Decentralized Governance Structures
Checks and balances for lean and trust minimized DAO governance
Governance enables modern society. Governments decide where to allocate tax income and influence the levers that control the flow of value in our economy. Governments currently deliberate behind closed doors — keeping citizens in the dark until their fates have already been determined. This is the way of the past. Blockchain technologies allow for these conversations to happen out in the open where they belong — putting the affected citizens at the forefront of the decision making.
Decentralized Autonomous Organizations (DAOs) are on-chain governments which control enormous resources. These have the potential to eradicate corruption through contractual incentive alignment. In other words, “can’t be evil” is far more powerful than “don’t be evil.” The Googles and national governments of the world are capable of evil even if that is not the intention of any of their participants. Only open-source governance algorithms can help humanity evolve to the next level of coordination.
Many DAOs have struggled to create a governance process that balances agility with security. Developers need to be able to build and iterate quickly without lengthy debates happening every time code is shipped while the community needs the power to stop bad actors. The following is a framework that employs multiple governance strategies to maximize development speed without compromising on protocol security.
DAOs of the future will leverage nuanced governance across three main categories:
- Token Governance — Direct democracy with “Executive Branch” like powers
- Optimistic Governance — Representative Democracy with “Legislative Branch” like powers
- Security Guardian — Conditional Omnipotence with “Judicial Branch” like powers
Token Governance
Token Governance means all holders need to vote in order to effect change. This is “positive consent” in the sense that enough stakeholders need to actively approve a new proposal. It functions as an Executive Branch, maintaining full authority over all other components of the system.
Token Governance can have any combination of the following properties:
- Quorum — a minimum amount of approval to pass
- Delegation — appointing a representative to vote on your behalf
- Timelock — A delay after a proposal is passed before taking effect
- Vote-Escrow — locking votes for a time period to earn more votes
Token Governance is onerous. It often is subject to voter apathy as underinformed token holders are encouraged to participate in frequent, complex proposals. There is also a free-rider problem where holders can speculate on project outcomes without being engaged in governance at all.
For the above reasons, Token Governance should ideally only be used on the most important decisions, including but not limited to:
- Minting new tokens (diluting holders)
- Upgrading contracts
- Changing admin control
- Appointing/Vetoing other governance layers
In a perfect world, every proposal that makes it to Token Governance has high engagement because it is that important to stakeholders. In other words, low engagement is a sign of excessive use of Token Governance.
The best existing Token Governance contracts are the OZ Governor, Governor Bravo, and Curve VotingEscrow.
Bonus: Vitalik Buterin has a fantastic post on going beyond token governance.
Optimistic Governance
An Optimistic Governance model allows a core group of elected actors to enact proposals on behalf of the community. This form of governance is considered “negative consent” because in the happy path, there is no intervention from token holders to enact a proposal. Enough stakeholders need to actively block a new proposal for it to not take effect. It functions as a Legislative Branch, with elected representatives drafting and enacting proposals for the benefit of the community under the watch of Token Governance and the Security Guardian.
When challenges inevitably arrive, there are safeguards in place to protect the ecosystem.
The first safeguard is a timelock. This transparency allows users a way out in the event of a malicious proposal. A user can exit the ecosystem during the timelock window.
The second safeguard is a veto controlled by other stakeholders such as Token Governance and the Security Guardian. This means that during the timelock window, if enough stakeholders vote to cancel a proposal, it will not take effect. This is the ultimate protection against bad acting governance.
Optimistic governance is lean and efficient, allowing key expert stakeholders to act in the best interests of the majority. It is ideal for nearly all governance applications:
- Parameter changes
- Contributor compensation
- Issuing Incentives
- Minor upgrades/integrations
In a perfect world, Optimistic Governance has high transparency and low engagement. Low engagement means proposals are well understood and non-controversial. If the Optimistic Governance is seeing high engagement with elected actors proposals, the actors are likely proposing controversial changes. High transparency is important to allow other stakeholders to make informed decisions about whether to engage and attempt a veto, for example.
The best Optimistic Governance would use the OpenZeppelin TimelockController and allow key stakeholders to veto. Fei Protocol uses this for its Optimistic Approval. This concept originated with Gyroscope.
Security Guardian
When Token or Optimistic governance fails, the DAO needs emergency shutdown mechanics on critical functionality. Executing this is the job of the Security Guardian. An effectively designed security guardian can help prevent vulnerabilities. This can help prevent vulnerabilities from being exploited and give stakeholders time to develop longer term solutions before restoring functionality. It acts as a Judicial Branch, making sure the Token Governance and Optimistic Governance are acting in good faith and with strong security practices in mind.
The Security Guardian should have “conditional omnipotence”, in other words it can act immediately but only on pre-defined behaviors. These behaviors should include:
- Pausing contracts
- Vetoing malicious Optimistic or Token Governance proposals
- Force actions that may otherwise be inactive
The Security Guardian should be “trust minimized” in that it should never be able to harm users actively or at minimum not be incentivized to do so. The following actions should not be available for the Security Guardian without justification:
- Withdrawing funds
- Preventing users from exiting a system
- Changing critical parameters
In a perfect world, the Security Guardian should never be used. This means the contracts are secure and the Security Guardian holders are correctly incentivized not to act maliciously.
The best Security Guardian is simply a Gnosis Safe, which can use OpenZeppelin Defender to store and streamline security runbooks.
Summary
DAOs can rapidly make decisions while minimizing corruption and maximizing transparency. They do this by combining nuanced governance powers at different layers:
- Token Governance should only be used for the most important decisions.
- Optimistic Governance should empower key stakeholders to take the reign subject to token holder approval.
- The Security Guardian should maintain conditional omnipotence for fast acting security concerns.
Decentralized Governance will improve existing power structures and introduce new and open ones.
Bonus: At Fei we use OpenZeppelin AccessControl to further break down governance roles for various contracts and stakeholders in our system. We consider it our responsibility to not only create a maximally decentralized stablecoin, but also trust minimized governance processes to protect protocol reserves, the community, and the FEI peg.
If you want to get involved in a DAO, come join the Fei DAO Discord or another one of your favorite projects!
