Understanding Risks in DeFi #2: MakerDAO Multi-Collateral DAI
This is our second article in our Understanding Risks in DeFi series. If you’d like to understand our framework in more depth please check-out the first article on Uniswap.
We will consider MakerDAO from the perspective of a Vault owner (new term for a CDP owner). Specifically, our user is someone that locks up ETH and then mints DAI but does not hold it.
As before, we’ll classify the risks into three main categories:
Technical Risk — the risk of the smart contracts not behaving as intended by the developers.
External Risk — the risk of external information influencing how the smart contracts operate to the detriment of other users.
Economic Incentive Failure Risk — the risk of incentive mechanisms not encouraging the right behaviour leading to users being adversely impacted.
We will then rate each risk using this matrix:
Technical Risk
Likelihood: As with all smart contracts, MakerDAO’s smart contracts are exposed to technical risk. The contracts are:
- quite complex; and
- have been audited several times; and
- the core system has been formally verified; and
- there has been a lengthy bug bounty; and
- as they have been only recently deployed are not really ‘battle-tested’.
So from a likelihood perspective we could rate it ‘rare’ that there will be an issue. We understand there is room for debate here and encourage feedback on these ratings.
Two notes:
- Formal verification still requires adequately written tests to be effective. If the specification misses a crucial test then there is still a chance of a bug. Formal verification is still extremely valuable but it doesn’t remove all risk.
- MakerDAO’s smart contracts use non-intuitive variable naming, this means they are less likely to benefit from ‘free’ community auditing as there is a greater learning barrier.
Consequence: If there is a bug, the impact could potentially be ‘severe’ as all collateral in the Vault could be stolen or made inaccessible.
Therefore, we’ve rated MakerDAO MCD ‘medium’ in terms of Technical Risk by cross referring the matrix above.
External Risk
There are two main aspects to MakerDAO that require input from outside the smart contracts:
- Oracles — price feeds for the various assets in the system.
- Governance — used to set all the parameters, such as stability fees, DAI savings rate, collateral ratios and more.
The oracles have been thought about in substantial detail, and are specifically designed to be robust in the face of determined adversarial actors. They are likely among the most secure oracle network we have but it’s hard to know if that is good enough. Right now, I’d rate likelihood as either ‘unlikely’ or ‘rare’. In terms of consequence, if the oracle does get co-opted then forced liquidations can happen and in the worst case all funds could be lost, so it would be rated ‘severe’.
On the Governance side, I perceive the likelihood of an event occurring to be higher. Primarily due to the relatively high concentration of MKR token holders. There are a few large accounts that hold substantial MKR that could essentially control any vote with respect to Governance. Additionally, with all the parameters in a relatively complex system it’s entirely possible that even with the best intentions governance doesn’t work well and losses could occur.
In terms of likelihood this could be considered ‘possible’ or if viewed more favorably ‘unlikely’ to cause an event. In terms of consequence, from a Vault holder perspective the worst case is likely that parameters are changed suddenly that lead to a liquidation, but as far as I can tell it doesn’t seem possible for Governance to lead to a complete loss of all of a Vault owners collateral. In which case consequence would be ‘moderate’.
Considering both risks together indicates an external risk of somewhere between ‘medium’ and ‘high’. I’d lean towards ‘medium’ for now given the amount of value being secured is still relatively low. It will be worth re-visiting this rating once the network gets larger and the potential monetary gain from a coordinated attack becomes enticing for sophisticated actors.
Economic Incentive Failure Risk
The primary purpose of MakerDAO’s economic incentives is to keep the value of DAI very close to one USD. A failure that results in DAI losing its USD peg and dropping in value significantly is actually a positive event from the view of a Vault owner as they can repay their loan for a relatively lower amount.
Note that for an independent DAI holder the situation is completely reversed.
There is also the possibility of DAI increasing in value vs USD but the only real way for a material difference to be sustained over time is if governance fails to adjust the economic parameters. Therefore, I’d classify this as a governance failure instead.
It’s arguable there is some level of risk with the collateral liquidation process, but in general if this fails to work as intended it’s going to result in lower penalties for a Vault holder.
Overall, while there is likely some risk involved it doesn’t appear material for the particular user we are considering.
Summary
This results in the following risk scoring summary for a MakerDAO MCD Vault owner:
As indicated in the diagram, you can use Nexus Mutual to reduce Technical Risk from the smart contracts failing.
At present you can purchase Smart Contract Cover for 1.3% pa to cover your ETH held in your MCD Vault. This can be thought of as an additional interest cost in addition to the stability fee which is currently at 4%.
At current stability fees you can go leverage long with your ETH in a more secure way for 4% + 1.3% = 5.3% pa.
