yesterday’s “Micah attack” description:
resulted in large amount of discussion in the Chat. I am sure the devs, the Foundation, the community and the governance are now handling this situation is the best possible way.
What I would like to start, with this thread, is an organised/transparent/public discussion on the mechanics of the Emergency Shutdown. I chose this forum and not reddit to keep the discussion polite and clean. There is no hurry to answer, no emergency to be addressed, so we can have a relaxed discussion. But I hope it will bring some light to one of the few aspects of MakerDAO that is, as of today, basically untested.
Emergency Shutdown (ES): The ES is a procedure which anybody having >50k MKR can trigger. It causes the halt of the MakerDAO system. Please read here for details: https://community-development.makerdao.com/makerdao-mcd-faqs/faqs/emergency-shutdown
The number 50k was chosen to allow small (relatively speaking, of course, this is still 5% of all MKR) players in the system to fight against bad actors having a majority of voters. Main examples include:
An attacker (as in Micah attack) gets the majority of MKR and votes for something negative (e.g., steal all the CDPs)
A very serious bug is discovered, it can’t be fixed easily. The system is shut down to avoid losses.
A majority (55%, say) of MKR votes on something controversial, like donating 50% of the DSR to wikipedia.org. A smaller party (5% = 50k MKR) decides to block this by shutting down the system.
A stupid whale (with 50k) decides to harm the system by shutting it down.
Now I would like to understand exactly what would happen AFTER the shutdown has happened in these situations. In particular:
A) How are the attackers (cases 1,4) punished?
As micah pointed out in chat, it’s not so obvious that the system can be restarted by “burning away” the MKR of the attacker. Somebody in chat said that one would have to consider a timestamp of the blockchain (of MKR addresses) and basically backtrack it. Of course this would create problems with people trading MKR in the meanwhile, etc. Big problems potentially.
B) What happens in case of (3)?
An obvious answer is: well, the MakerDAO system is opensource, so it will be forked between those who wants to donate to wikipedia and those who don’t. Again, probably the MKR tokens of the “adversaries” will be burned in the newly deployed system.
Is it that simple? Again, restarting the new system by cloning MKR is hard. But aren’t there other considerations? This would weaken the MakerDAO system overall.
One could say “it’s game theory man, if it has bad consequences for everybody, it will not happen”. But I suggest this is a bit naive in the real world. There are plenty of examples of companies bought just to remove competition. Some rich group of people could get to 55% of MakerDAO with the purpose of weakening it.
To cut the question short… I think this scenario has to be discussed. We need to prepare to such events in order to not act on panic when they happen.
TLDR: Micah attack has led me to realise that governance attack and/or voting-majority fights will happen eventually, almost surely. The ES is the tool that MakerDAO has to fight against those. However this tool has never been tested and is not as well described as it should (at least, to me). Let’s discuss about it
EDIT: Just to show that this might not just be paranoia, please read the very nice post:
There are huge token holders (ETH and MKR) around. Some (see, e.g., CDP 15336) are sophisticated players who managed to keep their identity hidden while making a fortune (and tax evasion). Why wouldn’t they attack the DAO if it was so profitable?