | |--------|--------------|------------------| | **Token Concentration** | Does the protocol have governance tokens? | Whale concentration, delegation distribution, voting power inequality | | **On-Chain Governance** | Does the protocol use on-chain governance voting? | Proposal thresholds, quorum requirements, voting mechanism design | | **Admin Key Governance** | Does the protocol have admin key privileges? | Admin scope, key rotation, role separation | | **Multisig Governance** | Does the protocol use a multisig? | Signer threshold, signer diversity, geographic distribution | | **Timelock Governance** | Does the protocol use a timelock for changes? | Timelock duration, bypass conditions, notification mechanisms | | **Emergency Mechanism** | Does the protocol have an emergency pause/guardian? | Guardian scope, activation conditions, sunset provisions | --- ## Tree Structure ``` governance domain (L1 — AND-split): ├── token_concentration │ ├── K_whale_concentration │ └── K_delegation_distribution ├── onchain_governance │ ├── K_proposal_threshold │ ├── K_quorum_requirement │ ├── onchain_1t1v (OR) ← one-token-one-vote │ │ └── K_snapshot_block │ └── onchain_ve_locked (OR) ← vote-escrow model │ └── K_lock_duration_adequacy ├── admin_key_governance │ ├── K_admin_scope │ ├── single_eoa_admin (OR) │ └── role_based_admin (OR) │ └── K_role_separation ├── multisig_governance │ └── K_multisig_threshold ├── timelock_governance │ └── K_timelock_duration └── emergency_mechanism └── K_guardian_scope ``` Aave v3 activates all six L1 branches: it has concentrated governance tokens, on-chain voting (1T1V), role-based admin keys, a multisig, a 2-day timelock, and the Aave Guardian emergency mechanism. --- ## Related - [[Welcome]] — All domain templates - [[examples/Aave v3 Governance]] — Full walk-through of this domain - [[methodology/The Dendrogram]] — Tree mechanics - [[methodology/Scoring]] — How governance subscores aggregate into a domain score