Can Blockchain Run Organizations in Auto-Pilot Mode (In a Secure Way)?

By Vipul Parekh

2016 is turning out to be the year of solutions for Blockchain innovation. The Wall Street Journal is predicting that investments in Blockchain technology will exceed $1 billion before the end of this year! Even though Blockchain technology itself is still in its infancy stage, the banking industry, FinTech, consortiums, and open source communities are all rushing to bring a number of use cases to life. We have seen a number of interesting pilots ranging from identity management, document management & notarization, trading platforms, and recently, the Ethereum blockchain community launched perhaps the biggest ever crowdfunded pilot with $150 million investment known as the Distributed Autonomous Organization (DAO). If realized successfully, DAO could create a well-functioned organization run not by humans but by a bunch of Smart Contracts.

What is DAO?

Although there are multiple acronyms emerging alongside DAO, such as DO (Distributed Organization) and DAC (Distributed Autonomous Corporation), the original idea of DAO was coined by the main developer of Ethereum, Vitalik Buterin [Blog]. DAO is a mutually owned organization of members who buy tokens in DAO and have voting rights based on their number of tokens. The mutual organization is structured as follows:

  • It is a self-governed with all rules and policies executed by smart contracts.
  • It has internal capital and contains some type of smart property that is valuable and can be used as a mechanism to reward certain activities.
  • It is created through community funding and uses the wisdom of crowds to authorize decision making through volunteer actions such as voting.
  • Due to built-in immutability on the Blockchain platform, once DAO contracts are deployed and activated, even their creators cannot change the functioning of organization.
  • It is purely software. It does not manufacture products, hardware etc. For that purpose, DAO needs physical players called Contractors.

At the core of the DAO concept are Smart Contracts, a term first introduced by Nick Szabo twenty years ago [Nick Szabo's original definition]. These smart contracts enforce functional implementation of a particular requirement and are able to show whether certain conditions are met or not. If built on a Turing-complete platform (e.g., Blockchain), and written carefully, smart contracts have the capability to create constrained and predictable financial results without the need for management oversight in certain domains. DAO is leveraging this capability of smart contract on Blockchain.

A look at Ethereum DAO experiment….

The Ethereum DAO was created this past April with an initial creation period lasting 27 days during which it has raised about 11.5 million ETH (Ethereum cryptocurrency), valued at about $150 million. This is considered to be the largest crowdfunded project event in history.  Currently, it has over 10,000 investors who control approximately 15 percent of total ETH supply.

A DAO is created using a model similar to a venture capitalist firm or Kickstarter style crowdfunding model. Individual investors purchase ETH (the cryptocurrency recognized by DAO) and receive digital tokens to use for voting on proposals submitted by contractors.  A DAO can work with as many or as few contractors as desired. When contractors submit proposals in the form of smart contracts, these proposals are validated by a group of signatories to protect the interest of DAO. Once a proposal is approved, the address of the contractor is added as an approved address to receive ETH. The ETH is transferred to contractors based on agreed upon terms and times specified in the smart contract. Investor gains are derived from profits coming from the proposal. Additionally, DAO has rules for determining the majority voting percentage based on size of a proposal and the funding needed, as well as for the withdrawal of funds and changes in voting decisions to retain fairness in the decision making process and protect the interests of individual investors.

Ethereum DAO hacked….

On June 17th, the Ethereum DAO was hacked. The hacker(s) exploited a loophole in the Application Programming Interface (API) and created a split in DAO to create another “child DAO” funded with ETH worth in excess of $50 million. This obviously shocked the entire community, which has been working extremely hard for years to realize this dream. But at the same time, it also showed the challenges and risks embedded with this type of experiment. There are multiple ideas for how to recover the stolen funds but nothing is finalized. (Several blogs here have covered this.)

Challenges:

  • Vulnerabilities: Security threats remain one of the critical challenges until the technology matures. There are number of scenarios where participants can game the decision making process. For example, DAO assumes rational behavior on the part of the actors participating in the voting of proposals. However, actors with large proportions of votes can take unfair advantage by voting at the last minute in favor of a proposal. There is also the possibility of a majority takeover attack by a large voting bloc that could capture 100 percent of the funds for a proposal. Also, ETH value can fluctuate widely based on speculations created by large investors.
  • Regulatory: There is no clear regulatory framework defined for Blockchain-based infrastructure and DAO use cases at this point. In fact, DAOs in banking and insurance industries would require exceptions to operate legally in the absence of clearly defined guidelines. It is also unclear if the SEC will treat DAO investments as securities or if SEC will assume oversight over DAO to protect investor interests.
  • Legal: Currently DAOs are not recognized by the US legal system. This will obviously create uncertainties around legal rights for investors and contractors of DAO. Since DAO does not have central ownership, it is also unclear if they can be treated as general partnerships. Finally, it is uncertain how courts will handle liabilities in case of law suits.

Path Moving Forward...

DAO use case on Blockchain is obviously both futuristic and intriguing because software code is performing the function of management and enabling collaboration between humans. While DAO has potential to gain significant efficiency through smart contracts, it also holds the promise of bringing much needed transparency to a company's finances. Ethereum DAO's historical funding and subsequent hack are providing powerful learning and retrospection opportunities that will hopefully ensure that future DAOs will be more secure.

Vipul is a Senior Manager at Optimity Advisors with more than 20 years of experience in designing, building and managing strategic IT solutions for Fortune 500 investment banks. Vipul leads solution delivery of the financial services practice from our New York office. As an experienced business and technology leader, he guides large organizations in enterprise data strategy, Blockchain exploration & adoption strategy, regulatory & compliance platform design, business process re-engineering, ROI analysis, build vs. buy decisions, and team re-alignment strategy.