Decentralisation and Legal Risk Audits for DAOs


Jonathan Galea

Decentralized autonomous organizations (DAOs) are gaining prominence as a new form of organisation that promotes communal participation and governance, disrupting the corporate fabric that has been stitched into society over the past century. DAOs aim at creating scalable and non-hierarchical organisations capable of disintermediating and decentralising authoritative points in traditional structures, with the trade-offs being decreased efficiency and coordination.

Arguably, the concept of a DAO fails if it does not follow through on its promise to be decentralised and autonomous. While many DAOs claim to be autonomous, the degree of autonomy of each application can vary significantly from DAO to DAO. The concept of a DAO is only truly fulfilled if DAOs materialise through a concurrence of network effect and community participation, able to theoretically operate autonomously outside the remit of any specific set of rules or regulations; or at least, until a jurisdiction recognises DAOs as separate entities with the need of formalistic redtaping normally associated with incorporation processes.

In the absence of such jurisdictional recognition, communities that label themselves as DAOs may risk being classified as the equivalent of unregistered partnerships, with their members potentially incurring joint & several liability for any mishaps. This may be the case unless a DAO lives up to its namesake – that of being decentralised and autonomous to the point of being jurisdictionally-orphan, a status that very few DAOs can boast of in practice. The only alternative option is to have the right legal structure in place to afford protection to those persons actively contributing towards the growth of the project in question. BCAS has taken the topic of decentralisation to heart, pioneering efforts aimed at helping open-sourced & permissionless platforms to proliferate, and has already assisted top projects in the crypto industry through the provision of its Decentralisation & Legal Audit service.

Although an audit in name, auditing a permissionless, decentralised platform is different enough from normal audits to warrant its own processes and procedures that vastly differ from traditional audits. Several steps need to be undertaken in order to gather a comprehensive understanding of the project, and these steps require both technical and legal expertise. During the audit process, the technical and legal team collaborate in uncovering centralisation and legal risks regarding the project operations and its components, such as the project user interface, protocol design, smart contracts code, policies & procedures, structuring of any legal entities involved, DAO governance mechanics, and tokenomics.

Specifically, the legal team reviews documentation relevant to the legal entities in place along with the laws of the countries of establishment, user-related documents, and any pertinent agreements with third parties (including investors). The legal team also delves into the underlying mechanics of the governance system in place, including the method of submission of proposals, the voting system (on-chain versus off-chain), the proposals that were either passed or rejected, and the method of implementation of such proposals. On the other hand, the technical team will analyse the project's full-stack architecture and its workflow, the relevant smart contracts and their inner workings, the DAO governance model in place in light of the implemented tokenomics, and other project-specific elements. The technical team uses both qualitative and quantitative approaches in this regard, utilizing data analysis tools and techniques to uncover centralisation risks and trends. The technical analysis will provide a clearcut understanding of all project components, so that the legal team can address with clarity even the most specific and complex project technicalities.

At the end of the process, the Decentralisation & Legal Audit gives a comprehensive overview of the project-specific legal and decentralisation outlook, pinpointing any material issues, and providing actionable recommendations on how to minimize risks related to such identified issues. Moreover, it provides an assessment of the risk for the team members in their own personal capacity, as well as the residual risk for anyone occupying a position of importance. Due to the technical complexity and high legal risks deriving from DAOs, specifically in relation to their structuring and management, relying on highly experienced crypto professionals becomes a paramount priority. Our expert legal team has ample experience in crypto-related laws as applicable under various legal regimes, and can guide you in the best possible way in addressing the project’s needs.


Cryptocurrency Regulation