With the recent Mainnet release of Aragon, it’s easier than ever to create an unstoppable organization and issue governance tokens. The platform provides essential building blocks and a framework to extend functionality by creating new applications for organization management. However, it’s important to recognize that the tools and patterns that are currently available for governance tokens are still highly experimental and very much in their infancy.

It’s tempting to compare what’s currently possible with a blockchain native organization to traditional legal entities and wonder if simply relying on established institutions is a more fundamentally viable path— and there is certainly utility in combining aspects of these new technologies with the traditional legal system. However, there are many cases where the emergence of new requirements pushes us to start thinking from first principles— and in these cases starting from a blank slate is often more effective then attempting to adapt a legacy system.

Self-sovereignty is a new requirement. When individuals take full control of their identities and assets, many of the traditional remedies provided by legacy institutions have limited efficacy. This does not mean we should just give up on self-sovereignty! As public blockchains and the applications and protocols built on top of them mature they will enhance capabilities of self-sovereign individuals until these capabilities are on par and eventually exceed those currently provided by established institutions.

In my opinion, the most significant shortcoming of governance tokens is their general lack of assurances for minority and passive stakeholders. The lack of these assurances mean that participants must trust each other to not take advantage of a majority position. Traditional organizations minimize the trust an individual participant must have in other members by utilizing the legal system to ensure that the organization’s managers are held to fiduciary duties. In this post I’ll propose two potential mechanisms that would help minimize the trust required to use governance tokens by protecting the interests of minority and passive stakeholders without compromising self-sovereignty.

At a minimum governance tokens need (1) a mechanism to ensure that only proposals which align with the stated intent of the organization are executed and (2) a mechanism that allows participants to safely exit en masse in response to contentious policies.

1. Encoding Organization Intent

In a traditional organization intent is encoded into the organization’s charter and bylaws, and acts as an operating agreement between all of the organizations participants. By establishing these documents all participants, including passive and minority stakeholders, are protected and can seek remedy from the legal system in the event of the organization or its management’s failure to uphold the agreement.

With an autonomous organization the ability for the legal system to effectively provide remedies is limited, but it is still critical to establish and uphold an organization’s intent. In the absence of such a mechanism it is too risky to be a minority stakeholder or participate passively — even clearly malicious or manipulative proposals such as “transfer all assets proportionally to those who vote to approve this proposal” could potentially threaten the organization’s ability to operate effectively.

In order to ensure that an autonomous organization adheres to its stated intent we need to overcome two key challenges. First, because transactions that are recorded on a decentralized ledger cannot be altered, transactions which would violate an organization’s intent must be prevented up-frontrather than remedied after the fact. Second, because evaluating whether a given proposal aligns with the organization’s intent is a subjective decision we must create a decentralized oracle to ultimately provide a resolution.

The construction of such an oracle is out of the scope of this post and is still under active research. However, for now let’s assume that there is a decentralized oracle that can be relied on to answer the question “does this proposal meet some agreed upon criteria?

With a subjective dispute resolution oracle we can create a process where in order to submit a proposal, the proposer must first place a deposit and agree to proposal submission requirements. Before the proposal is voted on, anyone may challenge the validity of the proposal by creating a dispute. If the oracle agrees with the challenger the proposal is prevented, and if the oracle agrees with the proposer the proposal can proceed. The following diagram shows a simple example of a process that adopts that pattern. The same pattern of requiring a deposit and human readable agreement to perform an action can be used in many different arrangements.

The deposit for the proposer and challenger can exceed the cost of calling the oracle. If the challenger wins, they get the balance of the deposit left over after the oracle is paid. If the proposer wins, they get the balance of the deposit left over after the oracle is paid. So long as there is one honest and alert member of the organization willing to raise a dispute, a neutral oracle will resolve the dispute in favor of the party that most closely aligns with the organization’s intent.

By implementing this procedure we can significantly improve the accountability of an autonomous organization to its minority and passive stakeholders, and we have not forfeited individual self-sovereignty along the way.

However, now we are anchoring trust in a decentralized oracle rather than the traditional legal system, and what if that trust turns out to be unfounded?

2. Facilitating Exit En Masse

As an individual within an organization, if I lose faith in the ability of the oracle to protect my interests or otherwise disagree with the operational decisions of the organization, do I have any recourse? The most straightforward response is simply to exit via the market, sell my interests in the organization and move on.

Market selling works fairly well as an exit mechanism if there are only a few who want to exit, but if there are many participants that want to exit at the same time there may not be sufficient liquidity.

Bonding curves have been suggested as a way to guarantee liquidity. They do help, particularly for micro-economies that may never have sufficient volume to be traded on a conventional exchange. However, they do not solve the issue of exit en masse. Using a bonding curve as an exit mechanism simply creates a race to the door, and those who do not get out first would only be able to sell at a significant discount relative to the true value of the organization’s total assets.

A more equitable approach is to create a mechanism for pro-rata dissolution. A good example can be found in Moloch DAO. In Moloch’s design, an individual may respond to the passing of a proposal they disagree with by “Rage Quitting” prior to the proposal executing. Electing to Rage Quit allows them to redeem their voting shares for loot tokens, which in turn can be redeemed for a proportional share of the organizations assets held in a treasury. This mechanism is simple but effective. The main limitation is that the organization must hold only liquid, fully divisible assets.

However, in practice, organizations may wish to allocate a large portion of their reserves to illiquid assets in order to be more capital efficient and earn greater returns (both in financial and impact terms). The organization may also possess valuable non-fungible, non-divisible assets that would be left on the table in the event that exit is necessary. If we want to enable organizations to operate more effectively while ensuring safe exit for individuals, then we may need a more robust dissolution mechanism.

One potential way is to create a liquidity policy that can automatically take on debt in order to provide liquidity for participants to exit. The organization can automatically auction bonds to facilitate immediate exit — then, the remaining members of the organization can strategically liquidate assets in order to pay any outstanding bonds. To ensure that bonds are actually repaid, the organization’s permissions can prevent additional fund transfers from the treasury until all outstanding bonds have been cleared.

Rather than selling their tokens on the market, a participant can opt to burn them through the liquidity mechanism. This mechanism would use a price feed to value the burned tokens, then either pay out the user from the reserve or issue bonds at an equivalent face value. Bonds would be auctioned off and the revenue would be given to the user who burned tokens.

Paying out reserves and issuing bonds can be disruptive to an organization’s ability to effectively make long term plans, so it may make sense for an organization to discourage the use of the mechanism by discounting the value of tokens relative to the price feed. In practice, since token holders can use the mechanism even if there is insufficient market liquidity the mechanism would encourage market selling when tokens are overvalued (as opposed to hodling in order to artificial pump prices in thinly traded markets) and buying if tokens are undervalued (by tightly coupling governance tokens to asset equity). This should ultimately result in more accurate price discovery and market depth even if the mechanism is never actually used.

While this approach to equitable dissolution is more complicated than other approaches, it provides similar assurances with far greater flexibility. If an individual participant wants to exit, they will have a high degree of certainty that they can do so with a roughly proportional share of the organization’s true value, even if a contentious decision results in a large proportion of the organization deciding to exit at approximately the same time.


Decentralized Autonomous Organizations are truly independent, which makes them a powerful experimental tool for building and understanding self-regulating systems. They probably will never offer the exact same trade-offs as a traditional organization, but that is okay!

Under the assumption that the above mechanisms are implemented for a governance token here are some important distinctions. They are not intended to be strictly positive or negative.

  1. Preventative Enforcement: Since we cannot rely on the seizure of assets after the fact, we must stop issues before they cause damage. Preventing proposals from being executed minimizes the extent of damages but can also halt the operation of an organization. Sustained interruption is possible but unlikely, as persistently raising and losing disputes would be extremely costly.
  2. Automatic Liquidation: Equity is ensured by allowing individuals to exit by selling bonds backed by the organization’s assets. This provides significant liquidity benefits to participants and creates incentives that encourage reaching broad consensus among all stakeholders.
  3. Accessibility: Participation is open to anyone, anywhere. There are no financial qualifications for participation, tokens can be offered “as is” with their utility being both a claim on the organization’s assets and governance privileges.
  4. Participant Privacy: There is no dependency on identity, so users wishing to minimize their public data footprint can choose to participate pseudonymously.
  5. Organization Transparency: The organization runs on a public blockchain and so all transactions, both internal and external, are public and transparent. Perhaps this will be optional as privacy technologies become more accessible and integrated into governance tooling.
  6. Liability: In contrast to traditional organizations, autonomous organizations don’t fit into any regulatory framework, and so from a legal perspective it is unclear what personal liability a participant in such an organization incurs. This is a considerable risk to individual participants relative to recognized legal entities, but hopefully there will be more clarity on this as time goes on.

  • Luke Duncan

Luke Duncan

Research at Aragon One