Skip to main content


Understanding Plugins

Plugins exist as instances created from the same base contract by

  • copying
  • cloning
  • create proxy

and each instance is attached to and managed by exactly one DAO.


Lern more about the different plugin types in our How-to guide.

This raises questions on how the DAO manages plugins and who actually owns plugins.

How does the DAO Manage a Plugin?

A DAO manages plugins and interactions between them, the DAO contract, and other parties with its. In more detail, its permission manager

  • controls the plugin setup process (installation, update, uninstallation)
  • authorizes calls to plugin functions carrying the auth modifier
  • authorizes calls to DAO functions, for example, the execute function allowing for acting as the DAO

by checking if the caller hasPermission.

Schematic depiction of the interaction between the DAO, the PermissionManager, and a Plugin contract.

An examplary DAO setup showing interactions between the three core contract pieces triggered by different user groups: The DAO contract in blue containing the PermissionManager in red, respectively, as well as two Plugin contracts in green. Function calls are visualized as black arrows and require permission checks (red, dashed arrow). In this example, the permission manager determines whether the token voting plugin can execute actions on the DAO, a member can change its settings, or if a DeFi-related plugin is allowed to invest in a certain, external contract.

Whereas deployed plugin instances belong to the DAO, the developer of the original plugin implementation owns the implementation and setup contract of the plugin. The plugin developer is the maintainer of an Aragon OSx plugin repo. Finally, the Aragon OSx protocol manages the registry in which the plugin repositories are listed, which is required to install a plugin using the Aragon OSx framework infrastructure to your DAO.

© 2023