
This past week we got two examples of when self-executing proposals go wrong for DAOs.
One proposal on Aave resulted in roughly $110 million in assets freezing after the proposal passed, and another on Tornado Cash saw a crafty proposer make off with roughly 372 ETH, worth over $670,000.
The Aave proposal has been fixed, and a new proposal executed the fix. As for Tornado Cash, the proposer has made a new proposal to return the funds. But because he is still the majority holder of TORN, the DAO’s governance token, it’s still up to him whether the vote actually passes.
But what are self-executing proposals exactly?
“Self-executing DAO governance models allow for an additional level of decentralization,” Open Zeppelin’s head of solutions architecture Michael Lewellen told Decrypt. “They remove the need for an intermediary or centralized influence to ‘hit go’ on an action decided upon by the DAO, a reliance on which effectively centralizes the entire model.“
This means that as soon as a DAO votes on a proposal, the code that enacts said proposal is engaged immediately.
These third parties that act on behalf of a DAO can also diminish the meaning of “A” in the acronym: Autonomous.
“Third parties inject risk and points of failure into a system, and this is a pain point we see again and again in DAO governance,” Aaron D, a research analyst at Delphi Digital, told Decrypt, adding that it begs the question, “Who controls a DAO—the stakeholders, or those who execute the proposal?”
It’s a valid question, but clearly, it’s a balancing act.
On the one hand, you want an active community to push the project forward, but, as seen above, this desire comes with some hefty baggage.
“First and foremost, any DAO proposal that includes a proxy upgrade of smart contracts should be reviewed by a security audit firm to catch bugs and potential backdoors such as this,” said Lewellen. “Otherwise, an upgrade could introduce a backdoor and exploit the system, as it did for the Tornado Cash DAO.”
It’s early days of course, as evidenced by some of the mistakes already made, but it’s an open problem with some different solutions at work.
“The best protocols utilize timelocks to insert a time delay between the proposal and when the newly upgraded code goes into effect,” Origin Protocol co-founder Josh Fraser told Decrypt. “That way users have time to get their money out if any nefarious proposal is passed. This also allows security engineers to spend more attention on proposals once they have passed governance, versus wasting their time evaluating every spam proposal that has little chance of being accepted.”
The balancing act also sheds more light on the growing cottage industry of business consultants in crypto, otherwise known as delegates.
DAO delegates are essentially given the voting power of token holders who may not be as technically versed or able to monitor the project at all times. On their behalf, delegates vote in ways that they think—based on their expert opinions—which proposals would be net beneficial for a specific project.
“Pro delegates are paid to make sure everything is fine and DAOs are not going to lose all their money; that includes monitoring governance, and seeing if the new code being added isn’t going to break everything,” Nathan van der Heyden of Snapshot Labs told Decrypt. He’s also a delegate for Arbitrum, a layer-2 scaling solution for Ethereum.
Ultimately, whether a DAO should self-execute or not is the wrong question.
According to some, implementing this kind of feature is inevitable.
“As the industry gains more regulatory clarity, there will be less acceptance for DAOs and governance that rely on third parties to execute proposals,” said Delphi's Aaron D. “If they live up to their ideals, they are a novel coordinating method that allows us to manage public goods in the digital age more fairly and equitably.”
Decrypting DeFi is our DeFi newsletter, led by this essay. Subscribers to our emails get to read the essay before it goes on the site. Subscribe here.


