Quiz: DAOs and Decentralized Governance
Multiple Choice
Question 1
What was the specific vulnerability exploited in The DAO hack of 2016?
A) An integer overflow in the token transfer function B) A reentrancy bug in the splitDAO function that sent ETH before updating balances C) A private key compromise of The DAO's admin wallet D) A 51% attack on the Ethereum blockchain
Answer: B
Explanation: The DAO's splitDAO function sent ETH to the caller via an external call before updating the caller's balance to zero. This allowed the attacker's contract to recursively call splitDAO within the receive() fallback function, draining funds repeatedly before the balance was set to zero. This reentrancy pattern is now one of the most well-known vulnerabilities in smart contract development, and the checks-effects-interactions pattern was developed specifically to prevent it.
Question 2
What is the primary advantage of token-weighted voting over quadratic voting in a pseudonymous system?
A) Token-weighted voting is more fair to small holders B) Token-weighted voting is Sybil-resistant (splitting tokens across wallets does not increase voting power) C) Token-weighted voting encourages higher voter participation D) Token-weighted voting prevents whale domination
Answer: B
Explanation: In a pseudonymous system where anyone can create unlimited wallets for free, quadratic voting can be gamed by splitting tokens across many wallets (because the cost of N votes is N^2 tokens in a single wallet, but only N tokens split across N wallets each casting 1 vote). Token-weighted voting does not have this problem — 1,000 tokens in one wallet and 1,000 tokens split across 100 wallets produce identical total voting power. This Sybil resistance is the primary reason token-weighted voting remains the dominant governance mechanism despite its plutocratic properties.
Question 3
In conviction voting, what determines whether a proposal passes?
A) A simple majority of votes cast during a fixed voting period B) A supermajority of at least 67% of votes C) Accumulated conviction (time-weighted token allocation) exceeding a threshold proportional to the funding requested D) The number of unique addresses that vote in favor
Answer: C
Explanation: Conviction voting does not use discrete voting periods. Instead, token holders continuously allocate tokens to proposals, and conviction accumulates over time. A proposal passes when its accumulated conviction exceeds a threshold that scales with the amount of funding requested (larger requests require more conviction). This rewards sustained commitment over impulse voting and makes the system resistant to flash loan attacks and last-minute vote manipulation.
Question 4
What is the purpose of a timelock in DAO governance?
A) To prevent anyone from creating proposals too frequently B) To enforce a mandatory delay between proposal approval and execution, giving the community time to react C) To lock governance tokens during the voting period so they cannot be transferred D) To limit the number of proposals that can be active simultaneously
Answer: B
Explanation: A timelock enforces a mandatory waiting period (typically 1-7 days) between when a proposal is approved and when it can be executed. This serves two critical functions: (1) it gives community members who disagree with the outcome time to exit the system (sell tokens, withdraw funds) before the proposal takes effect, and (2) it prevents governance attacks where a malicious proposal passes and executes before anyone can respond. The Beanstalk attack ($182M stolen) succeeded partly because there was no effective timelock preventing immediate execution.
Question 5
Which statement best describes the legal status of a DAO without any legal wrapper?
A) It is recognized as a corporation in most jurisdictions B) It has no legal obligations or liabilities C) It is likely treated as a general partnership, exposing all members to unlimited personal liability D) It is automatically classified as a nonprofit organization
Answer: C
Explanation: In most jurisdictions, a group of people acting together for a common purpose without a formal legal structure is classified as a general partnership (or unincorporated association). This means every member — potentially every governance token holder — faces unlimited personal liability for the DAO's obligations. The CFTC's enforcement action against Ooki DAO in 2023 reinforced this interpretation, with a federal court holding that DAO token holders who participated in governance could be liable for the DAO's regulatory violations.
Question 6
What key innovation does Gitcoin's quadratic funding introduce compared to traditional grant-making?
A) It gives larger donations more matching weight B) It mathematically amplifies projects with many small donors over those with few large donors C) It requires all donors to verify their identity D) It distributes funds equally regardless of the number of donors
Answer: B
Explanation: Quadratic funding calculates matching funds using the square of the sum of the square roots of individual contributions. This formula means a project with 100 donors giving $1 each receives significantly more matching than a project with 1 donor giving $100 — even though direct contributions total the same. The mechanism mathematically encodes the democratic principle that broad community support matters more than the depth of any single donor's pockets. Gitcoin has used this to distribute over $50 million in public goods funding.
Question 7
Why did Ethereum's community choose to hard fork after The DAO hack rather than a soft fork?
A) A hard fork was easier to implement technically B) A soft fork was found to be vulnerable to a denial-of-service attack C) The community voted unanimously for a hard fork D) Soft forks are not possible on Ethereum
Answer: B
Explanation: The initial preference of many in the community was a soft fork that would simply blacklist transactions from the attacker's addresses (preventing them from moving the stolen funds without rewriting history). However, analysis revealed that this soft fork approach was vulnerable to a denial-of-service attack. Miners validating the blacklist would spend gas checking transactions without compensation if the transactions were blocked, creating an attack vector. This led the community to pursue the more dramatic option of a hard fork that actually rewrote the blockchain state to return the stolen funds.
Question 8
In Uniswap's governance, what is the approximate quorum required for a vote to be valid?
A) 1% of total UNI supply B) 4% of total UNI supply (40 million UNI) C) 10% of total UNI supply D) 50% of total UNI supply
Answer: B
Explanation: Uniswap governance requires 40 million UNI tokens (approximately 4% of total supply) to participate in a vote for it to be valid. Additionally, proposals can only be submitted by addresses holding at least 2.5 million UNI. These high thresholds were designed to prevent governance spam but have the effect of limiting participation to a small group of large holders and delegates. In practice, most Uniswap governance proposals are decided by fewer than 20 delegate addresses.
Question 9
What is the fundamental tradeoff identified in Section 28.8 regarding Sybil resistance, fairness, and privacy?
A) You can have any two but not all three simultaneously B) You can have all three with sufficient technology C) You must sacrifice all three for security D) Only privacy needs to be sacrificed
Answer: A
Explanation: The chapter identifies a fundamental trilemma: (1) Sybil-resistant + fair requires identity verification (sacrificing privacy), (2) Sybil-resistant + private requires token-weighted voting (sacrificing fairness/equality), and (3) Fair + private requires no identity check (sacrificing Sybil resistance). No known mechanism achieves all three simultaneously. This explains why token-weighted voting (which sacrifices fairness for Sybil resistance and privacy) dominates in practice, and why alternatives like quadratic voting (which sacrifice Sybil resistance) struggle in pseudonymous environments.
Question 10
What role did Ethereum Classic play in the aftermath of The DAO fork?
A) It was a new blockchain created specifically for DAO governance B) It was the original, unforked Ethereum chain maintained by those who opposed the fork on immutability principles C) It was a Layer 2 scaling solution built to prevent future DAO hacks D) It was a renamed version of The DAO's smart contract
Answer: B
Explanation: When approximately 85% of Ethereum's hash power adopted the hard fork (returning stolen DAO funds), the remaining ~15% continued mining the original chain where the hack stood and the blockchain history was unaltered. This chain became Ethereum Classic (ETC). It represents the philosophical position that blockchain immutability must be absolute — that the code executed as written, and the community should not rewrite history even to reverse a theft. ETC still operates today with a market cap of roughly $3.5 billion, though it has a fraction of Ethereum's developer activity and ecosystem.
True or False
Question 11
Most DAO governance proposals see participation rates above 25% of total token supply.
Answer: False
Explanation: Typical DAO governance participation rates are dramatically lower — usually between 1-12% of total token supply. Even well-known DAOs like Uniswap (2-5%), Compound (3-7%), and Aave (1-4%) see very low participation. This voter apathy is one of the most persistent challenges in DAO governance and has led to the widespread adoption of delegation systems to channel voting power to active participants.
Question 12
Snapshot voting is gasless because it uses signed messages rather than on-chain transactions.
Answer: True
Explanation: Snapshot allows token holders to vote by signing messages with their wallet (proving they hold the tokens and their voting preference) without submitting an on-chain transaction. This eliminates gas costs, making voting accessible to holders of any size. The tradeoff is that Snapshot votes are not automatically enforceable on-chain — a trusted party (usually a multisig) must execute the result, reintroducing a trust assumption.
Question 13
The Beanstalk governance attack used a flash loan to borrow governance tokens and pass a malicious proposal within a single transaction.
Answer: True
Explanation: In April 2022, an attacker used a flash loan to borrow enough Beanstalk governance tokens to pass a proposal that drained $182 million from the protocol. The entire attack — borrowing tokens, creating a proposal, voting, and executing — happened atomically in a single transaction. This demonstrated the danger of governance systems without snapshot-based voting power measurement and timelocks. Modern governance systems use snapshot blocks (measuring voting power at a block before the proposal) and timelocks (delaying execution) to prevent this class of attack.
Question 14
Vote-escrowed tokens (veTokens) eliminate plutocracy in DAO governance.
Answer: False
Explanation: Vote-escrowed tokens (pioneered by Curve's veCRV) require voters to lock their tokens for a period to receive voting power, with longer lockups granting more power. While this ensures voting power is held by committed long-term participants rather than short-term speculators, it does not eliminate plutocracy. A wealthy participant who locks 1 million tokens for 4 years still has vastly more voting power than a small holder who locks 100 tokens for 4 years. veTokens change who among the wealthy has power (long-term vs. short-term), but they do not change the fundamental relationship between wealth and power.
Question 15
Wyoming's DAO LLC Act was the first legislation in the world to recognize DAOs as legal entities.
Answer: True
Explanation: Wyoming passed the DAO LLC Act in 2021, making it the first US state (and the first jurisdiction globally to pass specific DAO legislation) to legally recognize DAOs as a distinct organizational form. The law allows DAOs to register as LLCs, providing limited liability for members while recognizing smart contract governance. The Marshall Islands followed with its own DAO legislation in 2022.
Short Answer
Question 16
Explain the checks-effects-interactions pattern and how it would have prevented The DAO hack. (3-4 sentences)
Model Answer: The checks-effects-interactions pattern requires that a function first perform all checks (validating conditions), then make all state changes (effects), and only then interact with external contracts. In The DAO's vulnerable splitDAO function, the external call (sending ETH) happened before the state update (setting the balance to zero). If the function had set balances[msg.sender] = 0 before calling msg.sender.call{value: fundsToBeMoved}(""), the reentrancy attack would have failed because the recursive call would find a zero balance and send nothing. The fix is that simple: swap two lines of code.
Question 17
Why is delegation considered the most practical solution to voter apathy, and what is its primary risk? (3-4 sentences)
Model Answer: Delegation addresses voter apathy by allowing passive token holders to transfer their voting power to informed, active delegates who specialize in governance. This is practical because it does not require changing voter behavior — it accepts that most holders will not vote and channels their power to those who will. The primary risk is power concentration: popular delegates can accumulate enormous voting power, potentially creating a system where 5-10 delegates effectively control all governance outcomes. This concentration may be even more extreme than the original token distribution, and the "liquid" promise of instant redelegation rarely materializes in practice because most people delegate once and forget.
Question 18
Describe the difference between on-chain and off-chain governance, and explain why most DAOs use a hybrid approach. (3-4 sentences)
Model Answer: On-chain governance means proposals, votes, and execution all happen through blockchain transactions, making them fully transparent and trustlessly enforceable but expensive (gas costs for every vote) and slow. Off-chain governance uses platforms like Snapshot for gasless voting via signed messages, with results executed by a trusted party (typically a multisig). Most DAOs use a hybrid because pure on-chain voting excludes small holders who cannot afford gas costs, while pure off-chain governance introduces trust assumptions (the multisig could ignore vote results). The hybrid — off-chain discussion and temperature checks followed by on-chain formal voting for major decisions — balances accessibility with trustlessness.