Introduction

Decentralization creates principal agent problems that are unique to DAOs. These lead to several attack surfaces and common vulnerabilities in the ecosystem. DAOIP-8 is a baseline security specification for DAOs co-authored by DAOstar, Tally and eth.limo to combat these vulnerabilities.

<< We are co-hosting a discussion during ETH Denver on DAO security (DAO Security Discussion), and a full-day event on DAO-focused experimentation (DAO Day of Fun). RSVP if you are planning to attend! >>

Why Do DAOs Need a Security Standard?

One of the core tenets of web3 security is trust abstraction using cryptographic guarantees and

smart contracts. DAOs too are built on this foundation. Decentralizing decision making reduces the likelihood of a hostile takeover as governance power is distributed among a large number of participants. Many DAOs also set up additional safeguards, including:

• Permissioned sets of actors that can execute specific steps, for example, move a proposal to a vote or execute a proposal;

• Security councils that can veto malicious proposals;

• Active quorum thresholds and voting guardrails in order to specify a minimum participation baseline, ensuring that risks introduced by low voter turnout can be mitigated.

The long game of governance often acts as a practical filtering mechanism, which favors more active and committed actors to rise to prominence, for example, as the most influential delegates.

However, decentralization also diffuses responsibility, creating “no one’s job” scenarios, where critical tasks like compliance, incident response, or code reviews are neglected because no single party feels the mandate to act. Similarly, due to the bootstrapped nature of the DAO ecosystem, formalized definitions do not exist for most relationships between a DAO and external entities. Add to this the still-early nature of regulation and compliance of DAOs - the usual forcing functions that dictate how vendors, service provider policies, and other key entities are to be managed is largely non-existent.

All of this, when combined, has a direct effect on security as in the case of DAOs. They materialize as:

• Governance attacks that can lead to immediate treasury drain, sabotage protocol upgrades and cause unrest within the DAO. They can be orchestrated by accumulating governance tokens to vote down all proposals - bringing the DAO to a decision paralysis; slipping in a malicious proposal at the last minute; or attaching a malicious detail to an otherwise safe proposal. The attacks often leverage low voter turnout and the lack of technical expertise among governance participants.

• Low proposal safety through inadequate audits, rushed deployments, and insufficient peer review of on-chain code can introduce vulnerabilities. Even subtle bugs in upgrade logic, governance modules, or treasury contracts can become catastrophic if not caught early.

• Incident response gaps form when there isn’t a pre-coordinated emergency plan for the DAO, making it slow to respond to threats, magnifying the damage done by compromised signers, infrastructure hacks, or DNS hijacking.

• Poor management of external entities as many DAOs entrust critical tasks like multisig management or code upgrades to external groups without clear security policies in place.

• Physical security risks as the lack of proper guidelines and training for delegates, multisig signers, and core team members causes them to inadvertently expose private keys, laptops, or other sensitive resources. “Wrench attacks”, or physical coercion or intimidation of keyholders is a real threat, especially with the amount of conferences we do every year.

Several other attack surfaces and common vulnerabilities exist within DAOs. There are data transparency gaps (especially around privileged roles or incomplete listing of DAO assets, which can lead to confusion and difficulty in pinpointing accountability); regulatory uncertainty (which deters highly-aligned entities from governance participation due to the fear of regulatory backlash); community management risks (that can enable an attacker to spread misinformation or scam community members), and infrastructure vulnerabilities (off-chain infrastructure like forums, websites, or GitHub repositories can be compromised even if the on-chain code is secure).

Introducing DAOIP-8

DAOIP-8 aims to establish a minimum viable security standard among DAOs, such that all DAOs, irrespective of their scale or governance design, have an easily accessible set of controls to follow as standard practice when it comes to security. DAOIP-8 also intends to help DAOs establish the basic foundations of a Technical Governance Framework. External dependencies (for example, hosted code repositories, cloud services, and other third-party providers) introduce novel complexities without clear boundaries relating to technical asset ownership and management.

The specification in its current form considers:

• Data transparency

• Decentralized ownership

• Proposal safety

• Management of external entities

• Defense against governance attacks

• Physical security for key entities

• Community management best practices

• Compliance

• Code security

• Key management

• Subdomain versioning

These topics are addressed by outlining two levels of controls - [MANDATORY] (measures that are critical), and [RECOMMENDED] (measures that mitigate second-order risks). In total, DAOIP-8 defines 14 controls -  8 applicable to all DAOs irrespective of their governance structure or size and 6 controls for Protocol DAOs (DAOs that manage an onchain protocol through governance).

**To keep this blog post concise, we’ll refrain from defining all 14 controls here. The full specification, along with more context and research can be accessed here. 

While the absence of some of these controls, for example, a physical security policy for delegates, can lead to a critical security incident, others, say data transparency, may not have an immediate effect. Even so, every control defined in DAOIP-8 can have second-order effects. For example, low data transparency may lead to the loss of governance contributors, which reduces voter turnout and makes a governance takeover less costly. Hence, all DAOs are recommended to make their best effort to follow all controls outlined in DAOIP-8.

Conclusion & Next Steps

DAOIP-8 is a necessary step toward improving the overall security posture of the DAO ecosystem. As it is still an embryonic process, continuous, iterative improvements are necessary, alongside diverse collaboration with existing DAOs to better understand and address potential weaknesses.

DAOIP-8 aims to be informative and descriptive, not necessarily prescriptive. Given the diverse nature of the DAO landscape, the controls specified in DAOIP-8 serve as a starting point that can be adapted to the specific needs of individual DAOs. As this is open-source work, we invite contributions from everyone—whether you are a security professional, DAO voter, significant delegate, or governance enthusiast.

Next steps for you:

1. Read the full report for the complete list of recommended controls and references.

2. Stop by our event during ETH Denver to discuss and contribute to the evolution of DAOIP-8: DAO Security Discussion.

P.S: We are also co-hosting a day-long fun and experimental DAO-focused event during ETH Denver. RSVP for DAO Day of Fun!

See you in Denver!