Too much buzz around DAOs at a very abstract level. Unfortunately, in practice there are a lot of misunderstanding, pitfalls and risks.
The very first DAO is the Bitcoin network and protocol. The simple answer to question - “Who controls any DAO?” is a protocol. The problem is that protocols are developed by somebody. Protocols need to be updated. The 1st risk is centralization on protocol/code developers, a human factor. Protocols should be created and improved by decentralized community.
The 2d risk follows the 1st one. It’s an imperfect technology and implementation, lets look into Rekt Capital’s hacks leaderboard:
Decentralization has its own fundamental bugs, any decentralized system or protocol is hackable by 51% attack, DAOs are hackable same way. Anyone who controls more than half of governance power (tokens) can propose and execute any transaction, including the withdrawal of all DAO treasury.
Following code is from most popular openzeppelin smart contracts library.
Most simple DAOs can be considered as multi-sig wallet with extended function to call other smart contracts and send/receive crypto. It’s simple but powerful, such DAO can participate in any protocols available, interact with oracles, can be extended by other smart contracts. But hacks leaderboard shows new records.
Unhackable and efficient governance itself is a challenge.
Looks like a sci-fi utopia, but who knows?
Centralization and middlemen are a big stop factors for humanity progress, new forms of digital distributed organizations are needed, let’s hack in order to turn hackable DAOs and governance into unhackable unhackable DAOs.