A page that builds a governance concentration report from a token
address. It has an Auto-fetch from chain section with
multi-select candidates, editable Top Holders and Multisig signer
tables, and export actions for JSON, CSV, and clipboard.
Why it exists
Concentrated voting power is a hidden risk in many DAO tokens. The
page gathers holder and signer data (or accepts manual entries),
classifies the concentration profile, and produces an exportable
report that can be attached to audit findings.
Who uses it
Auditor — documents governance concentration as part of an
engagement.
Researcher — compares concentration across protocols.
How to open it
Sidebar → Simulation → Governance Risk.
Direct URL — /governance-risk.
Using the page
Auto-fetch from chain — pick a governance token contract,
candidate holder wallets, and an optional governor contract from
the workspace pickers.
1. Find top holders — scans asset transfers and appends
discovered holders to the candidate multi-select.
2. Fetch on-chain balances — fills Total supply, the Top
Holders table, and (if a compatible multisig governor is
picked) the Multisig signer list from chain.
Token + quorum — Total supply, Quorum threshold, Token
price (USD), and Flash-loan pool depth (USD).
Top holders — editable table; + Add holder appends a
row.
Multisig (optional) — Threshold plus signer rows with a
deployer cluster checkbox; + Add signer appends a row.
Concentration report — verdict badge plus KPIs for Top 5,
Top 10, Gini, Holders to quorum, Flash-loan capture cost, and
Multisig · deployer cluster, with auditor Notes below.
Simulate compromise — Role name, Capability dropdown
(withdraw, upgrade_to, transfer_ownership, mint, pause,
destroy), Value at risk (USD), Run compromise simulation
— runs a fork-runtime simulation and seals a capsule; a
transcript link opens the result in Exploit Lab.
Export JSON — downloads the full report.
Export CSV — downloads holders as CSV.
Copy — copies the JSON report to the clipboard.
Inputs and outputs
Input
Source
Required
Governance token
Workspace contract picker
yes
Candidate holder wallets
Workspace account picker or discovery
for on-chain fetch
Governor contract
Workspace contract picker
no
Top holders
On-chain fetch or manual entry
yes
Multisig signers
Manual entry or governor fetch
no
Output
Format
Destination
Concentration report
JSON
Browser download
Holders
CSV
Browser download
Report
JSON
Clipboard via Copy
Controls reference
1. Find top holders — on-chain candidate discovery.
2. Fetch on-chain balances — populates supply, holders, and
(if a governor is set) signer rows.
+ Add holder / + Add signer — append rows to the holder
or signer table.
Run compromise simulation — seals an exploit capsule for the
selected capability.
Export JSON / Export CSV / Copy — output actions.
Limits
Requires a signed-in account.
Auto-fetch depends on token support and RPC availability; when
unavailable, the holder table must be filled manually.
The multisig section is optional and is only included in the
report when rows are present.
Troubleshooting
Symptom or error
Cause
Action
Find top holders returns an empty candidate list
Token not indexed or RPC unreachable
Fill the Top Holders table manually.
Report shows a different signer count than expected