What Is a DAO? Governance Models, Voting Mechanisms, and Their Real-World Limitations

Key Takeaways

1. A DAO is an organisation governed by smart contracts and token-holder votes, replacing traditional management structures with encoded rules and community participation.

2. Most DAO voting systems have significant structural weaknesses, including low participation, token concentration, and vulnerability to governance attacks.

3. Real-world DAOs rarely match their theoretical ideals. Understanding where governance breaks down is essential for anyone participating in or building with DAOs.

What Is a DAO?

DAO stands for Decentralised Autonomous Organisation. The concept refers to an organisation where rules, decision-making, and treasury management are encoded in smart contracts on a blockchain, with changes requiring token-holder votes rather than approval from a traditional management hierarchy.

In theory, a DAO removes the need for a CEO, board of directors, or central management team. Instead, anyone who holds the governance token can propose changes, vote on decisions, and influence the direction of the organisation.

In practice, DAOs exist on a spectrum. Some are genuinely decentralised with active community governance. Others are effectively controlled by a small group of early investors and founders, with governance tokens providing the appearance of decentralisation rather than the reality.

Understanding where a specific DAO sits on that spectrum matters enormously for anyone deciding whether to hold governance tokens or trust a protocol's governance.

How DAO Governance Works: The Basic Structure

Every DAO has some version of the following components:

Governance token A token that represents voting power within the DAO. Holding more tokens typically means more votes, though some DAOs use alternative models to reduce concentration of power.

Proposal mechanism A process for submitting changes to the protocol, treasury, or rules. Most DAOs require a minimum token balance to submit a proposal, which is intended to prevent spam.

Voting period A defined window during which token holders can cast votes. Periods typically range from two to seven days.

Quorum requirement A minimum level of participation required for a vote to be considered valid. If quorum is not met, the vote fails regardless of the outcome.

Execution If a vote passes, the result is either automatically executed by a smart contract (in on-chain governance) or actioned by a trusted team or multisig (in off-chain governance).

On-Chain vs. Off-Chain Voting

There are two main approaches to DAO voting, each with different trade-offs.

On-Chain Voting

Votes are cast as blockchain transactions. The outcome is automatically executed by smart contracts.

Examples of protocols using on-chain governance include Compound and Uniswap.

Off-Chain Voting

Votes are cast through a platform like Snapshot, which records votes as signed messages without requiring blockchain transactions.

Off-chain voting is used by many major DAOs including MakerDAO (for some decisions) and Aave for signalling votes. The trade-off is that off-chain governance re-introduces a trust element, since humans must act on the vote result.

Token-Weighted Voting: The Structural Problem

The most common form of DAO voting is token-weighted. One token equals one vote. This is simple to implement but creates several well-documented problems.

Plutocracy by design When voting power is proportional to token holdings, wealthy participants and early investors dominate governance. In most DAOs, the top ten to twenty wallet addresses control a majority of voting power. Community input becomes marginal when a handful of large holders can determine any outcome.

Voter apathy Low participation rates are endemic to DAO governance. Voting requires time, attention, and sometimes gas fees. Most token holders do not vote on most proposals. This means quorums are often hard to reach and active participation skews toward those with the most financial stake.

Short-term incentive misalignment Token holders who can sell at any time may vote for decisions that benefit short-term token price over long-term protocol health. This is the DAO equivalent of a company prioritising the next earnings quarter over its five-year strategy.

Delegate concentration Some DAOs use delegation systems where token holders assign their votes to delegates. In theory, this enables expertise to be applied to governance. In practice, delegation often concentrates power in a small number of active delegates, replicating the centralisation problem at a smaller scale.

Alternative Governance Models

Some DAOs have experimented with alternatives to pure token-weighted voting.

Each alternative addresses some weaknesses while introducing others. Quadratic voting, for example, can be gamed by spreading tokens across multiple wallets (Sybil attacks). Reputation systems require trust in how reputation is assigned.

Governance Attacks: The Quorum Problem

A governance attack occurs when a malicious actor uses token accumulation or manipulation to push through a proposal that benefits them at the expense of other participants.

Quorum attack mechanics: Many DAOs set quorum at a relatively low threshold, sometimes as low as 4% of total supply. If most token holders are inactive, a well-funded attacker can reach quorum with a relatively modest token purchase and pass malicious proposals.

The Beanstalk exploit (April 2022) One of the most cited examples of a governance attack. An attacker used a flash loan to temporarily acquire a majority of Beanstalk's STALK governance tokens within a single transaction. They used that temporary voting power to pass a malicious proposal that transferred roughly $182 million worth of assets to their own wallet. The entire attack was completed in the time it took for a single Ethereum block to process.

This exploit highlighted a critical vulnerability in on-chain governance: if voting power can be acquired instantly (via flash loans or flash purchases), proposals that execute within the same transaction can be weaponised.

Case Studies: When DAO Governance Failed

The Original DAO Hack (2016)

The DAO was one of the first major DAO experiments, raising roughly $150 million worth of ETH in 2016. A reentrancy bug in its smart contract allowed an attacker to drain approximately $60 million in ETH before the drain was stopped.

The resolution was controversial: Ethereum's community voted to hard-fork the blockchain to reverse the theft. Not everyone agreed with the rollback. Those who opposed it continued using the original chain, which became Ethereum Classic.

The DAO hack established two lasting lessons: smart contract bugs in governance systems can be catastrophic, and reversing on-chain transactions requires extraordinary community consensus.

Mango Markets Exploit (2022)

On the Solana-based lending protocol Mango Markets, a trader used a coordinated market manipulation scheme to artificially inflate the price of MNGO tokens, then borrowed against the inflated collateral to drain the protocol's treasury.

After the exploit, the attacker then used their MNGO holdings to vote on governance proposals regarding the settlement of the stolen funds, effectively participating in governance over their own exploit. Mango users voted to approve a settlement that allowed the attacker to keep a portion of funds. The attacker was later indicted by US authorities.

This case illustrated how on-chain governance can become a tool for exploiters in the aftermath of an attack.

Tornado Cash DAO (2023)

A governance attacker submitted a proposal that appeared benign but contained hidden malicious code. Once passed, the proposal granted the attacker full control of the DAO's governance contract, allowing them to mint tokens and drain the treasury. The attacker later returned control after token prices collapsed, apparently having taken profits on a short position.

What Good DAO Governance Looks Like

Despite the failures, some DAOs have developed more robust governance practices. The characteristics that tend to correlate with healthier governance include:

• Time locks on proposal execution: A mandatory delay between a vote passing and execution, giving the community time to identify problems and exit if needed

• Multi-sig execution for high-risk proposals: Requiring human signatories for treasury changes, even if a vote passes

• Graduated governance: Requiring higher quorum for larger treasury decisions

• Active delegation with accountability: Named, publicly known delegates who are held accountable for their voting record

• Transparency in proposal discussion: Open forums (Discord, forums, Snapshot discussions) where proposals are debated before formal votes

Should You Hold Governance Tokens?

Governance tokens carry multiple roles simultaneously. They represent voting power, potential protocol revenue rights (in some cases), and speculative value. This overlap creates complexity.

Holding a governance token to influence protocol decisions requires active participation, which most retail holders do not engage in. As a speculative asset, governance token value is typically tied to the protocol's overall success and token market dynamics.

Understanding which role you are primarily holding the token for helps clarify the risks involved. Voting power is only valuable if you intend to use it and if your votes can actually influence outcomes.

FAQ

What does DAO stand for? DAO stands for Decentralised Autonomous Organisation. It refers to an organisation that uses smart contracts to encode its rules and relies on token-holder votes for governance decisions.

Can a DAO be hacked? Yes, in multiple ways. Smart contracts underlying a DAO can be exploited. Governance mechanisms can be attacked using flash loans or token accumulation. Malicious proposals can be passed if quorum requirements are low and participation is weak.

What is a governance token? A governance token is a cryptocurrency that represents voting rights within a DAO or protocol. Holding the token typically allows participation in governance votes. Examples include UNI (Uniswap), COMP (Compound), and MKR (MakerDAO).

What is a timelock in DAO governance? A timelock is a mechanism that introduces a mandatory delay between when a governance vote passes and when the changes are executed on-chain. This gives token holders and security researchers time to review the changes before they take effect.

Is a DAO a legal entity? In most jurisdictions, DAOs are not recognised as legal entities, which creates liability uncertainty for participants. A small number of jurisdictions, including Wyoming in the United States and the Marshall Islands, have passed legislation that gives certain DAOs legal recognition. The legal status of DAOs globally is still evolving.

What is the difference between a DAO and a multisig? A multisig (multi-signature wallet) requires multiple designated key holders to approve transactions. It is simpler and more centralised than a DAO but often more practical for teams that need to move quickly. Many DAOs use multisig wallets to execute governance decisions, creating a hybrid model.

Disclaimer: This content is for educational and informational purposes only and is not financial advice. Nothing here is a recommendation to buy or sell any asset or use any platform. Do your own research and manage your risk.