Aragon OS is a foundational smart contract framework designed for creating and governing decentralized autonomous organizations (DAOs). At its core, it provides a standardized, modular architecture that separates governance logic from application logic, enabling developers to build complex, upgradeable, and secure on-chain organizations. The framework's primary components include a kernel for core contract management, a forwarder for action execution, and an access control list (ACL) for granular permissioning, which together form a robust system for decentralized governance.
LABS
Glossary
Aragon OS
Aragon OS is a modular smart contract framework for creating and managing decentralized autonomous organizations (DAOs).
Chainscore © 2026
definition
BLOCKCHAIN INFRASTRUCTURE
What is Aragon OS?
Aragon OS is a modular and upgradeable smart contract framework for building and managing decentralized autonomous organizations (DAOs) and other on-chain entities.
The framework's modularity is achieved through its plugin architecture. Developers can create and install specialized plugins—such as voting mechanisms, treasury management tools, or membership modules—without modifying the core protocol. This allows DAOs to start with a simple structure and evolve over time by adding new functionalities. Key governance plugins include token-based voting, multisig approvals, and reputation-based systems, which can be combined to create custom governance models tailored to a community's specific needs.
A critical feature of Aragon OS is its focus on upgradeability and security. The framework utilizes proxy patterns and a versioning system that allows DAOs to upgrade their logic and fix vulnerabilities without migrating assets or disrupting operations. This is managed through governance proposals, ensuring that upgrades are community-approved. The permission system, governed by the ACL, provides fine-grained control over who can execute which actions, from transferring funds to modifying the DAO's own rules, creating a secure and auditable environment for on-chain operations.
Aragon OS is most commonly associated with the Aragon Client, a front-end application that provides a user-friendly interface for interacting with DAOs built on the framework. However, the OS itself is protocol-agnostic and can be deployed on any Ethereum Virtual Machine (EVM)-compatible blockchain. This has led to its adoption for creating a wide range of on-chain entities, including investment DAOs, protocol treasuries, grant committees, and decentralized product teams, establishing it as a foundational layer in the Web3 governance stack.
how-it-works
ARCHITECTURE OVERVIEW
How Aragon OS Works
Aragon OS is the foundational smart contract framework that enables the creation and management of decentralized autonomous organizations (DAOs) with modular governance and upgradeable components.
At its core, Aragon OS is a modular smart contract framework that separates governance logic from application logic. It operates on a forwarder-forwardee pattern, where a DAO's primary smart contract, the Kernel, acts as a central router. The Kernel does not hold business logic itself but forwards transactions to specialized, pluggable modules called Aragon Apps. This architecture allows for permission management through a dedicated Access Control List (ACL), where permissions to execute functions on apps are granted to other apps or external addresses, creating a flexible and secure governance graph.
The system's upgradeability is managed through a proxy pattern. A DAO's state and assets are held in proxy contracts that delegate their logic to implementation contracts stored in the Aragon Package Manager (APM). When an app needs an upgrade, a governance proposal can vote to change the proxy's pointer to a new implementation version, enabling seamless, non-disruptive updates without migrating assets or data. This design is critical for long-lived organizations that must adapt to new standards, security patches, or feature requests over time.
Key components within this framework include the Voting app for proposal-based decision-making, the Finance app for managing a DAO's treasury and payments, and the Agent app which acts as a non-custodial multisig, allowing the DAO to interact directly with any other smart contract on the blockchain. The Permission Manager is the interface for configuring the ACL, defining complex rules such as requiring a token-weighted vote to pass before a specific treasury transaction can be executed by the Agent.
key-features
ARCHITECTURE
Key Features of Aragon OS
Aragon OS is a modular framework for building and managing decentralized autonomous organizations (DAOs). Its core features enable programmable governance, permission management, and secure, upgradeable smart contract systems.
01
Forwarder Pattern
A foundational design pattern where actions are represented as forwarders. Instead of calling a function directly, a user signs an intent (a forwarder) which is then executed by a relayer. This enables gasless transactions, batching, and meta-transactions, separating the signer from the executor of an action.
02
Permission Management
A granular, role-based access control system for smart contracts. Permissions are defined as (who, where, what) tuples, specifying who (an address or app) can perform what action on where (a target contract). This creates a flexible security matrix that can be updated via governance without modifying the underlying contract code.
03
Upgradeability via Proxies
Uses proxy patterns (like the ERC-1967 standard) to separate a contract's logic from its storage. This allows a DAO to upgrade its application logic while preserving its state, treasury, and permissions. Governance votes can point the proxy to a new, audited implementation contract.
04
Governance Agnosticism
The framework is not tied to a single governance mechanism. DAOs can plug in various voting apps (e.g., token-weighted, reputation-based, multisig) to make permission changes. The Aragon Court can be integrated for subjective dispute resolution, creating a checks-and-balances system.
05
App & Kernel Architecture
Features a modular architecture with a central Kernel (managing permissions and upgrades) and pluggable Apps (like voting, finance, or custom modules). Apps are minimal proxies that delegate calls to shared logic libraries, reducing gas costs and enabling code reuse across a DAO ecosystem.
06
Transaction Context & Oracles
Provides a context variable that passes metadata (like the original sender) through a call chain, even between contracts. This enables oracles (trusted entities) to authenticate actions. For example, a vote tally app can verify a proposal's passage before a treasury app executes a payment.
core-modules
ARAGON OS
Core Modules & Components
Aragon OS is a modular framework for building and managing decentralized autonomous organizations (DAOs). It provides a set of smart contract components that handle governance, permissions, and treasury management.
01
The Kernel
The Kernel is the core smart contract that acts as the foundational registry for a DAO. It manages the DAO's address space and serves as the central point for installing and upgrading other components, known as Apps. Every interaction with the DAO's functionality is routed through its Kernel.
02
Forwarder & ACL
The Access Control List (ACL) is the permissioning system that defines who can do what within the DAO. It works with Forwarders, which are contracts that forward transactions after checking permissions. This creates a granular security model where actions like spending funds or modifying settings require specific roles.
03
Apps
Apps are modular smart contracts that provide specific functionality to a DAO, such as:
- Voting: Token-weighted or reputation-based voting mechanisms.
- Finance: Managing a shared treasury, payments, and budgets.
- Tokens: Minting and managing governance tokens. Apps are installed into the Kernel and their functions are governed by the ACL.
04
EVM Script Registry
The EVM Script Registry is a component that allows for the execution of arbitrary, complex transactions. It interprets EVM Scripts—special bytecode that can call multiple contracts in a single transaction. This is essential for executing the results of governance votes, enabling actions like batch payments or protocol upgrades.
05
Upgradeability via Proxy Pattern
Aragon OS uses a proxy pattern to enable upgradeable DAOs. The Kernel acts as a proxy to logic contracts, allowing the underlying implementation of Apps to be upgraded without losing the DAO's state, history, or address. This separates storage from logic for maintainability.
permissions-system
ARAGON OS
The Permissions System
A foundational component of Aragon OS that provides a standardized, on-chain framework for managing roles and access control within decentralized organizations (DAOs) and smart contract applications.
The Permissions System is a core smart contract architecture within Aragon OS that defines and enforces who can perform specific actions within a decentralized application (dApp) or DAO. It functions as a granular access control layer, mapping roles (e.g., MINT_ROLE, UPGRADE_ROLE) to specific entities (smart contracts or externally owned accounts) and the functions they are allowed to execute. This system replaces the need for custom, ad-hoc authorization logic in every contract, providing a standardized and auditable security model for on-chain governance and operations.
At its core, the system operates through a Permission Manager contract that maintains a registry of permissions. Each permission is defined by a tuple: the entity (who) that holds the permission, the contract where the action is performed (where), and the specific function signature (what) they are allowed to call. This structure allows for extremely fine-grained control, enabling scenarios where one address holds the permission to mint tokens in a specific contract, while another holds the permission to upgrade a different module. Permissions can be granted, revoked, and managed through governance proposals, making the system dynamic and adaptable.
This modular approach is fundamental to the Aragon OS "plugin" architecture. Applications are built by composing smaller, specialized contracts (like a token manager or voting app), and the Permissions System securely wires them together. For example, a voting app might require the CREATE_VOTES_ROLE on itself to create proposals, and a successful vote outcome could trigger an action that requires, say, the TRANSFER_ROLE on a treasury contract. This decouples governance logic from business logic, enhancing security and upgradeability.
The system's design emphasizes security and transparency. Because all permissions are stored on-chain and publicly queryable, any participant can audit exactly who holds what power within an organization. This reduces "shadow governance" and hidden attack vectors. Furthermore, by centralizing authorization logic, it reduces the risk of bugs that can arise from implementing custom access controls in multiple places, making the overall application suite more secure and easier to reason about for developers and auditors alike.
ecosystem-usage
ARAGON OS
Ecosystem & Protocol Usage
Aragon OS is a modular framework for creating and managing decentralized autonomous organizations (DAOs) on Ethereum. It provides the core smart contract infrastructure for governance, permissions, and treasury management.
01
Core Architecture
Aragon OS is built on a proxy pattern where a lightweight DAO kernel manages a set of upgradeable app proxies. This architecture enables:
- Permission management via an Access Control List (ACL).
- Forwarding of calls to logic contracts.
- Upgradability of individual apps without disrupting the entire DAO. The system separates the core protocol from the applications, allowing for modular development and customization.
02
Permission System (ACL)
The Access Control List (ACL) is the security and governance backbone. It defines who can perform which actions on which apps. Permissions are expressed as entity, app, role tuples. For example, a rule could specify that only addresses holding the MEMBER role in the Voting app can execute a TRANSFER action on the Vault app. This granular system allows for complex, multi-sig-like governance flows.
05
Real-World DAO Examples
Prominent organizations built with Aragon OS include:
- Aragon DAO: Governs the Aragon project treasury and development.
- Decentraland DAO: Manages the virtual world's policy, land auctions, and grants.
- API3 DAO: Governs the API3 decentralized API service and its staking pool.
- BrightID DAO: Manages the development and community of the BrightID identity network. These DAOs utilize Aragon's voting, treasury, and permission apps for day-to-day operations.
FEATURE COMPARISON
Aragon OS vs. Other DAO Frameworks
A technical comparison of core architectural and governance features across prominent DAO frameworks.
| Feature / Metric | Aragon OS (Client) | Moloch DAO v2 | Compound Governor Bravo | DAOstack Alchemy |
|---|---|---|---|---|
Core Architecture | Modular plugin system | Minimalist multi-sig treasury | Delegate-based governance module | Prediction market-based governance (Holographic Consensus) |
Governance Token Standard | ERC-20 (ANT) or custom | Non-transferable shares | ERC-20 (e.g., COMP) | Native GEN or ERC-20 |
Voting Mechanisms | Token-weighted, optimistic execution | Ragequit-enabled share voting | Token-weighted, time-locked execution | Conviction voting, prediction market signaling |
Upgradeability Pattern | Fully upgradeable proxies (ERC-1967) | Hard forks via ragequit | Timelock-controlled upgradeability | Module-based upgradeability via controller |
Gas Cost for Proposal Creation | $50-150 | $20-50 | $100-200+ | $30-80 |
Native Multi-chain Support | ||||
Permission Management | Granular role-based access control | Simple member/share-based | Governor-controlled via timelock | Scheme-based permissions |
Built-in Treasury Asset Support | ETH, ERC-20, NFTs | ETH, ERC-20 | ERC-20 | ETH, ERC-20 |
security-considerations
ARAGON OS
Security Considerations
Aragon OS is a modular framework for building and managing decentralized autonomous organizations (DAOs). Its security model is defined by its permission system, upgrade mechanisms, and the inherent risks of on-chain governance.
01
Permission System & Access Control
The core security model is a permission system where components like apps and actions are governed by access control lists (ACLs). A permission defines who (an entity) can perform what (an action) and where (an app).
- Granular Control: Permissions can be assigned to individual addresses, multisigs, or other DAOs.
- Security Risk: Misconfigured permissions are a primary attack vector. An overly permissive ACL can grant malicious actors control over treasury funds or governance mechanisms.
02
Upgradeability & Proxy Patterns
Aragon DAOs use proxy patterns (like the Unstructured Storage proxy) to enable upgrades. The logic is separated from the storage, allowing the DAO's implementation to be changed.
- Benefit: Allows for bug fixes and feature additions without migrating the entire organization.
- Critical Risk: The upgrade permission is supremely powerful. If compromised, an attacker can replace the core contract logic to drain funds or subvert governance. This permission must be held by a secure, time-locked multisig or the DAO itself.
03
Governance Attack Vectors
On-chain governance introduces specific risks that DAO members must mitigate.
- Vote Sniping / Flash Loan Attacks: An attacker can borrow a large amount of tokens to pass a malicious proposal, then repay the loan. Aragon's default minimum approval and support requirements are defenses against this.
- Proposal Factory Attacks: Malicious apps can be installed that create proposals without proper permissions, spamming the DAO.
- Delegate Call Risks: Some actions use
delegatecall, which executes code in the context of the DAO, posing risks if the target is untrusted.
04
Forwarder & Execution Security
Actions in Aragon are executed via forwarders (like the Voting app). The security of an action depends on the entire call path.
- Context Preservation: Forwarders preserve the
msg.sendercontext, allowing for permission checks down the call chain. - Re-entrancy: While the framework itself guards against some re-entrancy, custom apps built on it must implement their own safeguards for fund transfers.
- Gas Limits: Complex governance proposals can run out of gas during execution, causing them to fail even if passed.
05
Dependency & App Risks
A DAO's security is only as strong as its weakest integrated app or dependency.
- App Audits: The core Aragon OS contracts are audited, but any third-party Aragon App installed by the DAO introduces its own risk surface. Unaudited apps are a major hazard.
- Kernel Dependency: All apps depend on the Aragon Kernel (the DAO's core). A critical bug in the kernel could compromise every DAO using that version.
- Oracle Reliance: Financial DAOs using price oracles (e.g., for bonding curves) inherit the security assumptions of those external data providers.
evolution
HISTORICAL CONTEXT
Evolution: From Aragon OSx
Aragon OSx represents a foundational evolution of the original Aragon OS framework, designed to power the next generation of decentralized organizations (DAOs).
Aragon OSx is the modular, upgradeable smart contract framework that succeeded the original Aragon OS, engineered to provide the core governance and operational logic for Decentralized Autonomous Organizations (DAOs). It is the technical backbone of the Aragon stack, enabling developers to build and manage sophisticated on-chain organizations with features like permission management, proposal voting, and treasury controls. This evolution shifted from a monolithic architecture to a more flexible, plugin-based system, allowing for greater customization and adaptability without requiring forks of the core protocol.
The framework's architecture is built around a permission management system that acts as a central security and access control layer. Every action within a DAO—from executing a treasury transaction to upgrading a plugin—requires explicit permission granted by the DAO's governance. This is managed through a permission manager smart contract that maps who (an address or another contract) can perform what action (role) on where (a target contract). This granular, non-hierarchical system provides a robust security model that is more flexible than traditional multi-signature wallets or rigid governance templates.
A key innovation of Aragon OSx is its plugin-centric design. Core functionalities like token voting, multisig execution, and fund management are implemented as standalone, upgradeable plugins that integrate with the DAO's permission layer. This allows DAOs to start simply and add complex features over time, akin to installing apps on a smartphone. For example, a DAO could install a Governance Plugin for proposal creation and voting, a Token Manager for membership, and a Finance Plugin for asset management, each interacting securely through the defined permission system.
The framework emphasizes upgradeability and future-proofing through the use of ERC-1967 proxy patterns. A DAO's core (its DAO contract) is a lightweight proxy that points to a shared, immutable logic contract. When the framework is upgraded, DAOs can opt-in to new features by voting to update their proxy to point to the new logic, enabling seamless improvements without migration or loss of state. This design ensures that organizations built on Aragon OSx can evolve alongside the broader Ethereum ecosystem and incorporate new standards.
Aragon OSx is fundamentally developer-centric, providing a comprehensive Software Development Kit (SDK) and well-documented APIs. This allows builders to create custom plugins, design unique governance flows, and integrate with external DeFi protocols. The framework's design as public infrastructure means that any developer can permissionlessly deploy a DAO or create a plugin, fostering an open ecosystem of governance tooling. Its evolution from the original Aragon OS marks a shift towards a more composable, secure, and professional foundation for on-chain organizations.
ARAGON OS
Frequently Asked Questions
Aragon OS is a foundational framework for building and managing decentralized autonomous organizations (DAOs). These questions address its core architecture, governance mechanisms, and practical applications.
Aragon OS is a modular, smart contract framework for creating and operating Decentralized Autonomous Organizations (DAOs). It works by providing a suite of standardized, upgradeable components that handle governance, finance, and membership. At its core is a proxy pattern architecture, where a lightweight proxy contract points to the logic of functional modules (like voting or token management). This allows DAOs to be highly customizable, permissioned, and upgradeable without migrating assets or members. Governance proposals are executed via a forwarder mechanism, ensuring only approved actions from votes are performed on-chain. It essentially provides the operating system upon which complex, on-chain organizations are built and governed.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall