Researchers from Cornell University are investigating potential threats that could turn into ‘dark’ voting systems in decentralized autonomous organizations (DAOs). In collaboration with Vitalik, their work revolves around mitigating an imminent threat to decentralization as DAOs go mainstream.
DAOs allow the communities to make decisions without a central authority. However, as they gain popularity, they also face new threats that could undermine their decentralized nature. Among these is the risk of vote-buying attacks, where malicious actors could manipulate DAO votes through bribery.
Buterin combats vote buying with proof of complete knowledge (PoCK)
DAOs function on a system where token holders have voting power over decisions. While democratic in theory, this mechanism is susceptible to manipulation. Malicious actors can offer financial incentives to token holders, bribing them to vote for specific proposals. This is known as a vote-buying attack.
Since DAOs have no governing body, it is quite complicated to detect and stop attacks. Additionally, the anonymity provided by technology can help attackers avoid being caught.
To address this problem, Buterin and his colleagues have introduced an idea known as proof of complete knowledge (PoCK). This concept guarantees that a voter truly possesses a key and has the ability to utilize it without restrictions.
Additionally, this approach can help thwart attackers from manipulating votes using trusted execution environments (TEEs) or application-specific integrated circuits (ASICs).
Source: The Initiative for CryptoCurrencies and Contracts (IC3)
Using PoCK can ensure and verify that voters have complete control over their keys, making it significantly harder for attackers to manipulate voting outcomes. This approach strengthens the integrity of the DAO’s governance process.
Hackers are exploiting the flaws of DAOs
The recent breach, at Compound DAO serves as a reminder about the importance of implementing strong security protocols. A group called the Golden Boys took advantage of voter engagement and conflicting motivations to push through a proposal that favored them financially. This event highlights how susceptible DAOs are to being influenced and controlled.
Research conducted by scholars from the University Complutense of Madrid found that half of all DAOs have fewer than ten active voters. Further, between 1,000 and 10,000, members of DAOs participate in the governance process for less than 30% of proposals put forward, while less than 1% of members control more than 50% of the voting power.
As such, the attack on Compound’s DAO may have been an inevitable consequence of low voting participation coupled with the architecture of decentralized autonomous organizations. These forces create opportunities for entities with deep pockets and misaligned incentives to capture an inherently fraught governance process.
Even though the investigation into PoCK is just at its initial stages, it shows progress in safeguarding DAOs. Tackling issues such as vote manipulation will be vital for DAOs’ prosperity.