The creation of DAO is unique to web3, which leverages the competency of blockchain in governing the protocols without involving centralized entities.
DAO is heavily centred around two facets- encryption and distributed storage. This bestows them with the capabilities to run based on the collective decision of community members.
As with any Web3 protocol, security concerns hang around DAO protocols also.
This article aims to bring out the underpinning infrastructure of DAO and guidelines for improvising their smart contract security to endure attacks.
Purpose of DAO
Ethereum always holds the credit for being the first-ever programmable blockchain. It has an immense role in bringing true decentralization by allowing developers to play with code.
In that respect, DAO smart contracts are designed to foster on-chain governance justifying the fact that communities purely operate the blockchain.
Just like any other smart contracts, DAO contracts are basically designed to automate the process and execute actions when the predefined conditions are met.
To illustrate with an example, consider an ERC-20 token contract. It is created based on ERC-20 standards with information such as contract address, token supply, token name, token transfer conditions, etc.
The operation of the token is executed when the set rules are met. Similarly, the DAO contract is coded to dictate the working of the organization, such as deciding on the fund distribution as per the voting proposals of the members.
For instance, DAO has in-built treasuries. The funds from these are spent after the group’s approval, and no single authority has access to execute any plan.
The voting proposals for making critical decisions concerned with the project ensure that every participant’s voice is heard, leading to better trust and transparency in on-chain activities.
The governing rights on the activities of the organisations vary from protocol to protocol, and it is purely subjective to how DAO coding is done. So, it is important to pay attention to the governing rights users have on the protocol before enrolling in any DAOs.
Steps involved in setting-up DAO smart contracts
The mechanics of on-chain governance are executed through a set of contracts– token, governor and timelock. Let’s find out the role of each of them.
Token: Tokens determine the voting power of the community members to participate in on-chain governance. The token contract ensures the balance is verified to retrieve the power and allow participants to express their choice on governance proposals.
Governor: The governor contract is coded with conditions on allocating power to token holders, the type of tokens acceptable, count on the number of votes required for the forum and so on. However, developers can code with the feature specifics on how they want the contracts to perform.
Besides, the governor contract also includes voting delay and voting proposal specifics in the code. It serves the purpose of giving instructions on how long the voting proposal is open for participants to vote.
Timelock: The Timelock aspect involves the AcessControl setup for the proposed role, executor role and admin role. Integrating the timelock component with the governance systems gives the liberty for participants to walk away in case of disagreement with the decision.
High-level view on Security dreads for DAOs.
DAOs reliance on smart contracts holds them accountable for governance voting and treasury maintenance. And each of these elements has its own security concerns; let’s unwind them below.
Security concerns in smart contract
Let’s rewind a little and recollect the well-known ‘DAO downfall’. The predominant cause was the bug in the DAO code. The hacker was able to exploit the vulnerability and drain funds from the contract by making recursive calls.
The contract held 12.7M Ether, of which the hacker stole 3.6M ETH by leveraging the loophole in the contract.
This incident clearly depicts the need for more experience and experimentation with DAO security. Although DAO is greatly praised for its innovation, the quality of the code caused greater damage.
Furthermore, the coding of the smart contracts should be completely transparent to ensure that no feature turns into a bug later.
Security Concerns On Governance
There are multiple ways wherein hackers can intrude on the protocol’s governance. To start with, decentralized notifications are one way where if a hacker can block notifications, they can introduce malicious proposals that go unnoticed by other DAO members.
Next is the proposal requiring multicall transactions. If the proposal is not reviewed or audited by DAO, the attacker can use them to produce complex outcomes.
Wrong thresholds and inappropriate timelocks lead to the possibility of bad activities. Flash loans are another concern for governance security. Attackers can borrow a huge sum of tokens that endows them with the majority power to push through a proposal.
The proposals with malicious intentions raise a serious security concern over the changes implemented in the protocol. AAVE and Compound have suffered from these types of hacks in the past.
Security Concerns On Execution
MakerDAO, launched in the Ethereum network in 2017, was doing well. Until a market crash hit in 2020 when the price of Ether went as low as 50% down. It was the most important collateral used in the MakerDAO, and the price crash triggered massive liquidity.
MakerDAO wasn’t designed to handle such a huge liquidation that resulted in a greater financial loss. Although the coding was strong here, the fault was in executing the liquidation mechanism.
From then, the execution of the DAO mechanism was also added up to the list of other existing security concerns.
Checklist for DAO smart contract audits
Security is the predominant aspect in on-chain governance so as to protect the power from falling into bad hands. So, from a security standpoint, let’s find the guidelines for developing robust DAO contracts.
Low-level calls: Calls to arbitrary contracts that fetch arbitrary data have to be dealt with carefully.
Handling low-level calls are tricky because it may open up the chance for reentrancy attack vectors. So, it is always good practice to verify the success condition of the calls and then handle the returned data.
ETH holdings: Based on the audit findings, there have been many cases where ETH is not handled properly in governance-related contracts. So, it is suggested to ensure the way of sending ETH when the governance contracts require handling ETH.
Another precaution to observe is while using msg.value that allows batched calls. Chances are that this pattern can go wrong.
Refrain from Flash-loan exploits: Flash-loans are relied on by exploiters who want to influence the governance decisions and launch an attack. They take flash loans and secure the governance votes through token holdings to manipulate a governance decision.
Therefore, you can avoid measuring voting power at the current block, as the flash loan taken for gaining governance power puts the system at risk.
Regular updates: Even if there aren’t necessarily any flaws in the contract, you should always check on the market of governance tokens and adjust the threshold accordingly. Otherwise, it would allow malicious actors to take over the decisions.
Ensure you are paying attention to specifics while migrating and upgrading the governance system. There have been instances such as the one that happened with Uniswap. Its migration to Governor Bravo initialized a contract flaw that temporarily halted governance decisions.
Include delays using timelock contract: Time-delayed actions enable the community to review the changes to the protocol before they are into force. These time delays can be implemented via Timelock contracts.
Protocol-related vulnerabilities: The software used for coding a protocol works on specific business logic that may vary from one another. So do the issues that arise when executing changes in that system.
As a matter of fact, Compound protocol suffered an issue due to the approval of a manipulative community proposal. Therefore, it is always good to have a thorough review of the code by peers and independent parties to ensure the strength and soundness of the contract.
QuillAudits Eminence In DAO Smart Contract Auditing
In today’s times, for a system to be purely self-functioning many projects are figuring out their way to imbed on-chain governance. So, the field is rapidly evolving and flourishing as per their community needs.
The attacks are also getting complicated, which is both challenging and costing heavy. Therefore, it is necessary to ensure the processes are in place and the code is closely followed. QuillAudits performs extensive study and audits the code to rule out any potential pitfalls and secure the project from malicious activities.