DAO internal meeting faced security issues and came up with two solutions

The DAO’s regulators, founding programmers, and researchers held a video conference on Skype to discuss the security and development issues of the DAO. The meeting came up with two feasible solutions.

Software engineer Alex Van de Sande is one of the regulators of the DAO. He announced today that the DAO's regulators (Curators), the founding programmers, and the three scholars who recently stopped the DAO vote organized a meeting. The content of this meeting included the role of regulators, the security vulnerabilities of the DAO (mentioned by the three scholars in their earlier article), and the corresponding solutions.

Alex Van de Sande said on reddit that the meeting discussed in depth the attack vectors mentioned in the three scholars' articles:

We discussed all the attack vectors in detail. I was most concerned about voting, as there were many unfavorable factors that could affect the voting results.

The Affirmative Bias and Disincentive to Vote No mentioned in the article are the most fatal weaknesses in the DAO smart contract. Once the token holder exercises the voting right, the token will be locked until the voting process is completed. For most investors, the liquidity of assets is very important. This will lead to more and more frequent boycotts. Alex Van de Sande continued:

Since tokens will be locked once a vote is cast, and voting against may help those who vote in favor reach the quorum, there will definitely be a large number of votes in favor before the voting deadline, and the junk proposal is likely to pass (there is no reason for us to let participants' funds be drained by junk proposals).

There are currently two solutions to the DAO security problem. The first is to upgrade the DAO's contract architecture and use the built-in mechanism to change the contract code. However, this method requires at least a majority of votes, and the number of votes cannot be less than 53.3%. Moreover, this is a large project. The entire contract code needs to be fully tested and reviewed to ensure that no new attack paths are created, so the entire upgrade process may take weeks or even months to complete.

The second method is to publish a proposal guideline to fix security vulnerabilities and reduce risks by changing the source code of the DAO protocol. Alex Van de Sande proposed several guidelines:

1. By setting a deadline in advance, DAO, token holders and even regulators have the right to cancel a proposal that has been passed and withdraw funds to DAO within a certain period of time. This gives participants a second chance to filter out junk proposals.

2. The guidelines can verify whether the number of votes in favor of a proposal reaches 75% of the established number. If it is less than 75%, the proposal will be eliminated.

3. The guide can track and record daily voting situations. When there are 24 to 48 hours left in the voting time and the number of votes in favor just reaches the set number, the proposal will be eliminated (this is to encourage participants with more tokens to vote first).

The community encourages all DAO token holders (DTH) to participate in the discussion, and the final decision is in their hands.