The Security Issues of a DAO
Do we really want decentralization?
For the last 3 months, I have focused a lot of energy into running a webinar series on Metaverse technologies with a focus on identifying privacy and security issues.
In March, we focused our discussion on NFTs. Coincidentally, OpenSea, an NFT marketplace, experienced a significant phishing exploit mere weeks before our discussion.
In April, we hosted a webinar on cryptocurrencies. Coincidentally, the Ronin Network experienced a security breach of its gateway that caused $615M in losses.
I thought these coincidences were funny and said as much on Linkedin, making light of them.
Then, this week’s webinar focuses on DAOs and, wouldn’t you know it, Beanstalk suffered what is called a “governance hack” a couple of weeks ago.
Now either I am becoming precognitive or hackers are following my series and generously giving me something to talk about.
Either way, it is a bit serendipitous, although not the happy kind.
A DAO (decentralized autonomous organization) is a relatively new governance structure that has gained popularity in web3.0 and the Metaverse. The DAO is based on principles of increased engagement, ownership of decision-making and transparency. As a corporate lawyer, I am intrigued.
To understand why a DAO changes typical governance, we have to set the baseline, which I will put in the context of your typical c-corporation structure used by most companies today.
Let’s quickly dispense of the limited liability corporation, which is governed by its operating agreement and is not too different from a c-corporation.
The c-corporation defaults to the majority rule, but it allows for flexibility in its voting structure based on a class system. Stocks can be broken up into different classes and series such that stockholders voting rights depend on the type of class of stock that they hold.
But c-corporations are even more complex because they have the concept of a Board of Directors in addition to stockholders. Under Delaware corporate law, which I am most familiar, the Board of Directors oversees the day to day operations of the business while the stockholders are brought in, via statutory provisions or the certificate of incorporation, to vote on very high-risk, high-stakes matters. Voting happens at the Board level and the stockholder level, creating a two-step process, with the Board voting to send a proposal to the stockholders. The voting threshold for stockholders, as I mentioned, defaults to the majority of quorum, but it can be set at supermajority, as well. Sometimes, you will see a 66.67% threshold and, rarely, a 75% voting threshold. These super high thresholds are often reserved for the most critical matters, such as a sale of the company or creating new classes of stock
There are other nuances that could be a blog post all by itself, but this highlights enough for me to explain the governance change a DAO is trying to effect.
A DAO uses blockchain technology, specifically smart contracts, to self execute governance when the pre-determined conditions are met. In other words, once the voting threshold is met, the action is unstoppable.
Let me provide an example, 100 people buy a token in a DAO. The DAO smart contract states that when 51% of the tokens agree on buying a piece of art, then that is what will happen and the purchase is executed.
So how is this different from a c-corp? I think the key difference is the self-executing part and the lack of the two-step process. In other words, the proposal doesn’t first get voted on by a Board and confirmed by the stockholders. And there is no waiting period. The CEO doesn’t then have to go out and buy the art through a wire transfer.
Instead, the art is immediately bought using the funds that are available in the DAO, which can happen within seconds and without any intermediaries.
In web3.0, intermediaries are generally considered a bad thing, mostly because you have to pay intermediaries to do their work. I am not yet convinced that intermediaries are a bad thing, but I digress.
In a DAO governance structure, no hierarchy or intermediary also means no double check. Like most web3.0 projects, DeFi protocols and their DAOs are out in the open via a white paper for anyone to read, not just the community. The downside is that being so open and transparent exposes weaknesses.
So if you want to start a DAO, you need to make sure it is air tight.
As I mentioned above, the Beanstalk hack is a cautionary tale of a governance hack. Beanstalk’s DAO was not air tight.
Beanstalk is what is known as DeFi, decentralized finance, which means there is no intermediary bank involved. Beanstalk walks you through the concept of stablecoins in their white paper and how they have evolved, so I won’t repeat that here.
The critical difference of Beanstalk’s DeFi protocol is their three inter-connected components: 1. a decentralized price oracle (explained below), 2. a decentralized governance structure (the DAO), and 3. a decentralized credit facility (not explained because it’s obvious).
For the decentralized price oracle, Beanstalk’s DeFi protocol is based on a theory that they don’t have to value peg their stablecoin to the U.S. dollar. By way of brief explanation, to value peg means that the stablecoin would be based on a one for one exchange to the dollar. The problem with value pegging is that when there is excess demand of the stablecoin, interest rates increase. There has been a lot of excess demand this past year.
So, to address the interest rate problem, Beanstalk uses dynamic pegging mechanisms, where the stablecoin value fluctuates above and below the $1. So now you can buy and sell Beans on credit at the value peg of a $1 because it regularly crosses above $1 (as well as below, so that the average is roughly $1).
Are you with me so far?
Beanstalk is governed by a DAO that they called the Silo. Silo members vote on protocol upgrades. Beanstalk acknowledges in their white paper that the governance has to account for potential malicious activity, but they don’t explain how they are doing that. Exploiting a DAOs voting mechanism is not a new phenomenon and, in fact, was publicly exposed by The DAO when a hacker attempted to siphon funds out of The DAO exposing a weakness in the voting control mechanism. So, presumably, Beanstalk’s acknowledgement is a nod to this type of weakness and is meant as comfort that they don’t have any similar weaknesses. They’ve thought it all through.
Back to the mechanics of the Beanstalk hack, a protocol upgrade, which can also be proposed by the DAO members, passes by simple majority and is a smart contract, so another self-executing “upgrade.” There is a window for the vote that is quite long and could arguably be the “double check period.” However, and here is the rub, a supermajority in favor of the upgrade will automatically close the voting period and pass the new protocol.
You know where this is going, right?
So here we have a DeFi protocol based on credit. The attacker took out a flash loan to purchase a supermajority 67% voting stake in the DAO. As a Silo member, the hacker proposed a malicious smart contract that would transfer a lot of Beans to their own wallet. Because of their super majority voting stake, the malicious smart contract was automatically passed through the DAO’s self executing governance smart contract. The malicious smart contract transferred $170M worth of Beans to the hacker. After paying back the flash loan, the hacker was able to net approximately $72M in profit. They then washed the cryptocurrency through Tornado Cash.
Tornado Cash was created on the promise of cryptocurrency privacy and is also governed by a DAO.
Honestly, you can’t make this sh!t up. And it is leading to one grand conclusion on my part that we don’t know what we are doing. There are lessons in history that need to be applied. Experts out there who aren’t being consulted. If the promise of cryptocurrency and DAOs is freedom from the control of others, then how can one hacker obtain so much control? Put another way, is this really decentralization? A white paper drafted by a few that then governs many? Permission for supermajority to be in the hands of one actor? Isn’t all of that the very definition of centralization?
Oh, that’s right. In web 3.0, that is for me to figure out for myself.
You’re the best,
Caroline
P.S. This post took a long time to write and I apologize for such a long break between posts. Frankly, I had a little bit of writer’s block. I believe I am unstuck now and I hope you will follow me as I dive into the world of writing for the Forbes Technology Council.
P.P.S. I submit that there are mitigations that were readily available here. First, why require a supermajority bypass? As any corporate lawyer knows, supermajorities are rarely used and only for very specific situations. For a DAO, I cannot imagine how supermajority is beneficial. I can only see it being used to prevent a harm, like this very one that was executed. It also seems to me that a supermajority has to be better defined, if it is used, i.e. holding tokens + some other condition.
About the author: Caroline McCaffery is a co-founder at ClearOPS, which stands for clear operations in privacy and security. ClearOPS is a third party risk management platform for buyers and sellers streamlining the due diligence process. She is a frequent blogger and speaker with over 20 years of experience as a lawyer working with tech startups. You can connect with her on Linkedin.
Security Expert Marketplace is the only exclusive community for vCISOs. Providing vCISOs with community, private events and public speaking opportunities, the Security Expert Marketplace is on a mission to facilitate better security.
 | A guest post by
|
All funds stolen from 'TheDAO' were restored to the investors, as such no one ended up losing "money" (not the correct term either in this context).