No DAO token, Badge only. The number of badges held in a voter's wallet becomes the number of votes. Because the badges issued are not transferrable, the member's integrity is assured. However, there is no effective way of "locking" the badges in the user's wallet, they can use the same number of badges to participate in the voting of multiple proposals. This isn't exactly Sybil attack, but might be an issue that a DAO needs to consider.