The MKR Oracle Security Module (OSM) determines the reference price of MKR within the Maker Protocol. The one hour delay incorporated in the OSM can lead to a drift in price between the reported OSM value and the fair market value of MKR. This unique situation is triggered by high volatility in the MKR price over a short time interval (less than one hour).
Part of the process of migrating a Single-Collateral Dai (SAI) CDP to Multi-Collateral Dai (MCD) involves paying off the accrued stability fees. The Sai Proxy is utilized by the user to pay off their accrued stability fees in Sai or MKR. If the user pays in Sai, the Sai Proxy will trade it for MKR on OasisDex and then use it to pay the stability fee.
There are three problems associated with the Sai Proxy in combination with the aforementioned price drift due to the OSM.
1. The user is overcharged for the stability fee.
If the price of MKR increases in a very short time frame (under one hour) the MKR OSM will report a price under the fair market value of MKR. This leads the Sai Proxy to incorrectly calculate that a greater amount of MKR is needed to cover the stability fee.
2. The user is undercharged for the stability fee.
If the price of MKR decreases in a very short time frame (under one hour) the MKR OSM will report a price above the fair market value of MKR. This leads the Sai Proxy to incorrectly calculate that a lower amount of MKR is needed to cover the stability fee.
3. The migration fails
If the price of MKR increases in a very short time frame (under one hour) the MKR OSM will report a price below the fair market value of MKR. Now the miscalculation in (1) leading to a greater amount of MKR owed results in the Sai Proxy trying to draw more MKR or Sai from the user than it should. If the user does not have the required amount of MKR or Sai the transaction will fail. If the user is paying in Sai, this problem is exacerbated when the sell-side liquidity of MKR/SAI is low.
The best solution moving forward is to remove the MKR OSM in the next governance executive vote. With the removal of the MKR OSM, the SCD system will read the MKR reference price directly from the Medianizer, without a delay. This will remove the slippage between the MKR reference price and the fair market value of MKR. This will rectify the miscalculation of the MKR price and therefore remedy the three aforementioned problems.
Will this open up an attack vector on the system?
No, this will not result in additional opportunities to attack the system.
If an attacker were to compromise a sufficient amount of Feeds to achieve quorum on the MKR Medianizer, they could do one of two things:
- The attacker could set the price of MKR to (2^256 -1) and thereby allow CDP stability fees to be repaid for free. While at first glance this seems really bad, imagine the alternative were the OSM still in place. The malicious price would be queued up in the OSM for one hour during which the Emergency Oracles would trigger an Emergency Shutdown of the system. The Emergency Shutdown procedure would forgive CDP owners of their stability fee and allow them to withdraw their collateral minus their principal.
- The attacker could se the price of MKR to 0 and thereby prevent any CDP owner from paying their stability fees. Emergency Oracles would react by trigger an Emergency Shutdown of the system. Just as in the previous scenario this seems bad, but the alternative scenario with an OSM in place follows the exact same procedure of trigger an Emergency Shutdown.
As such there is no additional risk in removing the MKR OSM and replacing it with the Medianizer.
- Executive vote to replace the SCD MKR Oracle Security Module with the Medianizer
If this proposal is accepted, the following will occur:
- Removal of the MKR OSM. More specifically, we will be redirecting the price feed (
pep) from pointing to the MKR OSM, to point to the MKR Medianizer.
In conclusion, we believe this is a necessary measure in order to make the migration process to go more smoothly for CDP users. For all questions and concerns, please comment here directly on the forum post.