Linum Labs Blog
Published in

Linum Labs Blog

Black Thursday — MakerDAO’s multi collateral DAI exploitation (and the plan to recover)

This article is intended as a base starting point for understanding the exploitation of the MakerDAO Vault Collateral Auction process that happened on the 12th of March 2020. It is highly recommended that you do your own research, and read the suggested additional materials at the end of this article to get a more rounded and whole understanding.

Before I can explain what went wrong, we need to understand the underlying mechanism of Vaults (they used to be called CDP’s in single collateral Sai). If you already have an understanding, you can skip to here. It is also worth mentioning that this price crashed was influenced by the general market crashes, caused by Covid-19.

Index:

  1. TLDR;
  2. Understanding the basics (how do Vaults work)
  3. The liquidation process
  4. Leading up to the problem on Black Thursday
  5. What went wrong
  6. Additional Resources

TLDR;

On Thursday the 12th of March there was an exploitation of the MakerDAO Vault Collateral Auction process.

There were conditions that lead up to this, mainly:

  1. The biggest ever crash in the price of Eth (it fell 43% in a few hours)
  2. A large and sustained spike in the gas price due to a high network usage
  3. A significant lag in the price provided by the MakerDAO price oracle (due to the high gas price) resulted in many Vaults suddenly needing to be liquidated when the price oracle updated
  4. The majority of Keepers within the system used the same script provided by MakerDAO that was not flexible enough to adapt to the high gas prices

This lead to a situation where entities were able to bid for the collateral of under collateralized Vaults at a value of $0. Meaning they were able to buy the underlying collateral (Eth) for all the vaults that got liquidated for about ⅔ hours for next to nothing. They got about ~ $8.32 Million worth of Eth (at the prices at the time) for free and left the system short ~ 5.67 million DAI in bad debt that was not wiped by the auctions.

Once the initial transaction where a $0 bid was mined and included, other entities started doing the same, creating competition around the low bids which drove the bidding price up from $0.

MakerDAO plans on filling this bad debt with an auction of MKR tokens. For more information about the auction check this announcement or check for updates on their homepage.

Understanding the basics (how do Vaults work)

In order to fully understand what went wrong, we need to understand some of the basic principles of a Vault. If you would like to dive into a more basic explanation about how it all works, you can look at MakerDAO’s “Introduction to MakerDAO” videos about CDPs, DAI and MKR. Please note that when they moved from single collateral Dai (called Sai), to multi collateral Dai (Dai), CDP’s were effectively re-named to Vaults.

Below I am going to run through a basic life cycle of a vault that gets liquidated. This will help us understand where in the process things began to break down later on. For more information about Vaults, you can check out the MakerDAO Vault Documentation. We will not be discussing the various fees (such as the Stability Fee) in this example, for brevity and simplicity. This system is incredibly complex, and this article cuts out a lot of that complexity to make it more understandable.

Let’s say, we have 10 Eth. The current Eth price (for our example) is $200. This makes the current value of our Eth 10 x $200 = $2,000.

Let’s create a vault and deposit our 10 Eth into the vault. We are now able to generate DAI. In order to remain liquid, we have to have at least a 150% collateralization ratio. This means that the value of the Eth in your vault needs to be worth at least 150% of the value of the Dai we generate.

With our 10 Eth at a total value of $2,000 we can generate 1,333 Dai

You can use the below equation to work out how much debt we can create from the value of the collateral. The max amount of debt we can create is called the Debt Ceiling.

Debt (DAI) = Collateral (DAI)/1.5

We have our vault all set up. We have 10 Eth locked in, valued at $2,000. We have generated 1,333 Dai.

Now for the important part. Let’s say the Eth price falls to $195. So the total value of our vault is only $1,950. The Vault is under collateralized and is going to get Liquidated. So how does this happen?

The liquidation process

Within the MakerDAO ecosystem, there are various participants & actors, for the sake of brevity we are only going to look at a Keeper. A Keeper is an automated script (a bot) or an individual (i.e a person manually doing the various processes), that initiates the liquidation process. For more information, you can read the docs here.

The first thing that happens in the Liquidation process is that a Keeper detects our vault is under collateralized (under the 150% collateralization threshold) and then triggers the liquidation of the Vault.

To work out the collateralization ratio we can use the following formula (taken from the MakerDAO docs)

(Collateral Amount x Collateral Price) ÷ Generated Dai × 100 = Collateralization Ratio

At a total value of $1,950 our collateralization ratio is only 146%

(10 Eth x $195) / $1,333 x 100 = 146%

This value of 146% is below the collateral requirement for a liquid Vault of 150% and so our position will be liquidated.

The liquidation process starts with an Auction (specifically a Collateral Auction). Once the Collateral Auction has begun, anyone can bid an amount of Dai to buy the collateral of the Vault (in our case the Eth we used as collateral). Other participants can bid higher amounts for the collateral until there is a bid that covers the outstanding debt. This bidding system was designed to encourage early bidding (this is important for later).

The collateral (the underlying Eth in our Vault) is auctioned off to cover the value of the generated Dai (the 1,333 Dai we created) as well as the Liquidation Penalty (which is a fee we will not be discussing here). After the auction process has ended the following happens:

  • The winning bidder is sent the collateral
  • The Dai received (from the bidder) is burned (to cover the debt i.e the 1,333 Dai we generated)
  • The Vault owner receives the remaining collateral (Eth) that was not sold (only if the generated debt was paid off without having to auction off all the collateral in the Vault)

This “closes” the Vault, and makes the system “whole” (all the debt has been paid off, Dai has been burnt and the Vault owner has been given the remaining collateral).

Working out how much of your collateral is going to be sold in order to pay back your debt will not be covered in this article, but you can find information on this in the MCD Docs. For the sake of this example, we are going to say that 7 Eth will be auctioned.

Ignoring the Liquidation Penalty, our 7 Eth will go into auction. At the current price of $195, our 7 Eth should sell for $1,365. The price could “slip” between when the auction starts and closes, meaning that the price of Eth could drop. This slippage in price can be countered for by bidding at a lower price than the current Eth price.

I.e Instead of the bidder bidding at a price of $195 for our 7 Eth, they could bid at a price of $194. This will still cover our debt while giving the bidder a discount on the price of Eth, and ensuring that slippage of $1 can occur without the auction needing to increase the amount of collateral on sale.

The auction ends when the Bid Duration (a predetermined amount of time wherein participants can bid new amounts) ends with no new bids, outside of the first bid, have been placed. The other way the auction ends is if the Auctions Duration (a predetermined time for the entire auction process that is longer than the Bid Duration). There is, of course, more detail and nuance that you can read about here & here, but this information is enough to understand the exploit later.

This is in no way a comprehensive breakdown of the liquidation process or the Vault life cycle. It’s not intended to be. This is merely enough information that you can understand what went wrong on the 12 of March — Black Thursday.

Leading up to the problem on Black Thursday

On the 12th of March 2020, the price of Ether had it’s single largest daily movement, falling a total of 43% in one day.

Taken from Coin Telegraph https://cointelegraph.com/ethereum-price-index

Below we can see the price of Eth, and inside the red circle, we can see the price drop that happened on the 12th.

Taken from Etherscan Ether Price Chart https://etherscan.io/chart/etherprice

As a result of this huge market demand on the network, the gas price increased dramatically during this period.

Taken from Etherscan Gas Price Chart https://etherscan.io/chart/gasprice

There was a significant spike in network usage and congestion as can be seen by the graph below.

Taken from Etherscan Network Utilization Chart https://etherscan.io/chart/networkutilization

This congestion and spiked gas price heavily affected the performance of the MakerDAO oracle. This resulted in an additional opportunity for Vaults to get liquidated incorrectly, as the price was not being updated accurately during those highly volatile hours, and when it was updated it resulted in many Vaults suddenly needing to be liquidated, further overwhelming the system.

To summarise:

  1. The price of Eth DROPPED
  2. With all the panic sells, the gas price increased dramatically in a very short period of time
  3. The price Oracle that the MakerDAO ecosystem uses was not updating correctly due to the high gas price and network congestion

What went wrong

Now that we understand what was happening in the general ecosystem, we can do a deeper dive into the specifics.

Most of the Keeper bots stopped operating, either due to:

  • Fear of price slippage in manual Keepers (for more info see the liquidation process)
  • The vast majority of Keepers used the same script from MakerDAO, which was not flexible enough with its gas price. This lack of diversification between Keepers put the system at significant risk.

This resulted in none of the normal Keepers transactions getting included because they could not adapt their gas price, and so the transactions were never mined.

The price drop & gas price hike, as well as the oracle lag, resulted in a number of vaults that were suddenly under collateralized. These Vaults needed to be liquidated, but there were no active Keeper bots to liquidate them.

Now, this is where the exploit comes in. Because there were no Keeper bots liquidating the vaults, there was an opportunity for exploitation. Someone started bidding for the underlying Eth at a price of $0. As all the other bots were incapacitated, no one was able to compete with this bid in the given Bid Duration (because the auction process was designed to encourage early participation, the bid duration was set to a short timeframe, see the liquidation process). Therefore, someone was able to bid for ~ $8.32 Million worth of Eth for $0, and no one was able to stop it.

And that my friends, is how a sudden drop in price coupled with a spike in gas price allowed entities to pay next to nothing for ~ $8.32 Million worth of Eth in between all the market crashing of Black Thursday.

What is the plan to fix this problem?

With 5.67 million DAI in bad debt that has not been cleared and many Vaults that were liquidated without returning the excess collateral back to the Vault owner, the system is not whole (the debt has not been cleared).

In order to correct this, there will be a minting and auctioning of MKR tokens to recapture enough DAI to wipe all the debt from the affected Vaults. This auction will be taking place on the 19th of March at 6:25 am ET.

The auction will work by offering MKR tokens in exchange for a fixed amount of Dai (50 000 Dai). Auction Keepers (participants in the auction) will be able to bid against one another for the MKR tokens by offering the same 50 000 Dai for less and less MKR tokens.

i.e: Bidder 1 will pay 50 000 Dai for 250 MRK tokens, but bidder 2 will pay the 50 000 Dai for only 230 MKR tokens, etc.

For more information about the bidding process, a more comprehensive example as well as how to get involved, please check out the MakerDAO debt auction announcement and details posting on their official site.

This auction has affected the price of MKR, and as can be seen below, the price of MKR has been tending towards the auction price of $200.

The price of the MKR token taken from https://coinmarketcap.com/currencies/maker/

During all of this, the Dai peg broke, and the price of Dai went all the way up to $1.20. To help re-establish the peg the MakerDAO governance has voted to add USDC as a collateral type. This will allow for users to trade between USDC and Dai, thus bringing the price of Dai down closer to a dollar. You can read the official thread about adding USDC, as well as the thread on why adding a stable coin as collateral would help.

The price of Dai against USD taken from https://www.coingecko.com/en/coins/dai/usd

Additional Resources:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Veronica Coutts

Veronica Coutts

A blockchain believer & Ethereum developer. Trying to spread knowledge, peace and critical thinking.