Decentralised Autonomous Organisations (DAOs) are “non-hierarchical organizations that perform and record routine tasks on a peer-to-peer, cryptographically secure, public network, and rely on the voluntary contributions of their internal stakeholders to operate, manage, and evolve the organization through a democratic consultation process”. DAOs are in common use for DeFi and conservatively oversee more than $480 million. DeFi DAOs help users transfer cryptocurrencies across different blockchains, and serve popular DeFi use cases such as crypto lending or yield farming.
DAOs are open-source, thus transparent and, in theory, incorruptible but depending on the governance rules, there are different levels of decentralization. While the network might be geographically decentralized, and have many independent but equal network actors, the governance rules written in the smart contract or blockchain protocol will always be a point of centralization and loss of direct autonomy. DAOs can be architecturally decentralized (independent actors run different nodes), and are geographically decentralized (subject to different jurisdictions), but they are logically centralized (the protocol).
DAOs have both internal and external governance components. Internal governance is characterized by non-hierarchical modes of governance and has quasi-democratic features. The external governance is the reliance on clusters of servers and individual nodes for the functioning of the network and decision-making. Notably, those who control nodes and server capacity can exert undue influence on decision-making, and in a stronger way than other actors.
The best known failure of DAO governance demonstrated how vulnerable DAO governance can be. In the case of The DAO hack, a smart contract both granted investors voting rights according to their level of investment and decisions regarding the distribution and management of its $150 million dollar fund. Risk, residual claims, voting rights, and voting itself, was achieved through the consensus of the investing community. However, their priorities and values did not align and there were no contingencies to define, manage, or control these conflicts. Since the decision-making structure was implemented and managed solely by the code, the DAO left the entirety of its governance operations to an algorithm which became the DAO’s sole governance mechanism. It operated as it was instructed and according to previously-agreed rules. The attack was a clever exploitation of TheDAO’s blockchain-encoded smart contract.
Rozas et al summarise the key blockchain-based governance tools as:
- Tokenization: the process of transforming the rights to perform an action on an asset into a transferable data element, a token, on the blockchain.
- Self-enforcement and formalization of rules: the process of embedding organizational rules in the form of smart contracts.
- Autonomous automatization: the process of defining complex sets of smart contracts as DAOs, which may enable multiple parties to interact with each other, even without human interaction.
- Decentralization of power over the infrastructure: the ownership and control of the technological tools employed by the community through the decentralization of the infrastructure they rely on, such as the collaboration platforms (and their servers) employed for coordination.
- Increasing transparency:the process of opening the organizational processes and the associated data by relying on the persistence and immutability properties of blockchain technologies.
- Codification of trust: codifying a certain degree of trust into systems which facilitate agreements between agents without requiring a third party..
Some of the issues of governance in decentralized systems can be:
1) Users see tokens as yield, not voting rights, leading to a very individualist approach to collaboration. Protocols started using their governance tokens as “rewards” for users participating in the network.
2) No minimum number of participation in order to kickstart the governance. In order for a system to be considered sufficiently decentralized, there needs to be a high minimum number of token holders/participants.
3) Most of the DAOs raise money in one way or another and in return, investors get back governance tokens. This creates a high degree of centralization at the start of token distribution.
A challenge for DeFi is that the economic incentives of providing liquidity in order to get rewarded with governance tokens, this encourages competitive and speculative behavior which leads back to a centralized governance structure, since tokens slowly concentrate in a few hands. So where can this lead? Projects can become vulnerable to attacks because of excessive centralization and parties with conflict of interest can push through proposals, and activist investors can acquire a significant enough amount of governance tokens to help push through proposals profitable to them.
The vulnerabilities of DAOs also lie in the automation: : the organization is governed and operated by smart contracts, the smart contracts which form the governance are written and executed as computer code, monitoring and enforcement of smart contracts are by computer algorithms, and there are weak or non-existent mechanisms for dispute resolution, since the “code is law,” and all participants have agreed in advance to abide by the code of the smart contract.
Wulf Kaal notes more mature voting alternatives are slowly emerging. Some possible improvements to DAO governance have been suggested such as: Releasing smart contracts in stages; Certification processes and review processes as well as multiple security audits from respected institutions in combination with formal verification programs for smart contracts; Designing the DAO such that it can be stopped when it may appear to become too big to fail; Barriers to DAO entry can help ensure the success of on-chain governance, such as with permissioned blockchains or community guidelines.
Many DAOs are experimenting with novel governance structures. The legal status of a DAO is also a gray area, as nobody owns the organization, who can be sued and who sues or in the case of liquidating a tangible asset owned by the DAO, what rules are to be followed?
DeFi is still in its infancy as an industry and the concept of DAOs is still relatively young, so we will continue to see a greater number of players entering the market and making improvements. As with all emerging and unregulated technologies, DeFi continues to be a case for “caveat emptor”.