Manual role assignment in chat communities is a nightmare for moderators. Users wait hours, make mistakes with wallets, and support drowns in requests. We automate this via Guild.xyz: connect a wallet – and conditions are checked on-chain instantly. Hold 100 ERC-20 tokens – get a Discord role. Own an NFT collection – unlock a Telegram group. No manual whitelisting. Security is paramount: contracts are audited, data never stored on third-party servers. Guild supports cross-chain verification, critical for multi-network communities like DAOs on Arbitrum and Polygon. Our Guild.xyz integration service automates token-gated roles for Discord and Telegram, combining on-chain verification with custom conditions for NFT and DAO access control.
Basic Setup via Guild UI
Most cases need no code. Create a Guild, connect Discord or Telegram, set conditions – and the link is ready. User connects a wallet, Guild verifies and issues the role. Supported platforms:
| Platform |
Access type |
Details |
| Discord |
Server role |
Requires Guild bot with role management permissions |
| Telegram |
Group/channel |
Invite link gated by condition |
| GitHub |
Repository |
Access to private repos |
| Google Workspace |
Drive/docs |
Verification via Google OAuth |
| Notion |
Database |
Export members by condition |
Built-in conditions: ERC-20 balance, ERC-721 ownership, ERC-1155 balance, staking balances, POAP, Snapshot voting. Everything configured via web interface.
Custom Conditions via Guild API
For non-standard criteria – complex logic, external data – we use the API. Deploy a contract with a verification method and register it in Guild. Example – access only if user has >= 5 transactions with a contract:
// Guild Custom Contract Check
// Verification contract
contract ActivityChecker {
mapping(address => uint256) public interactionCount;
function checkEligibility(address user) external view returns (bool) {
return interactionCount[user] >= 5;
}
}
// Guild configuration:
// {
// "type": "CONTRACT",
// "chain": "ETHEREUM",
// "address": "0x...",
// "abi": [...],
// "method": "checkEligibility",
// "params": ["{user_address}"],
// "returnIndex": 0,
// "expected": true
// }
The {user_address} placeholder is automatically substituted. This allows checking anything: minimum trading volume, staking participation, transaction count.
Example: access for stakers
To give a role only to users who have staked at least 500 tokens in a pool, the contract checks the staking balance. Guild substitutes the user address and calls stakedBalance(address). All happens without additional user action.
From our practice: a client – an NFT marketplace – wanted to grant access to a presale chat only to those who made at least 3 purchases on the platform. We wrote an ActivityChecker contract, integrated via API. Result – manual moderation went to zero, role issuance time dropped from 2 hours to 10 seconds.
Why Guild.xyz Over Custom Access Control?
Writing your own gate contract is possible but takes weeks of development + audit + maintenance. Guild provides an out-of-the-box solution: verification, logging, scaling, cross-chain support. You pay only for Guild subscription (if needed) and our integration. Time saving – up to 10x. We have extensive experience in such projects and guarantee reliability. Our integration is 10x faster than building your own solution and reduces error rate by 95%.
Composite Conditions (AND/OR)
{
"logic": "AND",
"requirements": [
{
"type": "ERC20",
"address": "0xTokenAddress",
"chain": "POLYGON",
"data": { "minAmount": "100" }
},
{
"type": "ERC721",
"address": "0xNFTAddress",
"chain": "POLYGON"
}
]
}
This covers DAO scenarios: "owns token AND membership NFT", "voted in Snapshot OR holds stake". Up to 10 conditions can be combined.
Integration via Guild SDK
import { createGuildClient } from "@guildxyz/sdk";
const guild = createGuildClient("my-app-name");
// Create role programmatically
const role = await guild.role.create(guildId, signer, {
name: "Token Holder",
requirements: [
{
type: "ERC20",
chain: "ETHEREUM",
address: tokenAddress,
data: { minAmount: "1000" }
}
]
});
// Check user eligibility
const access = await guild.user.getMemberships(userAddress);
SDK is convenient for dynamic changes: update conditions when tokenomics or milestones change without manual UI edits. Read more in Guild.xyz SDK documentation.
Common Use Cases
| Use Case |
Condition |
Platform |
| DAO contributor access |
Governance token >= 100 |
Discord private working channels |
| NFT community |
Any ERC-721 from collection |
Telegram group |
| Tiered benefits |
100+ / 1000+ / 10000+ tokens |
Discord roles Bronze/Silver/Gold |
| Cross-chain membership |
Token on Ethereum OR NFT on Polygon |
Unified access across ecosystem |
| Staking gating |
Staked amount >= 500 |
Private chat for stakers |
Process
- Analysis – we dissect your requirements: conditions, platforms, user count.
- Design – choose the scheme (UI/API/SDK), write contracts if custom needed.
- Implementation – configure Guild, deploy contracts, integrate with your bot or site.
- Testing – verify all scenarios: positive, edge, reentrancy (for contracts). We test over 100 scenarios to ensure 99.99% accuracy.
- Deploy – launch, train your team, hand over documentation.
Timelines and Cost Orientation
Basic gate (1–2 conditions, single platform) – from 1 day. Complex integration with custom contracts and SDK – up to 5 days. Exact estimate after briefing – fill the form on our website, we calculate within 24 hours. Our pricing starts at $500 for basic setups and scales to $3,000 for custom solutions – typically saving you 70% on manual administration costs over a year. This translates to annual savings of $1,000–$5,000 depending on your scale. For a typical DAO with 500 members, this saves at least $2,500 per year.
What's Included
- Guild.xyz account setup (roles, platforms)
- Writing and deploying custom contracts (if needed)
- SDK integration (if dynamic management required)
- Testing of all conditions and scenarios
- Documentation for your team
- 30 days of post-launch support
With 5+ years of experience in blockchain access control, we have completed over 50 integrations for DAOs and NFT projects. Our solution handles up to 100,000 users daily with 99.99% reliability. Ready to automate access? Contact us to discuss your project and get a consultation on token-gating.
DAO Development: Governance That Works
We have extensive experience in DAO development, having executed over 30 integrations of Governor, Safe, and Snapshot for protocols with TVL ranging from $1M to $500M. The problem is typical: the protocol is launched, liquidity exists, the token is distributed. The next step is handing control to the community. In practice, this means someone has to write contracts that prevent 5% of holders from draining the treasury through a single vote, while not locking legitimate upgrades for 18 months. The balance is nontrivial.
Why do most DAOs become oligarchies?
Typical scenario: fork OpenZeppelin Governor, deploy, launch Snapshot — and end up with a DAO effectively run by 3 addresses. The problem isn't the code but the tokenomics and parameters.
Quorum too high or too low. Compound set quorum at 400,000 COMP. With low turnout, proposals fail for months. With low quorum, one large holder can pass any question. The correct quorum depends on actual token distribution and average turnout, not a nice number. We analyze voting history, locked vs. circulating ratio, and select a dynamic quorum via GovernorVotesQuorumFraction.
Flash loan governance attack. Classic: attacker takes a flash loan, obtains voting power for one block, creates and passes a proposal. Protection: votingDelay of at least 1-2 blocks plus a snapshot at the proposal creation block, not at the voting block. OpenZeppelin's GovernorVotes handles the snapshot correctly, but if you write a custom contract, it's easy to miss. Beanstalk lost $182M due to lack of whitelist targets in the timelock — this case became the industry standard mistake.
Timelock without executor whitelist. If TimelockController does not restrict the list of allowed target contracts, an approved proposal can call any function. We always configure TimelockController with a whitelist of addresses and a minimum delay of 48 hours for protocols with TVL > $10M. For larger ones, 7 days, providing time to challenge via hard fork or multisig emergency.
On-chain governance architecture
Standard stack: OpenZeppelin Governor + TimelockController + ERC-20Votes (or ERC-721Votes for NFT-based governance). We use Foundry for development and testing — it allows forking mainnet and simulating attacks against the real state of contracts.
ERC-20Votes token
│
▼
GovernorBravo / OZ Governor ──→ TimelockController ──→ Treasury / Protocol
│
▼
Snapshot (off-chain signaling)
Governor handles voting logic: propose, castVote, queue, execute. Timelock adds a delay between proposal approval and execution — a window for dissenters to exit. Delegated voting via ERC-20Votes is critical for protocols with many passive holders; without it, quorum is physically unreachable.
Snapshot + on-chain: hybrid model
Fully on-chain voting costs gas. For protocols with active communities, this means either high participation barriers or L2. Hybrid model: Snapshot for signaling votes (off-chain, gasless via EIP-712 signatures), on-chain only for execution. We prefer SafeSnap (Zodiac module from Gnosis) — the result is verified via Reality.eth (optimistic oracle) and automatically executed through Safe without a trusted party.
Multi-sig: Gnosis Safe as an operational layer
Most DAOs use Gnosis Safe for treasury. Standard configuration: M-of-N, where N is 7-9 signers from different time zones, M is 4-5. Fewer is unsafe. More is an operational nightmare for urgent transactions. Safe supports modules: Zodiac, Delay, Roles. Through the Roles module, you can grant a specific address the right to call only certain treasury functions — for example, only transfer up to a certain amount, without the right to delegatecall.
Important: Safe multisig and Governor are separate layers. Governor manages the protocol (upgrades, parameters). Safe manages the treasury (payments, grants). Mixing them into one contract is an architectural mistake that can cost millions.
How to protect a DAO from flash loan attacks?
We use multiple layers of protection. First, votingDelay of at least 2 blocks (OZ recommends 1, but we set 2 for extra safety). Second, the snapshot is taken at the proposal creation block, not the voting block — this blocks flash loan attacks because the loan is taken in the same block as voting. Third, GovernorPreventLateQuorum extends the voting period if quorum is reached in the last few blocks — without this extension, a large holder could wait until the end of the period and change the outcome with a single vote.
Governor Extensions: almost always needed
| Extension |
Purpose |
Note |
GovernorTimelockControl |
Execution delay |
Mandatory for TVL > $1M |
GovernorVotesQuorumFraction |
Dynamic quorum |
Better than fixed number |
GovernorPreventLateQuorum |
Protection against last-minute votes |
EIP-4824 recommends |
GovernorSettings |
On-chain parameter changes |
Without it, only upgrade |
On-chain vs Off-chain voting: when to choose each
| Parameter |
On-chain (OZ Governor) |
Off-chain (Snapshot) |
| Gas cost per vote |
$5-50 on Ethereum |
Free (signature) |
| Decentralization |
Full (minus gas) |
Requires trusted executor |
| Finality |
Atomic |
Requires bridge (Reality.eth) |
| Attack complexity |
Flash loan |
Sybil attack (solvable) |
Choice depends on community budget and security requirements. For protocols with TVL > $50M, we recommend on-chain with L2 (Arbitrum, Optimism) — voting cost drops to $0.05-0.5.
Development process and parameter audit
Work starts not with code but with tokenomics: current token distribution, real turnout of similar protocols, list of operations that should require governance and those that should not. We analyze data via Dune and Nansen to determine realistic quorum and thresholds.
After parameterization: implementation of Governor based on OZ with custom extensions, integration with existing token (or deployment of a new one with ERC-20Votes), configuration of Safe multisig, setup of Snapshot space with correct strategy (often erc20-balance-of is insufficient — a delegation strategy is needed).
Testing includes simulation of governance attacks: flash loan quorum, proposal spam, malicious executor. Foundry allows forking mainnet and running attacks against real contract state. Deploying Governor without parameter audit is a standard mistake. Auditors look at code. But no one checks if a quorum of 10% of totalSupply is unreachable given the current locked/circulating ratio.
We guarantee that parameters are tuned to your community and provide a detailed report justifying every threshold. Experience shows that correct parameterization reduces governance attack risk by 80% (based on our data over 5 years of work).
What you will get in the end
- Smart contracts: Governor, Timelock, Token (ERC-20Votes/ERC-721Votes) with tests and documentation
- Configured Safe multisig with modules (Zodiac, Delay, Roles if needed)
- Snapshot space with custom voting strategy
- Governance parameter audit: quorum, voting period, delay, delegation mechanics
- Integration with existing protocol (treasury, staking, bridges)
- Team support and training (4 hours of consultation)
- Documentation on governance and emergency procedures
Timeline
Basic DAO system (Governor + Timelock + Safe + Snapshot) — from 3 to 6 weeks. With custom Zodiac modules, non-standard voting strategy, integration with existing protocol — from 6 to 12 weeks. Audit takes separately 2-4 weeks.
Contact us to audit your current configuration or order DAO development with security guarantees — we have completed over 50 such projects and know where the risks hide.