Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
149 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Demystifying the DAO Governance Process (2403.11758v1)

Published 18 Mar 2024 in cs.SE

Abstract: Decentralized Autonomous Organization (DAO) becomes a popular governance solution for decentralized applications (dApps) to achieve decentralized governance. In the DAO, no single entity can arbitrarily control the dApps without approval from the majority of members. However, despite its advantages, DAO has also been targeted by several attacks, leading to the loss of millions of dollars. In this paper, we first provided an overview of the DAO governance process within the blockchain. Next, we identified the issues within three components of governance process: Governance Contract, Documentation, and Proposal. Each of these components is vulnerable to issues that could potentially result in substantial financial losses. Then we developed automated methods to detected above issues. To investigate the issues within the existing DAO ecosystem, we constructed a state-of-the-art dataset that includes 16,427 DAOs, 183 documentation, and 122,307 proposals across 9 different blockchains. Our analysis reveals that a majority of DAO developers and members have not given sufficient attention to these issues, especially in the area of proposal. The result shows that over 60% of the examined proposals fail to provide a consistent description and code for their members, highlighting a significant gap in ensuring transparency within the DAO governance process. For a better DAO governance ecosystem, DAO developers and members can utilize the methods to identify and address issues within governance process.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (96)
  1. V. Buterin et al., “A next-generation smart contract and decentralized application platform,” white paper, 2014.
  2. “Uniswap.” https://uniswap.org/, 2023.
  3. “CoinMarketCap.” https://coinmarketcap.com/view/dao/, 2023.
  4. “XDAO.” https://docs.xdao.app/, 2023.
  5. “Aragon.” https://legacy-docs.aragon.org/aragon/readme, 2023.
  6. “Daohaus.” https://daohaus.club/, 2023.
  7. Y. Faqir-Rhazoui, J. Arroyo, and S. Hassan, “A comparative analysis of the platforms for decentralized autonomous organizations in the ethereum blockchain,” Journal of Internet Services and Applications, 2021.
  8. “Deepdao.” https://deepdao.io/organizations, 2023.
  9. “Yam attack analysis.” https://decrypt.co/104848/yam-finance-safeguards-3-1m-treasury-governance-attack, 2023.
  10. “Potential curve dao attack.” https://gov.curve.fi/t/the-curve-emergency-dao-has-killed-the-usdm-gauge/2307, 2023.
  11. “Audius dao attack.” https://cointelegraph.com/news/hackerdrains-1-08m-from-audius-following-passing-of-malicious-proposal, 2023.
  12. “Fortress protocol attack.” https://rekt.news/fortress-rekt/, 2023.
  13. “Attacker hijacks Tornado Cash governance via malicious proposal.” https://cointelegraph.com/news/attacker-hijacks-tornado-cash-governance-via-malicious-proposal, 2024.
  14. “True seigniorage dollar attack.” https://twitter.com/TrueSeigniorage/status/1370956726489415683, 2023.
  15. “Pride punks dao attack.” https://twitter.com/BoringSecDAO/status/1556150989140373504, 2023.
  16. “Build Finance suffers from governance attack.” https://cryptoslate.com/build-finance-dao-hostile-takeover-treasury-drained/, 2023.
  17. “Yuan.finance attack report.” https://medium.com/yuan-finance/yuan-governance-attack-update-and-migration-plan-3b5d949ab466, 2023.
  18. “Beanstalk Exploit — A Simplified Post-Mortem Analysis.” https://medium.com/coinmonks/beanstalk-exploit-a-simplified-post-mortem-analysis-92e6cdb17ace, 2023.
  19. “VPANDA DAO Rug Pull.” https://twitter.com/DeDotFiSecurity/status/1669859985113731082, 2023.
  20. Y. Faqir-Rhazoui, M.-J. Ariza-Garzón, J. Arroyo, and S. Hassan, “Effect of the gas price surges on user activity in the daos of the ethereum blockchain,” in Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, 2021.
  21. Y. El Faqir, J. Arroyo, and S. Hassan, “An overview of decentralized autonomous organizations on the blockchain,” in Proceedings of the 16th international symposium on open collaboration, pp. 1–8, 2020.
  22. M. Dotan, A. Yaish, H.-C. Yin, E. Tsytkin, and A. Zohar, “The vulnerable nature of decentralized governance in defi,” in Proceedings of the 2023 Workshop on Decentralized Finance and Security, 2023.
  23. X. Liu, “The illusion of democracy? an empirical study of dao governance and voting behavior,” An Empirical Study of DAO Governance and Voting Behavior (May 8, 2023), 2023.
  24. R. Feichtinger, R. Fritsch, Y. Vonlanthen, and R. Wattenhofer, “The hidden shortcomings of (d) aos–an empirical study of on-chain governance,” arXiv preprint arXiv:2302.12125, 2023.
  25. T. Sharma, Y. Kwon, K. Pongmala, H. Wang, A. Miller, D. Song, and Y. Wang, “Unpacking how decentralized autonomous organizations (daos) work in practice,” arXiv preprint arXiv:2304.09822, 2023.
  26. Q. Wang, G. Yu, Y. Sai, C. Sun, L. D. Nguyen, S. Xu, and S. Chen, “An empirical study on snapshot daos,” arXiv preprint arXiv:2211.15993, 2022.
  27. R. Fritsch, M. Müller, and R. Wattenhofer, “Analyzing voting power in decentralized governance: Who controls daos?,” arXiv preprint arXiv:2204.01176, 2022.
  28. T. Dursun and B. B. Üstündağ, “A novel framework for policy based on-chain governance of blockchain networks,” Information Processing & Management, 2021.
  29. J. Wei, X. Wang, D. Schuurmans, M. Bosma, F. Xia, E. Chi, Q. V. Le, D. Zhou, et al., “Chain-of-thought prompting elicits reasoning in large language models,” Advances in Neural Information Processing Systems, 2022.
  30. “DAO Model Law.” https://coala.global/daomodellaw/, 2023.
  31. “Compound documents.” https://docs.compound.finance/v2/, 2023.
  32. W. Reijers, I. Wuisman, M. Mannan, P. De Filippi, C. Wray, V. Rae-Looi, A. Cubillos Vélez, and L. Orgad, “Now the code runs itself: On-chain and off-chain governance of blockchain technologies,” Topoi, 2021.
  33. P. De Filippi and G. McMullen, Governance of blockchain systems: Governance of and by Distributed Infrastructure. PhD thesis, Blockchain Research Institute and COALA, 2018.
  34. “The Model Law.” https://uncitral.un.org/en/texts/arbitration/modellaw/commercial_arbitration, 2023.
  35. “Synthetify governance attack.” https://blockworks.co/news/solana-exploit-dao-hacker, 2024.
  36. J. Arroyo, D. Davó, E. Martínez-Vicente, Y. Faqir-Rhazoui, and S. Hassan, “Dao-analyzer: Exploring activity and participation in blockchain organizations,” in Companion Publication of the 2022 Conference on Computer Supported Cooperative Work and Social Computing, pp. 193–196, 2022.
  37. “Daostack.” https://daostack.io/, 2023.
  38. “Tally.” https://www.tally.xyz/, 2023.
  39. “Curve.” https://curve.fi/, 2023.
  40. “MakerDAO.” https://makerdao.com/en/, 2023.
  41. “Public name tags.” https://info.etherscan.com/public-name-tags-labels/, 2023.
  42. “Selenium.” https://www.selenium.dev/, 2023.
  43. “How to set up on-chain governance.” https://docs.openzeppelin.com/contracts/4.x/governance, 2023.
  44. J. Xu, K. Paruch, S. Cousaert, and Y. Feng, “Sok: Decentralized exchanges (dex) with automated market maker (amm) protocols,” ACM Computing Surveys, vol. 55, no. 11, pp. 1–50, 2023.
  45. L. Zhou, X. Xiong, J. Ernstberger, S. Chaliasos, Z. Wang, Y. Wang, K. Qin, R. Wattenhofer, D. Song, and A. Gervais, “Sok: Decentralized finance (defi) attacks,” in 2023 IEEE Symposium on Security and Privacy (SP), pp. 2444–2461, IEEE, 2023.
  46. “Evm cfg builder.” https://github.com/crytic/evm_cfg_builder, 2023.
  47. M. Fröwis and R. Böhme, “Detecting privileged parties on ethereum,” 2022.
  48. F. Ma, M. Ren, L. Ouyang, Y. Chen, J. Zhu, T. Chen, Y. Zheng, X. Dai, Y. Jiang, and J. Sun, “Pied-piper: Revealing the backdoor threats in ethereum erc token contracts,” ACM Transactions on Software Engineering and Methodology, 2023.
  49. “Ethereum Constantinople/St. Petersburg Upgrade Announcement.” https://blog.ethereum.org/2019/02/22/ethereum-constantinople-st-petersburg-upgrade-announcement, 2023.
  50. “Eip-1014: Skinny create2.” https://eips.ethereum.org/EIPS/eip-1014, 2023.
  51. M. Fröwis and R. Böhme, “Not all code are create2 equal,” in 6th Workshop on Trusted Smart Contracts (WTSC’22), 2022.
  52. “Tenderly.” https://tenderly.co/, 2023.
  53. “Chatgpt.” https://openai.com/blog/chatgpt, 2023.
  54. Y. Tan, D. Min, Y. Li, W. Li, N. Hu, Y. Chen, and G. Qi, “Evaluation of chatgpt as a question answering system for answering complex questions,” arXiv preprint arXiv:2303.07992, 2023.
  55. N. Bian, X. Han, L. Sun, H. Lin, Y. Lu, and B. He, “Chatgpt is a knowledgeable but inexperienced solver: An investigation of commonsense problem in large language models,” arXiv preprint arXiv:2303.16421, 2023.
  56. Q. Zhong, L. Ding, J. Liu, B. Du, and D. Tao, “Can chatgpt understand too? a comparative study on chatgpt and fine-tuned bert,” arXiv preprint arXiv:2302.10198, 2023.
  57. R. Omar, O. Mangukiya, P. Kalnis, and E. Mansour, “Chatgpt versus traditional question answering for knowledge graphs: Current status and future directions towards knowledge graph chatbots,” arXiv preprint arXiv:2302.06466, 2023.
  58. S. Zheng, J. Huang, and K. C.-C. Chang, “Why does chatgpt fall short in answering questions faithfully?,” arXiv preprint arXiv:2304.10513, 2023.
  59. “Claude.” https://claude.ai/, 2023.
  60. D. Das, P. Bose, N. Ruaro, C. Kruegel, and G. Vigna, “Understanding security issues in the nft ecosystem,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022.
  61. ” O’Reilly Media, Inc.”, 2009.
  62. J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv:1810.04805, 2018.
  63. “Spacy.” https://github.com/explosion/spaCy, 2023.
  64. “Synonym.” https://www.synonym.com/, 2023.
  65. “Contract ABI Specification.” https://docs.soliditylang.org/en/v0.8.19/abi-spec.html, 2023.
  66. “Ethereum Signature Database.” https://www.4byte.directory/, 2023.
  67. N. Reimers and I. Gurevych, “Sentence-bert: Sentence embeddings using siamese bert-networks,” arXiv preprint arXiv:1908.10084, 2019.
  68. “Official sentence-bert examples.” https://github.com/UKPLab/sentence-transformers/blob/master/examples/app-lications/clustering/fast\_clustering.py\#L57, 2023.
  69. “ERC-20 Token Standard.” https://eips.ethereum.org/EIPS/eip-20, 2023.
  70. “SlowMist.” https://www.slowmist.com/, 2023.
  71. “CryptoSec.” https://cryptosec.info/, 2023.
  72. “rekt.” https://rekt.news/, 2023.
  73. “Twitter.” https://twitter.com/home, 2023.
  74. “Venus protocol prevented hostile takeover attempt.” https://www.cryptotimes.io/venus-protocol-prevented-hostile-takeover-attempt/, 2023.
  75. “Defunct swerve finance still subject of 1.3 million live governance hack.” https://www.theblock.co/post/222744/defunct-swerve-finance-still-subject-of-1-3-million-live-governance-hack, 2023.
  76. “Atlantis loans hack analysis.” https://blog.solidityscan.com/atlantis-loans-hack-analysis-7f3fb2e295e0, 2023.
  77. “Indexed finance dao attack.” https://blockworks.co/news/blackmail-thwarts-90k-dao-attack, 2024.
  78. “Bigcap dao attack.” https://twitter.com/BIGCAPProject/status/1697958233204490494, 2024.
  79. “Total value locked all chains.” https://defillama.com/chains, 2023.
  80. O. Rikken, M. Janssen, and Z. Kwee, “The ins and outs of decentralized autonomous organizations (daos),” Available at SSRN 3989559, 2018.
  81. X. Zhao, P. Ai, F. Lai, X. Luo, and J. Benitez, “Task management in decentralized autonomous organization,” Journal of Operations Management, 2022.
  82. E. Baninemeh, S. Farshidi, and S. Jansen, “A decision model for decentralized autonomous organization platform selection: Three industry case studies,” arXiv preprint arXiv:2107.14093, 2021.
  83. L. Liu, S. Zhou, H. Huang, and Z. Zheng, “From technology to society: An overview of blockchain-based dao,” IEEE Open Journal of the Computer Society, 2021.
  84. C. Calcaterra, “On-chain governance of decentralized autonomous organizations: Blockchain organization using semada,” Available at SSRN 3188374, 2018.
  85. X. Fan, Q. Chai, and Z. Zhong, “Multav: A multi-chain token backed voting framework for decentralized blockchain governance,” in International Conference on Blockchain, 2020.
  86. B. Mueller, “Smashing ethereum smart contracts for fun and real profit,” HITB SECCONF Amsterdam, 2018.
  87. M. Mossberg, F. Manzano, E. Hennenfent, A. Groce, G. Grieco, J. Feist, T. Brunson, and A. Dinaburg, “Manticore: A user-friendly symbolic execution framework for binaries and smart contracts,” in 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1186–1189, IEEE, 2019.
  88. L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,” in Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016.
  89. N. Grech, L. Brent, B. Scholz, and Y. Smaragdakis, “Gigahorse: thorough, declarative decompilation of smart contracts,” in 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pp. 1176–1186, IEEE, 2019.
  90. L. Yu, X. Luo, J. Chen, H. Zhou, T. Zhang, H. Chang, and H. K. Leung, “Ppchecker: Towards accessing the trustworthiness of android apps’ privacy policies,” IEEE Transactions on Software Engineering, 2018.
  91. B. Andow, S. Y. Mahmud, W. Wang, J. Whitaker, W. Enck, B. Reaves, K. Singh, and T. Xie, “{{\{{PolicyLint}}\}}: investigating internal privacy policy contradictions on google play,” in 28th USENIX security symposium (USENIX security 19), 2019.
  92. D. Torre, S. Abualhaija, M. Sabetzadeh, L. Briand, K. Baetens, P. Goes, and S. Forastier, “An ai-assisted approach for checking the completeness of privacy policies against gdpr,” in 2020 IEEE 28th International Requirements Engineering Conference (RE), 2020.
  93. H. Zhong and Z. Su, “Detecting api documentation errors,” in Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications, 2013.
  94. Y. Zhou, R. Gu, T. Chen, Z. Huang, S. Panichella, and H. Gall, “Analyzing apis documentation and code to detect directive defects,” in 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), 2017.
  95. Y. Zhou, C. Wang, X. Yan, T. Chen, S. Panichella, and H. Gall, “Automatic detection and repair recommendation of directive defects in java api documentation,” IEEE Transactions on Software Engineering, 2018.
  96. C. Zhu, Y. Liu, X. Wu, and Y. Li, “Identifying solidity smart contract api documentation errors,” in Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, 2022.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now