Let’s start with an IoT (Internet of Things) example. Imagine you are travelling in a driverless car. You have your cryptocurrency wallet (with enough bitcoins). As your trip ends, the amount is automatically deducted and deposit into the cryptocurrency wallet of the car. The car now heads towards a parking lot and for the same reserves a spot for itself by using a part of the amount from its cryptocurrency wallet.
If you notice, no human intervention was required here and everything was automated. Imagine the car to be an organization and the concept of DAO becomes clearer.
What is DAO?
The DAO or simply, DAO stands for Decentralized Autonomous Organization.
DAO was a result of successful implementation of blockchain technology to build an autonomous and decentralized organization.
In a DAO, the rules of how the organization functions in its day to day business was coded in the system through smart contracts, i.e., it wasenforced digitally.
This meant that a DAO could run effectively and efficiently without a structured management board and a CEO or CFO; provided necessary rules and laws of the organization were coded in the system. Major decisions can be taken either through rules digitally present in the system or through voting.
The idea behind creation of DAO was to allow anyone pitch in project ideas and receive funding from the members of the community who held DAO tokens. These DAO tokens would be used to vote on ideas and plans. If the project turned profitable, the reward would be done using DAO tokens.
DAO was created to perform a couple of activities quite well, thus seeking to improve governance in organizations –
- You can hold DAO tokens if you have an internet enabled device
- Automated decisions can be taken based on voting results
- Give out funds when a specific timeline is met, or when a date arrives or when a certain number (or percentage) of voters have agreed to a given condition.
DAO was formerly called as Genesis DAO and was built by members of the Ethereum Community in May, 2016. The DAO was an open source implementation was on Ethereum and the code development was performed by Slock.It team.
The team managed to get a fund of around $150 million at the time of creation through selling of DAO tokens.
How DAO Works
As already discussed, DAOs do not have a hierarchical structure – like management and executives. As part of everyday functioning, tokens are required. These are required to reward certain activities.
DAO, just like blockchain is transparent and incorruptible and anybody who is a participant can verify the transactions performed in it.
Whenever funds have to be withdrawn from a DAO wallet, it has to be done through a voting mechanism which you can consider as consensus. Consensus can require all, majority, or even two-third of the total votes cast; depending on the law coded in the system.
In a DAO, decisions are taking via proposals and in order to prevent spammers, it can also require deposit of a certain amount of cryptocurrency.
Once a proposal is submitted, voting takes place to decide the outcome or come to a state consensus.
The DAO Attack
A security breach happened on July 17, 2016. A hacker found a loophole in the DAO and used the loophole to drain funds from the DAO. Around $70 million was stolen (3.6 million Ethers at that time).
The hacker found out that he could ask the DAO to return Ethers (currency used in Ethereum) multiple number of times before the system (DAO) could update the balance.
The Ethereum admins (community and team included) took control of the situation quickly and presented a number of ways to deal with the attack.
It is important to note here that the hacker could not withdraw the amount because the amount was put on a holding period for 4 weeks.
In the meantime, a hard fork was performed to ensure that the amount (in Ethers) is transferred back to the accounts of one of the DAO owners.
Two things might have caused this –
- The coders had not considered that recursive call was possible and expected
- Missing out on the fact that DAO would first send the fund and then update the balance
This attack motivated the fall of the DAO. Many critics argued that the hard fork was against the philosophy of blockchain technology. Cryptocurrency exchanges started delisting DAO tokens, which culminated in the United States Securities and Exchange Commission (SEC) ruling in July 25, 2017 which stated:
“Tokens offered and sold by a “virtual” organization known as “The DAO” were securities and therefore subject to the federal securities laws. The Report confirms that issuers of the distributed ledger or blockchain technology-based securities must register offers and sales of such securities unless a valid exemption applies. Those participating in unregistered offerings also may be liable for violations of the securities laws.”
It is very difficult to change DAO code once it has been deployed to a smart contracts platform, for example, the Ethereum since one person can’t change the rules. So if you observe a bug in the system, it is tough to fix the bug and it may so happen that attackers exploit this vulnerability to steal funds from the system by playing along the rules of the system.
Secondly, the legal status of such an organization in the real world has still not been decided.
The DAO company might have been unsuccessful, however the DAO model is a real and serious use case for the organizations of the future. Future smart contracts are and will continue to learn from DAO’s failures. The DAO will be a case study for years to come to understand what to do and what to avoid while building a truly decentralized and autonomous body on the internet.
More so, because it can lead to cost cutting by around 20-30% through elimination of any middlemen present in the system today.