- Something interesting happened last week. I want to thank the True-USD team. I think we have Hal and Ryan here, and they can talk a little bit to the community, but let me first say what happened on the smart contract side.
- As you know,
MCD works with adaptors. So any new token or new collateral that we use has to have its own adaptor to interact with the system. In the case of standard or compliant ERC20s, as we call them, we can reuse adaptors. For certain collateral types, we need to tweak them a little bit. This is the case for tokens with different decimal points, than the somewhat standard 18, or with other differences.
- In the case of True USD, the token uses what we call an upgradeable proxy pattern, so the actual base address doesn’t change, but it gives authorized actors the ability to upgrade these tokens. While this is great in some cases to fix bugs or add functionality, in the case of MCD, adaptors are probably one of the most potent contracts in the whole system.
- The Smart Contracts team decided that we were going to test pinning and allowing certain implementations for True USD. Last week, when the code went in, an implementation was added to the allow list. Which MKR voters voted in, and that’s the code that the Smart Contracts Team looked at, vetted, and decided was good to go. I’ll post the link to the code. But just as the spell was being executed, there were a couple of upgrades to the True USD token. There was a new implementation that the system detected and wouldn’t let you
exit the system. Once this happens, you can still draw Dai with any token that was already there, and you can pay your debt, but for example, you can’t add more than what’s already in there.
- I think that it’s a good thing that this happened now, with a token that had only one vault open and that it was from someone at the Foundation. We were testing the Vault type on MainNet for the UIs and everything else.
- But this also opens up further considerations for other collateral types that may have this upgrade pattern and what to do about it. Also, the fact that we should have better communication with the team behind the collateral.
- These are all growing pains that we are going to face more and more, and we have the opportunity to either create new MIPs or come up with some processes for the Smart Contracts Domain Team, the community, and everybody.
- Right now, TUSD isn’t useable in MCD. For it to become usable, the community would need to vote for the new implementation. The Smart Contract Team would have to look at the implementation and give the OK. I’d like to turn it over to the True USD team to talk to the community a bit, or maybe LongForWisdom can present the community view from the forums.
- Hal from True USD: Hi, I’m a smart contract developer on the True USD team. Briefly, I wanted to chat about the upgrades and what they might look like in the future. I think this might help create a process in Maker for other collateral tokens in the future. I’m a big fan of Maker; I’ve been using it for a year and a half, and happy to be part of the community. My proposal, specifically for True USD, that may possibly become a model for handling future token upgrades is: before any upgrade is made, we publicly announce the upgrade and deploy the new implementation as far in advance as possible. I was thinking about two weeks before the upgrade happens. If each implementation needs a vote, then more time would be helpful. We’d make a public post in the forums and other channels for True USD, with links to the old and new implementations with notes and audits about the upgrade. The question comes down to the voting process for voting on new implementations and how long that could take.
- Rich Brown: There are other things to unpack too. The voting on new implementations, adapters, auditing, and technical considerations could be onerous. But there is a larger question for the ecosystem. We have a situation where we’re dealing with the first-mover disadvantage to money legos. They can be acting more like money Jengas at this point. If somebody updates a library and doesn’t notify upstream about that library, and they have a breaking change, then our money legos turn into money Jengas. I wonder what that implies for additional collateral types and for the wider ecosystem. Is there a need for a social layer to be imposed on top of this stuff? If Maker wants to upgrade a library, do we need to get into a call with five other DeFi organizations to clear that and make sure everyone understands? As we become more tightly coupled in this ecosystem, having people changing things could be fairly disastrous, considering there’s money, or value in motion.
- Mariano Conti: The solution that we put in pinning implementations and allowing them specifically; doesn’t solve the problem completely. Since much can happen in one block, this is just one of the measures. Perhaps the community thinks we’re going against what an upgradeable proxy pattern means: make it transparent to the users when they are upgraded and make sure they’re expected. Then the risk passes to the
SF. All of those are issues to discuss.
- Rich Brown: We live in a vaguely antagonistic ecosystem where the strongest and most adaptable protocols survive. There are no rules or councils determining who releases what and when. I’ve pitched a social layer before where if project A upgrades that they notify C, D, and E, to see whether they’re impacted. That’s probably not realistic since you can’t predict what the dependency chains will look like in this space. It feels like the solutions need to be more defensive on the individual protocol level. You pick what you’re going to support, and then you have circuit breakers. Does that sound more along the lines of what you’re discussing, Mariano?
- Mariano: Yes, so I’ll be specific about this and leave the community to be deliberate. In this case, the Smart Contracts domain team has an avenue of communication with the Trust Token team now and the community in general. Depending on how this goes, it may influence writing MIPs or standards for the future. Right now, we have a token we can’t use, so we’ll use this opportunity to see how we fix this now and create a more formalized process. There are a couple of avenues I see. A poll on Monday, perhaps, requesting the Smart Contracts team to review the new code and get out a governance poll either Friday or the following Friday. I encourage people to go to the forum posts and tag folks or me from the Smart Contacts team to talk about this. I’m not saying this is urgent right now, but we should discuss the ramifications because we will see this in the future with other collateral types. We caught this one at the best possible time with the least amount of disruption.
- Hal: For that discussion, we’re open if you have any questions about the smart contracts or anything else specific. We have a Telegram chat already and another public chat. If anyone is interested in learning about True USD and the nature of the changes that we’re making, feel free to ask questions there. Thanks for including us in the discussion.
- Chris Padovano: Another thing that comes to mind is getting clarity from the True USD folks about how and when a blacklist is used. Recently we had a proposal from Paxos for a stablecoin, and they provided clarity on exactly how that mechanism will be used. It’s a huge part of auctions and being able to process the collateral through governance. Having visibility and understanding of how things work legally would be very helpful. Governance, generally, as Mariano mentioned, with any type of centralized collateral, is a critical consideration to keep in mind.
- Hal: The blacklist question is pretty straightforward. True USD is a compliant stablecoin where we take care of the Fiat on and off ramping. The blacklist is to prevent malicious parties from money laundering and breaking banking security.
- Chris Padovano: I meant the actual implementation of the blacklist and having it in writing.
- Ryaan Rodenbaugh (True USD): I didn’t see the thread that Paxos shared, but I’d be curious if it’s different than the Terms of Service that we’ve shared in the past. I think it was posted in our original post and followed up on a question about it with a second post. It would be helpful to understand what level of clarity is needed.
- cmooney: The biggest fear is that the collateral adapter gets blacklisted. That would be disastrous for the protocol.
- Hal: We would never do that; there is no legitimate reason to.
- Ryan: I can’t think of any circumstance where we would. I can speak to the legal team to give you a more formal answer, but right now, I cannot think of a reason.
- Chris Padovano: That’s all very helpful, thanks for providing that color on the call. I’ll post the links in the chat, but the FAQ that PAX put together I think is helpful and gave a better understanding of their process as well. It’s reassuring to hear that you would never blacklist the adapter. This is a thing we’re very concerned about because we would have to re-collateralize the protocol for however much is stuck in the collateral type. You understand the concern, right?
- Ryan: Yes. We definitely understand the concern. We can check the FAQ from PAX and give the same level of reassurance.
- Rich Brown: Sounds like there’s going to be an audit trail here. I sound like a broken record, but we should bring this to the forums and have a thread dedicated to this, a place for lawyers to fight it out, reach consensus, get some documentation in place, that would be super useful.
- Mariano: I want the community to evaluate a hypothetical scenario. We might have to do this in the future. Right now, with pinned implementations joining and exit stops working without a community-voted upgrade; Imagine collateral with $50 million of value in the system, and then this happens. How would we react? Don’t think just this one instance, try to come up with good ways to take care of a situation like this in the future where a lot of value is on the line, liquidations are on, price is going down, and you can’t add collateral to the system because we couldn’t upgrade. These can all be fixed, but we need to think that over.
- Rich Brown: I love that. Like disaster recovery scenarios, and what we would do in situation A, B, and C.
Comments and Links from the Chat
- From cmooney to Everyone:
- you cannot join() (add) or exit() (remove) collateral if the implementation changes.
- From brianmcmichael to Everyone:
- From Hal to Everyone:
- From chris_p to Everyone:
- From brianmcmichael to Everyone:
- Our adapters have full access to DSS and also reach out to third-party token contracts. One real concern is that a third-party contract could change its implementation and perform a re-entrancy attack on the adapter.
- From cmooney to Everyone:
- It would be nice to see if TUSD has an audit on the new changes, have our domain team check it out, and then vote to whitelist the new implementation.
MCD system stats
DAI 24hr VWAP Graphs
The State of the Peg
- Total Dai is at $123 million.
- $111 million from ETH
- $523 thousand from BAT
- $9.9 million from WBTC
- $1.1 million from USDC.
- Overall, Dai has been trading more or less at a dollar. A couple of swings above and below.
- What happened with ETH was the price fluctuated downward, and Dai rose up a bit, ETH price fluctuated upwards, increasing ETH<>DAI trading volume and Dai went down a bit. Since the last Dai price rise, there was some ETH price reduction, and we’ll have to see if the trend continues where Dai price stays above peg. My guess is yes. If ETH jumps and dips quickly, that has a tendency to elevate Dai price. These are small differences in the grand scheme of things. We’ll watch and see, but I’d expect it to stay with a slight buffer above a dollar.
- BAT-Dai supply is still stagnant at half a million.
- USDC down significantly since May.
- WBTC-Dai supply had a sudden high utilization, right after adding it. It capped out close to the DC for WBTC. If we increase the cap, it would be interesting to see how much it still gets utilized. My guess is there are new entrants who want to open vaults but can’t due to the cap on the ceiling.
- ETH, as a collateral asset, has the largest trend worth examination over time. With the largest DC, it has the most room to grow.
- After the decapitation of that growth-curve in March, ETH continued its growth trend. There were individual users performing large mints for short periods. But the lower bound of that line continues to grow. As we spoke last time, around June 3rd, we saw a large mint to generate yield on Compound. A few days later, that user went back and repaid the Dai debt.
- That was the most recent spike and dip you see at the top right in the chart. Apparently, for short term use and some speculation that it was to generate volume for COMP token distribution.
- The base trend has continued, where smaller positions have been continually opening. The system is designed where users can easily mint large positions for low cost and then repay them in short time frames. Especially with fees so low. This has always been part of the reasoning to keep a short leash on the
DC. Since it creates a lot of opportunities to exploit the buffer for short term usage. It’s a stylistic choice by the community, but the room is there to execute moves like that. Especially right now that the debt is back and the
DC is at $140 million. That kind of use case can continue to occur.
- For ETH, the 500% Collateralization Ratio Bucket had an uptick. Users who, apparently, have put collateral into the system but haven’t yet minted as much Dai as they reasonably could. This over-collateralization brings a lot of latent potential in the system, which is a positive indicator. This potential could be waiting for a less volatile ETH price. Sometimes that volatility can cut both ways because the appetite for leverage is tied to volatility. Volatility also ties into liquidations, which can improve the collateralization of the system. Also, volatility is an indicator that ETH is making price movements, though it’s situationally dependent on other variables. On the flip side, there are lower-end CR buckets of 150-200% to consider. The distribution of Vaults over different CR buckets still has that tri-model shape. There are three tranches of users. In the middle is the system average of 300-350% CR. In the last few months, there has been a rise of the lower end CR category centered around 200%.
- You can see that reflected in the liquidation walls on ETH of $150/$160, and then at $102.
- The Dai-USDC direct trading price, not the ETH-Dai implied price, is in line at 1.0002. That had been higher in the past. It’s come down very slightly, though still maintaining a small buffer above the $1 peg.
- WBTC collateralization is almost entirely around 250-300%. We know that there are only a few users making use of the WBTC DC. There is a tight group of those users. It’s slightly less collateralized than the middle-of-the-road for ETH thought, not particularly risky in terms of a pure asset pricing basis. The major wall is at ~$5500.
- Obviously, there are other potential risks that come with WBTC. If you hit $5500, you would see effectively $10 million in liquidations, but very little at any price before that. So this collateral pool is quite binary.
- That’s it for what I wanted to share if there are any specific questions I’ll answer them happily.
- Cryptowanderer: I wonder if you can speak about the stylistic choice of not going in for short term use of the protocol. In a personal capacity, do you think it’s negative or more neutral? What are your thoughts about the more “get-in / get-out” behavior?
- Vishesh: My response would have to be “nice try.” It’s a technical capability: there is a system that doesn’t exact transaction fees that are meaningful. Instead, it exacts Stability Fees, which are, by definition, a function over time. It’s how the system works. I can’t sit here and tell you whether it’s good or bad; the community will decide. Once they have a tool in their hands, how do they want to wield it? It’s a structural design component of the system that it’s cheaper to use for short time frames.
- Thanks, everyone. Thanks to everyone who presented today, thanks, TUSD, for coming on the call. Lots of complicated things to discuss. How the collateral gets onboarded in the system and what happens when that collateral behaves in ways that we didn’t anticipate. As Mariano mentioned, please join us in the forums to discuss that issue.
- Let’s not lose the thread: we need to decentralize quickly and effectively. For that to happen, we need empowered actors. In order for empowered actors to arise, they need to be compensated, and we don’t know how to do that yet. If you have ideas about how actors should be compensated, take a look at MIP14 and voice your concerns or ask questions.
- Thanks, Charles, for your recap, thanks LongForWisdom, and thanks, Vishesh. See you next week.
MCD: The Multi-Collateral Dai system
CR: Collateralization Ratio
DC: Debt Ceiling
ES: Emergency Shutdown
EV: Executive Vote
GP: Governance Poll
SF: Stability Fee
DSR: Dai Savings Rate
MIP: Maker Improvement Proposal
EPC: Elected Paid Contributor
- Artem Gordon produced this summary.
- David Utrobin produced this summary.
- Tim Black produced this summary.
- Juan Guillen produced this summary.
- Everyone who spoke and presented on the call (listed in the headers.)