Technical Risk

Likelihood: As with all smart contracts, MakerDAO’s smart contracts are exposed to technical risk. The contracts are:

quite complex; and

have been audited several times; and

the core system has been formally verified; and

there has been a lengthy bug bounty; and

as they have been only recently deployed are not really ‘battle-tested’.

So from a likelihood perspective we could rate it ‘rare’ that there will be an issue. We understand there is room for debate here and encourage feedback on these ratings.

Two notes:

Formal verification still requires adequately written tests to be effective. If the specification misses a crucial test then there is still a chance of a bug. Formal verification is still extremely valuable but it doesn’t remove all risk. MakerDAO’s smart contracts use non-intuitive variable naming, this means they are less likely to benefit from ‘free’ community auditing as there is a greater learning barrier.

Consequence: If there is a bug, the impact could potentially be ‘severe’ as all collateral in the Vault could be stolen or made inaccessible.

Therefore, we’ve rated MakerDAO MCD ‘medium’ in terms of Technical Risk by cross referring the matrix above.

External Risk

There are two main aspects to MakerDAO that require input from outside the smart contracts:

Oracles — price feeds for the various assets in the system. Governance — used to set all the parameters, such as stability fees, DAI savings rate, collateral ratios and more.

The oracles have been thought about in substantial detail, and are specifically designed to be robust in the face of determined adversarial actors. They are likely among the most secure oracle network we have but it’s hard to know if that is good enough. Right now, I’d rate likelihood as either ‘unlikely’ or ‘rare’. In terms of consequence, if the oracle does get co-opted then forced liquidations can happen and in the worst case all funds could be lost, so it would be rated ‘severe’.

On the Governance side, I perceive the likelihood of an event occurring to be higher. Primarily due to the relatively high concentration of MKR token holders. There are a few large accounts that hold substantial MKR that could essentially control any vote with respect to Governance. Additionally, with all the parameters in a relatively complex system it’s entirely possible that even with the best intentions governance doesn’t work well and losses could occur.

In terms of likelihood this could be considered ‘possible’ or if viewed more favorably ‘unlikely’ to cause an event. In terms of consequence, from a Vault holder perspective the worst case is likely that parameters are changed suddenly that lead to a liquidation, but as far as I can tell it doesn’t seem possible for Governance to lead to a complete loss of all of a Vault owners collateral. In which case consequence would be ‘moderate’.

Considering both risks together indicates an external risk of somewhere between ‘medium’ and ‘high’. I’d lean towards ‘medium’ for now given the amount of value being secured is still relatively low. It will be worth re-visiting this rating once the network gets larger and the potential monetary gain from a coordinated attack becomes enticing for sophisticated actors.

Economic Incentive Failure Risk

The primary purpose of MakerDAO’s economic incentives is to keep the value of DAI very close to one USD. A failure that results in DAI losing its USD peg and dropping in value significantly is actually a positive event from the view of a Vault owner as they can repay their loan for a relatively lower amount.

Note that for an independent DAI holder the situation is completely reversed.

There is also the possibility of DAI increasing in value vs USD but the only real way for a material difference to be sustained over time is if governance fails to adjust the economic parameters. Therefore, I’d classify this as a governance failure instead.

It’s arguable there is some level of risk with the collateral liquidation process, but in general if this fails to work as intended it’s going to result in lower penalties for a Vault holder.

Overall, while there is likely some risk involved it doesn’t appear material for the particular user we are considering.

Summary

This results in the following risk scoring summary for a MakerDAO MCD Vault owner: