MIP10c3-SP4 Proposal: LENDUSD Oracle (collateral-onboarding)


MIP10c3-SP#: 4
Author(s): Niklas Kunkel (@NiklasKunkel)
Type: Process Component
Oracle Team Name: Green
Status: RFC
Date Proposed: 2020-07-08
Date Ratified: <yyyy-mm-dd>



This Oracle would provide the LEND/USD price as part of the collateral onboarding process for LEND.

Oracle Data Model

|    Source    |  Asset Pair   |Quorum | Feed Model  | Oracle Model |
| :----------- | :------------ | :---: | :---------: | :----------: |
|    Binance    |   LEND/BTC   |   13  |    Median   |    Median    |
| Kyber Network |   LEND/ETH   | 

Oracle Supporting Data Model(s)


Oracle Address

  • Medianizer - Mainnet TBD
  • Oracle Security Module (OSM) - Mainnet TBD

Supported Tools

Remaining Work

  • Deploy and configure Medianizer and Oracle Security Module smart contracts to Mainnet
  • Coordinate Feeds to upgrade to latest release candidate
  • Push new relayer configuration with LEND/USD Medianizer smart contract address


After accounting for wash-trading there is a severe lack of high quality exchanges trading the LEND token. This makes it exceedingly difficult to create a secure Oracle that is resistant to manipulation. The Oracle Team has chosen to utilize Binance and Kyber Network as the exclusive sources for LEND/USD initially. This exposes the Maker Protocol to significant risk. Binance could single handedly manipulate the Oracle price by submitting false data through their API.

One may ask why Uniswap is not used as a third source since it would prevent Binance from being able to manipulate the Oracle price. However, the reasoning here is that it’s actually cheaper for a 3rd party to manipulate Kyber and Uniswap “orderbooks” momentarily in order to manipulate the Oracle price than it is with just sourcing from Binance and Kyber. The Oracle team believes there is a higher likelihood of a 3rd party attempting to manipulate the orderbooks of Kyber and Uniswap than Binance the organization launching an Oracle attack by feeding malicious data through their API. The later has too much reputation at stake for a limited gain. Should a high quality source for LEND emerge in the future, this scenario would change considerably with all four becoming the ideal set of input sources. The Oracle Team will closely monitor for developments in this area.

As it stands due to the current Oracle Risk for LEND/USD, the Oracle Team is recommending that the Maker Protocol severely limit its risk exposure to LEND by capping the debt ceiling. The Oracle Team has notified the Risk Team of the circumstances and after further discussion recommends a debt ceiling for LEND of no more than 1,000,000 Dai. Once more high quality sources for LEND emerge and the Oracle risk is mitigated, Maker Governance can look to raise the debt ceiling.