The Distributed Autonomous Organization (DAO), a smart contract on the Ethereum blockchain that has raised 11.5 million Ether, has some design issues that could cause investors to act in ways that could undermine the project. Three individuals, Dino Mark, Vlad Zamfir and Emin Gun Sirer, have called for a moratorium on proposals to prevent losses to the DAO.
The DAO is the largest crowdfunding event in history. A white paper analyzes the rules of the DAO and examines problems in its design that could motivate investors to act strategically, meaning in opposition to truthful voting to reveal their preferences.
The paper explores the potential for attacks against the DAO that these behaviors can facilitate. There are nine areas of concern that can cause DAO participants to act strategically rather than honestly. Some such behaviors can hijack investments of honest DAO investors. The paper offers suggestions to prevent such attacks.
A moratorium on proposals to prevent losses caused by unintended consequences will provide time to ensure security upgrades, the paper noted. The moratorium would end following this update.
Smart contracts, built on a Turing-complete platform, can create constrained, predictable financial constructs without a trusted entity. Distributed autonomous organizations can execute functions in service to shareholders, constructed by programmatic bylaws. Such bylaws can supplant the need for a management team in certain domains.
Crowdfunding is one of the most suitable domains. A company like Kickstarter links investors to parties that propose ventures. When sufficient opt-in occurs, the proposal can move forward and return rewards to investors. The platform collects some overhead for its service.
Venture capital firms are another such domain. Managers collect funds from investors, examine proposals and decide on what ventures to fund.
In the past month, the DAO has emerged as a cross between the two domains described, seeking to remove the middlemen. The DAO acts similar to a venture capital firm since it collects funds to invest in proposals. It differs in that all the investors can vote in proportion to their investment. The DAO goal is to utilize the crowds’ wisdom for making a decision and to remove risks caused by a programmatic approach to corporate management.
At its current funding level, the DAO holds about 15% of the total Ether that exists. Since the DAO is one of the first smart contracts of its kind and is a large contract, public opinion on decentralized autonomous organizations rests on the DAO’s success.
Smart contracts have challenges. Computer programs have bugs. Should a smart contract have an issue, the funds could be lost. The smart contract cannot easily update.
In the current DAO implementation, negative consequences can occur. Mechanisms encoded in the DAO can support unwanted behaviors that undermine the organization’s primary function. An attack can tie up investor funds and result in ransom demands. An attack can enable a cartel to steal funds. An attack can also depress native fund tokens.
Some attacks are supported by a bias towards fund proposal voting. The system discourages parties from voting where they recognize a proposal to have negative value. Another problem stems from the withdrawal process: investors looking to leave the fund by “splitting” are vulnerable. Such issues can result in strategic actions that corrupt the honest debate and voting process.
One curator-imposed moratorium is to have DAO token holders place a self-imposed moratorium by voting against every proposal. However, based on the flaws connected to negative voting, this mechanism should not be relied on to prevent attacks that target the same mechanism.
Another option is for the DAO token holders to opt-in to security measures by voting for a new curator to deploy a moratorium. Because no one knows the percent of non-voting token holders, the threshold for curator changes could be too high for the voting process. Hence, the most immediate and safest approach is for the curators to impose a moratorium, and to permit the DAO token holders to opt-out.
The DAO API is built around an initial creation phase that gathers funds, and an operational phase that collects proposals, voting, optionally funding and executing administrative functions for the proposals like withdrawing funds and paying rewards.
The creation phase of the smart contract lasts 27 days, during which time the DAO issues tokens in exchange for Ether. The buy-in price for the tokens varies during this phase. It begins at 1.00 Ether for 100 tokens for 14 days. It increases 0.05 Ether per 100 tokens for the next 10 days. There is a final 3-day period at 1.50 Ether per 100 tokens.
Late investors paying more than 1.00 Ether per 100 tokens have surplus Ether above 1.00 set in an account called extraBalance. Token holders cannot remove funds from this account. They can withdraw the funds after an amount equal to the balance has been spent on proposals.
For example, if a token holder pays 1.05 Ether for 100 tokens and no additional Ether gets committed to proposals, the token holder can only withdraw 1.00 Ether. The extra 0.05 Ether remains in the account until the DAO funds proposals that exceed the balance amount. At that time, the balance folds into the main DAO balance, where it distributes to token holders proportionally.
The main contract serves as a factory for sub-contracts that split from the main DAO.
The “Standard DAO Framework” is referred to as DAO. Generating the “child DAOs” can proceed recursively until reaching a depth limit.
The DAO has a curator responsible for adding and removing addresses from the proposed payment address “whitelist.” The curator account for the current instance of the DAO is a five out of 11 multi-signature address. Only addresses on the whitelist can send proposals to the DAO. Those seeking funding have to ask the curator to add their address to the whitelist.
The curator thereby ensures human supervision in selecting proposals to be funded for the DAO. To protect curators from legal liability, their role is limited to preventing “malicious proposals.” The main incentive for the curator abstraction is a majority takeover attack where a big (53%) voting bloc votes to commit all of the DAO funds to a proposal that solely benefits that bloc.
The curator was introduced to prevent such proposals and either refuse to whitelist their payment addresses or to “un-whitelist” their addresses. Curators are expected to take profitability or business sense into account while considering whitelist decisions.
When the curator whitelists a proposal’s address, the token holders can vote on funding the proposal. All token holders can vote, and votes are weighted by their token holdings. The voting begins for a minimum 14-day period.
A simple majority is needed to fund a proposal. A minimum quorum of voters is needed to close the voting phase. This quorum varies between 20% to 53%, depending on the proposal size. The largest require a 53% quorum. There is no limit to the number of proposals that can be voted on. There is a non-refundable listing fee for each proposal to prevent proposal spam.
If a token holder votes on a proposal, they cannot change their vote or withdraw from the DAO via a split until the voting ends. Nor can they transfer their tokens. Voting places the token holder on a list of blocked addresses that cannot do transfers or splits. The block stays in effect until the latest voting deadlines for holders voting on multiple proposals. If a proposal succeeds, the holder can remove shares of the Ether balance left following the funding of the proposal.
Token holders who do not vote can leave the DAO by initiating a split, which requires seven days to fork off the funds. A split initiated by a user seven days before the voting deadline can function without risk of the funds being spent on the proposal.
The DAO does not allow funds to be removed directly as Ether. Token holders can remove tokens by the “split” process, which takes 34 days and requires creating a new DAO.
To initiate a split process, the token holder begins a proposal with a new curator address and a zero Ether funding amount. The split process voting period is a minimum seven days. The vote outcome on a split proposal is inconsequential since the proposal cannot execute.
The presence of the split proposal whose voting period ended yields the right to split from the DAO for those who voted for the proposal. This occurs when the parties call a function known as “splitDAO” that removes their funds from the DAO to a new “child-DAO” contract. This gives a way to withdraw funds from the DAO. Those parties wishing to leave the DAO initiate a new curator proposal, where they become the new curator, wait for the voting period to end, then move their holdings to the new DAO.
When the token holder splits from the DAO this way, the 27-day creation period applies. The process takes 34 days to being a split proposal, gather votes, split from the DAO, then wait for the new one to form. The transfer occurs on the seventh day and funds are locked for 27 days.
When a holder splits into the new DAO, they create a proposal to pay themselves the complete balance of the Ether left in the new DAO.
Tokens not blocked due to voting are transferrable to any Ethereum address and can be immediately sold over the counter or on exchanges. Hence, if a token holder does not wish to wait 34 days to split from the DAO and withdraw Ether, they can sell their tokens on exchanges directly for Ether or other cryptocurrencies.
A financial system with convertible assets and complex actors has many potential payoffs, some of which cannot be expressed within the confines of the game. Not all actors attempt to maximize returns in Ether. They may have exogenous payoffs in dollars that are hard to capture.
For example, an actor who bought put options on Ether and damages the system’s reputation by attacking the DAO could lose tokens but profit financially. Modeling their profit requires quantifying market effects and social factors. Prior attempts to apply game theory to complex agent systems or distributed systems have suffered from simple-minded modeling leading to incorrect conclusions.
Hence, there is no attempt to give a full-game theoretic treatment of the DAO. Instead, the paper discusses guiding principles for mechanism design for crowdfunding investment vehicles like DAO and determines weaknesses in the structure that violate such principles and leave the shareholder vulnerable to attack.
The DAO’s central point is to allow token holders to vote on proposals. A reasonable actor will vote in a manner informed by the present value perceived for each proposal. Each proposal has the present cost specified. The proposal returns value to shareholders through profit denominated in Ether and paid back to the DAO or through appreciation of the tokens.
Proposals to the DAO carry a probability of success depending on the venture’s nature and business plan. For example, a proposal can ask for 1,000 Ether to create 1,000 t-shirts and will estimate the shirts sell at a 5 Ether profit, thereby returning 5,000 Ether to the DAO. The debate during the voting phase will allow each voter to estimate the chances of success and the expected value.
The DAO has a positive “yes” bias on proposals to suppress “no” votes. This is an effect of the way it restricts users’ options after they vote. The DAO blocks token holders from splitting from the DAO or selling their tokens after they voted until the voting ends. Hence, a voter believing a proposal has a negative value can split from the DAO without taking any risk or vote no and hope the proposal fails.
A “no” vote thereby is inherently risky for an investor believing the proposal to have negative effective value, in a manner that voting “yes” is not for a positive expected value voter.
A “yes” vote will arrive through the voting period while a strategic token holder will seek to cast a “no” vote only when they have assurance the outcome will be “no.”
Strategic “no” voters only vote after gaining information on other voters’ perceptions. The voting process itself will not provide reliable information on token holders’ preferences over the voting period. Positive voter preferences will be visible early on, but negative ones will be suppressed during the process, resulting in an affirmative bias. This can have consequences for an organization where “yes” results in funding projects.
Splitting from the DAO is open to a “stalking attack.” A user who splits from the DAO starts a new DAO contract in which they are the sole investor and curator in the beginning. The intent is for the user to remove funds by whitelisting a proposal to pay himself the contents of the contract.
But the split and resulting sub-contract creation occurs on a public blockchain. Hence, an attacker can follow a targeted individual by purchasing tokens during creation phase. As a splitting user is the new curator of the sub-contract, a stalker cannot seal the funds. The victim can refuse to whitelist proposals by the stalker.
However, due to human error, such attacks still have a positive expected outcome. Should the stalker commit funds that correspond to 53% or more of the sub-contract, they can block the victim from removing their funds from the contract back to Ether.
Additional attempts by the victim to split from the sub-contract can be followed in a similar manner, catching the victim’s funds and preventing conversion back to Ether. The attacker risks no funds since they can split from the sub-DAO any time before reaching the depth limit.
This scenario creates an opportunity for blackmail and ransom.
A response to this problem offered some remedies for counterattacking during a stalker attack. The remedies need unusual technical capability by the token holder, but they are insufficient to deter stalking. The suggested technique is never to split with a proposal in which any party has voted “yes.” This technique is not sufficient since an attacker can programmatically vote “yes” on every split with a dust account to gain the option to split, then transfer funds before invoking a split.
When a victim finds themselves in a child-DAO, two counterattacks for the victim to attempt to fend off the attacker have been suggested. But neither is resilient against an attacker that creates dust accounts to vote and then transfers the funds to the dust account that voted for the grandchild-DAO the victim sought to pursue. Such strategies not only require great technical skill; they impact the user experience and satisfaction.
In an ambush, a big investor utilizes the bias for DAO users to avoid “no” voting by adding a high percent of “yes” votes at the last minute to fund a self-serving purpose. Such behavior creates an opportunity for an attack. A large voting bloc can take advantage of this reticence by voting “yes” at the last moment to fund the proposal.
These attacks are hard to detect and prevent since they leave little time for the DAO token holders to withdraw funds. For a proposal requiring a 20% quorum, one large investor already has 77% of the required “yes” votes to pass the proposal and only needs to conspire with 2.3% of the token holders in return for paying the conspirators from the stolen funds.
In a token-value attack, a big investor can benefit by driving tokens lower in value, to either profit from price motion directly (via shorts and put options) or to buy tokens on the open market to acquire a bigger share of the DAO.
Such an attack is successful if the attacker can 1) incentivize a major portion of token holders not to split but to sell their tokens on exchanges, and 2) incentivize a large portion of the public not to buy tokens on exchanges.
The attacker can achieve the first scenario by deploying the stalker attack on anyone who splits and then making the attack public on social media. Because the stalker attack is well-known, the attacker does not have to attack any real entity but can create false entities that post stories of being stalked to create panic among DAO investors.
The attacker can achieve the second scenario by a self-serving proposal understood to be expected value and waiting for the sixth day before voting ends, then voting “yes” with a large bloc of votes. This will discourage rational market actors from buying tokens. If the attacker proposal succeeds, they lose money, and they don’t have time to buy tokens on an exchange and convert them back to Ether before the proposal ends, thereby removing any chance of risk-free arbitrage profits.
The combined scenarios above will create a net selling pressure on the tokens, reducing prices. The attacker can then buy the tokens on exchanges for a risk-free profit as he is the only token buyer with no risk if the attacking proposal succeeds.
In the extraBalance attack, the attacker scares the token holders into splitting from the DAO to book value of token increases. The token book value rises since the token holders who split cannot recover any extraBalance.
As more holders split, the extraBalance becomes a bigger part of the total balance, increasing the tokens’ book value. Such an attack can be more severe because once an amount equal to the extraBalance value has been spent, the proposal can be created to send any amount of Ether to the balance and the curator cannot prevent this via the whitelist.
It is not clear that the deterrence mechanism for the majority takeover attack is sufficient. In such an attack, a large voting bloc votes to award all the funds to a proposal benefitting that bloc. Curators are expected to detect such things by tracking beneficiaries’ identities. But it is not clear how a curator can determine such an attack if the voting bloc proposes not a single proposal for all of the funds but multiple proposals.
The voting bloc constituents can achieve the goals of emptying the fund in piecemeal. Such an attack is indistinguishable “on the wire” from several investment opportunities that can appeal to a majority. In this case, there is a conflict of interest because the proposal beneficiaries are also DAO token holders.
Another attack is for remaining token holders of the DAO to dilute the dividends they pay to token holders who split. This can be accomplished by funding proposals that cycle the funds’ coins and issue new reward tokens that dilute the rewards coming from prior investments.
The attack evolves from the way in which reward accounting lumps maintenance costs, internal transfers, and genuine investments into an abstraction for a single proposal. It needs curator participation to initiate, but curators can inadvertently initiate it when reorganizing funds or when the fund eliminates underperforming contractors.
Because a token holder can vote on proposals without committing funding, there is the possibility of launching other attacks and executing strategic behavior. The token holder votes with his funds, then calls “unblockMe” when voting ends and executes a split before the proposal executes. Doing so decouples the attackers’ funds from risk he might assume with them while voting and allows a big voter to force bad decisions on remaining token holders as he leaves. This has a risk since he might not be able to unblock and split in time. But it is possible.
The DAO can create undesirable dynamics for concurrent proposals. A token holder who votes “yes” to a proposal is blocked from splitting or transferring until the voting period ends. This gives an attack an amplification vector, in which an attacker gathers votes on a proposal with a lengthy voting period, effectively trapping the voters’ shares in the DAO. The attacking proposal can execute with a much shorter voting period. If successful, the attack makes an impact on the funds from trapped voters.
Simultaneous proposals to the DAO can be synergistic or antagonistic. For example, a cluster of competing projects in the same space can impact one another’s chances of success and collective returns. Cooperating projects, if funded together, can create sufficient excitement to provide excess returns.
But the nature of voting proposals in the DAO gives no way for investors to express dependent, complex preferences. For example, an investor cannot indicate a conditional preference like “vote yes on this proposal if this other proposal is not also funded.” The construction of market mechanisms to yield such preferences requires a more detailed contract. This is not an attack vector, but it indicates there could be strategic voting even in the absence of ill will.
Complete and partial remedies to some attacks exist. They require technical changes to the DAO or agreement among curators, or both.
Any token holder can have a direct and immediate withdrawal of their DAO Ether to regular addresses to make the stalker attack impossible. It would also mitigate the token-value attack.
Token holders largely believe they can withdraw from the DAT any time. By guaranteeing this without needing to resort to complex defense mechanisms will ensure the token holders expectations.
A grace period added after the voting ends but before the proposals are executed would provide token holders time to move tokens or split the DAO after seeing results from voting but before the funds are spent. Grace periods would not be permitted concurrently with voting periods since voting tokens have to be locked until all proposals are voted on.
Adding a grace period solves the voting bias by permitting token holders to vote “no” without forfeiting their right to split or sell in response to the outcome. It also provides the curators time to defend the DAO against ambush attacks by un-whitelisting payment addresses after seeing the voting results. It mitigates the ambush attack and the majority takeover attack by letting token holders withdraw after the vote passes.
Shortening voting on a proposal, so the period only occurs in the last one or two days of a 14-day or longer debate period, will lessen the time tokens are locked. This mitigates the token-value attack and minimizes the propensity for voters to wait till the last minute to vote, so their tokens are not locked up.
A special vote with the semantics, “no and withdraw if vote succeeds,” permits token holders to signal they will leave the DAO if a proposal passes. “NAW” votes indicate publicly the voter believes the proposal will damage the token value and does not want to be part of the DAO, should it succeed.
A defense to ambush attack is to extend the vote deadline in response to last minute changes in vote direction. Last minute votes are to be expected, but mechanism biases that incentivize token holders to remain on the sidelines can be countered by extending the vote period and providing parties time to observe the vote direction and to participate.
Having the token holders first commit to their blinded votes and removing the blinding in a revelation phase at the end of the vote period is a generally applicable technique. This carries the downside that the client voters will have to remember their blinding factor. They can also share their blinding factors with others to reveal and prove the disposition of their vote.
Blinding the votes reduces the value of the DAO voting process. The votes can no longer serve as a signal to other token holders about the holder’s financial preferences. The preference discovery process will end up shifting out of the smart contract into exogenous mechanisms.
Token holders who don’t participate in voting reduce the system’s security. Participation can improve security by allowing token holders to delegate their vote to proxies. This necessitates modifications and complexity to render it unsuitable as a short-term fix.
A more accurate accounting of when each DAO split occurs will stall the reward dilution attack. Proposals can pay dividends based on the number of reward tokens outstanding when they are split.
The curators can maintain the independence assumption by ensuring that the proposals that are eligible for voting at a given time are independent of each other.
The DAO currently holds a substantial portion of the Ether supply and has drawn a lot of excitement about smart contracts and decentralized autonomous organizations. This paper identified nine causes of concern that could cause the DAO voters to deviate from a truthful strategy.
Some such behaviors can lead to loss and financial manipulation. Some mitigations and solutions to these biases and vulnerabilities have been identified.
Images from DAO.