DAO governance assaults, and the best way to keep away from them

Many web3 initiatives embrace permissionless voting utilizing a fungible and tradable native token. Permissionless voting can supply many advantages, from decreasing limitations to entry to growing competitors. Token holders can use their tokens to vote on a spread of points—from easy parameter changes to the overhaul of the governance course of itself. (For a evaluation of DAO governance, see “Lightspeed Democracy.”) However permissionless voting is weak to governance assaults, by which an attacker acquires voting energy by legit means (e.g., shopping for tokens on the open market) however makes use of that voting energy to control the protocol for the attacker’s personal profit. These assaults are purely “in-protocol,” which implies they will’t be addressed by cryptography. As a substitute, stopping them requires considerate mechanism design. To that finish, we’ve developed a framework to assist DAOs assess the menace and probably counter such assaults. 

Governance assaults in follow

The issue of governance assaults isn’t simply theoretical. They not solely can occur in the actual world, however they have already got and can proceed to. 

In one distinguished instance, Steemit, a startup constructing a decentralized social community on their blockchain, Steem, had an on-chain governance system managed by 20 witnesses. Voters used their STEEM tokens (the platform’s native forex) to decide on the witnesses. Whereas Steemit and Steem have been gaining traction, Justin Solar had developed plans to merge Steem into Tron, a blockchain protocol he had based in 2018. To accumulate the voting energy to take action, Solar approached one of many founders of Steem and purchased tokens equal to 30 p.c of the whole provide. As soon as the then-current Steem witnesses found his buy, they froze Solar’s tokens. What adopted was a public back-and-forth between Solar and Steem to manage sufficient tokens to put in their most well-liked slate of high 20 witnesses. After involving main exchanges and spending a whole lot of hundreds of {dollars} on tokens, Solar was ultimately victorious and successfully had free reign over the community. 

In one other occasion, Beanstalk, a stablecoin protocol, discovered itself vulnerable to governance assault through flashloan. An attacker took out a mortgage to accumulate sufficient of Beanstalk’s governance token to immediately go a malicious proposal that allowed them to grab $182 million of Beanstalk’s reserves. In contrast to the Steem assault, this one occurred inside the span of a single block, which meant it was over earlier than anybody had time to react. 

Whereas these two assaults occurred within the open and underneath the general public eye, governance assaults can be carried out surreptitiously over a protracted time period. An attacker would possibly create quite a few nameless accounts and slowly accumulate governance tokens, whereas behaving identical to every other holder to keep away from suspicion. In actual fact, given how low voter participation tends to be in lots of DAOs, these accounts may lie dormant for an prolonged time period with out elevating suspicion. From the DAO’s perspective, the attacker’s nameless accounts may contribute to the looks of a wholesome stage of decentralized voting energy. However ultimately the attacker may attain a threshold the place these sybil wallets have the facility to unilaterally management governance with out the group having the ability to reply. Equally, malicious actors would possibly purchase sufficient voting energy to manage governance when turnout is sufficiently low, after which attempt to go malicious proposals when many different token holders are inactive.

And whereas we’d suppose all governance actions are simply the results of market forces at work, in follow governance can typically produce inefficient outcomes as the results of incentive failures or different vulnerabilities in a protocol’s design. Simply as authorities policymaking can grow to be captured by curiosity teams and even easy inertia, DAO governance can result in inferior outcomes if it’s not structured correctly.

So how can we deal with such assaults by mechanism design?

The basic problem: Indistinguishability

Market mechanisms for token allocation fail to differentiate between customers who need to make beneficial contributions to a undertaking and attackers who connect excessive worth to disrupting or in any other case controlling it. In a world the place tokens may be purchased or offered in a public market, each of those teams are, from the market perspective, behaviorally indistinguishable:  each are prepared to purchase giant portions of tokens at more and more excessive costs. 

This indistinguishability drawback implies that decentralized governance doesn’t come totally free. As a substitute, protocol designers face elementary tradeoffs between brazenly decentralizing governance and securing their programs in opposition to attackers searching for to use governance mechanisms. The extra group members are free to achieve governance energy and affect the protocol, the simpler it’s for attackers to make use of that very same mechanism to make malicious modifications. 

This indistinguishability drawback is acquainted from the design of Proof of Stake blockchain networks. There as properly, a extremely liquid market within the token makes it simpler for attackers to accumulate sufficient stake to compromise the community’s safety ensures. However, a mix of token incentive and liquidity design makes Proof of Stake networks attainable. Comparable methods may also help safe DAO protocols.

A framework for assessing and addressing vulnerability

To research the vulnerability completely different initiatives face we use a framework captured by the next equation:

For a protocol to be thought of safe in opposition to governance assaults, an attacker’s revenue must be unfavorable. When designing the governance guidelines for a undertaking, this equation can be utilized as a guidepost for evaluating the influence of various design selections. To scale back the incentives to use the protocol, the equation implies three clear selections: lower the worth of assaults, enhance the price of buying voting energy, and enhance the price of executing assaults. 

Lowering the worth of assaults 

Limiting the worth of an assault may be tough as a result of the extra profitable a undertaking will get, the extra beneficial a profitable assault might grow to be. Clearly a undertaking shouldn’t deliberately sabotage its personal success simply to lower the worth of an assault. 

However, designers can restrict the worth of assaults by limiting the scope of what governance can do. If governance solely contains the facility to vary sure parameters in a undertaking (e.g., rates of interest on a lending protocol), then the scope of potential assaults is far narrower than when governance permits totally basic management of the governing sensible contract. 

Governance scope generally is a perform of a undertaking’s stage. Early in its life, a undertaking may need extra expansive governance because it finds its footing, however in follow governance could also be tightly managed by the founding group and group. Because the undertaking matures and decentralizes management, it might make sense to introduce a point of friction in governance – at minimal, requiring giant quorums for essentially the most important choices.

Growing the price of buying voting energy

A undertaking may take steps to make it more durable to accumulate the voting energy wanted for an assault. The extra liquid the token, the simpler it’s to require that voting energy – so virtually paradoxically, initiatives would possibly need to cut back liquidity for the sake of defending governance. One may attempt to cut back the short-run tradability of tokens straight, however that may be technically infeasible. 

To scale back liquidity not directly, initiatives can present incentives that make particular person token holders much less prepared to promote. This may be completed by incentivizing staking, or by giving tokens standalone worth past pure governance. The extra worth accrues to token holders, the extra aligned they grow to be with the success of the undertaking. 

Standalone token advantages would possibly embody entry to in-person occasions or social experiences. Crucially, advantages like these are high-value to people aligned with the undertaking however are ineffective for an attacker. Offering these types of advantages raises the efficient worth an attacker faces when buying tokens: present holders might be much less prepared to promote due to the standalone advantages, which ought to enhance the market worth; but whereas the attacker should pay the upper worth, the presence of the standalone options doesn’t elevate the attacker’s worth from buying the token. 

Growing the price of executing assaults

Along with elevating the price of voting energy, it’s attainable to introduce frictions that make it more durable for an attacker to train voting energy even as soon as they’ve acquired tokens. For instance, designers may require some kind of person authentication for taking part in votes, akin to a KYC (know your buyer) test or status rating threshold. One may even restrict the power of an unauthenticated actor to accumulate voting tokens within the first place, maybe requiring some set of present validators to attest to the legitimacy of latest events. 

In some sense, that is precisely the way in which many initiatives distribute their preliminary tokens, ensuring trusted events management a major fraction of the voting energy. (Many Proof of Stake options use comparable strategies to defend their safety – tightly controlling who has entry to early stake, after which progressively decentralizing from there.) 

Alternatively, initiatives could make it in order that even when an attacker controls a considerable quantity of voting energy, they nonetheless face difficulties in passing malicious proposals. For example, some initiatives have time locks so {that a} coin can’t be used to vote for some time period after it has been exchanged. Thus an attacker that seeks to purchase or borrow a considerable amount of tokens would face extra prices from ready earlier than they will truly vote – in addition to the chance that voting members would discover and thwart their potential assault within the interim. Delegation can be useful right here. By giving lively, however non-malicious contributors the proper to vote on their behalf, people who don’t need to take a very lively position in governance can nonetheless contribute their voting energy towards defending the system.

Some initiatives use veto powers that permit a vote to be delayed for some time period to alert inactive voters a few probably harmful proposal. Beneath such a scheme, even when an attacker makes a malicious proposal, voters have the power to reply and shut it down. The concept behind these and comparable designs is to cease an attacker from sneaking a malicious proposal by and to offer a undertaking’s group time to formulate a response. Ideally, proposals that clearly align with the great of the protocol is not going to must face these roadblocks. 

At Nouns DAO, for instance, veto energy is held by the Nouns Basis till the DAO itself is able to implement an alternate schema. As they wrote on their web site, “The Nouns Basis will veto proposals that introduce non-trivial authorized or existential dangers to the Nouns DAO or the Nouns Basis.”

* * *

Initiatives should strike a steadiness to permit a sure stage of openness to group modifications (which can be unpopular at instances), whereas not permitting malicious proposals slip by the cracks. It usually takes however one malicious proposal to convey down a protocol, so having a transparent understanding of the chance tradeoff of accepting versus rejecting proposals is essential. And naturally a excessive stage trade-off exists between making certain governance safety and making governance attainable – any mechanism that introduces friction to dam a possible attacker additionally after all makes the governance course of more difficult to make use of. 

The options we now have sketched right here fall on a spectrum between totally decentralized governance and partially sacrificing some beliefs of decentralization for the general well being of the protocol. Our framework highlights completely different paths initiatives can select as they search to ensure governance assaults is not going to be worthwhile. We hope the group will use the framework to additional develop these mechanisms by their very own experimentation to make DAOs much more safe sooner or later. 

***

Pranav Garimidi is a rising junior at Columbia College and a Summer season Analysis Intern at a16z crypto. 

Scott Duke Kominers is a Professor of Enterprise Administration at Harvard Enterprise Faculty, a School Affiliate of the Harvard Division of Economics, and a Analysis Companion at a16z crypto.

Tim Roughgarden is a Professor of Laptop Science and a member of the Knowledge Science Institute at Columbia College, and Head of Analysis at a16z crypto.

***

Acknowledgments: We respect useful feedback and recommendations from Andy Corridor. Particular thanks additionally to our editor, Tim Sullivan.

***

Disclosures: Kominers holds numerous crypto tokens and is part of many NFT communities; he advises varied market companies, startups, and crypto initiatives; and he additionally serves as an knowledgeable on NFT-related issues.

The views expressed listed below are these of the person AH Capital Administration, L.L.C. (“a16z”) personnel quoted and should not the views of a16z or its associates. Sure data contained in right here has been obtained from third-party sources, together with from portfolio firms of funds managed by a16z. Whereas taken from sources believed to be dependable, a16z has not independently verified such data and makes no representations concerning the enduring accuracy of the knowledge or its appropriateness for a given state of affairs. As well as, this content material might embody third-party ads; a16z has not reviewed such ads and doesn’t endorse any promoting content material contained therein.

This content material is offered for informational functions solely, and shouldn’t be relied upon as authorized, enterprise, funding, or tax recommendation. It is best to seek the advice of your individual advisers as to these issues. References to any securities or digital property are for illustrative functions solely, and don’t represent an funding advice or supply to offer funding advisory companies. Moreover, this content material is just not directed at nor meant to be used by any buyers or potential buyers, and should not underneath any circumstances be relied upon when making a call to put money into any fund managed by a16z. (An providing to put money into an a16z fund might be made solely by the non-public placement memorandum, subscription settlement, and different related documentation of any such fund and must be learn of their entirety.) Any investments or portfolio firms talked about, referred to, or described should not consultant of all investments in automobiles managed by a16z, and there may be no assurance that the investments might be worthwhile or that different investments made sooner or later could have comparable traits or outcomes. A listing of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not offered permission for a16z to reveal publicly in addition to unannounced investments in publicly traded digital property) is offered at https://a16z.com/investments/.

Charts and graphs offered inside are for informational functions solely and shouldn’t be relied upon when making any funding determination. Previous efficiency is just not indicative of future outcomes. The content material speaks solely as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these supplies are topic to vary with out discover and should differ or be opposite to opinions expressed by others. Please see https://a16z.com/disclosures for added essential data.