Reed Smith In-depth

Decentralised autonomous organisations (DAOs) have powerful disruptive potential. However, as demonstrated by recent judicial decisions, founders, members and investors can also face novel legal risks and challenges.

Most recently, a U.S. court has found that the Ooki DAO, which operates a virtual asset trading platform, could be treated as a ‘person’ under applicable law,1 is liable for financial penalties and injunctions from trading activities, and is required to remove from the Internet all webpages related to those activities.

Given the stakes can be high, those who are well prepared and advised of the regulatory, legal, and commercial risks arising from DAO structures will be in a better position to protect their rights and interests when disputes arise.

DAOs and DeFi

As is well known in the industry, a DAO is an emerging form of cooperative structure that has no central governing body and whose members share a common goal to act in the best interest of the entity.

DAOs are intended to enable trustless and decentralised operations – ‘trustless’ in that a third party need not be relied upon to operate between you and your cryptocurrency transactions or holdings, and ‘decentralised’ in that no one entity or person makes decisions.

DAOs aim to achieve this by relying on coded governance rules, with smart contracts and utility tokens automating administrative duties and allowing decentralised decision-making by users.2 These structures govern some of the best-known decentralised finance (DeFi) protocols, allowing for peer-to-peer financial services. But of course, they can also be used to structure investments, decentralised networks or protocols, collector or social groups, and charitable organisations.

Risk drivers

Many in the industry consider that DAO structures, based on self-executing smart contracts, will ultimately reduce the scope for commercial disputes. However, even with the best-designed DAO, there exist risks. These include the following:

  • Regulatory risk. Where a DAO governs a DeFi protocol, it will likely be susceptible to regulator action if the services offered are deemed to be in breach of securities or other regulations in any jurisdiction. In the Ooki DAO case, the DAO, which was found to be a ‘person’ for the purposes of the Commodity Exchange Act, faced fines, as well as trading and registration bans, and was ordered to shut down its website.3 Regulators in other jurisdictions, such as Hong Kong SAR, have confirmed DeFi projects may be subject to licensing requirements and regulation.4
  • Interpersonal risk. Like other business endeavours, DAOs are susceptible to differences of opinion or divergence in interest. Disputes can arise between co-founders and between founders and investors as to what was promised between the parties and who is entitled to what.
  • Smart contract risk. DAOs built on smart contracts are vulnerable to errors or flaws in the code. There is a risk of malicious actors exploiting these flaws for their own profit.5 2021 and 2022 were record-breaking years for hacks and exploits with $3 billion lost in each year.6 Additional smart-contract risks arise from manipulation of ‘oracles’, the conduits through which off-chain information is provided to smart contracts,7 and input or data-entry errors.
  • Progressive decentralisation risk. Many DAOs start life as centralised entities, with founders gradually handing power away to DAO members. However, member and founder interests might diverge, for instance, regarding the honouring of legacy third-party contracts.8
  • Intermediary risk. Some DAOs rely on intermediaries, such as individuals who are authorised to control DAO treasuries. This leads to the risk of human error or misconduct, a risk magnified if there is no way to validate the identity or credentials of the intermediary, which might be the case for an anonymous ‘treasurer’.
  • Governance risk. DAO voting rights allocated by ownership of freely traded tokens can lead to the risk of governance attacks9 or other issues when one or more individuals obtain concentrated ownership of tokens. Governance issues can also arise when one part of a community holds greater sway due to their history or status.10