jentsch

Abstract. This paper describes the first implementation of Decentralized Autonomous Organization (DAO) code to automate organizational governance and decision-making. The code can be used by individuals working together collaboratively outside of a traditional corporate form. It can also be used by a registered corporate entity to automate formal governance rules contained in corporate bylaws or imposed by law. First the DAO concept is described, then minority rights is discussed, and a solution to a “robbing the minority” attack vector is proposed. Finally, a practical implementation of a first generation DAO entity is provided using smart contracts written in Solidity on the Ethereum blockchain. 1. Introduction Corporate entities of all kinds are governed by rules that describe permitted and proscribed conduct. These rules may exist as private contracts (like bylaws or shareholder agreements) between corporate owners. They may also be imposed by law in addition to or in the absence of a written agreement between participants. Historically, corporations have only been able to act through people (or through corporate entities that were themselves ultimately controlled by people). This presents two simple and fundamental problems. Whatever a private contract or public law require: (1) people do not always follow the rules and (2) people do not always agree what the rules actually require. Collaboration without a corporate form does not solve these problems, necessarily, and it may introduce others. In the absence of a corporate form, an explicit written agreement is substituted for unclear informal “understandings” and the legal protections provided by a corporate form will not be available. Rule-breaking within an organization not always obvious, and motives may not matter to stakeholders once their money has been lost. While bad behavior may make a corporation or its management civilly or criminally liable, punishment can come as little comfort to an investor who has already lost their money. Crowdfunding (Massolution [2015]) amplifies the problem. On the one hand, it has made it easier for small contributors to invest in large projects, and it has also made it possible for entrepreneurs to receive financial support that might not have been easily available in the past. On the other hand, small investors remain vulnerable to financial mismanagement or outright fraud, and because they have a small stake in a venture, they may lack power to identify problems, participate in governance decisions, or to easily recover their investment (Knibbs [2015], Biggs [2015]). At the same time, corporate leadership and management may be accused of malfeasance or mismanagement when they believe that they have acted in good faith, based on their understanding of their obligations and interpretation of applicable rules. This paper presents a potential solution using Ethereum, (Buterin [2013], Wood [2014]) a blockchain technology which integrates a Turing complete programming language with smart contract processing functionality. This paper illustrates a method that for the first time allows the creation of organizations in which (1) participants maintain direct real-time control of contributed funds and (2) governance rules are formalized, automated and enforced using software. Specifically, standard smart contract code (Szabo [1997], Miller [1997]) has been written that can be used to form a Decentralized Autonomous Organization (DAO) on the Ethereum blockchain. This paper explains how a DAO’s code works, focusing on some basic formation and governance features, including structure, creation and voting rights. First a DAO’s Creation Phase and basic functionality are described. Then minority owner rights are discussed and a solution to the “Majority Robbing the Minority Attack” problem is proposed: the “DAO split.” The smart contract code is then explored in detail, and conclude with an explanation and detailed specification of the “DAO split.” The code for the smart contracts is located at: https: //github.com/slockit/DAO/ A word of caution, at the outset: the legal status of DAOs remains the subject of active and vigorous debate and discussion. Not everyone shares the same definition. Some have said that they are autonomous code and can operate independently of legal systems; others have said that they must be owned or operate by humans or human created entities. There will be many uses cases, and the DAO code will develop over time. Ultimately, how a DAO functions and its legal status will depend on many factors, including how DAO code is used, where it is used, and who uses it. This paper does not speculate about the legal status of DAOs worldwide. This paper is not intended to offer legal advice or conclusions. Anyone who uses DAO code will do so at their own risk. 2. Dao Concept DAO code is written in the “Solidity” programming language. A DAO is activated by deployment on the Ethereum blockchain. Once deployed, a DAO’s code requires “ether” to engage in transactions on Ethereum. Ether is the digital 1 DECENTRALIZED AUTONOMOUS ORGANIZATION TO AUTOMATE GOVERNANCE FINAL DRAFT - UNDER REVIEW 2 fuel that powers the Ethereum network. Without ether, a DAO can not do anything so a DAO’s first order of business is to receive ether. After a DAO’s code is deployed, ether may be sent to the DAO’s smart contract address during an initial Creation Phase which is defined in the DAO’s code. In exchange for ether, a DAO’s code creates tokens that are assigned to the account of the person who sent the ether. The token grants its holder voting and ownership rights. The number of tokens created is proportional to the amount of ether transferred. Token price varies over time (see section 5). Token ownership is freely transferable on the Ethereum blockchain, when the Creation Phase has ended. A minimum DAO Creation goal and Creation Phase time-period are set as parameters in a DAO’s code at the time of deployment. If the minimum DAO Creation goal is not reached at the close of the Creation Phase, all ether is returned. After the Creation Phase has ended, the total ether raised is denoted by Ξraised and the total amount of tokens created is denoted by Ttotal. A DAO stores ether and other Ethereum based tokens and transmits them based on the DAO’s code. It does not do much else. It cannot build a product, write code or develop hardware. It requires a “Contractor” to accomplish these and other goals. A DAO selects a Contractor by accepting a Contractor’s proposal. Any DAO Token Holder may become a Contractor by submitting proposals to use a DAO’s ether, denoted by Ξtransfer. If a proposal is approved, the DAO transmits ether to a smart contract representing the proposed project. Such smart contracts can be parameterized and enable a DAO to interact with and influence the project it chose to support. An example of such an agreement between a DAO and a project to be funded can be found in the appendix (A.4). Members of a DAO cast votes weighted by the amount of tokens they control. Tokens are divisible, indistinguishable and can easily be transferred between accounts. Within the contracts, the individual actions of members, cannot be directly determined. There is a set time frame tp to debate and vote on any given proposal. In our example, this time frame is set by the creator of the proposal, and is required to be at least two weeks for a regular proposal. After tp has passed, any token holder can call a function in the DAO contract that will verify that the majority voted in favor of the proposal and that quorum was reached; the function will execute the proposal if this is the case. If this is not the case, the proposal will be closed. The minimum quorum represents the minimum number of tokens required for a vote to be valid, is denoted by qmin, and calculated as follows: (1) qmin = Ttotal d + Ξtransfer · Ttotal 3 · (ΞDAO + RDAO) Where d is the minQuorumDivisor. This parameter’s default value is 5, but it will double in the case the quorum has not been met for over a year. ΞDAO is the amount of ether owned by a DAO and RDAO is the amount of reward tokens owned by this DAO, as explained in section 7 (also see rewardToken in A.3). The sum ΞDAO + RDAO is equal to the amount of ether used to Create DAO tokens plus the rewards received or said another way, the total amount of ether a DAO has ever received. This means, initially, a quorum of 20% of all tokens is required for any proposal to pass. In the event Ξtransfer equals the amount of ether a DAO has ever received, then a quorum of 53.33% is required. In order to prevent “proposal spam,” a minimal deposit can be required to be paid when creating a proposal, which gets refunded if quorum is achieved. If quorum is not achieved, the DAO keeps the proposal deposit. The value of the proposal deposit can be changed from the default value by the DAO through another proposal. 3. Notation Throughout this paper, Ξ always represents an amount of ether in its base unit wei. This is defined as 1 Wei = 10−18 Ether (Wood [2014]). Similarly, DAO tokens are denoted with T and always represent the amount of DAO tokens in its base unit, defined as 10−16 DAO token. 4. Majority robs minority attack Minority owner rights can be a problem in any corporate form. Minority rights may be protected or addressed by provisions in corporate governance documents or by statute or judge-made law. But many of these solutions fail because minority owners may lack voting rights or the ability to “vote with their feet” and easily retrieve their capital. This paper presents a solution to this problem in the DAO’s code. A problem every DAO has to mitigate is the ability for the majority to rob the minority by changing governance and ownership rules after DAO formation. For example, an attacker with 51% of the tokens, acquired either during the fueling period or created afterwards, could make a proposal to send all the funds to themselves. Since they would hold the majority of the tokens, they would always be able to pass their proposals. To prevent this, the minority must always have the ability to retrieve their portion of the funds. Our solution is to allow a DAO to split into two. If an individual, or a group of token holders, disagree with a proposal and want to retrieve their portion of the ether before the proposal gets executed, they can submit and approve a special type of proposal to form a new DAO. The token holders that voted for this proposal can then split the DAO moving their portion of the ether to this new DAO, leaving the rest alone only able to spend their own ether. This idea originates from a blog post by Vitalik Buterin (Buterin [2015]). A problem this simple fix doesn’t address is voter apathy: some token holders might not be actively involved in their DAO and might not follow proposals closely. An attacker could use this to their advantage. Even though the minority has the chance to retrieve their funds and split the DAO, some could be unaware of the situation and fail to act. For a DAO to be considered safe, it is required that inactive token holders must also be protected from losing their ether. Our proposed solution is implemented by limiting each individual DAO to a single Curator. This Curator controls the list of addresses that can receive ether from the DAO, across all proposals. This gives the Curator of a DAO considerable power. To prevent the abuse of DECENTRALIZED AUTONOMOUS ORGANIZATION TO AUTOMATE GOVERNANCE FINAL DRAFT - UNDER REVIEW 3 this power, it is possible for a DAO to vote for a new Curator, which may result in a split of the DAO as described above. Any token holder can make a proposal to vote for a new Curator. In effect, even a single token holder is able to both retrieve their remaining portion of ether and maintain their right to any future rewards associated to their previous contribution, as these will be sent to the new DAO automatically. Rewards are defined as any ether received by a DAO generated from products the DAO funded so far and are explained in further detail in section 7. The process of choosing a new Curator is as follows: Any token holder can submit a proposal for a new Curator. In this case, no proposal deposit is required, because an attacker could vote for an extremely high deposit, preventing any splits. The debating period for this proposal is 7 days. This is 7 days less than the minimum required for regular proposals, allowing anyone to retrieve their funds before a potentially malicious proposal goes through. There is no quorum requirement, so that every token holder has the ability to split into their own DAO. The debating period is used to discuss (on or off-chain) the new Curator and conduct a first vote that’s non-binding. After this first vote, token holders can confirm its results or not. In the case a majority opts to keep the original Curator, the minority can either keep the original Curator in order to avoid a split, or inversely they can confirm their vote for a new Curator and move their portion of the ether to a new DAO.