A Legal Analysis of the DAO Exploit and Possible Investor Rights


News broke early Friday morning that the DAO had been exploited using a code error (first described by Peter Vessenes) in the DAO software that caused the exploiter of the DAO ("Exploiter") to be paid extra amounts of Ether ("ETH") held by the DAO when executing a split proposal which created a new child DAO containing the extra ETH taken from the DAO and placed that child DAO within the Exploiter's control.

Unlike mass consumer software, which is typically rigorously tested before release, the DAO was released more or less in alpha or beta condition. This means that it had likely not been robustly tested and was likely to encounter error states or behavioral outputs not yet observed. Although I cannot speak specifically to Slock.it's quality control efforts, even large software development companies release buggy code. However, the law strongly regulates financial services software to prevent software laden with exploits that an affect consumer funds. The Exploiter took advantage of a bug that was widely discussed by such crypto-luminaries as Nick Szabo (Ethereum/Bitcoin), Zooko Wilcox-O'Hearn (Zcash), Emin Gün Sirer (Professor at Cornell University) and Diego Gutiérrez Zaldívar (CEO of RSK-Labs, Rootstock), among others prior to the exploit occurring. From this context, the exploit should have been considered inevitable, especially given the attractiveness of the DAO and its ETH holdings worth over $205 million USD at the time of the attack, as a target. Of course, the relative rights and powers of parties to remedy this exploit is complicated to diagnose because of the unique structure of the DAO and because the Exploiter may have actually complied with all terms and conditions of the DAO's use and, thus, may not be doing anything more than executing commands on the system resulting in an unexpected and/or undesired outcome.

In that context, we'll take a look at the potential rights of Investors ( i.e. DAO Token holders), the Exploiter his/herself/themselves, and of the Ethereum Foundation with respect to the exploit.


1. Analysis Is Difficult Because Unlike A Conventional Contract, The Terms Are Unclear.

It is unclear where an investor in the DAO can go to find the contract terms that bind them, and it is unclear, once they are found, as to whether there is any contract at all. There are terms, rules, regulations, terms, recitals, and warnings about the DAO, found at (1) Daohub.org, (2) the Slock.it GitHub (and its readme.md file), and (3) in the executable code itself ( i.e. .sol files) as implemented. Slock.it's GitHub, its readme.md file and its .sol files were ostensibly authored by Slock.it and whoever applied the latest commit to those files; until recently, it was unclear who was operating Daohub.org. Let's look at some of the most germane provisions found at these sources:

Daohub.org (all excerpts below captured from https://daohub.org/explainer.html )

Daohub.org's statements all appear geared toward investors and suggest that its terms (as related to the creation of DAO Tokens) are secondary to that of the code, and references code at a specific Ethereum wallet as prevailing in the event of conflict between the two. This language also suggests that the terms related to the function of the DAO beyond the creation of DAO Tokens are all found at the designated Ethereum wallet. Thus, although the statements found on Daohub.org are written in plain English, there is no guarantee that the code found at the Ethereum wallet address noted, when actually executed, will comply with those disclosures. If there is a contradiction, the code wins.

Daohub.org's statement also suggests that the terms are also held at the GitHub address noted therein which is the address for Slock.it's repository. This conflicts from the statement above that suggests that the code terms (as related to the creation of DAO Tokens) are found at the specific Ethereum wallet address, unless they are identical to the terms found on Daohub.org.

Here, DaoHub.org suggests that using the code is risky, and if you do not understand the Code you should not use it, and that the DAO does not "pertain in any way to an offering of securities in any jurisdiction."

Here, Daohub.org advises investors that there are risks of bugs or weaknesses in the platform due to coding updates by Slock.it or by Ethereum, or others attacking the system's behavior.

The "Disclaimer of Warranties" found on Daohub.org appear to be limited to creating DAO Tokens or "Dao Creation", only. Nothing here appears to apply to Dao operation or project creation/operation.

The "Limitations Waiver of Liability" suggests that users of the DAO will not hold "third parties or individuals" associated with the "Dao creation" liable for injury "caused by or related to the use of, or inability to use, Dao Tokens or the Dao Platform," disclaims responsibility for "the conduct of third parties, including other creators of DAO Tokens," and otherwise shifts risk to Investors.

Now, let's look at the GitHub readme.md file (found at https://github.com/slockit/DAO/blob/develop/README.md ) :

Here, the readme.md attempts to shift risk from Slock.it to the Investor and the implementer of the code. In this case, however, Slock.it is the implementer of the code.

Here, the readme.md disclaims creating any legal and binding enforceable contract and urges participants to consult with legal counsel.

Here, the readme.md file disclaims any warranties, and refers to the GNU General Public License.

Through this language, Slock.it disclaims the creation of a legally binding contract in any jurisdiction, instructs users to seek legal advice from a lawyer, and urges caution that its code may create securities (which seems to contradict what was noted on daohub.org).

Now, let's look at the actual code files: Dao.sol (same found in DaoTokenCreationProxyTransfer.sol, DTHPool.sol, ManagedAccount.sol etc .) which contains the following comment:

In the comments to the code itself, warranties are expressly disclaimed, and further reference is made to the GNU license. This suggests that the GNU license's terms are integrated into the terms of the DAO as well.

So, are any of these terms enforceable against investors? Maybe. It is possible to invest in TheDao without reviewing any of the marketing materials on Daohub.org, on Slock.it's Github, or the applicable code; thus, it is unclear whether each investor is aware of any of the disclaimers on any of these sources. Assuming that Investors have actually reviewed these sources, the disclaimer of entry into contract may preclude any of these terms from being enforceable at all- otherwise they could be viewed as illusory for lack of consideration flowing back to the Investor. Alternatively, the Investor may be imputed to awareness of the terms when contributing ETH to the DAO, whether or not any contract is or is not formed. A Court could also impute that a contract exists despite the language stating otherwise. The provisions that attempt to impose a waiver against claims brought against third parties may be weakest, as it is not clear which activities are actually protected, and who may claim to be an intended beneficiary of those provisions, and thus, a third party (perhaps the Ethereum Foundation) may have difficulty if claiming to be a beneficiary of the waiver under that provision.

The terms and disclosures above, however, do not reflect the activity of the system- which is only discernable by a review of the execution of the code itself. Thus, an Investor would have to be able to read and understand the functionality of the code to understand what the code will do, and then determine the risks of investment based upon their own analysis. While it may seem far-fetched, generally speaking, to expect every Investor to read and understand the code, parties to contracts are generally imputed to have understood their terms upon entry, except in cases like contracts of adhesion ( i.e. agreements which may be voided because one party has unequal bargaining power, and the terms are unconscionably unfair). However, the fact that the DAO readme.md file and Daohub.org terms roundly disclaim any formation of any contract suggests that there may be more ambiguity in the construction of these terms than expected.

2. Suing on Behalf Of, or Against The DAO is Challenging Because of a Likely Lack of Standing

A lawsuit naming a DAO as a Defendant would likely stall immediately because of the difficulty of identifying a representative of the DAO with standing to represent it. The party served with process as a representative of a DAO (or the DAO) would likely move to quash service on the basis that they do not legally "represent" the DAO. The Court would then determine whether the person who was served appropriately represents the DAO for legal purposes. To make this determination, the Court would attempt to classify the DAO legally, and then, by analogy, determine who within that DAOs structure appropriately represents it. In certain jurisdictions, entities may not represent themselves pro se , and must be represented in litigation by a lawyer. This could, illogically, lead to claims for intervention by others (perhaps investors) who claim that the person designated to act for the DAO is acting without authority and perhaps to seek declaration that the lawyer is not authorized to act for the DAO because no person is authorized to subject the DAO to the jurisdiction of the court. To avoid this, a DAO may choose to designate an owner, manager, or legal representative. A DAO may choose to not designate a human representative to avoid regulatory interaction or potential liability. However, a lack of representative capacity will complicate any legal claims asserted, as it is unclear whether the various human actors affecting the DAO's conduct ( i.e. Creators, Investors, Curators, or Contractors in the case of the DAO) or the DAO itself, may actually represent the DAO. (If the DAO itself is recognized as a legally independent actor, its representative may be sued repeatedly, and those plaintiffs may attempt to hold that person personally liable.) Thus an analysis of DAO's structure will likely be required.

DAOs may be analogized, based on their structure and function, to other legally recognized entities, but their lack of incorporation will preclude DAOs from exercising rights typically granted to incorporated entities. Incorporated entities are independent legal actors, and in most situations, claims related to the activity of the entity are brought against or on behalf of the entity, not its individual operators/investors/members. Business entities exist as individual actors with independent legal existence based upon the legal grant of power by governments. This grant of power created by force of law permits entities to exercise legal powers (for example, the power to enter contract on its behalf), and to shield individuals from individual liability for the actions of the entity. However, because DAOs are not typically incorporated, the traditional corporate shield protecting registered entities will likely not apply to protect the individuals acting under the DAO structure. Thus, a DAO will probably be considered an unincorporated association, or a general partnership. Although the analysis is nuanced, if a DAO is considered a general partnership, any partner (who those would be remains unclear) could represent the DAO and be sued and held fully liable for its debts. If it's considered an "unincorporated association," the analysis is more complex, but a participating member may be a representative of the association provided that a level of control over the association is established.

The next question is one of geography- has the DAO submitted to the personal jurisdiction of your court? Because DAOs use pseudo-anonymous blockchains, identifying persons involved may be extremely difficult. Disclosures in the code of the DAO, or in the technical specifications of a Project Proposal may help identify creators of a DAO. (Slock.it is based out of Germany.) However, it may be extremely expensive and difficult to obtain jurisdiction over any person who represents a DAO where the injured plaintiff resides. Thus, litigants may be required to bring actions in multiple jurisdictions to obtain relief, and litigation against a DAO may be an economically impractical exercise. Based upon the potential lack of domestic representatives appropriate for service, and the general difficulty of identifying participants, prospective plaintiffs may not be able to identify persons who can be served on behalf of a DAO.

3. Who May Have Claims Against Whom?

Hypothetically, claims may be brought against the creators of the DAO for misrepresentations asserted to induce investment ( i.e. related to marketing disclosures), improper design, function, and/or coding of the DAO itself (where behaviors of the DAO do not occur as expected because of technical errors or undisclosed/clandestine behaviors), or torts committed by the creators against the DAO (such as theft of assets through otherwise undisclosed intrusion vectors). In this case, the question of whether a contract exists or not is critical. If there is no contract, then the provision of ETH in exchange for DAO Tokens could be considered a bailment ( i.e. the creators are holding ETH) and the loss of those ETH (to the extent that they are not available for a split) could be considered the breach of a bailment relationship, entitling the investor to damages. Likewise, in the case of faulty design, negligence claims seem likely.

Likewise, it is possible that claims may be brought against a Contractor who promotes a Proposal to a DAO, if the Contractor makes misrepresentations as to the attributes, functionality, or expectation of repayment related to a Proposal, or if a Proposal fails to fulfill its repayment obligation to the DAO, whether intentionally ( i.e. by fraud, or by absconding with the funds), mistakenly (as a result of a hack), or negligently (because of an internal coding error, or data breach). It is unclear whether investors would be determined to have contractual privity with a Project Contractor (who must be another investor), as it is unclear if any parties to the DAO have any privity with any other party based on the disclaimers provided with its marketing materials. If the proposal run that causes a loss event is a split ( i.e. is not voted upon by the investors) then it is possible that, depending on the circumstances, there may be a claim for theft and the civil claim of conversion. However, the ETH held by the DAO is no longer held by the investors, so they could probably only bring such a claim as derivative on behalf of the DAO.

Curators may have liability for "whitelisting" a Proposal that fails or does not behave as represented. Curators may also have joint liability with Contractors for a Proposal coding error that results in harm to the Investors. Curators may likewise have liability for dishonest behavior intended to benefit themselves, or some participants in a DAO at the expense of others. If there is no contractual relationship, a curator who whitelisted a malicious proposal may have liability for aiding and abetting or conspiring with a proposal contractor who causes injury to investors, although as noted above, the underlying claim for the conspiracy or aiding and abetting liability may not be clear.

Investors potentially could bring claims against other Investors, either individually, or derivatively on behalf of the DAO, or as a class (except that proceeding as a class was purportedly waived in Daohub.org's terms), for acts that subject the investment base of a DAO to risk, including for any improper voting behavior, for conspiring with Curators to promote their own self-interest, or due to "management decisions" made by sub-classes of Investors with disproportionate voting power. Here, the Exploiter is an Investor who offered a split which resulted in the investment base of the DAO to be siphoned off into a child DAO under the Exploiter's exclusive control.

Let's look at some specific legal theories that may provide relief against the Exploiter:

A. Theft/conversion

A claim for theft would allege that the Exploiter took what did not belong to him/her/them or took something without authority to do so, and that doing so damaged someone else. The Exploiter, according to the governance schema, should not have been able to take more than their own ETH into their own child DAO. However, by exploiting a bug, the Exploiter was able to do just that. Thus, a conversion claim may be available, provided that the court determines that the Exploiter was bound to the governance schema. The civil claim, for conversion, requires a plaintiff to have ownership rights, the defendant to have intentionally interfered with those rights /exercised domain and control of those rights, deprived the plaintiff of possession and use, and cased damage. Thus, an Investor alleging theft would have to show some basis to assert that he or she has ownership rights in the holdings of the DAO. This contention is unclear; the ability to split and recover invested ETH suggests a contingent claim on some of the DAO's assets.

An investor individually could show standing by failing to get 1.0ETH per 100 DAO Tokens after a split (which takes about 2 months), and sue for the difference between what they expected to get out versus what was left to take out via split. Alternatively, an investor could attempt to represent the DAO derivatively for this claim, claiming that the DAO itself was injured. (Note that Investors purportedly waive class action according to Daohub.org) As noted above, standing on behalf of the DAO is difficult to determine in the absence of a designated representative.

B. Breach of Bailment Claim

As the marketing materials and code suggest that no legal contract exists, an alternative interpretation would be that the DAO created a bailment relationship- wherein the DAO held ETH for Investors, and that it failed to hold them. (This is the same claim you might bring if the valet who parked your car instead lost your car). This claim could be brought by an Investor against the DAO, which, again, may be impossible to serve.

C. Tortious Interference Claim.

Investors could attempt to individually sue the Exploiter for tortious interference with business relationships. To allege tortious interference a party must show a valid contract or economic expectancy between the plaintiff and a 3rd person, knowledge of the contract or expectancy by the defendant, intent by defendant to interference with the contract, actual interference, lack of justification, privilege or excuse (i.e. was improper to interfere), resulting in damage. An investor may show a business relationship with the DAO (which, depending on jurisdiction may or may not require a contract), knowledge of the investor's relationship to the DAO (maybe, because the existence of token holders is public knowledge, but any individual investor's participation is not necessarily public), intent and actual interference are likely established (by taking ETH which would have existed for investment or for withdrawal via split). This leaves lack of justification, privilege or excuse and actual damage. These elements may be tricky, as the Exploiter may use the fact that it was a bug and not a hack to establish justification, privilege or excuse. The exploiter may also contest if there are actual money damages. However, the drop in market value of DAO Tokens and ETH, along with the reduction in the DAO's investment funds may suffice.

D. Computer Fraud and Abuse Act

Pursuant to 18 U.S.C. §1030(a)(4) "Whoever … knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period." Although this claim sounds simple, the interpretation and implementation is complex and quickly evolving. The threshold question is whether the Exploiter "exceeds authorized access." An argument may be offered that the Exploiter exceeded his/her/their authorized access by taking funds that were not rightfully theirs. Again, this claim would be brought by the DAO.

Contract-based claims like breach of contract, violation of good faith and fair dealing and even quantum meruit (and its equitable cousin, unjust enrichment) may fail as a result of the express disclaimer of contract formation found in the marketing materials related to the DAO. If a court imputes a contract, any number of contract-based claims, including breach of contract, or breach of the duty of good faith and fair dealing, may be available as well. However, proper waivers are generally legally enforceable; thus, a claimant Investor is probably resigned to seeking equitable, tort, statutory, and/or other non-contract based claims.

4. Ethereum Foundation's Potential Responses

The Ethereum Foundation was alerted to the exploit at about 3:09am EST on Friday. The log of the chat opened by Foundation members (many of whom are also curators of and apparently heavily invested in the DAO) is riveting and shows that a multitude of approaches were discussed early on, including hard fork, soft fork, and a roll back. Within 30 minutes of the discovery of the exploit, the Ethereum Foundation caused exchanges to suspend Ethereum withdrawals and trading. The chat log includes discussion of coping mechanisms aimed at preventing a crash in the value of ETH. Both of the below discussed fork-based solutions are notable in that they are not to be implemented by the DAO, but contemplate Ethereum itself modifying its blockchain to fix the DAO's exploit. Of course, while the Ethereum Foundation can propose whatever software modification it wants, but unless the majority of miners adopt the new code, none of the proposed Ethereum-driven solutions will go into effect.

a. Hard fork:

The proposed hard fork would move all stolen ETH funds into a new wallet which would be used to refund investors in the DAO and shut down the DAO. Slock.it has already advocated for the hard fork solution. Others have argued that the hard fork undermines the credibility of the Ethereum platform, creates legal risk for developers, (and potentially excuses for third parties such as law enforcement to intervene) and rewards participants in an experiment who should have understood their risk.

b. Soft fork:

The proposed soft fork would create code that would permit miners to selectively invalidate transactions, and intends for those miners to invalidate transactions made using the ETH taken by the Exploiter. This approach would permit DAO Token transfers to continue and permit the Dao functions that do not touch ETH to continue. (So much for fungibility.) This would permit miners to lock the stolen ETH and the DAO's ETH. Advocates of this approach suggest that the soft fork would be less damaging because it would be reversible and buys time for more elegant solutions to be devised. Detractors point out the same centralization arguments as above. The soft fork may introduce further havoc by providing miners with discretion as to what transactions they may block. Despite the risks, the soft fork approach appears to be favored.

c. Problems with either forking option:

Is the DAO too big to fail, and should it be bailed out? That's the real question being considered here. Although the motivations behind forking appear compassionate and directed at stabilizing Ethereum and the DAO, these solutions may ultimately destabilize Ethereum and the DAO. As argued by Pelle Braendgaard , neither Ethereum nor the DAO are incorporated like conventional entities, but they substitute the legally-bestowed corporate veil that shields an entity's underlying actors from liability with the veil of decentralization. Provided that the system is executed via decentralized actors, creators are not liable. However, if a hard or soft fork is implemented to correct the exploit, by violating the decentralization the creators and those who maintain these platforms may be subjecting themselves to arguments that they have taken or the ability to take, control at any time, which may result in personal liability. Of course, any proposed fork must be ratified by miner adoption, but even consideration of a fork of any kind to resolve what is at its core a flaw of the DAO, and not the Ethereum blockchain, is troubling. Although Slock.it may have potential liability for the exploit, by forking, the Ethereum Foundation may be taking on potential liability.

Braendgaard's point is well taken. If Ethereum intervenes to roll back transactions or sequester funds, the claim of decentralization or immutability is shown to be illusory. This may even invite claims by the Exploiter against the Ethereum Foundation for taking away the ETH obtained by the exploit. (It is understood that many Ethereum Foundation members are heavily invested in the DAO .) A fork would be viewed as a "bank bail-out," potentially self-serving, and those with the power to do so may be looked at as responsible.

d. Counterattack

The DAO creators, Slock.it, suggested a counter-attack, seeking to take advantage of the same exploit, to prevent the child Dao from seizing the Eth as a solution to the exploit. This suggestion itself validates the approach of the Exploiter as legitimate system functionality. As noted by P Gun Sirer, it is also a very risky approach. However, it may be favorable compared to the hard and soft forks noted above.

e. Bitcoin's Mt. Gox Approach:

Bitcoin had a mass loss event in the well-publicized Mt. Gox disaster. As a result of Mt. Gox, bitcoin users were unable to control their bitcoin and functionally lost hundreds of millions of dollars of value. In the wake of Mt. Gox, bitcoin valuation against USD plummeted, the platform was pilloried in the media, and many predicted its doom. Yet, there was no split, or roll back or freezing of assets to try to reclaim bitcoin for those affected. Today, Bitcoin continues to exist as a decentralized immutable platform, and is at a total market cap approaching its all-time high. Perhaps the Ethereum community should look at Mt. Gox before endangering its platform with knee jerk reactions for the benefit of a subset of the Ethereum users who risked participation in the DAO.

Although many investors holding DAO Tokens may be frustrated with the exploit, and rightfully bemoan their loss of millions of dollars, the overcorrection of forking to reclaim those ETH may be more disastrous long term than permitting the exploit to persist. The exploit is a problem for the DAO, not for Ethereum, unless Ethereum is more concerned with the trade value of its ETH than it is with the integrity of the transactions occurring on its blockchain. A fork invites the slippery slope argument - when in the future will the fork reverse my latest transaction, and for what reason, and under what circumstances? Will future smart contract failures all call for corrective forks as well? The exploit's only impact on Ethereum was to cause the value of Ethereum against the USD to drop. Thus, a fork smacks of arbitrary rulemaking and control group self-interest, and has been predicted to have a negative effect on the viability of ETH as an economic asset. A fork that permits Investors to reclaim their ETH but crushes the value of ETH by impairing the viability of the platform long-term may cause more damage than the loss caused by the the DAO exploit.

5. Exploiter's Potential Claim Against the Ethereum Foundation

The Exploiter, having taken advantage of a system coding error as opposed to having actively hacked the DAO (although better minds than mine may draw the line between the two, I will not) may actually have a claim against the Ethereum Foundation if they offer a hard or soft fork to Ethereum miners that functionally freezes the ETH to be supplied to the child DAO or reverses any transfer of ETH to the Exploiter. The Exploiter, claiming to have not violated any laws, may actually seek to enjoin the Ethereum Foundation from taking any action to restrict his/her/their use of the ETH in the child DAO created by the exploit. The Exploiter could also claim tortious interference with his/her/their rights to the child DAO they created using the DAO according to the "terms" of its code. Although these claims would require the Exploiter to identify themselves, there is an argument to be made that the Ethereum Foundation itself may be liable for taking away assets obtained by the Exploiter through the permitted use of the DAO. However, if the ETH are deemed stolen, then the Exploiter cannot show legal title or a viable claim to the funds, and these claims would fail.


The law is unprepared for the DAO and the DAO is unprepared for the law. The disclosures, terms and legal warnings are inconsistent and confused. Although it mimics the structure and behavior of a registered business entity, because it avoids compliance with registration requirements by operating as a distributed software platform lacking executives, directors, legal jurisdiction of incorporation or physical location it will likely not be provided with the same legal recognition, or be provided the rights and privileges typically provided to registered entities. Thus, in the instance of a lawsuit, a court will be forced to grapple with the implications of a web of contracts and computer code imitating an entity, but without the infrastructure created by statutes, and centuries of common law precedent and civil law interpretation that guide courts when considering claims regarding incorporated entities. Because of the lack of recognized legal form, the DAO and other unregistered DAOs will create significant impediments to involved parties seeking to obtain dispute resolution related to their activities involving DAOs from courts, which suggests that specialized proprietary alternate dispute resolution ("ADR") provisions may be necessary. The disposition or determination of claims alleged by Investors against the DAO, against the Creators of the DAO, or against the Exploiter who took ETH via bug exploit remain uncertain. However, the exploit will likely be considered a type of theft, and investors, if they can establish standing to act for the DAO, may have a variety of claims.


The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.


More Related Articles

Info icon

This data feed is not available at this time.

Sign up for the TradeTalks newsletter to receive your weekly dose of trading news, trends and education. Delivered Wednesdays.