Andrew Kakabadse and Asma Alawadi consider the issues at stake, asking: If DAOs are ungovernable should investors be worried?
Decentralised autonomous organisations (‘DAOs’) abide by a set of rules supporting specific goals laid out in the form of ‘smart-contracts’ and stored on blockchain. However, with no centralised authority or decision-making body behind them, DAOs are made-up of groups of individuals and governed by software code that offers decentralised, open, transparent and streamlined advantages with minimal agency costs. Similarly, the blockchain on which they operate offers a decentralised digital ledger, which provides a means of recording cryptocurrency and non-fungible tokens (NFTs), as well as any other DAO activities.
The backbone of blockchain and DAO functionality is collaboration and the guiding rules that have spawned autonomous management of these increasingly popular systems. Indeed, many entities are now completely reliant upon blockchain technology. The UAE Government, for example, has implemented blockchain solutions to record its transactions and banks and financial institutions around the world are now mimicking this activity.
DAOs have no hierarchy and draw upon and rules developed through open-source coding using smart contracts with the transparency of user activities stored on the blockchain are central to their function. Individuals are limited from diverting the DAO’s stated goals for their own purposes, while stakeholders have the right to vote on how to operate the DAO, but with shared objectives in mind. How voting is weighed depends upon the number of tokens held and secured in the smart-contract for a particular DAO. Users purchase DAO tokens, which then transfer to the blockchain.
Algorithms shape smart contracts that compensate individuals who meet certain conditions. Tokens function like traditional stock, but with the added benefit of being exchangeable for cryptocurrency or cash. This procedure involves instructing a smart contract to distribute assets or membership tokens to the buyer once a seller’s wallet has received payment. These smart contracts are increasingly overtaking traditional organisational approaches, and in many cases are saving time and money by replacing the need for any human interaction.
Smart contract rules cannot be changed without altering the blockchain record. This is available to the entire user community. However, this system further relies on the confidence of customers in the DAO founders.
Forming a DAO is relatively straightforward. For example, anyone in the world with a website that downloads the xdao.app can set up a DAO free in fewer than 30 seconds.
DAO founders are able to structure their entity in any way they see fit. Set-up, transactions and activities are all retrievable from the blockchain. Although the range of DAO configurations is unlimited, founders do need to dedicate substantial resources to the planning phase and the writing of the smart contracts. This means that running a DAO demands specific programming and legal skills.
Instead of annual reports, all information relating to the DAO is accessible through the blockchain, allowing any DAO stakeholder to quickly spot inconsistencies that may occur. However, despite this transparency, undetected and undesirable activities still pose a challenge.
Founders frequently choose not to reveal their identities, preferring aliases instead. In the short history of DAOs, web3 founders falsified their identities, masquerading themselves as women or minorities to attract select groups of people. With such vulnerabilities in play, DAOs have been the target of several cyberattacks in which hundreds or even millions of dollars have been lost. Attackers conceal themselves behind wallet addresses and transfers to an exchange, which converts cryptos into dollars.
In one instance of DAO vulnerability, an announcement made in late 2021 by decentralised finance platform – BadgerDAO – provided details of how it had been exploited for $120 million. The attack reportedly involved a phishing incident caused by ‘a maliciously injected snippet’ from Cloudflare, an application platform running on Badger’s cloud network. The hacker then employed a compromised API key, created without the awareness or authorisation by Badger engineers, to sporadically inject malicious code, which then affected a subgroup of its clients. Following the attack Badger has patched the Cloudflare weakness, updated Cloudfare’s account password and deleted or updated API keys wherever possible.
This example alone shows the importance of building appropriate security into web3 while still in its infancy and early stages of development. Further to this, software developers are already enhancing various security features of web3, while end users are also being encouraged to verify information by using additional resources, such as project documentation and taking into account the external reputation and profile of websites.
Since DAOs operate using smart contracts, conflicts are resolved by voting through established quorums that determine how many votes are required to act on a decision. Instead of traditional board making decisions, the monitoring and stewarding of the entity, DAO ‘code is law.’
Bored Ape Yacht Club DAO, one of the world’s most prominent DAOs, has a council consisting of prominent venture capitalists and other noteworthy figures. They advise on the direction token holders should allocate their votes at Council, but it is questionable whether this extreme form of decentralisation can continue. Future DAOs are more likely to have some form of hierarchical structure that butts up against the existing decentralised, collaborative nature. The council includes credible individuals voted in as part of the DAO ‘hive-mind’ approach.
In a way, the council operates as a board, but with an agreed balance between key decision-makers and all-DAO members. What is becoming clear is that DAO configuration eliminates any need for a traditional board’s compliance function. With no management to be monitored, DAO transparency eliminates the supervisory role of the board. Despite this an oversight duty remains. Like any other enterprise, DAOs require resources in the form of networks and skills to survive. As a result, the Council’s essential oversight role is to attain such services and provide counsel.
Demand for new council members is insatiable. While smart contracts reduce the number of resources required, they cannot eliminate the demanding search for networks and skills. In this sense, DAO councils influence the votes of token holders.
Of course, not all contingencies can be accounted for, which raises the question of whether the DAO will need implicit work contract contingencies to address adverse or unstable conditions. The critical role of the council focuses on maintaining and cultivating connections with key stakeholders and ensuring for equity among DAO voting token holders.
It is becoming increasingly evident that a suitable kind of governance voting mechanism is already in place based on ‘quadratic equity voting’ that prevents dominant token holders from acquiring power. The adoption of quadratic rules additionally ensures a monitoring function designed to ensure that one individual does not control a majority of votes.
The appeal of decentralisation and transparency is that same factor that’s likely to lead to the decline and collapse of DAOs. Fraud, an inherent lack of accountability and irresponsible behaviour are just some of the many reasons why DAOs will need regulation in the future, if they are to flourish.
At present DAOs are in their nascent stage and are gaining fast traction. Nouns DAO, for example, expands daily as its membership token avatar is issued using an English-style auction. A truly decentralised DAO with a proper structure holds its treasury in a multi-signature wallet, any use of which must be the subject of a vote. However, it is difficult to hold any individual who is responsible for untoward transactions if the DAO is poorly constructed. Founders might withdraw cash and completely disappear if their identity remains hidden.
Since DAOs are unregulated and do not belong to any particular jurisdiction, resolving legal disputes is more than challenging. Dispute resolution involves negotiation with DAO founders, but any outcome is likely to be in their favour, unless the complete DAO structure is fully re-examined.
The motivation of DAO participants is another concern. Driven by the decentralised community orientation, DAO members are all too ready to forgive transgressions, even to the point of permitting transgressors to re-enter the community. Finding loopholes in the smart contract allows for potential access and capture of the wallet and while it is not illegal, it’s certainly unethical. Adopting a mantra of: “It’s just a price we pay for ensuring the continuity of the community” may be tolerable from a community perspective, but what if the DAO opts to extend its reach further? Indeed, prosperous DAOs are beginning to invest in other areas. The acquisition of sports clubs, more traditional businesses or even whole towns, places DAO governance on a different level.
What is OK for the DAO community is not necessarily agreeable for stakeholders who are directly dependent on DAO investment. The lives and futures of whole sections of society are open to negative impacts with no immediate protection available. A lack of governance may dent a DAO, but far-reaching consequences on an unsuspecting public will be vigorous, as will be the resulting demand for more effective oversight.
Appropriate structuring of a DAO is exceedingly challenging given the potential inter and frame transactions are limitless. The popular buzz around cryptocurrency, decentralised money and organisation stems from a desire to create real value through an automated approach to establishing trust.
Many join the DAO community but no one truly owns the entity, nor is there any management motive driving those at the top to become loyal, long-term stewards. DAO council skills, connections and resourcing enhancement don’t take into account fraud, money laundering and a lack of accountability. Revised governance is on the near horizon, which means they may morph into a new form. Regulation demands centralised control, which means challenging the principles of any decentralised decision-making hierarchy.
Andrew Kakabadse is Professor of Governance and Leadership at Henley Business School and Asma Alawadi is Doctoral Researcher.