Road to the PSM

As per the result of the governance vote, we can now proceed to implement the PSM for the tentative launch date of December 18th, 2020. For those just joining please review the Accelerate the PSM thread for an explanation.

There are a few things that need to be done before we can launch the PSM. I will list them below, and mark them off as they are completed.


Smart Contract Audits [Complete]

Quantstamp has released the audit report and nothing major has been found. Please read the report for yourself, and I’ll add my response below (which I’ll forward to Quantstamp for their followup review). In total there are 5 minor / informational issues that I will address below:

QSP-1: The contracts are missing input validation, but this is okay as all methods mentioned are either constructors or admin-authed. This issue exists in most existing Maker contracts anyways, so there is no more risk here than is already present.

QSP-2: Informational. Just a note about programming practises.

QSP-3: These unused admin functions are in place to allow governance to transfer the PSM to a new contract at a later point in time. This will help us if for example we want to move PSM-USDC-A over to an interest earning implementation.

QSP-4: join-5-auth.sol is copied from the existing gem joins repository. This mismatch between public and external visibility is a point I have just corrected, but the issue is present in the gem-joins repository as well. This only affects gas usage in a very minor way, so it is nothing critical.

The other points about GemAuthJoin5.exit() and Lerp.tick() are intentional design decisions. exit() needs to be publicly callable for emergency shutdown, and Lerp only works if tick() is publicly callable.

QSP-5: This one is also an intentional design decision, and is necessary due to the difference in decimal precision between DAI and USDC. The difference in fee handling mentioned is that fees are subtracted from sellGem() and added on top of buyGem().

Update Jan 11th, 2021: Quantstamp has released their final report.

Other Audits

Lev has done an informal review here.

Risk Analysis [Complete]

@Primoz has completed this:

Along with signal requests:

Deploy to Kovan [Complete]

Contracts deployed and spell has been cast.

GemJoin: 0x4BA159Ad37FD80D235b4a948A8682747c74fDc0E
PSM: 0xe4dC42e438879987e287A6d9519379936d7b065A
Flipper: 0xe9eef655494F63802e9C7A7F1006547c4De3e713
Lerp: 0x489f89E54a807BE8fe531C1663FA9A39Bbdde4F4
Spell: 0x141aE0745C903d586c4106Bf6fb3525B3c9BE60A

Deploy to Mainnet [Complete]

Contracts deployed and spell is ready to be voted on.

GemJoin: 0x0A59649758aa4d66E25f08Dd01271e891fe52199
PSM: 0x89B78CfA322F6C5dE0aBcEecab66Aee45393cC5A
Flipper: 0x507420100393b1Dc2e8b4C8d0F8A13B56268AC99
Lerp: 0x8089E7833B6C39583Cd79c67329c6B5628DC1885
Spell: 0x437F5aAF195C97a01f85e672bb8e371484D96C57


thanks @hexonaut, amazing work, I hope we can make this pass by Dec 18th! :clap: :clap: :muscle:

1 Like

Would it make sense to launch a signal request to use MIP14 to reward anyone finding a significant issue with the PSM?

I don’t care at all to spend a lot to avoid a serious issue.

1 Like

Sounds good to me. To be fair, it could be generic bounty on all makerDao.

I will support this if someone wants to create a MIP. Seeing as we are on a time crunch, it’s probably better if I spend my time on preparing for the launch.

1 Like

I was going to propose a MIP14 to reward anyone finding a significant issue with any part of the code.
Then I found this:

I’m not sure if that applies here since the Foundation cannot be involved in this.

Sure. And we need to start thinking about the Foundation dissolving and the DAO taking over, so it would be useful to cover those as well.

I think the link:

  • provides a really good framework to structure the bounty.
  • uses a partner (HackerOne) which might add visibility and trust.

@hexonaut Another additional option too is to post an offer on gitcoin and see if there are any takers? You may just need to think of bounty for them…

I would say that the PSM is in the scope of it’s part of the " 1. Smart contracts for Multi-Collateral Dai" but the page is not up-to-date on the contract list.

One of the issues here is that I do not have access to funding until the DAO sets up a treasury. Currently the only way to procure funds is through MIP14, and there just isn’t enough time to go through the process at the moment. I don’t mind deferring payment on my personal dev hours, but it’s another thing for me to start paying out of pocket for audits and bounties.


Updated the post. Kovan contracts are deployed.


Interesting because it is linked to the code released so I guess it will be in scope after the deployment.

Which makes sense.

100 000 dollars looks very interesting :thinking:

@hexonaut any tips to find the one you let behind? :upside_down_face:

I’ve reasoned about the code for a while now, and it is very solid imo. If I could give you a tip then I would have found a bug myself. :slightly_smiling_face:

1 Like

We will need to start thinking about this. The Foundation has built up some excellent security protocols over the years, so when that time comes we can lean on that infrastructure and policy, but adapt it for the DAO. There are lots of interesting problems with responsible disclosure in a completely open source project that is also an open protocol with 2.5+ billion in custodial assets.

As for using the foundation’s resources for the PSM, I’m afraid @hexonaut is correct, the foundation can’t help. Quantstamp has a relationship with the DAO, you might try asking them and the dapphub folks. Other than that, an appeal to @banteg et al. might get some eyes on it. @andy8052, @wil, @Mariano_Conti, and @iamchrissmith are outside the foundation now, but they too are free actors and may or may not have time to review.


I’ve reached out to a few of these guys. Still waiting on responses from some. If there is anyone that I missed feel free to reach out to me, and I’ll add you to the list.

I have a meeting with Quantstamp this week as well. I’ll update if they are able to take the job.


Good news! Quantstamp has agreed to do a formal security review with a target end date of December 18th or 19th. I have a kick off meeting scheduled with them, so I’ll update with the details after that.


Update: Quantstamp has started their audit process today. They will be performing an express audit to be completed either by December 18th or 19th at the latest to allow us to go live on schedule. The team will then perform a followup audit in the new year just to triple check everything. Once they are done and everything looks good they will provide us with a report. In the unlikely event they find some major issue we may want to defer the launch.

They are estimating 2 audit-weeks to complete with a cost of 20k DAI / audit-week which will need to be pulled out of operating funds once we get that set up. I didn’t really have time to poll on accepting the cost of this, but it seems like a reasonable price to pay considering we are about to put 100M+ USDC onto this contract.


This is great news!!

I do agree the cost is fair, but can they at least sign some contract with a member (or several not sure, or selected Maker Representative) of the community? I’m sure we are all more than happy for paying for their services, but we need to ensure the work is well done; we’re paying for it, therefore if something goes wrong, there should be liabilities regarding that, am I right no suggest this?

1 Like

Quantstamp has an existing relationship with Maker, and they will have already provided the audit report before payment is issued.