Decentralized Autonomous Organizations (DAOs)
A decentralized autonomous organization (or “DAO”) is an organization that is not controlled by the law of any state, but rather by the rules encoded in a computer program. In essence, a DAO is an organization entirely governed by a smart contract. This page discusses one particular DAO and the problem that occurs when users no longer want to abide by the code of the smart contract that defines the DAO.
This page's discussion of DAOs is divided into the following topics:
You may also wish to look at these related pages in Bitlaw:
What is a Decentralized Autonomous Organizations (DAO)
A decentralized autonomous organization (or “DAO”) is defined through smart contracts operating on a blockchain. The smart contract is (or many separate smart contracts are) used as part of the management and decision-making process of an organization having multiple members. In this way, a DAO can be considered similar to a corporation or a non-profit organization. A DAO is different, however, in that the relationship between the members of the DAO are defined by these smart contracts rather than a legal agreement or the laws of a state or national government.
Individual members in the DAO generally control the activities of the organization through a voting process controlled by one of the DAO’s smart contracts. In most cases, however, the DAO is not purely automated. Rather, the DAO might establish that joining the DAO, funding the DAO, and withdrawing from the DAO are controlled by a first smart contract, while the decision-making process for the DAO is controlled by another smart contract. At the same time, other individuals or entities in the real-world take responsibility for performing certain actions on behalf of the DAO.
For example, a DAO might control the operation of a “metaverse” game based on NFTs. Voters may determine whether or not certain behavior is allowed in this metaverse, and these votes will be under the control of the DAO. Implementing these decisions in the computer program that creates the metaverse environment, will frequently require the computer programming labors of individuals, who may in fact be working for some real-world (off-blockchain) entity formed as part of the DAO.
“The DAO” was a particular DAO that took the form of an investment company implemented as a smart contract on the Ethereum blockchain. Investors were allowed to contribute Ether to The DAO during an investment period. The money raised was to be invested in blockchain-related startup companies, with any and all profits earned being distributed back to the investors in accordance with the terms of the smart contract. Companies would submit proposals for funding to a group of “curators” for the DAO. Once approved by the curators (leading individuals within The DAO), investors would be allowed to vote on the funding proposals to determine which investments would be made. The process for voting and funding was all specified within the programming of The DAO smart contract. Finally, investors were allowed an “Exit door,” which would allow investors to leave with their initial investments after a 28-day waiting period.
Although the smart contract that implemented these provisions was complicated, the DAO explicitly stated that the smart contract itself was the controlling legal authority, and any other written descriptions or human readable documents were merely for educational purpose:
Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO's code… Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supersede or modify the express terms of The DAO's code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO's code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO's code controls and sets forth all terms of The DAO Creation.
In other words, for The DAO, the code was the law.
Investor reaction to the DAO announcement greatly exceeded expectations. During the growth face of the organization, over $150 million in Ether was contributed to The DAO. By one estimation, at one point 14% of all Ether was invested in The DAO, and the value of that investment exceeded $250 million.
Unfortunately, there was a problem with the coding of the exit door. The program steps that returned funds to the requesting inventor were executed before the internal balance for that account was updated. A nefarious individual exploited this weakness by creating a recursive call for the exit door refund. Using this hack, the same DAO token was used to request a refund of Ether multiple times in a row, with each new refund triggering another refund request without the internal balance ever being updated. Within a few hours, $70 million worth of Ether had been extracted from The DAO. For some reason, the hacker then stopped extracting Ether even though no solution to the bug had been implemented.
The organizers of The DAO identified the problem, but the code provided no way to stop the distribution of the $70 million after the 28-day waiting period has expired. The immutability which was at the heart of the Ethereum blockchain prevented any simple solution. Eventually, a proposal was made to create a “hard fork” in the blockchain. This proposal was submitted to all owners of Ether on the blockchain and was adopted by a large majority of the voters. The hard fork essentially rolled back time to a moment before the exploit, and then changed the terms of The DAO smart contract. The DAO was to be terminated, and the only process allowed by the new contract was a return of Ether to those who invested in The DAO.
This hard fork was extremely controversial. Many argued that the “code was law,” regardless of the consequences. If the blockchain could be rolled-back for this, it was no longer immutable and no longer worthy of trust. The dissenters created the “Ethereum Classic” blockchain, which essentially took over the Ethereum blockchain without the roll-back. No change was made to the blockchain, and Ethereum Classic kept moving forward. After the 28-day waiting period, the hacker received millions of dollars’ worth of Classic Ether.
Tornado Cash DAO
As explained in the Bitlaw page on Blockchain Lawsuits, governments can sometimes use measures originally created to limit terrorist organizations in order to go after bad actors on the blockchains. In particular, the U.S. Federal Government can place account numbers associated with these actors onto blacklisted accounts in an attempt to get others on the blockchain to freeze out those accounts.
When fraudulently obtained tokens are in a blacklisted account, various techniques might be used by the owner to “wash” the funds and make then transferable again. One way to accomplish this is through the Tornado Cash DAO, which was established in order to create a “crypto mixer” that would eliminate the traceable history that is generally associated with all crypto tokens. Effectively, numerous token transfers are combined into a single transaction, where the tokens are essentially mixed, and then distributed as directed by the individual transfers. The originating token in a single transaction would not be directed to the intended recipient for that transaction—rather a different token would be transmitted to that recipient. Tornado Cash then takes a fee for the transaction.
According to the US Government, Tornado Cash had been used to wash more than $7 billion of crypto currencies, including over $450 million stolen in 2019, and $635 million stolen in 2022 from the Ronin blockchain (used to operate the popular NFT game Axie Infinity). According to the U.S. government, the thefts were made by North Korean-backed hackers known as the Lazarus Group. Money raised through these thefts have been used to help fund the North Korean’s weapons program. On August 8, 2022, the US government added the accounts associated with the Tornado Cash DAO to the SDN blacklist, making it illegal for US individuals and companies to interact with Tornado Cash or the related accounts added to the SDN list. Included in that account list were wallets addresses containing more than $400 million in assets. Following the listing, the Tornado Cash DAO shut down.
Please see Dan Tysver's bio and contact information if you need any DAO-related legal assistance. Dan is a Minnesota-based attorney providing intellectual property advice on Decentralized Autonomous Organizations to clients across the country.