Executive Summary
A paper published on June 16, 2016, by Cornell University computer scientist Emin Gün Sirer, along with collaborators Dino Mark and Vlad Zamfir, has exposed critical vulnerabilities in The DAO — the decentralized venture capital fund built on the Ethereum blockchain that has amassed approximately $150 million worth of ether from investors. The researchers are calling for an immediate moratorium on The DAO’s operations until fundamental flaws in its voting mechanism and smart contract architecture are addressed.
The timing is significant. The DAO currently controls roughly 15 percent of all ether in existence, making it the largest single entity in the Ethereum ecosystem. With ETH trading at $20.59 according to CoinMarketCap’s June 16 snapshot — up over 11% in 24 hours and 43% over the past week — the stakes could not be higher. The cryptocurrency market capitalization has reached $12 billion for Bitcoin and $1.67 billion for Ethereum.
The Numbers Unpacked
The DAO, which stands for Decentralized Autonomous Organization, operates through smart contracts on the Ethereum blockchain. Since its creation in April 2016, it has raised approximately $150 million worth of ether from over 11,000 participants, making it the largest crowdfunding effort in history at the time. The fund operates without traditional management — instead, token holders vote on which proposals to fund, ostensibly leveraging the wisdom of the crowd.
However, the Cornell research team has identified several critical flaws in this democratic ideal. The most significant issue lies in the voting rules: a member who has voted yes or no on a proposal cannot withdraw their funds from The DAO until voting concludes. This creates a perverse incentive structure where rational actors are discouraged from voting against bad proposals, instead preferring to wait until the last possible moment to see which way the wind blows before making a move.
This mechanism, the researchers argue, opens the door to manipulation. An attacker with sufficient DAO tokens could submit a self-serving proposal, wait for opposition voters to lock their tokens by voting no, and then flood the proposal with yes votes at the eleventh hour — all while opposition voters are locked in and unable to exit.
Historical Context
The DAO emerged from Ethereum’s unique capability to execute Turing-complete smart contracts — self-executing programs that run exactly as coded without any possibility of downtime, censorship, fraud, or third-party interference. Launched in April 2016 by the German startup Slock.it, The DAO was designed to function as a decentralized venture capital fund that would invest in Ethereum-based projects.
The concept captured the imagination of the cryptocurrency community during a period of explosive growth for Ethereum. ETH had risen from under $1 at the start of 2016 to over $20 by mid-June, fueled by enthusiasm for smart contracts, decentralized applications, and the broader potential of programmable money. The DAO token itself became the fifth-largest cryptocurrency by market capitalization, valued at over $220 million on June 16, 2016.
Emin Gün Sirer is no stranger to cryptocurrency security. The Cornell associate professor has been a prominent voice in the blockchain research community, known for his rigorous analysis of consensus mechanisms and distributed systems. His decision to publicly call for a halt to The DAO’s operations carries significant weight within both the academic and cryptocurrency communities.
Expert Consensus
The Cornell paper has sent shockwaves through the Ethereum community, sparking intense debate across forums, Slack channels, and social media. The researchers have achieved what they describe as a “de facto moratorium” on The DAO’s operations, with many proposal creators voluntarily pulling their submissions in response to the security concerns.
The core Ethereum development team has been cautious in its response, emphasizing that The DAO is an independent project built on top of the Ethereum platform — not part of Ethereum’s core protocol. This distinction is crucial: any vulnerability in The DAO’s smart contracts does not reflect a flaw in Ethereum itself, though the reputational damage to the broader ecosystem is undeniable.
Vlad Zamfir, one of the paper’s co-authors, serves as a curator for The DAO — a role that gives him significant influence over which proposals are allowed to proceed. His participation in the paper signals that concerns about The DAO’s structure come from within the organization itself, not merely from external critics.
The paper also raises the specter of more sophisticated attacks beyond simple voting manipulation. The researchers outline scenarios in which The DAO’s smart contract code could be exploited to tie up funds and demand ransom payments, or to create situations where legitimate token holders find themselves unable to withdraw their investments.
Forward Outlook
The immediate question facing The DAO’s 11,000-plus token holders is whether the identified vulnerabilities can be fixed without dismantling the entire structure. Sirer and his colleagues argue that changes must be made “within the provisions of the existing smart contract program” — a constraint that limits the available solutions, since The DAO’s code, once deployed, cannot be easily modified.
The situation exposes a fundamental tension in decentralized governance: the immutability that makes blockchain technology trustworthy also makes it extraordinarily difficult to fix bugs once they are discovered. As Sirer poignantly asks: “Whom do you sue if you can’t vote because of a bug on line 37?”
For the broader cryptocurrency market, The DAO controversy serves as a sobering reminder that technological innovation does not eliminate risk — it merely transforms it. As Bitcoin trades at $766 and Ethereum at $20.59, the total cryptocurrency market cap hovers around $14 billion. The security of these systems, both at the protocol level and at the application layer, remains the single most important factor determining whether this young industry can mature into a legitimate financial ecosystem.
The Ethereum community now faces a critical test. How it responds to The DAO’s vulnerabilities — whether through technical fixes, governance reforms, or simply allowing the experiment to fail — will set precedents for every decentralized organization that follows. The eyes of the financial world are watching.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making investment decisions.