One of the curators of The Distributed Autonomous Organisation is calling for a temporary moratorium on the activity of the investing platform due to various weaknesses detected in its security system.
The proposal to postpone the full launch of the DAO comes from the curator of the investing platform and a member of Ethereum Foundation Vlad Zamfir, the Smartwallet founder Dino Mark and Emin Gün Sirer, a professor at Cornell University. They have carried out a detailed analysis of The DAO’s code and published a document entitled “A Call for a Temporary Moratorium on ‘The DAO’” (accessible via Google Docs). During the moratorium, The DAO is supposed to stop accepting proposals for investment and its members will not vote or discuss possible investment projects.
The article quotes seven types of possible attacks on the platform and suggests changes to The DAO’s code to avoid these threats.
According to the document, “the current DAO has a strong positive bias to vote YES on proposals and to suppress NO votes,” as it “restricts the ability of a token holder to split from the DAO once they have voted on a proposal until the outcome of the vote is determined.” This may lead to the situation when a vote against a proposal is inherently risky for an investor.
Furthermore, the authors notice that The DAO is currently open to “stalking attacks”. If a user splits from The DAO and starts a new contract being the sole investor and curator, he can become a target of an attacker due to the fact that the split and contract creation have taken place on a public blockchain. “This creates the possibility for ransom and blackmail,” the document warns.
The article also notes that among the existing DAO investors there are “giants” who own 7.7% of all DAO tokens. Taking into account that the voting is considered valid with a quorum of more than 20% of token holders, the massive token owners will be able to conspire with holders of 2.3% + 1 tokens to force approval of an investment project.
The document also mentions other potentially dangerous situations when token holders could take advantage of the voting system and create controversial investment projects, block voices of other members, manipulate token price on exchange platforms and so on.
The article proposes to change the voting mechanism by implementing a post-vote grace period, during which proposals would be accepted but token holders would still have the right to withdraw their investment. Besides, the authors suggest that it would be a “prudent step” to allow instant and direct withdrawals of ether to regular addresses.
The decentralised autonomous organisation (the DAO) attracted over $132 million during public crowdsale that lasted 28 days and ended on 28 May.
Elena Platonova