DAOs & Don’ts #1: The DAO

DAOs & Don’ts is a blog series to research potential solutions that support the implementation of decentralized governance in the Stellar Community Fund (SCF). Read more in this blog post. Each issue will explore a particular decentralized community or DAO to identify its successful features or achievements (DAOs) and vulnerabilities or downfalls (Don’ts). Join the discussion in our SCF Discord!

Let’s get started where it all began: The DAO. The DAO launched in 2016 and was a platform for collective investment in blockchain-based projects. It was the first functional DAO implementation and the highest-funded crowdfunding project at the time, raising around $160 million in ether in weeks. Soon after, disaster struck, and The DAO’s code was exploited with the attacker siphoning off a considerable amount of the committed digital assets, resulting in a disruptive hard fork of the Ethereum blockchain.

Was this exploitation an attack or a vulnerability in the code? Was it preventable? What made this initial DAO implementation so popular? Read on to learn about The DAO’s history and the DAOs and Don’ts we can learn from.

How The DAO got started

By 2016, there was some talk of the DAO concept in the Ethereum community but not much concrete development, especially in the funding space. At this time, Slock.it was developing an IoT company that builds smart locks to unlock the doors of “decentralized Airbnbs” with Ethereum transactions. As dedicated members of the Ethereum community, the founders decided to acquire funding through a DAO instead of a more traditional route.

According to Slock.it, a DAO would allow participants to maintain direct, real-time control of contributed funds and that the governance rules would be formalized, automated, and enforced using software. Also, during the crowdfunding phase, it was anticipated that the DAO structure would alleviate some vulnerabilities, including financial mismanagement and fraud. Participants would be empowered to identify problems, participate in governance decisions, and recover their investments.

With the goal to develop a decentralized sharing economy, the community saw it as a “decentralized venture fund”: open to anyone, from anywhere — like Kickstarter, but operating on blockchain and focused on funding decentralized applications.

“Discussing the way it worked in the Slack channel, one member commented it was ‘crazy’ that Slock.it’s proposal would come after the token sale. ‘That’s like saying to a VC, ‘Give me some cash, and we’ll give you a business plan after, maybe.’” — Laura Shin’s ‘The Cryptopians’

Building a DAO framework

Since DAOs must be created in a decentralized way, the Slock.it team built a Slack community of like-minded individuals who created the first open-source standard DAO framework in March 2016. They wanted to provide the gold standard of DAO Token Sales and transparent governance — its open-source code is on GitHub and was reviewed by hundreds of people from the community and by one of the then-most respected auditing companies, Deja Vu.

The DAO framework was comprised of several Solidity files, structured as a smart contract with a DAO automating the organizational governance and decision-making, several supporting contracts for token creation and transparent functionality, and instructions on how to deploy it. With this framework, anyone could set up a DAO and enable inter-DAO communication.

Anonymous deployment to support decentralization

After the framework was built, a DAO website was created, and The DAO’s code was audited by numerous people in the industry, including Ethereum co-founder Vitalik Buterin. To follow the principle of decentralization, multiple instances of The DAO’s smart contract were deployed by anonymous community members. On April 30th, 2016, at block number 1428757 on the Ethereum blockchain, the community chose one instance to become The DAO by initiating the first transaction: sending ether to the DAO, triggering a return of DAO tokens. The individual actions of members can’t be directly determined within the contracts, so The DAO’s creation can’t be pinpointed back to one individual or group.

Tokensale

After this first transaction, the 28-day Creation Phase began, where anyone could send ether to The DAO in return for DAO tokens. Holding DAO tokens allowed a user voting and ownership rights in proportion to the number of tokens they held, as well as a right to DAO rewards brought in by approved proposals for work. “This would be like your VC fund shares also giving you influence over what the fund invested in and the number of shares you had representing your voting power, as well as your cut of the profits.” (Shin, The Cryptopians, 124).

If the minimum DAO Creation Goal (set at deployment) was not reached, all ether would be returned to users. If the goal was reached, DAO tokens would be transferable on the Ethereum blockchain.To incentivize early buy-in, The DAO token’s price was set to programmatically increase over time. Midway through the Creation Phase, it rose by 0.05 ETH per hundred DAO tokens per day until it reached a price of 1.5 ETH per hundred DAO tokens for the final five days of the sale. Its formation period ended with ~12M ETH inside the DAO’s smart contract, worth roughly $150M at the time.

“We stopped calling it a presale months ago because the DAO is going to be made live on the blockchain, no one is preselling anything… When someone fuels a DAO by sending it ETH during its Creation Phase, new DAO tokens are created at that moment… This is hardly a sale, it is truly an act of DAO Creation!”- Griff Green, Community Manager of Slock.it on The DAO’s Slack channel (Shin, The Cryptopians, 126).

Despite this early success, the legal implications of the DAO tokensale remained unclear. Legal commentators were concerned that The DAO’s tokens could be considered as securities. The Slock.it team started issuing disclaimers to clarify that their role related to the DAO code, but not the operation of specific DAOS built on that code:

“It is important to remember that anyone who uses DAO code will do so at their own risk. We can’t speculate about the legal status of DAOs worldwide.” — Stephen Tual, Founder & COO of Slock.it in this blog post

How The DAO proposals worked

After the funding period, the DAO started operating. According to the whitepaper, a DAO stores ether and other Ethereum-based tokens and transmits them based on the DAO’s code. It does not have the capabilities to manufacture a product, write code, or develop hardware. It requires actors in the physical world for this purpose, called ‘Contractors’, which could create proposals on how to spend The DAO’s treasury, and the bought-in members could vote to approve these proposals.

Learn more on how proposals worked in this whitepaper and this ethnography of The DAO by Quinn Dupont.

DAO split proposal

Another type of DAO proposal was the split proposal (an idea originating from Vitalik Buterin), which split a DAO in two, allowing the minority of voters to retrieve their portion of the funds, change the Curator, or fund different ideas than the main DAO. Over a 7-day debating period, voters could split the DAO by moving a portion of the ether to a new DAO (called a split or child DAO). The split DAO would have the same properties and codebase as the main DAO and could also prevent an attacker with 51% of the tokens from sending all the DAO funds to themselves.

For example, each DAO has one powerful Curator. Anyone can propose a new Curator, and if the majority opts to keep the original Curator, the minority could choose the new Curator and initiate a split DAO proposal.

“Although vastly less popular than Slock.it’s proposal, a few other ideas for The DAO emerged, including one by a French company hoping to create a ride-sharing vehicle (Mobotiq), and a proposal for an online gaming system (First-blood). Unfortunately, none of these ideas made it to the formal proposal stage prior to the exploit.” — Experiments in algorithmic governance by Quinn Dupont

The DAO’s vulnerabilities and the attack

Days before The DAO was set to start operating, concerns were raised about vulnerabilities in The DAO’s code:

1. May 27: Computer scientists published a paper identifying game theory issues (not actual bugs) in the DAO’s design that could lead to attacks, which was well supported in the community.
2. June 5th: an antipattern was found in Solidity itself (the coding language of Ethereum and also The DAO), which could lead to attacks on smart contracts (later described in a blog post).
3. June 11: Another project, MakerDAO (a now popular DAO governing the algorithmic stablecoin DAI, created before The DAO but operated on a much smaller scale at the time) discovered a vulnerability in their own code caused by the antipattern (highlighted in a Reddit post), and exploited the vulnerability themselves to preventatively drain their own funds safely before it could be exploited by a malicious actor.
4. June 12th: The same vulnerability had been found in the proposal and Rewards section in the DAOs code through ‘withdrawRewardFor’ , which allowed a user to collect their entitlement multiple times by calling the contract recursively before it could update its balance. In addition to the possibility of a recursive call, the smart contract was encoded to first send the ether, and after update the internal token balance. It was promptly patched within hours to the framework, but the process of making the change to the deployed codebase would take two weeks of voting. Stephan Tual, founder and COO of Slock.it, announced that a “recursive call bug” had been found in the software but that “no DAO funds [were] at risk”. They thought the bug only affected the rewards section, and as there weren’t any rewards in The DAO yet, it didn’t have an actual effect on funds and a workaround was available. At the time, more than 50 project proposals were waiting for The DAO’s token holders to vote on them.

An ‘attacker’ was already many steps ahead of the rest of the community. Within days of the antipattern discovery in Solidity, the attacker discovered that the ‘withdrawRewardFor’ vulnerability and split DAO together proved a deadly combination and started preparations on June 8th. Check out the full analysis of The DAO exploit in this blog post.

By Saturday, June 18th, more than 3.6M ETH (~$50M worth at the time), had been drained from The DAO, roughly a third of the DAO’s treasury.

“Simon [CTO of Slock.it] said, “Something strange is happening with the DAO. Please have a look,” … Although he could not immediately figure out what was happening, he [Christoph, CEO of Slock.it] knew someone had split from the main DAO, and something was very wrong. Thousands of people around the world who had invested in the DAO were losing money — 258 ETH at a time. His gut said, Game over.” — pp. 142 of Laura Shin’s ‘The Cryptopians’

Slock.it’s co-founder, Christoph Jentzsch, publicly apologized, and the value of ETH plummeted.

Can we consider this an attack?

One of the computer scientists, Emin Gün Sirer, who contributed to the paper on game theory risks (mentioned earlier) cast doubt on whether the DAO exploit was even really an ‘attack’. In a follow up blog post, Sirer pointed out that The DAO didn’t have a specification of wanted behavior (referred to as formal specification), so it was not even possible to label something as a hack or a bug or unwanted behavior.

“The “code was its own documentation,” as people say. It was its own fine print. The hacker read the fine print better than most, better than the developers themselves. Had the attacker lost money by mistake, I am sure the devs would have had no difficulty appropriating his funds and saying, “this is what happens in the brave new world of programmatic money flows.” When he instead emptied out coins from The DAO, the only consistent response is to call it a job well done.”

Recovering the lost funds

After a series of failed attempts to recover funds by performing a split DAO, experts in the community suggested implementing a soft fork to stop the ether from leaving the DAO. Even though it had the majority of support from miners, the soft fork opened up a DoS vulnerability, so this idea was called off before it could be implemented.

The last resort to safely return the lost funds was a hard fork to split the Ethereum blockchain into two branches, which are now known as Ethereum Classic (old version) and Ethereum (new version). It’s really a worst-case scenario solution, as hard forks erase the event from the collective and (supposedly) immutable ledger, which contradicts the core values of crypto-anarchism. The hard fork proposal would move all DAO funds into a withdraw contract, where every token-holder would be able to exchange 100 DAO tokens for 1 ETH, in addition to a multisig that would send ether to withdraw contracts for the edge cases.

As the split DAO shared the same code as the main DAO, the funds would be frozen during the 28-day Creation Phase, which made it possible for the fork to cleanly undo the theft before funds had been transferred to exchanges.

The fall of The DAO

The fork formally deactivated The DAO, and many exchanges delisted DAO tokens in the same year. The hard fork itself was disruptive to the Ethereum community: the majority accepted this act of “centralized” governance, but a minority continued to stick with the flawed but pure algorithmic authority, with some miners continuing to mine Ethereum Classic to this day.

To top it off, the Report of Investigation released by the United States Securities and Exchange Commission (SEC) on July 25, 2017, stated:

“Tokens offered and sold by a “virtual” organization known as “The DAO” were securities and therefore subject to the federal securities laws. The Report confirms that issuers of the distributed ledger or blockchain technology-based securities must register offers and sales of such securities unless a valid exemption applies. Those participating in unregistered offerings also may be liable for violations of the securities laws.”

DAOs & Don’ts of The DAO

Despite its failures, The DAO established itself as a pioneer in the space of decentralized, autonomous governance as the first high-profile DAO on Ethereum and became one of the largest crowdfunding campaigns in history. The large interest, and exponentially growing community, indicated there is a need (for decentralized funding) and a desire for a fresh take on how governance has evolved for thousands of years. And according to this blog post by Stephen Tual, the birth of the DAO led to a record number of new accounts and transactions on Ethereum.

As The DAO’s reign was short-lived, and we can’t really analyze if it actually worked or not, I’ve based the DAOs & Don’ts mostly on how The DAO came to be, rather than focusing on design features:

✅ | Collectively built an open-source framework alongside the community

The Slock.it team incorporated the community and built an open-source framework with resources and documentation anyone could use, with the intention it would serve as a Gold Standard for DAOs to come, paving the way of the development of decentralized autonomous governance. The DAO’s creation followed the principles of decentralization with the community at its core.

❌ | Set-up for failure

A hacker was able to exploit a security vulnerability built into The DAOs code, even though the code was reviewed by the Ethereum community, renowned auditing firms, and even Vitalik Buterin himself.

No matter how great the initial review is, there are always unexpected issues that only arise when something is live. Therefore, I find the lesson of people writing about The DAO’s exploit of “there shouldn’t be any security vulnerabilities before a DAO’s launch otherwise the DAO will fail” superficial because there will always be vulnerabilities in this new, growing, and decentralized space, including:

• New, immature tooling for smart contract development may have antipatterns with unwanted side effects: Solidity wasn’t even a year old at the time of the exploit.
• Since a DAO’s code aims to capture (human) governance and organization, the code tends to be more complex and longer. Statistics show that there are, on average, up to 15–50 bugs per 1000 lines of code.

People often don’t completely know what to look out for. The exploit analysis mentions the following: “even though withdrawReward for was not vulnerable by itself, and even though splitDAO was not vulnerable without withdrawRewardFor, the combination proves deadly. This is probably why this exploit was missed in review so many times by so many different people: reviewers tend to review functions one at a time, and assume that calls to secure subroutines will operate securely and as intended.”

The DAO should have been released gradually and with lower stakes to start. The creators didn’t anticipate such a large volume and interest and thus operated with no guardrails as to the total amount a smart contract could hold. Also, there was no ability to hot-fix security issues on the deployed codebase, as any changes would need to go through a two-week voting period and reach a majority vote. Since the issue was discovered before the exploit, a hotfix could have prevented the entire disaster.

In the aftermath, Slock.it published a blog post stating that formal proof verification tools (that weren’t ready at the time) could have prevented the exploit. According to the Ethereum docs, formal verification refers to the process of evaluating the correctness of a system with respect to a formal specification (which The DAO also didn’t have).

The nature of open-source code and anonymous communities makes it possible to find vulnerabilities and bugs sooner but it is also a free-for-all playing ground for malicious actors when issues get exposed publicly. The risk of malicious exploitation is enlarged by (financial) incentives and anonymity.

❌ | Inherent ‘questionable’ design features

With the caveat that we didn’t really see these features in action specifically in The DAO to make a proper analysis. There may be more, but these were the ones that stood out throughout the research.

Token-weighted voting mechanism

The problem with token-weighted voting mechanisms is that decisions made by the DAO don’t necessarily reflect those of the entire community. A recent report from Chainalysis analyzed the workings of ten major DAO projects and found that, on average, less than 1% of all holders have 90% of the voting power.

SplitDAO

While it’s a nice idea to give power to the minority voters, the idea of an entirely new DAO being created opens up attack vulnerabilities and may splinter the community and voters’ attention. As we didn’t really see this feature in action in The DAO, we will need to look into other implementations of splitDAOs further to make a proper assessment.

‘Curator’ is a misleading term and conveys false endorsement of the DAO

As described in more detail in a blog post by Gavin Wood, the curator didn’t actually have authority for independent judgment and acted more of an identity oracle. Instead of reading the code, many saw a familiar face endorsing The DAO and chose to buy tokens because of it. “If Vitalik Buterin is part of this, it must be sound, right?”

Sheer difficulty in withdrawing ‘invested’ funds.

To get funds out of the DAO, a token-holder would need to create a new child DAO, move their funds into the child DAO and keep them there for 27 days–there is no direct withdrawal. While this was a fail-safe for the attacker to get funds out as well and allowed for successful retrieval of stolen funds through the hard fork, instant withdrawal could eliminate certain attacks.

❌ | Lack of legal compliance

The DAO introduced a novel legal structure for pooling financial resources and decentralized governance. While there is always tension between new technological innovations and traditional legal compliance, this is perhaps even more true in the crypto space given the complexity of the technology and the sensitivity of the financial services offered. Various legal commentators raised issues early on regarding their concerns about the legal status of DAOs and the potential risks relating to securities laws. Ultimately, The DAO was investigated by the SEC and found to have violated the SEC’s registration requirements by offering DAO tokens as part of an unregistered securities offering.

Legal compliance continues to raise challenges for DAOs. Last September, the CFTC brought an action against Ooki DAO for allegedly violating federal law by illegally offering leveraged and margin crypto trading products to U.S. investors. It’s clear that, when launching a DAO, it’s necessary to work closely with qualified legal counsel to identify legal risk and help design the DAO to manage legal compliance.

Sources

• Whitepaper “Decentralized Autonomous Organization To Automate Governance” by Christoph Jentzsch, Founder & Cto of Slock.it
• Chapter “Experiments in algorithmic governance” in “A history and ethnography of “The DAO,” a failed decentralized autonomous organization” by Quinn DuPont in the book Bitcoin and Beyond
• Book “The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze” by Laura Shin, a crypto journalist and host of the crypto podcast Unchained
• Blog post “DAOs, or how to Replace Obsolete Governance Models” by Stephan Tual, founder and COO of Slock.it
• Blog post “The History of the DAO and Lessons Learned” by Christoph Jentzsch, founder & CTO of Slock.it
• Blog post “A Call for a Temporary Moratorium on The DAO” by Dino Mark, Vlad Zamfir, and Emin Gün Sirer
• Blog post “Thoughts on The DAO Hack” by Emin Gün Sirer
• Blog post “Analysis of the DAO exploit” by Phil Daian
• Coindesk article “The Law of The DAO” by Andrew Hinkes
• Coindesk article “Understanding the DAO attack” by David Siegel
• Cointelegraph article “Takeaways: 5 years after The DAO crisis and Ethereum hard fork” by Oleksii Konashevych
• Securities And Exchange Commission — Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO
• Blog post “Why I’ve Resigned as a Curator of the DAO” by Gavin Wood, co-founder of Ethereum and creator of Polkadot and Kusama
• Blog post “The Inexorable Rise of The DAO” by Stephen Tual, founder and COO of Slock.it
• Blog post “Hard Fork Specification” by Christoph Jentzsch, founder & CTO of Slock.it
• “List of highest-funded crowdfunding projects”, Wikipedia
• “The DAO (organization)”, Wikipedia

Acknowledgments

Many thanks to Kelsie Nabben, qualitative researcher in decentralized technology communities leading the governance research team at complex systems R&D firm BlockScience, and my colleagues and supervisors at the Stellar Development Foundation for reviewing and giving helpful feedback, especially Bri Wylde, Technical Content Specialist, Bianca Hearfield, Senior Legal Director, Product, Christin Spradley, Senior Legal Director, Commercial Counsel, and Caroline Young, Senior Manager, Creative Content.

DAOs & Don’ts #1: The DAO was originally published in Stellar Community on Medium, where people are continuing the conversation by highlighting and responding to this story.