User-Defined Organization, Part 1 - the risks of coin voting governance
Web3 promises to usher in a new era of the Internet where every user is a sovereign. In this new user-centric era, corporate data silos have been broken down through competitive compatibility, there are no gatekeepers limiting data accessibility, and users are not only in control of their data but also in charge of the underlying infrastructure.
Decentralized Autonomous Organizations, or DAOs for short, are often seen as the primary organizational structure for the Web3 era. They are collectively owned and managed by their members. DAOs are non-hierarchical and reach decisions through voting on proposals. They have a shared treasury, require community authorization for spending, and practice radical financial transparency. They encode the rules of governance in smart contracts and rely on algorithms to automate certain operations and execute collective decisions.
And unlike traditional cooperatives, with which they share many organizational similarities, DAOs are all the rage at the moment. The number of DAO members has recently surpassed 1,5 million, and together they manage over 14 billion dollars in various crypto assets. Although sometimes dismissed as just “Discord channels with a native token and shared treasury”, these are real organizations, with real sway and real capital, working towards their organizational goal.
Cambrian explosion?
The recent rise in the number of decentralized organizations is often described as a “Cambrian explosion”. This expression suggests that we are experiencing a rapid boom that brings about a multitude of competing approaches. In reality, however, the variance of organizational structures and governance modes within the decentralized space is rather limited.
While you can group DAOs into several categories, depending on their stated purpose and objectives, in practice most of them follow similar operational blueprints and make use of the same “organization legos”. DAOs may aspire to be decentralized and autonomous, but they are not as diverse in their design as one would hope considering their globe-spanning, culture-crossing, and regulation-free nature.
This would not be concerning if the governance ideas around which the web3 community has converged, would serve it well. However, there are many indications that the most popular governance model used by DAOs today - coin voting - comes with great risks and frequently results in outcomes that do not reflect the values and aspirations of the decentralized community.
The perils of coin-voting governance
Most currently-operating decentralized organizations rely on token-based governance, where holders of a tradable token are entitled to make decisions regarding the allocation of resources at the disposal of the organization via some form of token-weighted voting. Aside from treasury management the governance token holders can usually initialize and vote on proposals concerning parameter adjustments, smart contracts upgrades, as well as the organization and the inner workings of the DAO itself (hiring staff, awarding bounties, entering into partnerships with other organizations, etc.).
Initial token distribution may differ considerably from one decentralized organization to another, depending on whether the organization has been funded as a “DAO-first” or if it was transformed into one through “progressive decentralization”. DAOs usually allocate some governance tokens to funders, original team members, and investors to reward them for their early contributions to the project and distribute the rest among those community members who take an active part in its operations.
At first glance, this setup may seem to empower users, foster community participation, and ensure the long-term sustainability of a project. Unfortunately, this is not always true. The following list of practical problems faced by decentralized organizations is far from being exhaustive and concentrates mostly on social attacks and non-technical vulnerabilities, omitting various algorithmic exploits that can be levied against token-based governance.
- Token-based governance is a whale game
The way in which most DAOs distribute governance tokens heavily favors founders, early investors, and original team members. Even in large decentralized organizations, where the number of active members is counted in thousands, most votes are usually controlled by a relatively small number of individuals. This enables wealthy governance token holders (often called “whales” in crypto lingo) to push through with their favored proposals, even against the wishes of the community. The end result is governance that is hardly decentralized, if not outright plutocratic.
- Token-based governance is vulnerable to vote-buying and bribery
Even when the initial distribution of voting power is not centralized, there is a danger that an organization will slide towards plutocracy through token acquisition. As many governance tokens are openly traded on decentralized exchanges, entities who have a large stake in certain governance outcomes can simply buy the necessary votes. There are also specialized lending platforms that let users “borrow” governance tokens which let them temporarily leverage their voting power. Thus, the nature of tradable governance tokens makes DAOs inherently vulnerable to vote-buying and bribery.
- Token-based governance is susceptible to Sybil attacks
A decentralized organization may try to limit the accumulation of voting power by establishing a “one vote per person” rule. Successful execution of this rule would, however, require the organization to find a way of addressing the bane of online voting - Sybil attacks.
Polling in decentralized organizations is pseudonymous by nature. Voters are usually identified through their crypto wallets. If an algorithmic organization does not establish a community-approved way of ensuring that behind each wallet there is a unique identity (which might prove to be a challenge since most anti-Sybil solutions are either burdensome or intrusive in terms of privacy), unscrupulous attackers can easily gain disproportionately large influence through simple sock puppetry.
An entity with a vested interest in a certain governance outcome can create multiple wallets (identities), each of which permits them to cast a vote, and to use them to skew the polling results in their favor. Depending on how governance tokens are distributed between DAO members, this way of influencing the vote may even be easier than trying to do so through vote-buying or bribery.
- Token-based governance exposes DAOs to economic attacks from malicious competitors and other outside entities
DAOs rarely (if ever) operate in a vacuum. Algorithmic organizations are heavily interconnected and often face competition from other entities within the same space. If a DAO’s governance token is available for trade on crypto exchanges, like often is the case, its rivals can acquire them to initiate “governance extractable value” exploits or even instigate a hostile takeover.
While the same is true with regard to publicly traded companies, crypto markets make such operations especially feasible thanks to the availability of flash loans, the complex nature of some of the proposals that are put to vote, and the pseudonymous nature of voters who can engage in malicious governance activities without putting their reputation on the line.
- Financial incentives of token holders can overpower governance incentives, leading to low participation and short-termism
Speculative governance tokens bundle two rights into a single asset: the right to participate in governance and the economic interest in the organization’s revenue. The latter is usually seen as a reward for active participation in the community. In practice, however, this bundling of different rights often results in “yield-dominant governance”, as most users see their tokens primarily as yield, and not as voting rights.
A 2020 analysis of the actual governance practices of the most prominent DeFi DAOs uncovered that “the financial incentives have been stronger than the governance incentives.” Few token holders actually participate in governance, and those who do, are mostly interested in short-term gains.
- Where users and token holders constitute distinctive groups, token-based governance often leads to the over-valuing of the token price at the expense of the users’ interests
The focus on immediate returns that is often observed among active DAO participants points to another more fundamental problem with speculative token-based governance - the tendency to treat token-holders as the only relevant stakeholders.
While you can imagine projects, where users and governance token-holders are one and the same (one such project will be described in detail in the second part of the article), these do not constitute a norm within the decentralized space. Quite often “token holders’, and “users” form separate groups, with separate interests and incentives. Conflating the two, and treating token appreciation as a sign of healthy growth disregards the fact that the rise in the token value might come at the users’ expense.
This is not a new problem. In fact, it is an old game (that is shareholders acting in their own interest and disregarding the interest of consumers) being played using a new technology. Web3 was supposed to provide a viable alternative to this model, not replicate it…
The picture that emerges from the above list of governance vulnerabilities is rather grim. DAOs that put holders of tradable tokens at the center of governance are highly susceptible to centralization creep. Their plight is not a coincidence, but rather a predictable result of a design flaw. Coupling economic interests and voting power turns governance decisions into auctions and incentivizes voters to care mostly about the value of the governance tokens. Teams and communities who want to avoid the fate of being “decentralized in name only” should therefore look to other governance modes.
The second part of the article explores the idea of User-Defined Organization - Golem Foundation’s attempt at giving users effective control over the protocols, software, and platforms they rely on.