Cross-chain governance attacks may be the next major exploit vector — flash-loaned voting power across chains

Been reading up on cross-chain security lately and came across an interesting attack pattern that doesn't seem to be getting enough attention.

Most protocols hardened their bridges after Wormhole/Ronin/Nomad. But DAOs are now bridging not just tokens — they're bridging governance authority. Voting power, delegations, proposal execution rights all flow across chains through messaging layers designed for asset transfers, not democratic security.

The attack flow is surprisingly cheap:
1. Flash loan governance tokens on Chain B
2. Cast cross-chain vote (message queued but not settled)
3. Repay flash loan before settlement
4. Vote persists because it was recorded at cast-time, not finality

The economics are brutal. With 10% voter turnout and flash loan fees around 0.09%, attacking a $500M treasury costs under $25k.

The root issues:
– Balance consistency assumptions between chains
– Temporal desynchronization at snapshot
– Wrapped tokens sometimes double-counting voting power
– Different finality times creating arbitrage windows

Defensive patterns emerging:
– Vote finality delays (only count after source chain finalized)
– Cross-chain snapshot oracles
– Time-weighted voting power

Anyone else tracking this? I'm curious how the major multi-chain DAOs are addressing it. The infrastructure layer (aggregators, bridges) is maturing fast but governance security seems to be lagging behind.