Single-Collateral Dai source code and security reviews

December 18, 2017

We are excited to make the code for Single-Collateral Dai open source. This is the code that will be deployed to the blockchain on December 17.

https://github.com/makerdao/sai

(note: the repository is named Sai as the codebase was adapted from the original Sai codebase)

The codebase has undergone 3 months of security reviews from two of the best security teams in the space, and so far it looks solid with no critical vulnerabilities.

The first team is Trail of Bits, who is a world leader in the information security industry, particularly around bytecode analysis of compiled software. The second is an independent group of security experts that includes members of the White Hat Group, who famously saved a majority of the ether from the DAO hack and hundreds of millions of dollars worth of ether and tokens in the Parity Multisig Hack.

A number of non-critical issues and unintended incentives have been found by the security reviewers, and because it seems likely that still more will be found we want to let the community know that Single-Collateral Dai at launch should still be considered beta software. We will use the debt ceiling mechanic to ensure that the system grows at a steady pace, without exposing it to too much risk.

Should Single-Collateral Dai become extremely popular and grow to a size of 50 million outstanding Dai, the Maker Team is prepared to activate global settlement in order to protect users from too much risk. Global Settlement stops the normal functionality of the system, and instead allows Dai and CDP holders to claim a fixed amount of ETH equivalent to the net value of their Dai or CDPs in the block Global Settlement is activated.

Activating the Target Rate Feedback Mechanism is also an option in this scenario — it would allow the system to continue running while staying at a fixed size in terms of outstanding Dai supply, but at the cost of breaking the 1:1 USD peg.

We will continue to work tirelessly to bring about the scalable and fully realized Multi-Collateral Dai system, and believe summer 2018 to be a realistic date for a fully scalable system.

Until then, we can carefully work together to test the system, use it for small scale needs, and importantly also begin testing of various second layer infrastructure and third party integrations. But we ask the community to hold back from using too much of the 50 million bandwidth. Please leave enough for second layer infrastructure and integration tests, as getting these tested and working with the live system will be crucial for having them ready to scale by the time Multi-Collateral Dai is done.

The greatest risks to Single-Collateral Dai

ETH price crash

The greatest threat to Single-Collateral Dai will of course always be a massive crash in price of ETH, since ETH is the only collateral type. If the price of ETH crashes so much that the system becomes net undercollateralized, all PETH and CDPs become worthless. Importantly, Dai holders will keep their claim on the leftover ETH. When global settlement is activated after a massive price crash, Dai holders will all receive a proportional claim to the underlying ETH, just like is normally the case with Global Settlement. However, Dai holders may also suffer a haircut in this scenario if the total value of the underlying ETH isn’t sufficient to cover the face value of the total outstanding Dai. ETH can’t be siphoned off by third parties or unfairly claimed by participants in this scenario.

As an example, if the total supply of Dai is 1 million, and the total value of the underlying ETH collateral is 800,000 USD, and global settlement is activated, every Dai will become a claim on 0.8 USD of ETH (based on the ETH/USD price feed at the time of global settlement). This would mean a 20% haircut to Dai holders.

Join/boom/exit

The PETH mechanic has created a number of unintended keeper incentives. One of the most obvious incentives is the join/boom/exit attack, which allows a keeper to capture a portion of the Liquidation Penalty that would otherwise go to PETH holders. It is done in a single atomic transaction where the keeper joins with a lot of ETH to PETH, triggers the boom function which adjusts the PETH to ETH ratio, and then exits his PETH back out to ETH again with the gains from the boom function.

The upside of this behaviour is that it increases the incentive to be an active keeper for the system, so while it means that PETH holders earn less it also speeds up collateral liquidations and so decreases the chance that PETH holders will have to bail out a position that became undercollateralized.

This attack cannot cause PETH holders to lose money, it can only cause them to earn a lower return on holding PETH.

Exit before bust

This is an incentive that is very similar to join/boom/exit. Because the bust function, when called during a collateral shortfall, reduces the ETH to PETH ratio, PETH holders are incentivized to exit as much PETH as possible when they notice a dilutive bust transaction is about to be mined. This allows them to reduce their exposure to the losses, putting a larger amount of the burden onto other PETH and CDP holders.

This attack is not critical because it is limited to what extent CDP holders can perform it without exposing themselves to the risk of liquidation.

Link to independent code review 1

Link to independent code review 2

Note that the independent code review document references “Sai” instead of “Dai”. This is because the Single-Collateral Dai codebase is a modified version of the original Sai codebase.

The Trail of Bits code review is still being finalized, and will be added here as soon as it is ready.

December 18, 2017