TUSD Update: TrustToken Response to Implementation Concerns

Hey folks, Raf CEO of TrustToken here. We’re excited to see TUSD integrated as DAI collateral and are here to address the concerns that arose in the discussion below.

We understand your concerns and want to work together to address them. We believe onboarding TUSD as collateral for DAI is mutually beneficial, and we can commit to changes or compromises to make this integration secure, easy, and reliable.

Where additional collateral types help keep DAI stable, the addition of TUSD, a 1:1 dollar-backed, live-attested stablecoin, would allow users to borrow DAI using TUSD and keep DAI’s value closer to $1.

In addition, there is a high supply of TUSD available to borrow in protocols such as Aave, which users could use to mint DAI.

Responding to Points in “TUSD Update: Concerns surrounding the TUSD Collateral Type”

Concern 1: Deposit Address

The only way for a deposit address to be registered is through our Deposit Address Registrar. The adapter will never be marked as a deposit address, since the only key that writes deposit addresses is the Autosweep Registrar. We never manually declare addresses as deposit addresses.

Additionally, note that for any of the fiat-backed stablecoins, if their private keys were to be fully compromised, the attacker could upgrade the contract arbitrarily and cause arbitrary behavior. The best defense, under current best practices, is to use a multisig.

Concern 2: Private Keys

Currently, the ability to upgrade the TrueUSD implementation is governed by a multisig located at 0x285d362e41ccc116192a17d21a87f41fc26d32f9. We are working on doing the same for the registry key. To mitigate the risk of a single point of failure, we are working on moving all of our important keys to a multisig setup.

If you examine our competitors’ proxies, you’ll see that they are often more opaque than ours and/or have a single key, instead of a multisig, that can unilaterally upgrade the implemetation.

Concern 3: Freezing Funds

A blacklist function is critical to TrustToken’s regulatory & legal compliance. Every compliant stablecoin will have such a feature, easily discoverable in the smart contracts of two existing DAI collateral types. In 2020 alone, USDC froze $100k by law enforcement request, and Tether froze 40 addresses containing millions of dollars in aggregate. TrustToken has a strong terms of service which prevent the arbitrary freezing of funds.

Concern 4: Upgradeability/Diminishing Returns

TrueUSD has gone through several audits and we are fully confident in the security of our contracts. If it is necessary to help onboard TUSD to Maker, we can go through a simplification process for our contracts to implement a more standard pattern for our token.

How TrustToken Can Adapt to Maker’s Concerns

In order to help address the Maker community’s concerns, we’re willing to offer the following:

Technical Change: Simplifying Code Reviews

  • Pre-scheduling code reviews: We are willing to commit to give Maker 14 days to review any new implementations, plus time for a vote before we make any future upgrades.
  • Simplifying TUSD Code: It may be possible to simplify the TUSD contract by removing extraneous features (i.e. AutoSweep) and moving TrueRewards to a separate smart contract. We could agree on a maximum TUSD code size that the Maker community feels comfortable with, for example 800 LOC.
  • Rollback: If necessary, we can downgrade the TUSD smart contract to the previous implementation, as originally approved by Maker.

Supporting Maker: Stabilizing DAI Peg with TUSD

  • Market making DAI: If TUSD is added as a collateral to Maker, TrustToken is able to commit $1mm TUSD as collateral to borrow DAI and sell into the market to help steady the DAI peg.

In summary, we take your concerns seriously and we’re prepared to act on them to help TUSD improve the stability, reliability, and transparency of DAI.

Let me conclude by asking: Would the technical changes described here make the maker community comfortable with TUSD as collateral? If so, we’ll proceed with them. If not, please let us know what we’d need to do to make the community comfortable with TUSD as collateral.

28 Likes

Wow! This is a pretty stunning response in my opinion… personally I would be willing to support adding tusd with these changes in hand.

14 Likes

Yep, I would agree with @befitsandpiper. Definitely appreciate the effort that went into this and the offer to take concrete action to abate the concerns.

9 Likes

I’d only add that if the technical implementations of TGBP TCAD and TAUD are similar to TUSD, we might be able to economize on technical reviews if we onboard several of these assets. @rafael.cosman thank you very much for your engagement!

10 Likes

@befitsandpiper, @LongForWisdom, monet-supply, thanks very much- we really want to work with you to create something that’s a win for both communities.

What would you think of creating a poll to see if the community has similar sentiment to what you’ve voiced here? I don’t think I have forum privileges to create a poll or I would.

For TGBP, TCAD, THKD, and TAUD, If you’d be open to it, we’d love to work together to onboard those as well. These foreign currencies may actually add more value to DAI because they are fairly stable but less-correlated assets. For each of these products, if it’s onboarded, we could similarly commit several hundred thousand dollars worth of each to borrow DAI and sell into the market to help further stabilize DAI price.

Ultimately, a core part of our project is connecting real-world assets to the blockchain in a trustworthy, real-time-audited way, and I think our projects are actually natural partners. Down the road, you could even let us know what additional currencies or assets you’d like to have as collateral and we could work together on them.

Let me know what you think.

9 Likes

One more thing I wanted to mention- I believe another part of what makes good collateral is ease of liquidations. There are ways we could help if vaults containing TrueCurrencies (TGBP, TAUD, etc.) need to be liquidated, either by having capital ready-to-go for this purpose, or, alternatively, by providing liquidity to the TrueCurrency ↔️ DAI or TrueCurrency ↔️ TUSD ↔️ DAI Uniswap pools. On-chain liquidity would make it easy for other bots to perform the liquidation themselves.

Alternatively, we could create a single Balancer pool for all 5 TrueCurrencies + make sure the curve.fi DAI/TUSD pool (the y pool) is highly liquid. This might be the best strategy for us given Balancer & curve.fi’s relative advantages, but open to other ideas.

Would you be willing to run keepers through the maker auction process for these liquidations?

@befitsandpiper yes, I just checked with @feewet from our Eng team and we’ll be able to do that. It looks like there’s a standard open-source keeper on your Github that we can use, we can agree to run one for each TrueCurrency that gets added to vaults.

Especially since some of those TrueCurrency vaults will be ours, and if we mess up and get liquidated, we might as well get the upside of doing the liquidation :wink:

I assume the one on your Github is the best one for us to use, but let us know if there’s a different one you’d recommend us running.

4 Likes

I think this would be a pretty big help. It would make the asset simpler and easier to asses while also allowing you to make other upgrades easier. Not just for Maker either, easier composability will help you integrate with more DeFi services across the board.

2 Likes

@rileyjt agreed. We’ve gone ahead and already kicked off the project of simplifying the TUSD smart contract and moving TrueRewards to a separate contract. We agree it makes sense to do that, we’ll let you know when it’s ready.

4 Likes

Maker community- would it be possible to add a link to this thread to the ongoing polling proposal?

https://vote.makerdao.com/polling-proposal/qmnnipepxuawxjhl1qj82f1nws4gjxdjgdzogrcajcbhj3

Right now it only includes a link to TUSD Update (Forum Poll): Concerns Surrounding the TUSD Collateral Type which discusses concerns but doesn’t include a proper response.

The poll copy is hashed and the hash stored on-chain, we try our best not to modify them after that happens unless there is something in the content that prevents display on the frontends or causes on-going issues.

So I’m afraid not.

2 Likes

Ok, understood.

Hi @Rafael.cosman!

Thank you so much for replying to our post. I want to start off by saying that that TrustToken team was very helpful during the process of evaluating the current implementation of TUSD, and it was a pleasure working with them.

Regarding your response, we think that everything that you have proposed sounds great. Removing the complexity of the AutoSweep and TrueRewards features to external contracts (and perhaps the GasRefundToken functionality as well) would greatly improve the smart contracts team’s ability to confidently review TUSD and approve it to be used as collateral within the Maker protocol. Also, it would be really helpful if going forward, updates to TUSD would add to existing functionality and not affect any existing core functionality.

In addition, the pre-scheduled code reviews would allow enough time for the smart contracts team to review an implementation and allow it in the adapter before it is updated in the proxy, preventing the freezing of users funds.

Going forward, we are planning on going ahead with the current governance cycle’s voting regarding the current implementation of TUSD. However we look forward to seeing the simplified version of the contracts, and will be happy to do another review of them then.

6 Likes

@lucasmanuel- I agree that the GasRefundToken functionality should either be removed or done in a much simpler way. We’ll post here once all of these changes are complete and the new smart contracts are ready to review.

There was discussion about adding some of the non-USD TrueCurrencies as collateral as well, assuming we also make their smart contracts sufficiently simple. What are your thoughts on how that vote would be received by the community?

1 Like

Awesome, looking forward to it. Regarding the other TrueCurrencies I cannot speak on behalf on the community but you do raise a good point that they are relatively stable non-correlated assets. I’m Canadian, so seeing TCAD in Maker would be pretty cool!

9 Likes

TCAD, TAUD, and TGBP are scheduled to go up for a community poll next month: Collateral Status Index

I’m not sure if adding THKD is a great idea for Maker. HKD is soft pegged to USD, but current tensions create a lot of downside risk. Anyone is welcome to submit a collateral application for THKD if they think it is a worthy addition.

6 Likes

@monet-supply good point about THKD, we could leave that one out for now and just look at onboarding the other three.

3 Likes

TUSD is one of the stable currencies that can help us stabilize the DAI peg, and I support it.

3 Likes

Hey all,

The TrustToken team has completed a refactor of our true currencies smart contracts and plan on upgrading the TrueAUD, TrueCAD, TrueGBP, and TrueHKD contracts. A refactor for TrueUSD is also in the works and will be announced as soon as it is complete.

These upgrades are meant to simplify our stablecoin code in order to increase transparency and compatibility. Below are the proposed implementations, which are currently undergoing audit:

TrueAUD:
https://etherscan.io/address/0x6b43055a996eCBeB43b7458401f12655240DcEb5

TrueCAD:
https://etherscan.io/address/0x5eae6fad6232c7a51dc7358f1a7131da34fc8903

TrueGBP:
https://etherscan.io/address/0xc174ab88b346a838cd4ef50e3d4999de91176285

TrueHKD:
https://etherscan.io/address/0x4BA82D44E1C35d3C911b3F5579F39AbEaf744CCe

Git branch for new contract:

Cheers everyone!

9 Likes