Canonical DAI Stablecoin Upgrade Aims to Help Move DAI Off Chain

Why Canonical DAI Improves Security and Fungibility When Using DAI on Different Blockchains

Zero Mass
BanklessDAO
11 min readJul 19, 2022

--

Stablecoins play a crucial role in managing volatility in the crypto market. While the value of most crypto like Bitcoin or Ether can make large swings, sometimes fairly quickly, stablecoins are always redeemable for the same value of a fiat currency they are pegged to. Most of the stablecoins currently in high use are pegged to the U.S. dollar (USD), making them always worth $1. With multiple sidechains, rollups and even alternate L1s, there is a need to be able to move stablecoins across chains easily and safely.

The actual stability of stablecoins has been called into question with the collapse of the Terra ecosystem in May, 2022. An attacker was able to manipulate the complicated algorithmic function that controls the price of UST, its stablecoin, causing it to lose its peg to USD and drop to about $0.15 within one week. It is currently valued at $0.04 and seems unlikely to ever recover.

The need for a reliable stablecoin is more critical than ever, and only time will tell which one will rise to the top. Leaders include MakerDAO’s DAI, Tether’s USDT, and Coinbase/Circle’s USDC — which are all pegged to USD. A key difference between these stables and Terra’s UST is that they are all collateralized, which has so far proven to be a better approach. Furthermore, MakerDAO’s DAI is decentralized, setting it apart from other centralized stablecoins like USDT and USDC.

On the left is the circular blue USDC logo with a dollar sign in the middle and USDT’s green logo is on the right, which has a capital ‘T’ in the middle.
USDC and USDT Logos

But are stablecoins reliable across chains? What happens if you want to move your stablecoins to a sidechain or rollup? For some stablecoins, interoperability across chains is limited — but MakerDAO has advanced the interoperability of DAI in a manner that improves this.

The circular, yellow DAI logo, which has a capital ‘D’ in the center, underneath an “equals” sign.
MakerDAO’s DAI Logo

MakerDAO’s DAI is the only decentralized stablecoin

Currently, like any other token, DAI has to be exchanged for a ‘wrapped’ version of it in order to use it on a chain other than Ethereum where it isn’t native (such as Polkadot, Avalanche, Polygon, etc.). Wrapped tokens introduce security risks, liquidity issues, and a fungibility problem as the processes and protocols for wrapping tokens are in their infancy. This is also true for DAI when it is bridged using most bridges like Polygon or Ronin. Wrapped DAI is created in the process and you should be aware that it is not the same as DAI.

MakerDAO has created a solution for this called Canonical DAI — a much better way to move DAI off-chain. Essentially, Canonical DAI allows for a MakerDAO backed version of wrapped DAI. To understand why this is helpful, we need to look at how DAI is collateralized, and how that collateral is less secure when DAI is wrapped by entities that aren’t backed by MakerDAO and moved to other blockchains.

“Canonical DAI is a MakerDAO solution that connects the multi-chain environment with a single, powerful, battle-tested, fast, fully fungible, and secure stablecoin.” — MakerDAO

DAI, MakerDAO, and the Multi-Collateral DAI System

DAI was introduced to the Ethereum universe by MakerDAO in 2017, as the first crypto-collateralized stablecoin. While stablecoins like USDT and USDC are collateralized using fiat currency, DAI maintains a soft peg to USD through deposits of other crypto. Another key difference is that DAI is a decentralized stablecoin, managed by MakerDAO, as opposed to the other centralized systems like Tether (USDT) and Coinbase (USDC). While the control of the Maker Protocol, which manages DAI transactions, was originally centralized within the Maker Foundation, it transitioned last year into a fully decentralized system.

Both USDC and USDT require trust in a centralized entity to hold collateral for their stablecoins off chain; in Tether’s case this is held where nobody except Tether can see it. If it is even there…

It’s important for transparency that owners of a stablecoin know how it is collateralized and can see the collateral for themselves and trust in the protocol. MakerDAO does this all on chain and has an active dashboard that shows the collateralization of DAI in real time.

Two pie charts, ranging in colors yellow, orange, red and black, showing the relative proportions of the various cryptocurrencies that collateralize DAI.
Screenshot of the DAI collateral base as of July 12, 2022. Source: https://makerburn.com/#/rundown

The original Maker Protocol only accepted deposits of Ether in order to mint DAI, but it is now a Multi-Collateral DAI (MCD) system and accepts multiple forms of crypto as deposits in order to mint new DAI. This shift helped increase the access to and utility of DAI because users could now use other cryptocurrencies as collateral to mint DAI, such as UNI or MATIC. As you probably already know, however, UNI and MATIC are native tokens of sidechains — off the Ethereum network — and once DAI is taken off of Ethereum onto one of these sidechains, we enter the territory of wrapped DAI.

For simplicity, we’ll refer to all versions of Wrapped DAI as “wDAI”, not to be confused with a number of specific but largely inconsequential tokens that happen to use the “wDAI” or “WDAI” symbol. Also, “domain” refers to any distinct sidechain or rollup that is in operation in the multichain system.

Wrapped Tokens Are Not Fungible With The Original

When most other bridges are used to move DAI off Ethereum, such as the Polygon Bridge moving DAI to Polygon, wDAI is created. This is the same for all tokens when they are moved from their native chain — a different version of the token is used on the other side, which is generally referred to as a wrapped token. A simplified diagram of this process is shown below.

A diagram of four blocks, representing Ethereum and three other domains, with various colored tokens being moved between them to demonstrate that the white DAI token becomes a different token (and a different color in the diagram) when moved off of Ethereum.
Wrapped DAI Operating Across Chains (Diagram by MakerDAO)

As DAI (white) turns into wDAI (other colors) and moves to another chain, the original DAI is locked on the source chain and a clone token is minted on the destination chain. We can also end up with clones of clones floating out there in the system, like white to red to yellow above, that move ever further away from the underlying DAI asset.

Image of Storm Trooper clones from the Star Wars movie series.
Clones, anyone? (Photo by Phil Shaw on Unsplash)

Although these various wDAI tokens in this example should be redeemable for DAI back on Ethereum, they are not actually DAI. The term “wrapped” is really a misnomer since it implies the original asset is inside, disguised with a “wrap” when in fact the wrapped token is an entirely different token.

Diagram showing DAI, represented by a yellow circle, moving into a wDAI issuer protocol and then becoming locked there. A purple wDAI token is then created and released for use off-chain.
Wrapped DAI (wDAI) created by a random wDAI issuer is not fungible with DAI. (Diagram by Zero Mass)

Primarily, this is a fungibility problem — because these DAI derivatives are minted and controlled by a number of other chains, not MakerDAO, they are not fully fungible with DAI. Questionable fungibility is a problem because these other sidechains have different security levels, control mechanisms, and varying levels of stability. For example, Solana has faced repeated outages in the last year while Ethereum has virtually never gone offline in its seven-year history.

Risks of Using wDAI: Security and Liquidity Risks

When you use wDAI, you should be aware you are taking risks. For instance, there are at least a few ways that wDAI might be compromised through a cross-chain bridging protocol:

  1. Stealing DAI directly from the bridge itself. A few things could allow for this — a bug in the contract that holds DAI, validators of the sidechain collude to alter the state root to L1, or the administrator of a bridge just decides to rugpull users and walk away with their DAI. An example that combines these scenarios played out a few months ago with the Ronin Bridge exploit. A hacker was able to walk away with 173,600 ETH and 25.5M USDC by gaining control of five validator nodes, the fifth through a security flaw that was never fixed.
  2. Minting wDAI on a sidechain that is not backed by DAI on Ethereum. If the administrator of a particular bridge turns out to be an unscrupulous actor, they could fudge a rollup to L1 that creates new wDAI — not legitimately bridged from L1 — that they get to keep.
  3. Exploiting a security flaw. Someone without any special control of the bridge could find a bug in the contract that allows them to mint unbacked wDAI. That’s what happened in the Solana hack from earlier this year when 120,000 of Wrapped Ether (around $320M at the time) was minted without locking ETH on Ethereum through an exploit of the contract on the Solana side of the bridge.
Photo of a man wearing a skull mask and a hoodie next to a digital display with a finger to his lips signaling “be quiet.”
Photo by Max Bender on Unsplash

If an unsupported bridge and its associated wDAI are compromised in one of these ways (or through a number of others we haven’t covered), your wDAI may become locked or lose its value. This then becomes a liquidity problem — if either the bridge or the sidechain the bridge it connects to is compromised, you could suffer delays in moving your wDAI when it gets locked as a result of a security breach. Worse, you could suffer a loss in value, or lose your wDAI altogether. There are other concerns with liquidity you should be aware of too.

Liquidity for most tokens is achieved through a liquidity pool in order to be traded for other assets. The more common wDAI, like (PoS) DAI on Polygon, are already part of multiple pools and relatively easy to exchange for other crypto. However, newer wDAIs may not be as easily exchanged, except with the original issuer. If it doesn’t already have a high trading volume in the target chain of the crypto you’re looking to exchange it for, there’s not a lot of incentive for it to be added to a new liquidity pool.

So, you still want to avoid the high transaction fees on L1 by exchanging DAI on sidechains. But now you know the risks with using wDAI from random sources. What is the best way to do this?

Bridging Canonical DAI Is the L2 Solution

MakerDAO has introduced “Canonical DAI” for bridging DAI to meet the needs users have to operate in a multi-chain environment.

It addresses the security, liquidity, and — perhaps most importantly — the fungibility issues, associated with using wDAI off chain.

Photo from the inside of a rock cave, looking outward into bright white light.
Canonical DAI: The light at the end of the tunnel. (Photo by Tony L on Unsplash)

Canonical DAI works in a similar way to wDAI, with one major difference: it is fully fungible within a given domain. So instead of having those nonfungible red and yellow coins shown earlier, which are different clones of DAI with various security and liquidity issues, now you can use one token backed by MakerDAO.

In this diagram below, the two vertical dotted lines represent a theoretical bridge operated by MakerDAO and the curved dotted line represents the Maker Teleport, which allows Canonical DAI to be “teleported” from one domain to another.

Diagram similar to the one above with four blocks representing different protocols, one is Ethereum, and white circular coins representing Canonical DAI, instead of wDAI, on more than one protocol.
How Canonical DAI would operate across chains. Note that Canonical DAI is currently only available on bridges operated by MakerDAO and key partners. (Diagram by MakerDAO)

All of the Canonical DAI created in each domain (white, blue, and pink) are backed by locked DAI on L1. Canonical DAI within one domain are fully fungible within that domain but not between domains. That is, Canonical DAI on Solana (blue tokens) are not fungible with Canonical DAI on Polygon (pink tokens).

How To Use Canonical DAI

There are two optimistic rollups that automatically use it — Arbitrum and Optimism. When you deposit DAI into either bridge, it will automatically generate Canonical DAI for the rollup.

A third rollup, StarkGate Alpha, went live in April and allows users to take advantage of the faster zk rollup protocol. To read more about StarkNet (makers of StarkGate) and the Maker Teleport, please see this Bankless Publishing article entitled, “MakerDAO’s Paradigm Bending Bridging Solution Begins on StarkNet”.

Some of the same security issues still exist — validators could collude or Canonical DAI could be stolen from a bridge by exploiting a bug, for instance, but losses are inherently mitigated. First of all, a loss of Canonical DAI doesn’t impact the holders of Canonical DAI on other domains. MakerDAO may also choose to pause a bridge once a breach is discovered, in some cases, and could replace or socialize the loss, depending on the situation. These contingencies are being explored.

At least one potential security issue discussed above is resolved with Canonical DAI. Minting unbacked DAI on a rollup is not possible because Ethereum is used as a validation layer for rollups, so this can’t happen with Canonical DAI like it could with wDAI.

What’s Next for Canonical DAI?

The MakerDAO team and community are currently exploring how to select stable sidechains and create safe bridges to them. There isn’t really a standard to go by when judging safety of a particular sidechain, so it will need to be decided through a community discussion and decision process. All sidechains will have their own inherent risks, which will require MakerDAO to also consider how to deploy additional security measures. A guarantee for Canonical DAI to some extent is also being considered, that is, replacement of lost or stolen DAI like the FDIC would for fiat currency in your bank account.

The bottom line: you can still use your favorite decentralized stablecoin, now even faster and cheaper than before, using Canonical DAI on rollups. And in the not-too-distant future, on sidechains too.

Introducing Canonical DAI to the multi-chain Ethereum community is part of MakerDAO’s Multi-Collateral DAI framework. It is a launch pad for unlocking the interoperability of DAI and helping users move DAI from chain to chain safely, quickly, and cheaply. Tried-and-true stablecoins like DAI are crucial for mitigation of the anxiety-inducing volatility of crypto commerce. Thanks to Canonical DAI, you can now take a little peace of mind with you from chain to chain.

Author Bio

Zero Mass is a writer exploring the unique space of Web3, DAOs and their potential for the future of work.

BanklessDAO is an education and media engine dedicated to helping individuals achieve financial independence.

Bankless Publishing is always accepting submissions for publication. We’d love to read your work, so please submit your article here!

This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.

--

--