Foundational principles for designing and operating decentralized governance through specialized, interoperable sub-organizations.
LABS
Guides
SubDAOs and Modular Governance Structures
Chainscore © 2025
core-concepts
Core Concepts of Modular Governance
01
Sovereignty and Subsidiarity
Sovereignty refers to a SubDAO's authority to make final decisions within its designated domain, such as treasury management or protocol parameters. Subsidiarity is the principle that decisions should be made at the lowest competent level.
- Enables localized expertise and faster iteration.
- Reduces governance fatigue in the main DAO by delegating granular decisions.
- Critical for scaling decentralized organizations without centralizing power.
02
Composable Governance Legos
The concept of treating governance modules—like voting, delegation, or treasury tools—as interoperable components or "legos."
- Allows DAOs to mix and match best-in-class solutions (e.g., Snapshot for voting, Safe for multisig).
- Facilitates the creation of custom governance stacks tailored to a SubDAO's specific needs.
- Promotes innovation and reduces vendor lock-in within the governance tooling ecosystem.
03
Permissioned Autonomy
A governance model where SubDAOs operate with high autonomy but within a bounded set of permissions and constraints defined by the parent DAO or a shared security layer.
- Parent DAO may set spending limits, veto powers, or require certain security audits.
- Balances the need for independent operation with overarching network security and alignment.
- Common in L2 governance or protocol guilds managing specific product verticals.
04
Inter-DAO Communication and Coordination
The frameworks and mechanisms that enable SubDAOs to interact, share resources, and resolve conflicts, often facilitated by cross-chain messaging or shared state channels.
- Uses bridges or protocols like Axelar or LayerZero for asset and message passing.
- Essential for treasury rebalancing, joint grants programs, or coordinated protocol upgrades.
- Prevents siloed operations and ensures ecosystem-wide coherence.
05
Progressive Decentralization
A phased strategy where a core team initially retains control, gradually transferring authority to modular SubDAOs as they demonstrate competence and establish trustless systems.
- Starts with a multisig-controlled SubDAO for a specific function like grants.
- Evolves to a fully on-chain, token-governed entity over time.
- Mitigates risks by decentralizing control only after robust processes are battle-tested.
06
Exit to Community Mechanisms
Pre-defined processes and smart contract functions that allow a SubDAO to formally separate from its parent organization, taking its treasury and governance rights with it.
- Can be triggered by a super-majority vote or after meeting specific autonomy milestones.
- Provides a clear path for forks or spin-offs, reducing political friction.
- Embodies the credibly neutral and permissionless ideals of Web3 by enabling clean exits.
Implementing a SubDAO Structure
Process overview
1
Define SubDAO Scope and Authority
Establish the operational boundaries and decision-making power for the SubDAO.
Detailed Instructions
Begin by drafting a SubDAO Charter that explicitly defines its purpose, scope, and limitations. This document should specify which assets (e.g., a 500 ETH treasury), smart contracts, or protocol parameters the SubDAO can manage. Crucially, you must codify the authority matrix, detailing which actions require parent DAO approval versus autonomous execution. For example, a grants SubDAO might autonomously approve proposals under 10 ETH but require a main DAO vote for larger disbursements.
- Sub-step 1: Draft the charter outlining purpose, scope, and asset control.
- Sub-step 2: Define the authority matrix for autonomous vs. parent-governed actions.
- Sub-step 3: Specify the treasury address and initial funding amount in the charter.
solidity// Example struct for a SubDAO proposal in the parent contract struct SubDAOProposal { address subDAOTreasury; uint256 amount; bytes callData; // Encoded function call for the SubDAO's module bool requiresParentApproval; }
Tip: Use a modular approach by separating the charter logic from the enforcement mechanism, allowing for easier future upgrades.
2
Deploy Governance and Treasury Modules
Set up the smart contract infrastructure for voting and fund management.
Detailed Instructions
Deploy the core smart contracts that will constitute the SubDAO's autonomous governance. This typically involves a governor contract (e.g., OpenZeppelin Governor) and a treasury contract (e.g., a Gnosis Safe or custom Vault). The governor should be configured with specific parameters like votingDelay (e.g., 1 day), votingPeriod (e.g., 5 days), and a proposalThreshold. The treasury must be set as the executor for successful proposals. Use a minion factory pattern or a proxy factory to ensure standardized, gas-efficient deployment of multiple SubDAOs.
- Sub-step 1: Deploy the governor contract with tailored voting parameters.
- Sub-step 2: Deploy the treasury contract (e.g., Safe at
0x...). - Sub-step 3: Configure the governor to use the treasury as its executor.
- Sub-step 4: Verify contract permissions and ownership are correctly set.
solidity// Example initialization of a Governor contract for a SubDAO function initializeSubDAOGovernor( IVotes token, TimelockController timelock, uint256 initialVotingDelay, uint256 initialVotingPeriod, uint256 initialProposalThreshold ) external initializer { __Governor_init("SubDAO Governor"); __GovernorVotes_init(token); __GovernorTimelockControl_init(timelock); _setVotingDelay(initialVotingDelay); _setVotingPeriod(initialVotingPeriod); _setProposalThreshold(initialProposalThreshold); }
Tip: Consider using a timelock controller on the treasury to enforce a delay between proposal execution and action, adding a safety layer.
3
Establish Tokenomics and Membership
Determine the governance token or membership model for the SubDAO.
Detailed Instructions
Decide on the membership model, which could be token-based (using the parent token or a new sub-token), NFT-based, or multisig-based. For a token-based model, you must define the snapshot mechanism. Will you use the parent token with a snapshot strategy that filters for specific criteria (e.g., holders of >100 tokens), or will you issue a new sub-governance token via an airdrop or bonding curve? Implement the chosen model via smart contracts, ensuring the voting power calculation is transparent and secure.
- Sub-step 1: Choose the membership model (token, NFT, multisig).
- Sub-step 2: If using the parent token, configure a Snapshot space with a custom strategy.
- Sub-step 3: If minting a new token, deploy the ERC20/ERC721 contract with appropriate minting controls.
- Sub-step 4: Connect the token contract to the governor's voting module.
solidity// Example of a custom voting token airdrop to a curated list function airdropSubGovTokens( address[] calldata recipients, uint256[] calldata amounts ) external onlyOwner { require(recipients.length == amounts.length, "Length mismatch"); for (uint256 i = 0; i < recipients.length; i++) { _mint(recipients[i], amounts[i]); } }
Tip: For sub-tokens, consider a vesting contract to align long-term incentives and prevent immediate governance attacks.
4
Integrate with Parent DAO Governance
Create the secure communication and control channels between the SubDAO and the main DAO.
Detailed Instructions
This step involves creating the permission bridge that allows the parent DAO to oversee or control the SubDAO as defined in the charter. Deploy a controller contract on the parent chain that holds minting/burning rights for the SubDAO's token or pause/upgrade rights over its contracts. The most critical integration is setting up a cross-chain messaging system (like Axelar, Wormhole, or a native bridge) if the SubDAO operates on a different L2 or sidechain. This system relays governance decisions for actions requiring parent approval.
- Sub-step 1: Deploy a controller contract on the parent chain with defined oversight functions.
- Sub-step 2: If cross-chain, set up a trusted relay or oracle to pass message payloads.
- Sub-step 3: Configure the SubDAO's governor to require a signature from the controller for certain proposal types.
- Sub-step 4: Test the integration with a mock proposal to ensure security and correctness.
solidity// Example function in a parent controller to veto a SubDAO proposal function vetoSubDAOProposal( uint256 chainId, address subDAOGovernor, uint256 proposalId ) external onlyParentDAO { // Encode the veto action bytes memory callData = abi.encodeWithSignature( "cancel(address)", subDAOGovernor ); // Send via cross-chain messenger ICrossChainMessenger(messenger).sendMessage( chainId, subDAOGovernor, callData ); }
Tip: Implement a state synchronization mechanism to keep track of the SubDAO's treasury balance and active proposals on the parent DAO dashboard.
5
Deploy and Activate the SubDAO
Finalize deployment, fund the treasury, and launch governance operations.
Detailed Instructions
Execute the final deployment sequence to activate the SubDAO. First, transfer the initial treasury allocation (e.g., 1000 USDC and 50 ETH) from the parent DAO's treasury to the SubDAO's Safe address via a successful main governance proposal. Then, publicly ratify the SubDAO Charter by storing its hash on-chain (e.g., on IPFS with CID QmXYZ... and recording it in a registry contract). Finally, onboard the initial members by distributing governance tokens or adding multisig signers, and initiate the first governance cycle with a bootstrap proposal to ratify operational rules.
- Sub-step 1: Execute the parent DAO proposal to fund the SubDAO treasury.
- Sub-step 2: Record the ratified charter hash in an on-chain registry.
- Sub-step 3: Distribute governance tokens or NFT memberships to the founding cohort.
- Sub-step 4: Create and pass the first operational proposal to establish committees or processes.
bash# Example CLI command to create the first SubDAO proposal via Snapshot snapshot-cli propose \ --space subdao.eth \ --title "Ratify Operational Framework" \ --body "IPFS_HASH" \ --choices "Yes,No,Abstain" \ --start $(date +%s) \ --end $(($(date +%s) + 604800))
Tip: Begin with a low proposal threshold and a multisig fallback for the first few cycles to ensure smooth operation while the community adapts to the new structure.
SubDAO Framework Comparison
Comparison of technical implementation frameworks for launching and managing SubDAOs.
| Governance Feature | Aragon OSx | OpenZeppelin Governor | Compound Governor Bravo |
|---|---|---|---|
Upgrade Mechanism | Plugin-based, permissioned | Transparent Proxy, UUPS | Timelock-controlled, delegatecall |
Proposal Threshold | Configurable token/NFT gate | Fixed token amount (e.g., 10,000) | Fixed token amount (e.g., 25,000) |
Voting Delay | Configurable (e.g., 1 block) | Fixed (e.g., 1 block) | Fixed (e.g., 1 block) |
Voting Period | Configurable (e.g., 5 days) | Configurable (e.g., 3 days) | Fixed (e.g., 3 days) |
Quorum Required | Configurable (e.g., 4% of supply) | Configurable (e.g., 4% of supply) | Fixed (e.g., 100,000 votes) |
Gas Cost for Proposal | ~1.5M - 2M gas | ~800k - 1.2M gas | ~1M - 1.5M gas |
Treasury Control | Plugin-managed, multi-sig compatible | Direct via Timelock Executor | Direct via Timelock Controller |
SubDAO Use Cases and Applications
Understanding SubDAO Applications
A SubDAO is a specialized, smaller DAO spun off from a larger parent DAO to handle a specific function. This modular approach allows a community to delegate complex tasks to focused teams while maintaining overall alignment.
Common Use Cases
- Treasury Management: A SubDAO can be tasked with managing a portion of the main treasury, making investment decisions on assets or funding grants. For example, Aave's DAO has a Grants SubDAO that funds ecosystem development.
- Protocol Parameter Governance: Specific technical upgrades or fee adjustments can be delegated. Compound's community might use a SubDAO to manage interest rate model updates for a single market.
- Content or Community Curation: Platforms like Mirror or decentralized social networks can use SubDAOs to curate featured content or manage community events without requiring a full DAO vote for every decision.
Real-World Example
When MakerDAO delegates the management of its real-world asset (RWA) portfolio to a specialized SubDAO, the parent DAO sets the high-level risk parameters, while the SubDAO's experts handle the day-to-day sourcing and management of the assets.
Security and Risk Management for SubDAOs
Process for implementing security controls and managing operational risks within a modular governance structure.
1
Define and Formalize SubDAO Permissions
Establish a clear, on-chain permission framework to limit the scope of each SubDAO's authority.
Detailed Instructions
Begin by mapping the core functions each SubDAO needs to perform, such as treasury management, protocol parameter updates, or grant distribution. Use a modular access control system like OpenZeppelin's AccessControl to implement these permissions. Assign roles (e.g., GRANT_MANAGER_ROLE, PARAMETER_UPDATER_ROLE) with specific, limited scopes.
- Sub-step 1: Deploy the main access control contract and define role hashes using
keccak256(e.g.,bytes32 public constant TREASURY_EXECUTOR = keccak256("TREASURY_EXECUTOR")). - Sub-step 2: Grant these roles to the SubDAO's executor contract address, not to individual EOAs, to maintain accountability.
- Sub-step 3: Implement function-level modifiers (e.g.,
onlyRole(TREASURY_EXECUTOR)) on all protected functions in the core protocol.
solidity// Example modifier for a treasury function modifier onlyTreasuryExecutor() { require(hasRole(TREASURY_EXECUTOR, msg.sender), "Caller is not a treasury executor"); _; } function executePayment(address recipient, uint256 amount) public onlyTreasuryExecutor { // Payment logic }
Tip: Use a role hierarchy where a
DEFAULT_ADMIN_ROLEcan grant/revoke other roles but has no direct protocol execution power, separating administration from operation.
2
Implement Multi-layered Proposal Execution
Design proposal lifecycle with timelocks, execution thresholds, and optional parent DAO oversight.
Detailed Instructions
Create a security buffer between a SubDAO's vote and on-chain execution. A timelock contract is essential, forcing a mandatory delay (e.g., 48-72 hours) after a proposal passes. This allows for public scrutiny and emergency intervention. Set explicit execution thresholds, requiring more than a simple majority for high-value actions (e.g., 66% for treasury transfers >100 ETH).
- Sub-step 1: Deploy a TimelockController (from OpenZeppelin or a custom solution) and set the SubDAO's voting contract as the sole "proposer."
- Sub-step 2: Configure the Timelock's
minDelayand assign a multisig or the parent DAO's safe address as the "canceller" role for emergencies. - Sub-step 3: Integrate the timelock as the executor in the SubDAO's governance module (e.g., Governor contract). All proposals must queue and wait in the timelock before execution.
solidity// Configuring a Governor contract with a timelock constructor( IVotes _token, TimelockController _timelock, uint256 _votingDelay, uint256 _votingPeriod, uint256 _quorumPercentage ) Governor("SubDAOGoverner") GovernorVotes(_token) GovernorVotesQuorumFraction(_quorumPercentage) GovernorTimelockControl(_timelock) // Key integration {}
Tip: For critical functions, implement a dual-control mechanism where execution also requires a signature from a parent DAO guardian, creating a veto-able grace period.
3
Establish Treasury Risk Parameters and Monitoring
Set hard limits on treasury actions and implement real-time monitoring for anomalous activity.
Detailed Instructions
Define strict risk parameters within the SubDAO's treasury management smart contracts. These are hard-coded limits that cannot be exceeded without a separate governance proposal to change the parameters themselves. Implement continuous off-chain monitoring using services like OpenZeppelin Defender Sentinel or Tenderly Alerts.
- Sub-step 1: Code treasury limits directly into contracts: maximum single transfer amount (e.g.,
MAX_SINGLE_TX = 500 ETH), daily withdrawal limit, and approved token whitelists. - Sub-step 2: Set up automated alerts for transactions that approach these limits, failed executions, or interactions with newly deployed contracts.
- Sub-step 3: Create a canonical dashboard (using Dune Analytics or Subgraph) tracking treasury inflows/outflows, proposal execution history, and role assignments for transparency.
solidity// Example of an enforced treasury limit contract SubDAOTreasury { uint256 public constant MAX_DAILY_WITHDRAWAL = 1000 ether; uint256 public withdrawnToday; uint256 public lastWithdrawalDay; function withdraw(address token, uint256 amount) external onlyRole(EXECUTOR_ROLE) { _updateDailyCounter(); require(amount <= MAX_DAILY_WITHDRAWAL - withdrawnToday, "Exceeds daily limit"); withdrawnToday += amount; IERC20(token).transfer(msg.sender, amount); } function _updateDailyCounter() internal { if (block.timestamp / 1 days > lastWithdrawalDay) { lastWithdrawalDay = block.timestamp / 1 days; withdrawnToday = 0; } } }
Tip: Use a multi-signature wallet as the final holder of assets, with the SubDAO's permissioned contract as one of the signers, adding an extra layer of confirmation.
4
Conduct Regular Security Audits and Role Reviews
Schedule periodic smart contract audits and review active permissions to minimize attack surface.
Detailed Instructions
Proactive security requires scheduled external reviews and internal hygiene. Commission biennial audits from reputable firms for all SubDAO management contracts. Internally, perform quarterly role and permission reviews to deactivate unused access and verify the integrity of active controllers.
- Sub-step 1: Maintain a registry of all smart contract addresses controlled by the SubDAO, their current versions, and audit status. Update this after any upgrade.
- Sub-step 2: Use the
getRoleMemberCountandgetRoleMemberfunctions from the AccessControl contract to generate a report of all active addresses holding privileged roles. - Sub-step 3: Cross-reference this list with known operational needs and immediately revoke (using
revokeRole) any permissions for deprecated contracts or former contributors.
solidity// Script to audit active role members (conceptual) // This would be run in a script environment like Hardhat or Foundry. async function auditRoles(accessControlAddress, roleHash) { const contract = await ethers.getContractAt("IAccessControl", accessControlAddress); const roleMemberCount = await contract.getRoleMemberCount(roleHash); console.log(`Role has ${roleMemberCount} active members:`); for (let i = 0; i < roleMemberCount; i++) { const member = await contract.getRoleMember(roleHash, i); console.log(` ${i}: ${member}`); } }
Tip: Implement a time-bound, renewable role system using expiring approvals or a separate registry that requires active re-authorization for sensitive roles every 6-12 months.
5
Create a Contingency and Escalation Plan
Prepare documented procedures for security incidents, including emergency pauses and parent DAO escalation.
Detailed Instructions
Formalize a contingency plan that details steps to take in case of a suspected exploit, governance attack, or critical bug. The plan must include clear escalation paths to the parent DAO and conditions for invoking emergency functions like pause() or cancel() on the timelock.
- Sub-step 1: Deploy and configure an emergency pause contract (e.g., using OpenZeppelin's
Pausableextension) for critical protocol modules, controlled by a designated guardian multisig. - Sub-step 2: Document the exact process: who can raise an alert, which communication channels to use (e.g., Discord security channel, internal war room), and the decision tree for initiating a pause.
- Sub-step 3: Run tabletop exercises simulating scenarios like a malicious proposal passing or a treasury drain. Test the execution of the
cancelfunction on the TimelockController by the authorized canceller.
solidity// Example of integrating an emergency pause modifier contract CriticalProtocolModule is Pausable { address public guardianMultisig; constructor(address _guardian) { guardianMultisig = _guardian; } modifier onlyGuardian() { require(msg.sender == guardianMultisig, "Only guardian"); _; } function emergencyPause() external onlyGuardian { _pause(); // Pauses all functions with the `whenNotPaused` modifier } function executeCriticalFunction() external whenNotPaused { // Core logic } }
Tip: The guardian multisig should have a higher threshold (e.g., 4-of-7) than the SubDAO's operational multisig and consist of trusted, technically-adept members from the parent DAO.
Technical Implementation FAQ
On-chain treasury autonomy is achieved by deploying a multi-signature wallet or a custom smart contract vault controlled by the SubDAO's governance token. This contract holds native tokens and ERC-20 assets, with withdrawal logic governed by token-weighted votes or a configured quorum. For example, a SubDAO might set a 60% approval threshold for proposals and a 48-hour timelock on all treasury transactions. The contract can integrate with DeFi protocols like Aave or Compound to generate yield, but any strategy change requires a separate governance proposal and execution via a governance module like Zodiac or Tally.