[Agenda/Discussion] Scientific Governance and Risk #163 - Thursday, October 14 17:00 UTC

Agenda

The zoom waiting room will be on, and a password is set to: 748478, please ping us in the #governance-and-risk chat if you aren’t let in from the waiting room. This Agenda will be updated over the following week leading up to the call as people make me aware they want segments.

2021-10-14T17:00:00Z

Continuing with our adjusted format this week in an attempt to curate a more engaging and deliberative meeting.

Introduction

Governance Round-Up

Selected Updates / Discussions

This week’s discussions will center around topics brought forward in a couple recent signal requests.

Other Discussions and General Q&A

  • (Time permitting, after general Q&A) - Nothing specific planned.

An anonymous Question Box is now available! Leave your question here and we’ll do our best to address it. Comments on the new meeting structure are welcomed and encouraged!

2 Likes

G&R #163 Snippet

This snippet includes Governance, MIPs, forum updates, and Core Unit team discussions from the MakerDAO Governance and Risk Call #163.

General Updates

Votes

Executive:

  • October 8th: Offboarding Vaults, MKR Vesting, and Core Unit Budget Distribution - Passed & Executed
  • There will NOT be an executive proposal up for vote tomorrow.
  • Only one polled item ready for action
  • Much of the Exec team traveling to Lisbon

Polls:

  • 4 Weekly Polls Passed
    • Add stETH (Lido Staked ETH) as a new Vault Type
    • Nexo Institutional Vault Onboarding
    • Add the Aave Direct Deposit DAI Module (D3M)
    • Increase the GUNIV3DAIUSDC1-A Debt Ceiling
  • 1 Weekly Poll was Rejected
    • PaperImperium Supplemental Compensation
  • 6 Ratification Polls ongoing (end October 25)
  • 1 Greenlight Polls active (voting ends Mon. Oct. 18th)

MIPs

Weekly MIPs Update #57

  • The Ratification Polls for October’s Governance Cycle will be running until Monday, October 25th.

Forum at a Glance

Forum at a Glance: October 7th - October 14th

Team-led Discussions

Dai Par - PSM Parameters

RWF, PECU and Risk

Signal Request: Set PSM Fees to 0

  • SebVentures: The idea is to put at a peg where 1 DAI is always equal to 1 USD.
    • Most people still want to use USD as their unit of currency, which we should accept and allow to create this fixed peg.
    • We are currently making users pay for the benefit of using DAI, which is not nice.
  • This should be fine and is not a technical issue from the PECU side.
  • A conversation in this should be market participants moving to and treating DAI as Par.
    • While this is helpful for Maker, it introduces risk to other protocols.
  • PECU has spent a lot of time trying to reduce USDC exposure. This signal completely shifts that direction.
  • There are many open-ended implications from setting the in/out to 0%.
    • The band is very tight; maybe we can set it a little higher.
    • Is it worth fixing such a potentially detrimental issue when we can try to utilize it as a benefit instead?
  • In terms of the Clean Money initiative, we can convert the USDC into ESG bonds that are liquid enough to invest in Clean Money projects.
  • Avoiding this or showing the public that we are not trying to show this is bad for MakerDAO PR.
    • USDC may undergo regulatory risk, which can create collateral damage to Maker.
  • We can externalize the risks here by using LP pools. However, there may be a small fee involved when converting to USD.

Governance Security and Flexibility: ESM + Delay parameters

Rune, Protocol Engineering, and Risk

Restarted poll [Signal Request] Raise the ESM threshold to 15% and increase the Governance Delay to 4 days

ESM:

  • Emergency Shutdown Module is a game theory mechanism that exists as a minority threat protection.
    • Used if a majority of MKR holders vote for something without popular consensus.
    • Used during a malicious governance attack.
  • 150,000 MKR seems like a large number considering how much MKR is being used now in governance.
  • We do have an unknowable threshold considering empty or lost MKR.
    • If we set the ESM threshold too high, we lose the ability to trigger ES quickly enough.
  • LongForWisdom believes that 150,000 MKR may be a bit too high.
  • There is potential for a profitable financial incentive to put MKR into ES if shorting MKR.
    • Or DAI can be bought at a discount below Par.
  • A very, very significant amount of capital would be required to complete and ES successfully.
    • Requires buying, borrowing, and accumulation of ETH.
  • Governance decisions should use MKR required to be in a wallet over a certain period of time.

GSM:

  • Governance Security Module delay gives more time to governance for solutions before pressing the ‘Nuke’ button of the ES.
  • Response time to critical issues is usually within 24 hours.
    • a 2-day GSM is good enough already, if not too long.
    • A 4-day GSM should still allow for a weekly governance cycle.
    • We can propose a 3-day GSM to meet the middle-ground with everyone’s opinions.
  • However, during a significant event like a market crash, 4 days is way too long.
  • We should analyze and report some risks for the GSM comparing various days.

Episode 163: October 14th, 2021

Agenda

Video

https://youtu.be/GdlV_zEDpxA

Introduction

Agenda and Preamble

Payton Rose

00:03

  • Hello, welcome to the MakerDAO Scientific Governance & Risk Meeting #163 on Thursday, October 14th at 17:00 UTC. My name is Payton, and I am one of the Governance Facilitators at MakerDAO.
  • We like people to get involved and ask questions or comments, so please, do not be shy if you have something to say.
  • We have our newly improved agenda, which will open to discussion around certain topics following our general updates.

General Updates

Votes

Payton Rose

Executive:

  • October 8th: Offboarding Vaults, MKR Vesting, and Core Unit Budget Distribution - Passed & Executed
  • There will NOT be an executive proposal up for vote tomorrow.
  • Only one polled item ready for action
  • Much of the Exec team traveling to Lisbon

Polls:

  • 4 Weekly Polls Passed
    • Add stETH (Lido Staked ETH) as a new Vault Type
    • Nexo Institutional Vault Onboarding
    • Add the Aave Direct Deposit DAI Module (D3M)
    • Increase the GUNIV3DAIUSDC1-A Debt Ceiling
  • 1 Weekly Poll was Rejected
    • PaperImperium Supplemental Compensation
  • 6 Ratification Polls ongoing (end October 25)
  • 1 Greenlight Polls active (voting ends Mon. Oct. 18th)

MIPs

Pablo

03:36

Weekly MIPs Update #57

  • The Ratification Polls for October’s Governance Cycle will be running until Monday, October 25th.

Forum at a Glance ** Doesn’t need screenshots**

Artem Gordon

06:49

Forum at a Glance: October 7th - October 14th

Video

Team-led Discussions

Dai Par - PSM Parameters

RWF, PECU and Risk

13:03

  • Sebastien Derivaux: So the idea is to change the soft bag of Dai, which is around one dollar, and currently, it is from $1 to $1.001 or $1.002. Suppose you use a USDC or USDP as a stabilization mechanism. That’s only until we depleted 3 billion USDC. So quite a liquidity buffer, the idea is to put it as an odd peg where one dollar would always be equal to one DAI of most of the time, but one DAI with no contractual guarantee whatsoever.
    Still the best effort, I would say by having the 3 million USDC waiving the possibility of depositing one USDC or one USDP or regulating Fiat back stablecoin into a PSM and getting one tiny change and use operators well. There are a lot of pros and cons.
  • It’s always better to have a fixed-term peg and, yes, last difference. That’s part of the I think it was important that if there is some cost to go on to Dai or trade from Dai to another stablecoin, it’s a customer. The Dai holder, at some point, was paying for them. So we are making your user pay for the benefit of choosing Dai, which doesn’t make any sense.

15:28

  • SamM: Yeah, so I’ll say just from the tactical side, I’m not sure why P is listed here. Just from a purely technical standpoint, there’s no issue, I think, with lowering this. But I believe that’s the case.

15:51

  • Niklas Kunkel: I just want to echo what Sam said there. From a technical perspective, this is not an issue. So the PE Core Unit really can’t have an opinion on this other than to tell you that there’s no technical risk. Members have their personal views or opinions as MKR holders, but when they express them, they’re just the opinions of those individuals.

Questions:

16:17

  • David Utrobin: I had a quick question. So with the PSM in out fees being zero, I think another part of this conversation is trying to move, you know, markets, participants, perception of Dai towards this idea that Dai can be treated at par. And I saw in the forums, some of the engineering team talks about how that might be a problem for some protocols to treat Dai at par, like hard coding values, rather than taking like, the actual floating rate on the market. And I’m curious about that perspective. Should other protocols treat Dai as par? And yeah, that whole side of it.

16:58

  • Niklas Kunkel: That introduces risk for the other protocols. I guess, strictly speaking, it’s helpful to Maker because it sort of enforces the peg in more places. If you imagine that, you’re of a say, and you commit to always treating Dai as $1. And like collateral factor calculations, what if Dai like, actually depends significantly, all they could become, have some sort of solvency problem concerning that. That’s a protocol by protocol, decision basis, for them to make based on maybe whatever benefits might be offered to them for making such a commitment, like partnerships with Maker. I think it’s more like a financial risk question than anything.

18:09

  • Brian McMichael: I should probably jump in here and say I did have some posts on that topic. I will reiterate that those are my own opinions; they do come as a surprise to me in the fact that we’ve been spending a good deal of time in PE with our priorities trying to reduce our USDC exposure, so consider that if you know USDC, were to change their implementation and become, KYC only, that could reduce the value of USDC on the market to under $1. And us choosing to peg to USDC, rather than to whatever the market price is, could have some considerations. I understand that there is the desire to take on as much of this as possible, to grow and expand by telling partners that we can provide USDC in exchange for these loans that they’d be taking, but we don’t have the solutions yet. So it’s, in the meantime, we’re just taking on piles of USDC.
  • I disagree with the risk assessment that it would take 250 million USD to get to peg as we approach the peg value; the amount of USDC that we would have to take on increases almost exponentially to get down to that level. It’s taken 3 billion USDC at this point to get down from, I think, an 800 million spread last year to a 250 million spread now. It seems like we might want to consider how we can get this USDC off the books and from a personal opinion from another personal standpoint. I think many Americans in the DAO are more concerned about the USDC risk than the non-Americans.

20:57

  • Makerman: Can I ask a technical question here? So we go to zero. Does this mean somebody can flash loan 100 million USDC out of the PSM, or is that technically impossible?
    • Niklas Kunkel: Yeah, they could flash loan Dai, purchase 100 million USDC and the PSM, and do something with, of course, they have to pay it back by the end of the transaction.
    • Makerman: I just want to make a point that the idea of setting this to zero does have implications, many of which might be unintended. And so if anything, I would lead the leave the bottom side open, make, by basically, so Dai for a bit of bit above USDC, one, right? Don’t bracket the zero to zero directly; leave if you want to think the band is tight enough, personally. Here’s the question, what’s the reasoning for actually going to zero? Because the band is insanely tight right now.

22:05

  • Niklas Kunkel: I can chime in here. Our growth is non-existent right now, or at least very poor compared to the growth of some of our competitors. You can utilize sucking in tons of USDC, which Dai will almost always have a premium for because of this. This is almost like yield farming premium compared to USDC. We can use this to bootstrap the DAI supply growth.
  • All the USDC in the PSM is protocol owned; we can then just reallocate the USDC to wherever we want to reallocate it. You have some optimal mix of how you want to have the portfolio backing Dai. Just use the USDC in there to do that. You can be like, one Dai is one USDC, which is $1. Have we been like scheming for ways to get USDC off the books? Sure.
  • Now you’ve parked your money in those are you’ve got the USDC off your books, you’ve monetized it a little bit. The point entirely is to suck up as much USDC as we can, so we can use that as kind of a slingshot for the next steps.

25:01

  • Brian McMichael: I understand that. But like, we have 3 billion right now, right?
    • Niklas Kunkel: Even if you reduced it to 2 billion like you, we took all the efforts of the world, we tried to park USDC liquidity and everything in Uniswap, Balancer, and Curve and every single thing, you would never get it off your books, it would still be fatal. So if it’s going to be fatal, regardless, let’s at least get the benefit out of it.

25:55

  • Christopher Mooney: Yeah, I was anticipating the argument that this is, like, we already have a fatal amount of existential risk. I think that there’s still a very real perception argument about whether or not Maker is attempting to risk balance its collateral portfolio. I think that’s going to have a terrible consequence. For PR for people to be like, Maker is not even trying to solve this, and the other thing is, we don’t have this, this capital sink that we want to stick this stuff into. The ESG bonds, or any of the real-world assets, we’re still bootstrapping that; I don’t disagree with the approach of trying to have this sort of capital battery; I don’t think that we need to do it right this second, I believe that we can wait until we have until we start like flowing funds into these other projects.

27:21

  • Niklas Kunkel: I, so we fight, it’s like we’re getting the negative externalities without getting the benefits, I that’s what I don’t understand. We’re already so far in this direction. So let’s at least get the upside instead of only the downside; you’re not going to change the narrative by reducing the USDC PSM even by a billion people will say that it’s still wUSDC, has a huge USDC hole on its balance sheet, right, that can be blacklisted, you’re not going to change the narrative that quickly.

29:59

  • Nadia Alvarez: Yes, I wanted to add that I understand where these come from, and I understand why Sebas is asking for this because in the past as the BD team and now in growth. We have seen this as a problem because actually, we had an opportunity in the past where this organization needed a decentralized stablecoin, you always heard that people don’t care about decentralization, but Well, in that case, that was an important feature.
  • But because we go then we could then offer to them, they want to one from Dai to USD the that was a problem because they were at some point like losing money in the flow. So I understand why this is important because when you are going outside the crypto world, that one-to-one is important. When we are talking about millions in one transaction, losing ten or 20 basis points is a lot of money. So you Yes, like actually for that opportunity in the past, we couldn’t do it, and we lost that opportunity that went through USDC, although they were looking for a decentralized stablecoin. So yeah, it is the Venezuelan aid project.
  • Exactly, right, That’s the one I’m talking about. So I understood the risk said asked me about my thoughts about having the PSM 00 piece, and I told him like I was like, I didn’t know what the thing because I understand the risk. And I understand that we are charging fees because we are taking the centralization risk when accepting these centralized stablecoins. But on the other side, I understand that if we want to do business with real companies, they are expecting the one-to-one from Dai to USD. And the only way to make an offer to them is to have the PSM with zero fees because, in that way, we are using the PSM as an on-ramp solution using the Paxos rails and the USDC rails. So I think it’s important for us to think if we want to do the real-world assets thing, and we want to engage with more real companies, not just the crypto ones, having the PSM on zero is important.

32:45

  • Prose11: It’s for preventing that perspective. How do I know monet-supply are next if you have something to say?

32:53

  • monet-supply: Yeah, I wanted to just make a couple of comments. We’ve been sort of making a push to try and externalize some of our stablecoin holdings. Such as putting it into the GUNI-DAI-USDC vault. And other kinds of similar ideas where we have users owning the USDC as part of a big liquidity pool with many different people. And at least the thesis is that we’re less vulnerable to targeted actions or, like basically being singled out for freezes or blacklisting. And if we do set the DSM fees down to zero. I expect that would eliminate that option where we can externalize some of the holdings in an LPs because if we’re charging 0%, any trades would just go through the PSM rather than LPs. So it would kind of like eliminate that demand for that. Just something to consider. I’m. I like being able to externalize some of that blacklisting risk.
  • We might end up sort of closing that door on ourselves. And then yeah, I mean, the only other thing I’d comment is that I think it would have a pretty big impact on Uniswap and then also Curve and like where people hold their Dai for LP purposes. So yeah, just another kind of general consideration.

34:49

  • MakerMan: I want to echo what money-supply said you’re going to complete. We can externalize this risk by using people’s our USDC is already creating Dai you know, if you think about this, you can match it with Dai and throw it into the LP pools, so we crush this these markets, these LP pools are dead for us to externalize this risk, it’s a bad idea in principle. Another question, when somebody wants to convert 100 million of whatever into 100 100 million equivalent to something else, I don’t know any bank that will not charge a fee for that. And so, you know, okay, USDC, you know, if I come to circle with 100 million USD, they’re gonna give me 100 or 100, USDC, they’re gonna give me 100 million USD. But there are only the supporters, the only ones that are going to do that; nobody else will give you 100 million USD for 100 million USD, see no one. And so you look at these stable coins on the markets, they do not trade at one; I don’t care how good the stablecoin is; there isn’t one that trades at one on every market everywhere. And so that’s an idea, you know, I understand growth here. You know, when markets kind of want this and, and there are lots of things we want, but sometimes they’re not good. And so I want to reiterate, we don’t want to close this gap; I want to come back to what Monet says we would like to lay this wrist off in a different way, by earning some moderate return by providing LP to be able to convert between these coins for some small fee. It’s not unreasonable. And so that’s all I got.

36:39

  • Prose11: Thank you. I don’t know, Nick, if you sell something to add; if not, it might be good. Two years from Seb, I know a lot of the reward assets. Originators have talked about the importance of Dai being exactly on the peg. I don’t know if you’d want to speak to that a little bit. And I was noticing some questions in chat as to how much it affects things.

37:05

  • Niklas Kunkel: I don’t want to repeat what I said in chat; I’ve talked enough; I think everyone’s sick of hearing from me.
    • SamM: He made a good point, though; Nick, about if USDC does get banned by regulators in the PSM, it’s likely going to be banned by regulators and in the LP pools as well. Right. And in that case, the people aren’t going to like save Maker at all; they’re all just going to become USDC or whatever else. And so the risk is still sitting there, and in those funds, we could move the LPS off our boats, but those funds would be trapped anyway.

37:50

  • Brian McMichael: Well, can I, from a technical perspective, can still be liquidated in an auction, whereas a frozen token cannot, so those would stay on our books forever. Whereas like a USDC or cUSDC, or just a general wet wUSDC, if we were to use that, we could still liquidate off and, you know, presumably, they would have some market value that an option would be that a keeper would pay for.

38:19

  • Niklas Kunkel: Technically, you could still pay an auction for lock USDC. It’s just that it’s going to always forever sit in the gender and adapter. So you get to have that gem balance.

38:35

  • SamM: I don’t think we should be driven too much by these sort of remote theoretical possibilities. And we should be more focused on like UX sort of stuff, like what Nadia is saying, sort of, we’re losing out on potential growth by having these sort of, almost to a good solution, but not quite perfect to what people need—and focusing too much on this blacklist risk which he personally I find is a fairly remote possibility. So I think we should be careful about this and what we want to optimize for.

39:15

  • Prose11: I appreciate all the perspective that has been shared and the many different voices. We have another topic. If there are any thoughts or last things people have not got to say or ask, we will give you a chance to do so. I encourage people to go to the forums and continue this conversation. Lots of the thoughts we are sharing today would benefit from being preserved.
  • We have a different signal that highlighted a couple of different aspects that we thought would be valuable to talk about. Rune’s signal was to increase the emergency shutdown module MKR threshold, and the governance pause delayed the GSM duration. Rune said that he was unable to make it today, unfortunately. I do not know if anyone is comfortable kicking us off.

Governance Security and Flexibility: ESM + Delay parameters

Rune, Protocol Engineering, and Risk

40:57

  • David Utrobin: I will explain what ESM threshold and governance pause delay are. The ESM threshold is the amount of MKR that is needed to trigger an emergency shutdown at Maker. This is an extremely disruptive process; Dai becomes redeemable for a pro-rata portion of the underlying collateral. It is like a game-theoretical functionality that is there to stop worse things from happening. Like an escape patch, it gracefully winds down the system. Whereas the governance pause delay has to do with the amount of time between the passing of the vote and the execution of the contents of that vote. At the moment, it is a 48-hour delay, and there are office hours built into those.

42:06

  • Niklas Kunkel: I will elaborate on the ESM. The ESM is a game theory mechanism. It exists as a minority threat protection. The first instance in which we would use it is if a majority of MKR holders are going to vote for something that is super unpopular and does not have consensus from the minority, they have to consider that a minority might shut the protocol down. An extension of that is distinguishing between a popular MKR action but unpopular with the minority versus a governance attack? The second scenario is a proper governance attack; it is malicious and effectively going to steal all the collateral from everybody in the system. If MKR holders can overcome the hack and drop that malicious action, the ESM exists as a cage in the system in case of emergency before the malicious action comes through. The two play together. The GSM delay gives us more time to not take that catastrophic “nuke the system” button and allows us to intervene in the case of a governance attack and find consensus. It makes sense that if you are going to increase the threshold of the ESM that you would also want to increase the governance delay, the pause between when things can execute because you are probably going to need that time to find more consensus, to get MKR holders to burn their MKR to shut the system down.

Questions:

44:10

  • David Utrobin: I have one question about the signal request. A doubling of the threshold from 75k to 150k seems to be a lot. Presently, how much MKR do we have in the governance contract? It is less than 200k but actively participating is 40k to 50k a week. Does 150k brick us?

44:48

  • Niklas Kunkel: Let’s take it in two parts. These are complicated features. If we took the DSM, having it exist for all the game theories mentioned earlier seems to make sense. If we were to make the change, and let’s say we made it a million MKR, there is not a million MKR in existence. It would be worthless. But there is a lot of MKR that is either encumbered or lost or would not burn in the case of emergency shutdown. There is some threshold that is unknowable to us where the game theory of that minority thread disappears. If we set it too high above that threshold, we lose the game theory preventions that I was talking about. The question is, has that game theory prevented active attacks that have been in the past? Has there been somebody capable of running a governance attack or pushing some minority will through, but they have not done it because the ESM threatened them? Those are unknowable. Does anybody want to make a really strong argument for not changing it or changing it?

46:23

  • LongForWisdom: I can talk about changing it up. I agree with you on the minority threat. That is generally a good thing to have. We should not throw it away completely because it encourages every participant to consider others’ opinions. It pushes people towards consensus versus majority rules, which is a great thing for the stability of the protocol in the long term. As for where that is, I do not know. It is hard to tell. 150k does seem quite high to me. Based on what we have seen voting previously, it is rare that we ever have 150k on the hat. We might have seen it a few times but not recently. At that point, it is equivalent to what we would normally take to pass an exact. To be useful, we would have to see hundreds of 1000s more Maker appear and become governance active and then want something. I think it is unlikely. The flip side is that you do not want it to be too low. Otherwise, there is the risk of people calling it maliciously. But I think that risk is overestimated given the cost of performing that attack.

47:53

  • Niklas Kunkel: On to the point of that attack, I do not think there are any economic incentives for MKR holders to trigger a shutdown like that. This is a spiteful move; unless they are competitors, there would be a strategic advantage to triggering a shutdown. In the worst-case scenario, you are a nation-state actor competitor, and a nation-state actor may be able to coerce like large enough MKR holders to trigger a shutdown, and they would find that beneficial. There are still two threats here.
    • Nik Kunkel: I think saying that there’s no financial incentive to trigger it is a little bit naive. Because of the power of financialization. You can imagine a large player who does not have much stake in crypto at all. They build a large short position on Maker and other cryptos. If Maker goes into emergency shutdown, I guarantee you not only does the price of MKR go down, but probably other pieces of DeFi, and Eth. We are small enough now that it would not be like a major event for Eth. Imagine somebody with a huge MKR short if you can put that on in enough size compared to the cost of purchasing MKR and putting it into the ESM, you can have a profitable financial incentive.
    • LongForWisdom: I agree. It is possible. But you need a lot of MKR available to short for that to be viable.

49:35

  • Niklas Kunkel: If you can short other things than MKR, we assume the only way they are profiting is through an MKR short. There might be other ways to profit; it will do things to Dai as you can imagine. The price of Dai is probably going to trade somewhat below par even if ESM is triggered because there is a cost to doing all the redemptions. It is going to be bought at a discount after emergency shutdowns. Imagine that you go ahead, and you can probably say short Dai to some extent. You could probably profit in more ways than just crashing the price of MKR with the ESM attack.

50:33

  • Juan: If you are a competitor, is it just marketing budgets? You destroy a growing project, like Maker, and even if you do not profit from the trade, that could be a way of going about it. It is far-fetched, but it is a risk.

50:52

  • LongForWisdom: It is whether if you can guarantee a profit from it. I do not imagine malicious actors would go to that much trouble unless they were sure they could profit from it. It is possible, but it would be difficult to be sure that you could, to the amounts to make it worth it.

51:26

  • monet-supply: About the threshold, it would not only be the current value of MKR that it would cost you to make this attack. If you bought 7.5% of the supply, it would have you to trigger it now; it would drive the price up a substantial amount. You can borrow some of it from Aave or Compound, for example. But you would need some Excess capital to collateralize your position. However much the value of 7.5% of supply is now, you would need a substantial amount more capital than that to make this attack happen. 50% more at least. With the ability to short stuff like DeFi tokens on centralized exchanges, it would not be that hard to get enough short exposure to make it profitable.

52:47

  • Niklas Kunkel: You could short with leverage on centralized exchanges. The borrowing is a great point, and MKR will be very cheap after shut down.

53:06

  • MakerMan: About leverage exposure. We had already written on this a year ago. That I considered this an attack vector as DeFi grows. DYDX allows significant leverage. Pick your centralized exchange and a couple in any analysis about how strongly correlated the markets are; you can get a huge short depth than Eth. You can crash Maker by locking all the assets and forcing all Dai to be hitting up for those assets, most of which are USDC, you have got a real nice leverage short position both on Eth, and you can do Maker. You are going to have to pony up to buy some Maker to try to pull this off. You are going to need some. These markets are not deep enough to buy it straight up. You will have to borrow it to buy and accumulate and then set up your short positions. The thing that is not going to crash that you will make money on is not just Maker. You are going to shock the whole DeFi system doing this. You can short Dai potentially, although. You would do this only if we pull the USDC from the PSM. You leave that as like 100 million exposure that will get ripped out instantly during this whole scenario. And so basically, if that is set up to go, you short Dai leverage, you short Eth leverage, and you short Maker leverage to boot. Then you drop it in the ESM and watch what happens. You can make enough money off that. Was that profitable based on accumulating enough Maker you need to pull it off now? I do not know. If you find one or two well-heeled Maker players that are willing to run with you on that, it is a game over. I posted a long time ago that Maker going into the system to do stuff should have to sit in a wallet for a while so that you cannot flash the stuff out. You cannot do it instantly. You have to do it with Maker that was sitting there ready to go. That is a different game. And the question is, how long? And what are the implications of making it so that people have to wait to get into either the ESM or governance so that Maker has to sit and simmer? To the season is what I call that before it can do stuff of this importance in the system?

55:36

  • Prose11: Commenting on the chat. It is a question of where is the right threshold for where we are at now? And for the at least short runway of the foreseeable future? Higher seems to be agreed, but maybe not 150k.

56:19

  • Kirk: It is time to net reduce the risk. As Maker grows, the incentive to attack grows. As DeFi continues to financially mature and crypto markets financially mature, it becomes easier to attack. If in the future it shuts down, 150k feels too high to me. We have struggled to get anything close to that amount of participation and governance polls. We are still in a regime where you might need honest actors to respond and trigger the ESM, possibly on short notice. If there is some sort of critical bug, I feel safer to have it than not have it, but 150k sounds like it is high enough to disable it effectively. Imagine how many different VC funds and stuff you have to mobilize to move their MKR on short notice. It defeats the instant nature of it. It probably cannot be triggered quickly enough to be practically effective.

57:43

  • Prose11: We do have the other side of this, which is the GSM delay. We have a similar linkage. You would use the delay to rally a vote. You do not have to depend on the emergency shutdown. However, there are plenty of cases imaginable where you would not be able to do that. Having one that is too long to be effective when a bug is discovered is not good. Having a governance delay that is too short and that does not give you enough time to consider an alternative other than the ESM would not be great.

58:38

  • Niklas Kunkel: At two days, the governance delay is far too long to matter. In the event of most bugs or hacks. Response times for DeFi incidents are minutes to hours at best. The Compound thing was mostly over within the first two hours. It took people a little bit longer to figure out the reservoir thing, but it was still within 24 hours. That was a slow attack by most DeFi standards. Usually, they are over in a block. We are already in a position where the GSM delay is far too long to effectively respond to any urgent issue. We have strategies for dealing with those called Instant Access modules. We can freeze the oracles instantly with a governance vote. We have that bypass because we know that the danger is that it is not a riskless thing, but it is less risky than full access to the system. An Oracle attack is dangerous enough that we need the ability to respond instantly. We already have a solution for these things that need some responses, and it is called Instant Access modules, which can have various logic for how you trigger them. It can be MKR weighted voting; it can be based on just on-chain conditions. For minor things, you could even have multisig to handle it. On the other hand, I am arguing that there is not a lot of downside to making the governance delay go from two days to four days. If it were from two days to two months, that would be a meaningful change. But with four days, you could still do a weekly cycle in executive voting, and it should not mess up too much operationally. Although if anybody has something I have overlooked there, let me know. On the other hand, two days versus four days is a big gain in responding to some sort of malicious governance attack. Imagine that malicious actors managed to overtake the hat because MKR was slow to move and got spread out on proposals or something and some malicious spells queued up. There is going to be some response time for that. You are going to have to mobilize MKR holders to retake the hat. Then you are going to have to do technical things that allow you to drop the malicious spell. Two more days is a meaningful amount of time to respond to a threat like that. Also, it is meaningful to respond to a governance attack in that amount of time. It is a good idea at this point to lengthen it out a little bit. Because it has tangible benefits, and the downsides do not seem that bad.

1:01:51

  • Wouter: I am not convinced that there is no big difference between two and four days. The DeFi bugs, maybe. Even that, it is pretty shaky that assumption. The much bigger risk is that we are being lulled to sleep because we are in a stable situation where we seem to have forgotten about the market turmoil, and everything that requires changes to the protocol on a timescale of days and a week would make a big difference. If we discussed USDC risk, a regulatory action, and so on two days versus four days, it could make a very big difference. I do not see the need to make it any longer, the two days it is working. We are not doing the full spectrum analysis. We are just changing it because we have not needed it in a while, and we were not thinking the risks through. I strongly oppose changing it to four days because four days is a long reaction time to anything that might happen.

1:03:28

  • LongForWisdom: Three days over two days might have some worth forty-eight hours can be timed to be the whole of the weekend. If you have a 72-hour delay, you at least guarantee one working day, like absent holidays. That is not too much given that somebody time things for holidays. Four days does seem a bit arbitrary, in terms of why four or not two or three or five or whatever?

1:04:00

  • Prose11: Several times, our executives have had office hours modifications. A four-day GSM pause office hours means you could have a full week before you can enact something, depending on what it touches.

1:04:22

  • Wouter: This is where our risk management fails. It should be easy to pull up the list of risks that we need to consider in changing this parameter, and we do not have that. We go by a recent memory of things, and in this case, it is bad. Maybe chances are relatively low that something would go catastrophically wrong if we move it from two to four days. But we have not made that analysis properly.

1:05:00

  • Niklas Kunkel: I am not sure I agree with this thing, that there is a large probability weight of things that we could respond to with a two-day delay and not a four-day delay. Black Thursday was over in 12 hours; a 24-hour delay was far too much back then. Do you have some scenario or example where if a protocol had a two-day delay instead of a four-day delay, it would have helped them? I agree that such things could exist, but I have been in DeFi for 2.5 years, and I have not seen an example.

1:05:43

  • Wouter: The last one is a bad argument. I am longer at DeFi than you are.

1:05:48

  • Niklas Kunkel: Have you seen one? Can you give me an example?

1:05:53

  • Wouter: That is my point. We have forgotten about a lot what happened. Around the time that Dai was moving away from the peg, creating a lot of concern. There were a lot of things that were considered where the days mattered. Black Thursday, sure. But even Black Thursday can cover or react within one crash versus two crashes that might happen within a week. We have changed the auction mechanism; for example, you do not want to wait for four days to put these things in place.

1:06:48

  • Niklas Kunkel: If you do not want to wait for four days, you do not want to wait for two days either. We may be splitting in hairs; there may be no meaningful difference between them.

1:07:11

  • SamM: My example is that we had the Global DC in May. During that big crash, there was no minting for two or three days. That is something where we wanted to go through ASAP and could have significant effects on the peg.

1:07:33

  • Christopher Mooney: You people hit all my points periodically while going through that. First of all, I strongly agree with Wouter to have some old risk analysis around this, but we should have some risk weights; we can argue over specific probability weights. That would maybe help inform us as to whether or not we want to make this choice. In addition to that, there may be some benefit in taking other parameters in the system that would need to be changed and in thinking about exactly what would be suitable for either an Instant Access Module or a Mom with a multisig, etc. Because we may benefit, we may be able to have our cake and eat it too. I will remind everyone that leading up to Black Thursday, we had just gone through like this big PR thing where megazolt2 published all this stuff about theoretical governance attacks on the chief. In response to that, we finally added this; it was a 72-hour delay at the time to try and mitigate governance attacks. What we have done is that we leaned too hard on that end of the risk spectrum. It went active a few days before black Thursday, and then Black Thursday happened. Rather than us being able to intervene in either circuit breaker auctions or change auction parameters in a way that would have accounted for the level of network congestion, our hands were tied. There is nothing that we could have done, and that risk should not be understated.

1:09:37

  • Monet-supply: The GSM delays play into a couple of areas of risk management or what we review for asset parameters. As an example, we look at the maximum amount of extra USDC that we could end up putting on within two days before we can make governance changes. If we lengthen the governance delay, some of those parameters might need to be looked at again. Are we still comfortable adding up to a billion dollars of stablecoins a day if it would take us four days to make any changes? Or would we want to reduce that?

1:10:30

  • Prose11: A lot of our risk assumptions hinge on this delay factor. LongForWisdom posted the link to the signal in the chat. I encourage people to visit it. Right now, we have the vast majority of people voting yes to the increase on both of these, which does not super reflect the nature of this call. But it might be worth revisiting there. Are there other aspects of this topic that we wanted to cover?

1:11:13

  • Niklas Kunkel: Is it possible to give a more granular definition. Rune made the signal request. Maybe we could break it into a couple of different options on each front. And let people do that, or we could do a rank choice pull on-chain. That may have our land more granularly on a set of Goldilocks changes that will work for these parameters.

1:11:46

  • LongForWisdom: Someone else can make another better signal request. Regardless of whether this one passes or fails, we can follow it up with the result of the other one. Worst case, we end up doing this to get voted through on-chain. And then we change it to something else.

1:12:03

  • Niklas Kunkel: A key question is whether these parameters need to be connected this closely. There is a strong argument for raising the ESM threshold. The question becomes, does that necessitate lengthening the governance delay? It raises your response time if you need to trigger the ESM in response to the majority government’s tech. Is that strictly necessary? Have you tuned those hard to say? If you increase the ESM threshold, you increase one of your risks, the malicious majority attack. That one is a low probability.

1:12:59

  • LongForWisdom: It is not the attack thing that it is supposed to stop. It does not have to be a malicious majority that it is supposed to defend against. It can be a majority that wants something that a majority thinks is unreasonable.

1:13:19

  • Niklas Kunkel: In the past, I have globally called the ESM a minority grief mechanism. It is one of the most debated things, and it is all about how probability would weigh different bad scenarios. It is one of the hardest things to reason about because it is all based on what your priors are for what is most likely to go wrong. The more the system matures and bakes in, the argument of you needing it for critical bugs decreases. But governance attacks and what is a governance attack is very philosophical. I have flipped-flopped a few times on how necessary it is, how useful it is. I almost default to; things are going well right now. Unless there is a very strong argument to mitigate risk in one particular direction, maybe leave well enough alone.

1:14:34

  • Prose11: Thanks to everybody for sharing your thoughts. These are complex topics. I appreciate hearing from so many voices and getting so much perspective on why we are considering the things we are. Burban, you would ask for a couple of minutes. This might be your time to shine.

1:14:54

  • Andrew Burban: This is about debt ceilings and where we are in the market cycle and ties into the g7 delay stuff. We are entering the final stage of the market cycle, which will be a bumpy ride, but things will grow exponentially. Our debt ceilings could start getting hit quickly as prices move up. I would like to see all of them raised, and maybe with the Instant Access Module on them, the time lock, reduced potentially. I do not want another GSM delay. If things do three, five, ten, X, quickly. We want to have Dai available for me to boost or for whoever to boost. I do not know how much people love wBTC; there is contention about it. I am long on Bitcoin through the DeFi server using WBTC. Whether or not I believe in Bitcoin long-term, it does not matter. It is going to do it till the end of the cycle. I would like to see a WBTC B vault that is less urgent; I do not want debt ceilings to be getting hit on the way up. For me to boost or for anyone else to be able to boost. If we cap out at some point, mid-run, I do not want something like the GSM delay to hold this up for three, four days, or something like that. Before things start getting out of hand, there could be some discussion over increasing the debt ceilings available to ETH-B, especially how quickly the timer unlocks raising the ESM.

1:17:32

  • Prose11: Thanks for sharing, Burban. Definitely, in the spirit of the posts, LongForWisdom put up earlier this week, where it is if you have something you believe is right and that the community should be considering, please do throw up a signal request. That is what the whole process is about. In terms of the assets with the debt ceiling Instant Access Module, there are many different ways you can play with that. We should discuss this in detail later. I wanted to throw out from the government side; you can mess with the max line, mess with the TTL the time to increase again, mess with the gap parameter, how big we are targeting, and the gap between the DC and the available debt. There are many different ways you could encourage broader access to these funds as DC starts to tighten. These are fun governance parameters to consider for a signal request. We are happy to help out, to show templates or resources if anyone is uncomfortable for any reason on making this signal request. We encourage people to make their requests when they are bringing the proposal forward.

1:18:52

  • Andrew Burban: Payton points me in the right direction to make the forum posts for this little request. Suppose anyone else wants to chime in with thoughts on this.

1:19:06

  • Niklas Kunkel: When you make the signal requests, I will remind everybody who will consider it or if you will make it. The risk of the Instant Access Module is that whether a price crashes in an asset. That price crashes beyond the collateralization threshold within that time, which allows for the minting of unbacked Dai, and that unbacked Dai hits the surplus buffer. Whatever parameters you end up choosing, be mindful that is the counterbalance. It is all Goldilocks. We should name this meeting the Goldilocks meeting. That is the thing we are trying to balance on the other side. It is not allowing too much unbacked Dai to be maintained in the case of extreme market shock.

1:19:55

  • Andrew Burban: I agree. I do not know what parameters I will be seeking specifically. It will be more like a general idea of loosening things up.

1:20:06

  • Niklas Kunkel: Probably some combination between that TTL and the gap. It might be worth thinking through those—the other side of the scenario with the TTL and the gap. What you want, what we want, going into like a rocketing market, and what will work. Also, think about what happens on the downside if the parameters are set that way.

1:20:28

  • Andrew Burban: An encouragement for people to use DeFi saver or some sort of liquidation protection, which mitigates our risk with automatic repays before they get liquidated, emergency replace. But not everyone uses automation to protect their Vaults, and it exposes them to more risk. That integration cannot be pushed through that quickly—good things to consider.

1:21:09

  • Payton Rose: There has been a lot of great discussions today. I encourage everyone to bring it back to the forums. As we said, there is a couple of signals we discussed heavily today, where you might need to change your vote or voice some of the opinions or reflections you have had after the conversation today. That is what the forums are there for, for that engagement and to document it. Please do. I appreciate everyone today for sharing so many different perspectives. Happy Thursday. Another meeting in the books. I will be shutting off the recording now. As always, see you in the forums and the chat. Thanks to everyone.

Suggestion Box

Common Abbreviated Terms

CR: Collateralization Ratio

DC: Debt Ceiling

ES: Emergency Shutdown

SF: Stability Fee

DSR: Dai Savings Rate

MIP: Maker Improvement Proposal

OSM: Oracle Security Module

LR: Liquidation Ratio

RWA: Real-World Asset

RWF: Real-World Finance

SC: Smart Contracts

Liq: Liquidations

CU: Core Unit

Credits

  • Artem Gordon produced this summary.
  • David Utrobin produced this summary.
  • Alefcripto produced this summary.
  • Kunfu-po produced this summary.
  • Everyone who spoke and presented on the call, listed in the headers.

The full call is now available on the MakerDAO Youtube channel for review: