DAO vs DAO: A battle of projectile and armor

.

Introduction

Just the other day the CFTC vs Ooki case ended, although it’s really about the Commission’s continuing fight with bZx. There will be many more FUD publications on this wave, but it is clear that the attack on the crypto-industry is well planned and in many ways reminiscent of the attacks of 2014 and 2018: in 2014, central banks of different countries issued warnings on the so-called dangers of cryptocurrencies, and in 2018, the peak of the crusade against ICOs began;

The difference of the current period is that there are a lot more vectors: there are DeFi, DAO, NFT. But behind external threats many stopped noticing internal ones, and that led many to collapse and total mistakes. Which one? That’s what we’re going to talk about today;

Tornado Cash, or the real hurricane of misfortune;

You might remember that last year one of the Tornado’s founders Andrey Pertsev got under the radar of western mass media as he was arrested for allegedly illegal activity and in fact for developing an open source service that works fine without his creator (click here for an explanation).. But that was just an external attack: it is much more interesting to consider what happened recently and was an attack inside the DAO itself;

So, a general description:

• May 20, 2023, an attacker used a fake vote (similar to the previous one) to seize power in the management of the DAO: this was done with a simple and quite documented  “emergency shutdown” function;
• May 21, 2023, there’s a Twitter thread with a breakdown of the case;
• May 26, 2023, the community regains control of the management of the DAO.

It would seem: what can happen in less than a week? In fact, a lot can.

• First, this case reaffirmed the fear that voting is an outdated method of collective decision-making.
• Second, previously described (look first, second and third part on Bits.media) that similar, disruptive attacks are possible at the network level, but as it turns out, now TVL/Trejaris of various DAOs are such that they too are under attack.
• Third, it is crucial to realize that the “let’s make a fork” approach does not work at this level, and so sooner or later projects will have to use innovative methods of protection.</nbsp;

What kind of methods could these be? Let’s consider three for the sake of symmetry:

.
1. Of course, implementation of proposals with step-by-step implementation, i.e. description of MVP, Alfa, Beta, Release stages, where only Beta & Release are implemented in the main branch and the rest works in a kind of sandbox: this practice has long been used in beta tests of new software (from full OS to small applications), in various kinds of research work (when you can only look under a conditional microscope, that is in a virtual environment) and so on. Why hasn’t it been implemented so far? The answer is simple: laziness. There was plenty of money without all those tests, but those times, Satoshi be praised, are slowly coming to an end.
2. Management tokens with value are bad: a great way out is SBTs (and see additionally) generated by the activities of specific participants. The measurable parameter in this case can be a Collateral of special tokens (any ERC-20 and/or analogues will do) encoded in wNFT. I’m doing a similar experiment in DAO Envelop right now: join us and let’s do it together.
3. In addition to suspending bidding, you can use a different approach: introduce reverse incentives. What is it? First you suggest and describe. Then – implement.. And after implementation, you reap the benefits, receiving an agreed commission on the income, not just speculating with tokens from the point above.

And here’s a quote that clearly demonstrates that the problem described is far from isolated:</nbsp

“DAOs have attracted significant attention and investment in the cryptocurrency space, with some managing billions in their treasuries. However, not all DAO members have noble intentions. Some participants seek to manipulate the system by siphoning funds from treasuries without providing any corresponding value. These participants are called money grabbers and use a variety of tactics and strategies to deceive and manipulate other participants, administrators, and DAO delegates. They often create offers that sound attractive but are vague, unrealistic or overpriced (sales).”

Certainly, and this is not all, but let’s try to go further by looking at other examples.</nbsp;<br

Maker DAO, or another fathom 

This is DAO, where one more Russian-speaking founder died under mysterious circumstances, and which in this case was marked by a number of interesting and even brave statements of the founders. Today we will consider one of them, because it directly relates to the topic of the study;

Perhaps this was both the trigger and the catalyst for a new propooza, which literally means the following: “MakerDAO votes on a proposal that would require delegates to conceal their identity and location.”. Since crypto-thermal recto-analysis, as the famous Myshchukh used to say, is not going anywhere, this measure is justified. Moreover, it fully corresponds to the self-name DAO: decentralized autonomous organization. So everything we do together is out in the open, but who does it and how we do it is a big, big secret;

I wonder how exactly this DAO wants to implement such an endeavor: 

.

“MakerDAO will offer a whistleblower reward to any member of the DAO who can provide evidence that the delegate’s identity has been made public.”

Crucially, this approach becomes meaningful if we want to reach a level in the not-too-distant future where collusion between holders of certain super nodes, be they full nodes of some blockchain or votes in the DAO, is far less likely than it is now. For DAO networks such as Etherium, it will bring more anti-censorship, and for DAOs it will bring less opportunity for precisely decentralized development;

Example. Not so long ago I ran a collection on Arbitrum Nova: I did it quickly, in six hours.. Then our developer worked with a file and gave out a full-fledged collection in an hour. But moderation in the new service (marketplace) dragged on for weeks. Why? Because first in line are their own. And this is a problem not only of the network or a specific application, but of the industry as a whole (there are many similar examples in the Cosmos ecosystem, for example, and not only in EVM chips) and so when it comes to decentralized development – these are not some dreams, but quite specific requests.&nbsp

Moreover, here’s a quote from an independent researcher regarding the construction of a grant system in DAOs: 

<blockquote

“A proposal-based system, where contributors submit their ideas to receive funds and then achieve results, has become the standard model in many DAOs. But this approach can create an environment that fosters unhealthy competition and turns DAOs into toxic money-making rat race, which negatively affects the overall spirit and vision of decentralized organizations.”

So, for a dive into the abyss, I recommend visiting: start.makerdao.com, as Maker is one of the examples where creativity has not given way to sluggishness (another example – a year old), but for now let’s go further. 

Arbitrum & Treasury, or the battle for the treasury 

I’ve been following this MAO since before it was created (since it was founded via iterative retrosprop), and so a number of questions concerned my personal financial well-being directly. Not too long ago the following phrase came up in this community: 

“It’s a symbolic gesture that demonstrates that the DAO is ultimately controlled by the individuals who run the network, not the Arbitrum service provider or the fund.”

So what kind of symbolic gesture is meant?

It’s only a matter of $1,000,000,000: you understand I’m being deliberately sarcastic here.. This is clearly evident in the conclusions the community has reached:

.

“The foundation was unilaterally allocated tokens…. from DAOs that have not been approved by control token holders. Any funds must be returned until properly distributed by the DAO and only the DAO.”

And, surprisingly enough for past world history, the return has taken place. So what conclusions can be drawn from it:

• First of all, the community in a DAO is a DAO, and any protection mechanisms must take this into account.<br

.

• Second, the separation of the DAO exactly and some company that owns something of the technology (whether it’s Near Foundation, Ethereum Foundation or Uniswap – doesn’t matter) is inevitable, but it’s the DAO that should own such assets as tokens.
• Third, the Treasury is not just a 3-5-7-11-13 signature multisig, but it is precisely the overall management and distribution tool.</nbsp;

So a victory for the DAO in this case is more than just a victory. This is a precedent, the reverse of bZx & Okki, which I will discuss a little below. For now, I want to remember another case of Uniswap, where the community turned out to be a head above the a16z -one of the largest venture capital funds in the world;

I will not describe the story, because I told you about it here. But I will make one important point for the article. If you study the two sentences,

• conditionally the first;
• conditionally the second,

.

then we can conclude that one of the effective tools to protect the DAO is … logic. I recommend that you study, though it is not easy, a complete layout of all the arguments for each of the sentences. As a result, you can conclude that the community, when it is interested directly in the financial aspects of VAO, is quite thorough and detailed, and even meticulous, studying the pros and cons. So it’s not just the ownership of the voting token that’s important, but also the direct involvement of participants in the distribution of revenue;

Does this contradict the conclusions above? No, not at all: voting tokens should be separate, but revenue tokens should be separate. But no one can ever undo the correlations between them, and this needs to be understood in order to build not just an effective, but an effective and safe management model;

The opposite is exactly the following example;

bZx & Ooki, or the unfortunate grain

I won’t repeat the story either: it is in the official documents and translations. I’ll just note the essentials;

It’s the case I started this article with, and it will be one of the final ones.. Why is it so important? Here are a few reasons.

• First of all, there was no FAO at all: the project was hacked because of the tight centralization.
• Secondly, it was made clearly on the bum, because the founders wanted to be in the U.S., and then abruptly dissolved; then introduced the innovation, and then abruptly abandoned them.

.

• Third, it’s no coincidence that the regulator targeted them: not even the rank-and-file members agreed.

This case provided food for thought for many, and for me it underscored the following conclusions:

1. SBT – is an excellent approach, but not the only one, for implementing transactional reputation, without which DAOs are just blind kittens.
2. Main protection mechanisms should lie not only in the consensus plane (on the distribution of the same Treasury, for example), but also in the process of forming DAOs.</nbsp;
3. Formal methods of protection (documents, disclaimers, elaboration of conclusory actions) should not be omitted as unimportant.</nbsp;

General conclusions

At first glance, it may seem that all the described problems are not worth a damn: “So some MAOs have been affected, so what?”</nbsp;</nbspIn fact, things are much more complicated: similar attacks were discussed about mining, for example, in 2010-2013.. And then there was also a lot of doubt, but in the end the bet on the utilitarian method won: trust, but verify. Remember the realized attacks-51% on ETC, BCH and other currencies are far from the third echelon; forks of BSV due to the size of the block and the loss of GPU-mining after the transition of Etherium to PoS. What do they have in common? They were all predictable attacks that could have been avoided, both at the architecture and community level;

So if you want to:

.
1. Create your own DAO.
2. Build your own FAO.
3. Assist in the development of established FAOs.
4. Do development for FAOs.
5. Otherwise participate in FAO processes.

…then you’d better take care of the issues raised above in advance. Unless you’re a black hat and want to make some extra money from it.. But that’s not for me anymore;

So I will conclude today with four questions, the answers to which will determine the strategy for the evolution of both DAO in general (as a phenomenon) and DAO in concrete implementation (as a project):

1. Is the consensus process within DAO decentralized? If so, by what means exactly? (Voting tokens are not tradable and are owned by active participants; there is a rating system or even a reputation system and so on.)
2. Is the development process in DAO decentralized? If so, in what ways? (Grants, initial support by different teams, etc.).
3. Is the emergency response process formalized? If so, in what way? (Working through multisig, ability to take innovations after some stage, say beta, and so on.)

)

4. How exactly is DAO decentralized? Is it anonymous? Is it open source? (Need analysis of the tools used; community feedback; its own accounting system, etc.).

.

Of course, each question can have its own sub-questions and those its own sub-questions, but the point doesn’t change;

The synthesis of technical and social attacks, which is my basic prediction from over seven years ago, is going to happen more and more, because blockchain is a powerful technology and it has been honed for years.. That’s why the weakest link remains the consumer: he must be replaced by an active and advanced user in all senses, otherwise the collapse of DAO is inevitable;

That’s it for me and 

Do!