Securing a DAO in the long run

Mitigating security risks when building a DAO from the ground up

Building in a public environment, such as blockchain, carries risks, which are especially pronounced whenever community governance or treasury management are involved.

In the case of Alien Worlds, there are both: the planets in our metaverse are managed by DAOs, which allocate their treasuries to promote planet-related projects.

Suffice it to say, DAOs’ security is a paramount concern at the core of our efforts. Equally vital is our focus on culturally mature DAOs that make responsible decisions and ensure their own long-term sustainability.

With over 10,000 active wallets involved in the voting processes across all Alien Worlds planets, and an impressive 1,500 proposals approved and executed, this commitment is yielding tangible results.

So how do we create DAOs that last?

OUR APPROACH TO MITIGATING RISKS

Conceiving enduring DAOs was a comprehensive process for us.

First, we made a choice to build them from the ground up, avoiding using any existing turnkey solution. This approach granted us full control over the development process.

Second, we have thoroughly considered as many possible risks as we could, addressing fundamental questions: How do we secure the treasury? How do we ensure effective community management? How do we protect the smart contract from unintended behavior or adversarial attacks?

As talented as our engineering team is, however, we may not be able to foresee every single possible danger. Hardly anyone can – just look at the number of DAOs’ exploits and governance failures that does not decrease despite the technology progress. Smart contract vulnerabilities, user interface hacks, governance monopolization, ineffective management…the reasons can vary greatly from one DAO to another.

This realization prompted us to look at the security issue from a slightly different angle. We formulated the need for a mechanism that would allow progressive calibration of smart contracts, improving and adjusting them during the early stages of a DAO’s life as it faces real-life problems, be they of a general nature or specific to Alien Worlds.

Such a mechanism would require a blockchain that supports the principle of shared control over externally owned accounts, also known as account abstraction.

The Ethereum community has been discussing account abstraction for quite some time already, acknowledging the many ways in which it could improve users’ security and experience. However, while several proposals have been developed, none have been fully implemented yet.

On the other hand, Antelope, the protocol on which the WAX blockchain is built, has always supported account abstraction with the additional capabilities of a sophisticated hierarchical permission system.

SECURING DAOS WITH HIERARCHICAL PERMISSIONS

In a permissionless environment, the stakes are high.

If a DAO’s code becomes corrupt, a user or a group of users can circumvent its mechanics and divert community funds. If a DAO isn’t culturally mature enough, the funds could be squandered uselessly.

Usually, DAOs are subject to these risks from the moment their smart contracts are deployed.

In contrast, Alien Worlds DAOs benefit from a gradual exposure to risk, adapted to their level of development.

The key element enabling this approach lies within the Antelope protocol, which allows every account to be assigned multiple levels of permissions, each with a distinct controlling entity.

When we deploy our DAOs’ smart contracts together with their respective permissions, the DAOs’ communities assume control of the code through a democratic election process.

At the same time, the underlying Antelope protocol provides us with simultaneous access to the code, granted by a higher-level permission inscribed into the smart contract. With this access we can actively guide the development of our DAOs as they engage in the game. These safeguards also allow us to build sophisticated mechanisms directly into the smart contracts, all while ensuring that no unfortunate update can lock the DAO out of the code.

As the DAOs mature, the developer team will gradually disengage from the process.

Some could find it odd to have a DAO “guarded” by another account, but ironically, this measure actually allows us to build a truly autonomous DAO, strong from both technical and human perspectives.

The possibility to safely update the code even after the smart contracts have been deployed allows us to create the DAOs custom tailored for our metaverse. We are convinced that this approach strengthens Alien Worlds’ security and ensures the viability of our DAOs in the long run.