How to build a DAO securely

Hi,

When developing a DAO, how do development teams defend against a nefarious individual or small group gaining > 50% of the voting power. I would like to hear your thoughts on the following points (especially 4.):

1. Create a small team that has the final say on whether any proposal should pass

The big problem here is obviously that you’re giving a small group of people a lot of power. In this situation, how big should such a team be and how should the members be chosen? I came across someone who said a DAO could be used solely for picking the team members and then a DAC structure can be used to handle the allocation of funds.

2. Create a small team of curators that verify wallets

If I understand correctly this was the approach done by TheDAO, but I don’t really get how they did this. Couldn’t an individual just make a bunch of wallets and funnel the money to all these different wallets and use these to cast votes. Did these curators have tools that auto checked the wallet’s history and flag ones for review that had a history with a suspicious wallet. Any information on this would be highly appreciated.

3. Put a cap on the amount of voting power a single wallet can have

This would not provide a defence against people making bulk wallets, but it would definitely make it harder to hijack the voting.

4. Create a small team that can only deny proposals (but not accept them)

In this case the DAO could be run entirely by the community and there would be a much reduced risk of the core team exit scamming (unless the majority of the team colludes with the majority holders). If someone obtains > 50% of the voting powers, their requests can be perpetually denied by the core team. There would be the possibility of the DAO getting stuck in a deadlock when a whale just keeps on making new proposals and the team has to keep on denying them. But in this scenario users would have time to retrieve their funds.

PS: I wasn’t sure if there was a better category for this, if so I would appreciate it being moved there.

2 Likes

Ok, so this is a loaded question without an obvious answer but let me answer it from DXdao’s perspective and learnings.

  1. Small team with say over a proposal passing. Although an upgrade on existing multisig DAOs this really isn’t a huge departure and far from a fully decentralised DAO.

  2. I would say this is maybe the least decentralised option here and the one that flies most in the face of permisionless world we are trying to build.

  3. These kinds of security mechanisms are what make a governance system secure. Reliance on the smart contracts to secure a DAO should be a top priority. A great example being the kinds of mechanisms we have built into our own architecture that builds off of DAOtalk within DXdao.

  4. This style of a guardian having some control over a DAO is also something we are exploring currently with guilds (purely liquid ERC20 governance systems). The power to provide some security to avoid catastrophe without full control is a nice backup mechanism. It would be a good not fully decenntralised solution and so not something we see as having a place in a more final governance solution. A further improvement would be a more secure DAO being the guardian of another DAO as they begin working towards more secure governance.

Reputational voting solves many problems but introduces plenty of its own. Having a worker’s paradise is great for security but bad at giving non-working members a voice. But its biggest issue is the time it takes to build a secure distribution of the non-transferable voting power.

Generally, a mix of methods are needed, and so far no one has built the correct solution yet (one may not even exist).
However, what DXgov is persuing with a blend of voting power between a sweat equity illiquid reputation voting, liquid token voting, holographic consensus and secure smart contracts may be the answer.

4 Likes

This is a relevant and interesting topic to the current status quo. My guess is that starting a DAO is somewhat similar to launching a blockchain where the first blocks need to be mined (PoW) by a trusted “seed” or “initial” group of miners. I even go farther as to ascertain that launching a DAO is very similar to starting any “off-chain” project really. There’s always a founding group, the first movers and these will always have a special role as compared to the late comers. I guess the trick for a sucessful DAO is to be transparent as regards to this process and to be as inclusive and welcoming as possible to the new members. An aspect I’ve been pondering recently concerns conflict resolution. Is it possible, and if yes, is it desired to have conflict resolution coded in a smart contract? What different kinds of conflict resolution schemes are there? Finally, I’ll just point again as the OP mentioned already, any DAO that is completely permissionless and completely democratic to outsiders at its inception is bound to be fallible to 51% attack (specially if membership is not costly $).