MKR Token Authority Transfer


As of today, the Maker Foundation multisig wallet has full control over the MKR token contract. In order to increase decentralization, the control of the token must be transferred to the governance layer. From a system functionality perspective, the debt auction contract must be authorized to mint MKR; the multisig-only authorization configuration cannot support this. It is critical to reconfigure MKR authorization promptly to completely launch MCD. Fortunately, the Foundation has been preparing for this, so all that is necessary is to explain the process that will occur and execute it.

In order to understand this process, some background on the structure of the MKR token contract is necessary. There are two variables of type address in the contract that determine which contract functions can be called by whom—owner and authority. The owner address may call any function of the MKR token, including those with the auth modifier. Currently, the owner is set to the Foundation’s multisig. The authority, on the other hand, can grant granular permissions to other addresses to call restricted functions through a well-defined interface that depends on the msg.sender, the executing contract address, and function signature of a function call. The Foundation has created a custom authority specifically for the MKR token—the MkrAuthority contract. The MkrAuthority underwent extensive design review, unit testing, and formal verification, and has been used in test deployments of MCD on the Kovan testnet. The MkrAuthority will be deployed such that it is controlled by the Pause contract of the decentralized governance layer. This will be the authority of the MKR token and will allow the (new) Flopper to mint MKR.

Authority Transfer

The exact sequence of steps that will be followed to perform this reconfiguration are as follows:

  1. Deploy the MkrAuthority contract on the Ethereum mainnet.
  2. The deployer will grant permission to the new Flopper as part of the Flopper fix.
  3. The deployer sets the DSPauseProxy of the governance layer as the MkrAuthority’s root (after this, the decentralized governance layer has complete control of the MkrAuthority).
  4. The Maker Foundation multisig sets the token’s authority address to the address of the MkrAuthority.
  5. After a week or so to ensure there are no problems with the new configuration, the multisig will be used to set the owner of the MKR token to the zero address. After this, decentralized governance is the only avenue for changing authorizations on the MKR token; this includes changing the owner and authority values.

It is worth noting that the MkrAuthority makes the burn function of the MKR token accessible to any address, so there is no barrier to burning MKR tokens. This will finally allow tokens in the SCD gem pit to be burned, updating the totalSupply of MKR to a more accurate value.

With the activation of the Multi Collateral Dai system occurring on November 18th, we believe that with the MKR Transfer of Authority as well as the proposed Flopper Patch, this will complete the launch of MCD, bringing the system to a state that can be considered "fully operational”.