In the field of decentralized finance (DeFi), the Maker protocol is one of the most representative projects. Its core token MKR and stablecoin Dai play an important role in the market. However, in order to ensure the successful operation of the Maker Protocol, necessary risk mitigation measures need to be taken during the governance process. This article explores these risks and their corresponding mitigation measures in detail.
Malicious actors launch malicious attacks on smart contract infrastructure
For the Maker Protocol, one of the biggest risks is malicious actors. For example, some programmers discover vulnerabilities in deployed smart contracts and then use these vulnerabilities to attack the protocol or steal assets in the system. In the worst-case scenario, all decentralized digital assets held as collateral in the protocol could be stolen and irrecoverable.
Mitigation measures: The Maker Foundation’s top priority is maintaining the security of the Maker protocol. For this reason, the strongest line of defense of the Maker protocol is formal verification (Formal Verification). The Dai codebase is the first formally verified decentralized application codebase. In addition to formal system verification, signing security audit contracts with the top security organizations in the blockchain industry, organizing third-party (independent) audits, and bug bounty programs are all part of the Maker Foundation's security roadmap.
These security measures form a strong defense system; however, this system is by no means seamless. Even with formal verification, there may be problems with the mathematical modeling of the expected behavior, or the assumptions about the expected behavior may themselves be wrong.
black swan event
Black swan events refer to rare and severe sudden attacks on the system. The Maker protocol may suffer from the following black swan events:
The collateral used to generate Dai was attacked
An unexpected plunge in the price of one or more collaterals
Highly collusive price feeder attack
Malicious Maker governance proposals
Mitigation measures: While no solution is foolproof, careful design of the Maker protocol (e.g. liquidation rate, debt ceiling, governance security module, oracle security module, emergency shutdown, etc.) paired with good governance (e.g., crisis response Rapid response, thorough risk parameters, etc.) can help prevent and mitigate the serious impact of attacks.
Unforeseen pricing errors and market irrationality
The price feeding problem of the information input mechanism and irrational market dynamics will cause the price of Dai to fluctuate over a long period of time. If users lose confidence in the system, even if interest rate adjustments and MKR issuance reach extreme levels, they will not be able to bring sufficient liquidity and stability to the market.
Mitigation measures: Maker governance gathers a large enough capital pool to incentivize caregivers to maximize rationality and market efficiency, allowing the supply of Dai to increase steadily without market shocks. Emergency shutdowns are the last line of defense. Once the emergency shutdown is activated, Dai holders can redeem the collateral at the target price.
Users switch to simpler solutions
The Maker Protocol is a complex decentralized system. Due to the complexity of the Maker system, inexperienced cryptocurrency users may abandon the system in favor of a system that is easier to use and understand.
Mitigation: While Dai is easy to generate and use for most cryptocurrency enthusiasts and custodians used for margin trading, new users may find the Maker protocol difficult to understand and use. From a design perspective, users do not need to understand the underlying mechanism of the Maker protocol to make money through Dai. The Maker community and the Maker Foundation have been providing documentation and resources as simple as possible to onboard new users.
Maker Foundation disbanded
The current goal of the Maker Foundation is to work with independent participants to maintain the Maker protocol and promote its applications globally, while promoting the governance process. However, according to the Maker Foundation’s plan, once MakerDAO can fully realize self-governance, the Maker Foundation will be dissolved. If MakerDAO cannot take the lead after the dissolution of the Maker Foundation, the future healthy development of the Maker protocol will be threatened.
Mitigation measures: After the Maker project achieves "progressive decentralization", the dissolution of the foundation will not affect the interests of MKR holders. In addition, successful management of the Maker system will bring sufficient governance funds to continue to maintain and improve the Maker protocol.
General Issues with Experimental Technology
Users of the Maker Protocol (including but not limited to Dai and MKR holders) understand and accept that the software, technology and even theories used in the Maker Protocol are unproven, and there is no guarantee that the technology will not be interrupted or error-free. There is an inherent risk that technical weaknesses, flaws or vulnerabilities could lead to the complete breakdown of the Maker Protocol and/or its constituent parts.
Mitigation measures: See the “Bad actors launch malicious attacks on smart contract infrastructure” section above. The mitigations section explains how technical audits ensure the Maker protocol is functioning as expected.
Price Stability Mechanism: Dai’s Target Price: Dai’s target price is used to determine the value of the collateral that Dai holders will receive in the event of an emergency shutdown. Dai is soft-pegged to the U.S. dollar 1:1, so its target price is $1.
emergency shutdown
Emergency shutdowns (also simply called shutdowns) serve two main purposes. First, it is the last line of defense in the event of an emergency, protecting the Maker protocol from infrastructure attacks and directly executing Dai’s target price. Emergencies include malicious governance practices, illegal intrusions, security breaches, and long-term market irrationality. Secondly, the shutdown was used to promote the upgrade of the Maker protocol system. The shutdown process can only be controlled by Maker governance.
MKR voters can also trigger an emergency shutdown immediately by depositing MKR in the Emergency Shutdown Module (ESM), as long as enough voters deem it necessary. This prevents the governance security module (when active) from delaying the execution of shutdown proposals. In the emergency shutdown module, as long as a certain number of votes is reached, the shutdown will take effect immediately.
Three stages of emergency shutdown
Maker Protocol Shuts Down; Vault Owners Retrieve Assets
Once the shutdown is initiated, users will no longer be able to create new vaults or control already created vaults, and the price feed mechanism will also be frozen. The freezing price feed mechanism ensures that all users can get back the net asset value they deserve. The owner of a Maker vault can immediately withdraw more collateral in the vault than is needed to secure the debt.
Auction process after emergency shutdown: After the shutdown is triggered, the collateral auction begins and must be completed within a specific time period. This time period is determined by Maker governance and is slightly longer than the longest collateral auction period. This ensures that, by the end of the auction process, all auctions will be completed.
Dai holders redeem remaining collateral
After the auction process ends, Dai holders directly redeem the collateral with Dai at a fixed exchange rate, that is, based on the target price of Dai. For example, assume the ETH/USD exchange rate is 200:1. When the emergency shutdown is initiated, a user holds 1,000 Dai. Based on the target price of $1, the user can redeem 5 ETH after the auction process ends. There is no deadline for redemption. Dai holders will redeem a certain percentage of each collateral in the collateral portfolio.
It is important to note that Dai holders may suffer losses and be unable to redeem all of their Dai holdings at the $1 target price. On the one hand, this is because of the risk of collateral devaluation, and on the other hand, vault holders have the right to withdraw excess collateral before Dai holders can redeem the remaining collateral. Details on the emergency shutdown, including pre-emptive rights, can be found in the published community documentation.