Road to the PSM

Interesting because it is linked to the code released so I guess it will be in scope after the deployment.

Which makes sense.

100 000 dollars looks very interesting :thinking:

@hexonaut any tips to find the one you let behind? :upside_down_face:

I’ve reasoned about the code for a while now, and it is very solid imo. If I could give you a tip then I would have found a bug myself. :slightly_smiling_face:

1 Like

We will need to start thinking about this. The Foundation has built up some excellent security protocols over the years, so when that time comes we can lean on that infrastructure and policy, but adapt it for the DAO. There are lots of interesting problems with responsible disclosure in a completely open source project that is also an open protocol with 2.5+ billion in custodial assets.

As for using the foundation’s resources for the PSM, I’m afraid @hexonaut is correct, the foundation can’t help. Quantstamp has a relationship with the DAO, you might try asking them and the dapphub folks. Other than that, an appeal to @banteg et al. might get some eyes on it. @andy8052, @wil, @Mariano_Conti, and @iamchrissmith are outside the foundation now, but they too are free actors and may or may not have time to review.


I’ve reached out to a few of these guys. Still waiting on responses from some. If there is anyone that I missed feel free to reach out to me, and I’ll add you to the list.

I have a meeting with Quantstamp this week as well. I’ll update if they are able to take the job.


Good news! Quantstamp has agreed to do a formal security review with a target end date of December 18th or 19th. I have a kick off meeting scheduled with them, so I’ll update with the details after that.


Update: Quantstamp has started their audit process today. They will be performing an express audit to be completed either by December 18th or 19th at the latest to allow us to go live on schedule. The team will then perform a followup audit in the new year just to triple check everything. Once they are done and everything looks good they will provide us with a report. In the unlikely event they find some major issue we may want to defer the launch.

They are estimating 2 audit-weeks to complete with a cost of 20k DAI / audit-week which will need to be pulled out of operating funds once we get that set up. I didn’t really have time to poll on accepting the cost of this, but it seems like a reasonable price to pay considering we are about to put 100M+ USDC onto this contract.


This is great news!!

I do agree the cost is fair, but can they at least sign some contract with a member (or several not sure, or selected Maker Representative) of the community? I’m sure we are all more than happy for paying for their services, but we need to ensure the work is well done; we’re paying for it, therefore if something goes wrong, there should be liabilities regarding that, am I right no suggest this?

1 Like

Quantstamp has an existing relationship with Maker, and they will have already provided the audit report before payment is issued.


Quantstamp has released their audit report. Details in the first post.


Kovan contracts are live now. Feel free to test them yourselves with the Etherscan api.


So pumped for this! Great work Sam!

1 Like

Mainnet contracts have been deployed. Addresses in the OP.

Mainnet spell to follow soon.


PSM was not added to the executive. Does it means we’ll need to wait till January for it? Or will we have executives on 25th and Jan 1st?

A separate community-initiated executive is required because the foundation cannot be involved.

1 Like

Understood, thanks Joshua!,

Is there somebody taking care of pushing this executive?, will it appear in the vote portal, or should be voted directly on chain? (if I’m not wrong, I read somewhere that if somebody submitted an executive, aside from the “whitelisted addresses” it was not listed in the voting portal).

Not sure if some help is needed for this, happy to help in anything that could be required. Probably I lost some important post (or community call) about it.

I will be pushing out the PSM executive as soon as the current one passes. It will be available on the voting portal at that time.


The PSM vote is now live on the governance portal! Thanks to everyone for helping MakerDAO achieve this community-led deployment milestone.


I have informally reviewed the PSM spell and associated code, with particular attention to the “deployment supply chain”, and have not yet found any major security-relevant issues. Here is some of my feedback:

  1. Ideally tin and tout should have been rays, rays are typically used for rates that a wad is multiplied by. This doesn’t have any practical impact here though.

  2. It would have been better to round up in the calculation of fee, i.e. uint256 fee = mul(gemAmt18, tin) / WAD;, that way we would always be rounding in favour of system and against the user, which is safer in the presence of rounding errors.

  3. It would have been better to use deployment factories for DssPsm, Lerp, and AuthGemJoin5. Since they were deployed directly through an EOA, it was necessary to enumerate all historical calls in order to audit that the auth there had been appropriately transferred. A deployment factory would have left a clearer paper trail for the auth, since it isn’t possible to check that in the spell.

  4. It would be nice to have some documentation explaining why the hope and nope functions exist in the PSM. I assume it’s for some potential future exit strategy for the collateral, but it’s not documented or tested anywhere AFAICT.

Note that the Quantstamp audit did not include any deployment/“supply chain” validation, so the community should devote special attention to this aspect. There is never a guarantee that the code that is deployed is the same as what is in a repository, and moreover with a multi-step deployment such as this one, there is security-relevant configuration state outside of what is in the main spell.


Can we rally the troops and get this guy over the line!? Plenty of MKR to borrow in AAVE. Let’s go team!

1 Like

can’t wait for the presents? Here is the first one!

PSM will hit the real world on Monday (i guess due to office hours). Best xmas present ever for everybody here - especially for @hexonaut: Congrats and Thank you!