Note: This following content is in archive mode — nothing should be taken as being up-to-date with the current state of affairs for either Dharma, Dharma Protocol, or Dharma Labs. For the latest on Dharma, visit www.dharma.io
After over a year’s worth of research & development and an extensive process of internal and external security auditing, we’re excited to announce that we’ve shipped version 1.0 of Dharma Protocol and its associated libraries in public beta onto the Ethereum Mainnet.
Here’s what you can do today:
- Borrow and lend with trustless collateralization in over 50 different ERC20 tokens using Plex — a free, open-source light client for interacting with Dharma protocol. By doing either, you’ll be one of the first people in history to engage in an entirely peer-to-peer, tokenized debt agreement.
- Use dharma.js to build a “relayer” — an application that earns fees for facilitating the matching of borrowers and lenders. A project in our community called Bloqboard has built the first Dharma debt relayer, and we’re excited to see other relayers catering to different credit markets and use cases emerge.
- Use dharma.js to build an “underwriter” — an application that earns fees for underwriting the creditworthiness of potential borrowers. Underwriters open the door for borrowers to get loans with looser collateral requirements by attesting to the probability of borrower repayment and deterring borrower default. We caution users that non-fully-collateralized loans are a highly experimental feature of Dharma Protocol v1 — read below to learn more and understand their risks / limitations.
- Build and contribute your own customized debt agreements to the Dharma open-source ecosystem by writing smart contracts that adhere to the
TermsContractInterfaceand submitting them under a pull request to the
examplesdirectory of our smart contracts’ repository. If you’re looking for ideas, hop into our Telegram and we’ll jam with you on some concepts we’re playing around with.
- Build credit derivatives, crowdfund debt agreements, or create applications we haven’t even imagined yet using the Dharma smart contracts and their associated developer libraries. Dharma is an open platform for permissionless innovation in debt capital markets — what will you build on Dharma?
The Dharma smart contracts are open-source — you can examine their innards and find their associated addresses on the Ethereum mainnet on Github. Additionally, with awesome projects from our developer community like Loanscan, you can get a transparent snapshot of current lending activity in the Dharma ecosystem and explore prevailing interest rates, collateralization levels, and volume.
What It’s Useful For On Day 0
Dharma is a generic protocol that can support a hyper-customizable variety of debt agreements — in the future, we’re excited to see the creative financial instruments developers bring to market. At launch, however, we expect most volume to be focused around two use-cases: margin trading and crypto-to-fiat liquidity.
- Margin Trading: You can use Dharma Plex to short-sell the top ERC20 tokens or get decentralized leverage. Have a token you hate? Put your money where your mouth is and short it!
- Crypto-to-Fiat Liquidity: Tap into the value of your crypto assets by posting them as collateral against a stable-coin loan. In this way, you can benefit from the value of your assets today, while maintaining exposure to future price appreciation.
Security & Diligence Process
We recognize that smart contract development tools and the blockchains that underlie them are still immature and relatively fragile. As such, we’ve taken rigorous precautions to make sure that our smart contracts and their associated developer libraries are held to the highest standards of security, readability, and code quality. To this end, we’ve done the following:
- Built a rigorous development process that mandates every change to a smart contract be reviewed by at least 2 engineers in addition to the engineer who pushed it
- Developed a comprehensive test suite of nearly 900 automated unit and integration tests
- Held a public, community bug bounty with up to $50,000 in rewards offered for disclosed vulnerabilities
- Contracted Zeppelin and ZKLabs for two external, redundant security audits, and enlisted Trail of Bits to do a final-pass review of our smart contracts.
Additionally, we have decided to extend our public bug bounty indefinitely. We will continue accepting vulnerability disclosures and will happily award bounties according to the terms outlined in our Bug Bounty Announcement blog post — please reach out privately to email@example.com or join our security-dedicated Telegram channel if you find something of note.
How “Decentralized” is Dharma Today?
The smart contract development stack is immature but rapidly evolving. Additionally, Dharma as a protocol is in no ways a static deployment — this initial release is but a first step in constructing the secure infrastructure necessary to create decentralized global debt capital markets.
As such, we’ve architected our smart contracts to enable seamless, non-interruptive upgrades to the protocol. Though we eventually want Dharma to be a public good with some sort of decentralized governance, maintaining flexibility in the protocol’s infancy has forced us to make some trade-offs in terms of decentralization. We have attempted to construct barriers that strike a balance between minimizing the extent to which users of Dharma protocol need to trust the Dharma team, while giving us the flexibility to iterate on the protocol’s contracts.
The primary means by which the Dharma team can upgrade the Dharma smart contracts is by sending a transaction from the
DharmaMultiSigWallet to the Dharma
TokenTransferProxy updating the set of contracts allowed to move users’ funds on their behalves. Importantly, we distinguish between two types of update:
In certain emergency circumstances (e.g., a vulnerability has been uncovered) we will pause the contracts while we determine next steps. This transaction will go through immediately.
For non-emergency updates to deployed contracts (e.g., scheduled upgrades to the Dharma contracts), multi-sig transactions have an inescapable 7-day timelock during which members of the Dharma community and crypto community at large can review whether the upgrade is being made maliciously or in a way users may not want to consent to. If users of Dharma protocol do not consent to the change, they can opt-out of it by disabling token permissions for the Dharma smart contracts before the time-lock expires and the changes take effect. For more information on this, study our documentation.
Risks and Limitations
Our internal culture has always emphasized being candid about the shortcomings of the tech stack we sit on today, and it’s only fair we extend that same frankness to the general community.
Borrowers, lenders, and developers in the Dharma ecosystem ought to be explicitly aware of the following:
- The Dharma smart contracts are in a Beta state. While we consider the solidity smart contracts to be audited and secure for public use, the APIs and programmatic interfaces developers use in creating debt agreements of their own on top of Dharma protocol are not fully stable and may evolve in the future.
- Unsecured (i.e non-fully-collateralized) loans are risky investments — only borrow or lend without collateral if you seriously understand what you’re doing. By default, debt agreements issued via Dharma Plex must be collateralized by some token of value. This is to prevent borrowers from defaulting without consequence or penalization. We have, however, deliberately built a mechanism into the protocol for allowing third-party underwriters to attest to unsecured borrowers’ creditworthiness. Nevertheless, even underwritten loans are not trustless and should be considered part of an experimental feature set. We plan to use underwriting of unsecured loans as a testbed for iterating on novel, decentralized, and less trustful underwriting mechanisms. For typical users of Dharma protocol or relayers in the Dharma ecosystem, investing in under-collateralized loans is very much a “buyer beware” endeavor.
- Like other protocols that use some sort of off-chain relay / on-chain settlement, front-running in its many forms is a salient issue. Much like the 0x protocol whose architecture we draw heavily from, Dharma protocol is sensitive to attack-vectors in which malicious actors attempt to front-run transactions to accomplish some sort of nefarious goal. We encourage developers to read our whitepaper for more information on these attacks and the mitigations we will deploy if they become widespread.
Ready To Give it A Spin?
We’re excited to put these tools in the hands of users and developers like yourselves. To give Dharma protocol a try today, you can do any of the following:
- Try out Dharma Plex and generate a collateralized loan order for free.
- Try building a simple, peer-to-peer lending application with the Dharma.js development libraries
- Join our communities: Telegram, Reddit, and Twitter to hang out with our dev team, and jam with us on credit, blockchains, and the possibilities at their intersection.
Nadav Hollander is Founder & CEO of Dharma Labs — a YCombinator and Polychain Capital backed R&D shop focused on building infrastructure for a borderless, inclusive credit market.
Nadav was formerly an engineer at both Coinbase & Google, and graduated from Stanford University with a B.S. in Computer Science.