DAOs and DeFi
As is well known in the industry, a DAO is an emerging form of cooperative structure that has no central governing body and whose members share a common goal to act in the best interest of the entity.
DAOs are intended to enable trustless and decentralised operations – ‘trustless’ in that a third party need not be relied upon to operate between you and your cryptocurrency transactions or holdings, and ‘decentralised’ in that no one entity or person makes decisions.
DAOs aim to achieve this by relying on coded governance rules, with smart contracts and utility tokens automating administrative duties and allowing decentralised decision-making by users.2 These structures govern some of the best-known decentralised finance (DeFi) protocols, allowing for peer-to-peer financial services. But of course, they can also be used to structure investments, decentralised networks or protocols, collector or social groups, and charitable organisations.
Risk drivers
Many in the industry consider that DAO structures, based on self-executing smart contracts, will ultimately reduce the scope for commercial disputes. However, even with the best-designed DAO, there exist risks. These include the following:
- Regulatory risk. Where a DAO governs a DeFi protocol, it will likely be susceptible to regulator action if the services offered are deemed to be in breach of securities or other regulations in any jurisdiction. In the Ooki DAO case, the DAO, which was found to be a ‘person’ for the purposes of the Commodity Exchange Act, faced fines, as well as trading and registration bans, and was ordered to shut down its website.3 Regulators in other jurisdictions, such as Hong Kong SAR, have confirmed DeFi projects may be subject to licensing requirements and regulation.4
- Interpersonal risk. Like other business endeavours, DAOs are susceptible to differences of opinion or divergence in interest. Disputes can arise between co-founders and between founders and investors as to what was promised between the parties and who is entitled to what.
- Smart contract risk. DAOs built on smart contracts are vulnerable to errors or flaws in the code. There is a risk of malicious actors exploiting these flaws for their own profit.5 2021 and 2022 were record-breaking years for hacks and exploits with $3 billion lost in each year.6 Additional smart-contract risks arise from manipulation of ‘oracles’, the conduits through which off-chain information is provided to smart contracts,7 and input or data-entry errors.
- Progressive decentralisation risk. Many DAOs start life as centralised entities, with founders gradually handing power away to DAO members. However, member and founder interests might diverge, for instance, regarding the honouring of legacy third-party contracts.8
- Intermediary risk. Some DAOs rely on intermediaries, such as individuals who are authorised to control DAO treasuries. This leads to the risk of human error or misconduct, a risk magnified if there is no way to validate the identity or credentials of the intermediary, which might be the case for an anonymous ‘treasurer’.
- Governance risk. DAO voting rights allocated by ownership of freely traded tokens can lead to the risk of governance attacks9 or other issues when one or more individuals obtain concentrated ownership of tokens. Governance issues can also arise when one part of a community holds greater sway due to their history or status.10
The industry is developing its own means to combat some of these issues. For example, smart contract risk could be mitigated with better security measures, such as formal verification, audits, bounties, monitoring tools and automated firewalls.11 Intermediary risk could be reduced by future developments in digital identity, which might reduce risks associated with anonymous treasurers. DAOs can also be designed to limit governance risk arising from control by prominent individuals or groups.12
However, these efforts do not entirely remove the possibility of disputes arising, which, in turn, can engage difficult and untested areas of law.
Issues when risks materialise
Some of the issues that could be particularly thorny in the context of DAO disputes include the following:
- Emerging law and regulation. Disputes involving blockchain technology often involve untested regulatory matters and disagreements about issues such as the proper scope of developer duties toward users13 or the circumstances in which a legitimate arbitrage trade becomes an illegitimate exploit.14 Depending on the jurisdiction, these may be new areas of law with little precedent in place.
- Method of resolution. Without a jurisdiction agreement in place, a party would need to establish jurisdiction through other means. Subject to the applicable law, this might involve arguments regarding party residence, place of performance and location of assets, each of which may be difficult to establish in the DAO context.
- Pseudonymity. Parties in DAO disputes may be pseudonymous, which has the potential to cause difficulty in jurisdictions that require a party to be named. Some leading jurisdictions allow claims to be brought against ‘persons unknown’ by reference to wallet addresses,15 and/or legal service to be effected by airdropping claim documents to those wallets.16
- Individual liability. Where a claim is brought against a DAO itself, the question will be whether it has incorporated itself into one or more legal entities, as is increasingly the case, meaning that liability will be limited to those entities. If the DAO has remained unincorporated, this can lead to additional risk, and the members themselves can be found to have assumed personal liability for any wrongdoing of the DAO.17
- Preservation and enforcement. Parties will want to consider means of tracing and securing assets pending the outcome of the dispute, as well as ways in which the claim can be formulated so as to allow for an enforceable remedy. Both steps require consideration of the portability, custody and price volatility of digital assets residing on a blockchain ledger. This can involve difficult and nuanced analysis, which can be more complicated if such assets are banned in some jurisdictions,18 and their legal statuses are unclear in others.19
Being prepared
DAOs are often early-stage businesses that are highly vulnerable to changes in regulatory policies, economic shocks and changes in market sentiment. Disputes, if handled wrongly, can be highly disruptive if not fatal to a DAO’s operations.
However, DAO founders, investors and members can take measures in advance to protect their rights and interests.
- DAOs should take legal advice as to whether their activities are caught by and/or in compliance with the law of the jurisdictions in which they operate. This might include obtaining advice as to whether the products offered constitute securities or futures under local law and/or how to comply with any applicable governance, custody, on-boarding and/or customer identification requirements.
- Parties should structure their DAOs with a view to mitigating risk. Some DAOs might want to incorporate within a legal wrapper to shield individual members from unlimited personal liability. They may also wish to vest authority to act on behalf of the DAO in an entity, whether it be a legal wrapper or an external foundation.
- DAOs should put in place mechanisms for resolving disputes quickly, effectively and in a way that allows for due process and an enforceable decision. Arbitration is a natural choice for DAO-related disputes given its flexibility of procedure, allowing for a shorter process determined by a tribunal with relevant expertise and the ready cross-border enforceability of arbitral awards.20
- Parties should have in place a plan for contingencies such as exploits or disputes. As a DAO’s consensus-based decision-making may not be suitable for making prompt decisions, this might involve nominating an individual or committee to represent the DAO in advising counsel and briefing the market. It is also important to have advisors on standby to quickly assess risk and trace exploited assets.
- Parties should remain flexible and open to commercial resolution. This might include on-chain measures;21 informal liaison with third parties; or even post-dispute agreements with counterparties, such as agreeing with a user to confidentially arbitrate the specific question of whether or not a particular trade was legitimate.
- Including conducting unlawful off-exchange leveraged and margined retail commodity transactions, conducting activities that can only lawfully be performed by a registered futures commission merchant and failing to implement CIP, KYC, or anti-money-laundering procedures (in breach of the Code of Federal Regulations (CFR) and Code of Laws of the United States of America (USC)) (Commodity Futures Trading Commission v. Ooki DAO, 3:22-cv-05416, (N.D. Cal.)).
- “How DAOs Could Change the Way We Work”, S. Glaveski, Harvard Business Review (7 Apr 2022).
- Commodity Futures Trading Commission v. Ooki DAO, 3:22-cv-05416, (N.D. Cal.).
- “HONG KONG: Regulator says DeFi Projects Could Face Regulatory Requirements”, Coindesk (12 April 2023).
- In 2017, arguably the most high-profile DAO, Ethereum’s automated venture capital fund (known simply as ‘the DAO’), itself suffered a smart contract exploit with the attacker taking $70 million in Ethereum. There have been many high-profile exploits of DeFi protocols since then.
- C. Sullivan & P. Johnson, “What to Expect for Ethereum and Blockchain Infrastructure in 2023”, Blockworks (29 Dec 2022).
- Ethereum Smart Contract Best Practices, accessed 27 Feb 2023.
- “Legal battle avoided after YGG and Merit Circle DAO agree to a deal”, J. Coughlan, Cointelegraph (15 Jun 2022).
- “Build Finance DAO Falls to Governance Takeover”, L. Kelly, Decrypt (15 Feb 2022).
- See, for example, “AssangeDAO Raised $56M and Quickly Split Up. Was It Still a Success?” D. Kuhn, CoinDesk (updated 9 Mar 2022), accessed 27 Feb 2023.
- Sullivan & Johnson, supra n.2.
- For example, by introducing design elements to enhance the powers of minority DAO members by, for example, giving greater weight to an otherwise minority vote based on the percentage of total held tokens staked on a decision, as opposed to based on a simple majority.
- Tulip Trading Ltd. v. Bitcoin Association for BSV & others [2022] EWHC 667 (Ch).
- Cicada 137 LLC v. Medjedovic, 2022 ONSC 369 (17 Jan 2022).
- AA v. Persons Unknown [2019] EWHC 3556 (Comm) (17 Jan 2020).
- D’Aloia v. Persons Unknown, Binance Holdings Ltd. & Others [2022] EWHC 1723 (Ch.).
- For example, Christian Sarcuni v. bZx DAO 22-cv-618-LAB-DEB. Decision of the U.S. Southern District Court of California, dated 27 Mar 2023.
- For example, the People’s Republic of China, whose courts may not be willing to recognise and enforce crypto-related matters (Gao Zheyu v Shenzhen Yunsilu Innovation Development Fund Enterprise (LP) and Li Bin (2018) Yue 03 Min Te No. 719).
- For example, India, where the government has been ready to tax crypto earnings but not to recognise crypto businesses or transactions. “Why Crypto’s Rough Year in India Just Got Worse”, R. Desai, Forbes (11 May 2022), accessed 27 Feb 2023.
- Arbitration is normally confidential, but DAOs seeking transparent decision-making can opt to limit this confidentiality or waive it for token holders.
- On-chain ADR is a nascent mechanism that is being used in certain DAO-related disputes. It often provides for gamified procedures whereby token-holder adjudicators vote on the outcome of a dispute on the basis that if they side with the majority, they will earn a return on their investment. These processes, which require pre-collateralisation by disputants, have provoked a lively debate as to whether they meet legal, procedural and due process concerns.
In-depth 2023-134