51% attack
Given the weighted democratic nature of a DAO, an attacker with 51% of existing REP tokens can destroy the group. Regardless of safeguards, eventually a patient adversary of the DAO with majority power can pass any legislation desired, creating new standards and stripping the organization of all value. With 51% of the value of a DAO, a wealthy, powerful, and patient adversary can gain 100% of the value of the DAO.
This arbitrage opportunity creates an everpresent threat in any primary DAO. So governance design must be continually vigilant against the possibility.
Inhibiting the attack[edit | edit source]
DGF's REP tokens are designed to inhibit the 51% attack, since REP is only minted in proportion to fees that enter the system and the fees are shared with the existing members first. A calculation[1] shows that without any other safeguards in place, an attacker who uses the minting mechanism to accumulate 51% must pay the DAO an absolute minimum of twice its estimated value to gain 51% of the tokens. With minimal natural assumptions, this figure is closer to six times the value of existing REP tokens.
Other safeguards can further inhibit this attack.
Veto power[edit | edit source]
Giving veto power to members inhibits the 51% attack, since it prevents the attacker from passing legislation at will. However, veto power does not scale well. With enough members, every proposal will be vetoed, deadlocking governance. To ameliorate this effect, veto power may be scaled by setting a minimum threshold (such as 33%) for veto.
Graceful Exit BOND market[edit | edit source]
With the Graceful Exit BOND market in place, the 51% attack is inhibited since REP cannot be purchased. In that case, the only way to aquire 51% of the power in the DAO is to outcompete the rest of the DAO by working. Using the availability smart contract's random selection of workers according to existing REP, a probability argument shows this is only possible when more than 50% of the DAO is not using their REP to capacity. Even then it will take a significant period of time to achieve, and at the same time the attacker would enrich existing REP holders by an absolute minimum of twice their existing value.
- ↑ See pp 15-18 in Craig Calcaterra, Wulf Kaal, & Vlad Andrei (2018) "Blockchain Infrastructure for Measuring Domain Specific Reputation in Autonomous Decentralized and Anonymous Systems", U of St. Thomas (Minnesota) Legal Studies Research Paper No. 18-11, Available at SSRN: https://ssrn.com/abstract=3125822 or http://dx.doi.org/10.2139/ssrn.3125822 (Retrieved 2023 May 30)