This article reflects the current state of the DMM Ecosystem as of April 2020. Future articles will be posted as the DMM DAO evolves and upgrades over time that may outdate certain information included in this article in the future.

The DeFi Money Market (DMM) is a protocol born and built to bridge interest-generating real world assets onto the Ethereum blockchain and into the Decentralized Finance (DeFi) ecosystem. Ultimately this creates a gateway between the old and fragmented traditional financial system of today with the automated and reliable smart contract based financial system of tomorrow. DMM leverages the network effects of the public and permissionless blockchain Ethereum and the growing composability of the DeFi ecosystem in order to bring a stable predictable yield to anyone and everyone in the world with just an internet connection and an Ethereum address.

However, bringing off-chain assets onto the Ethereum blockchain is not a trustless process and will always require some amount of trust in the entities managing those real world assets. Our goal with DMM is to make this process as trust-minimized, transparent, and permissionless as possible. We fully acknowledge that this is a work in progress, and there is much more work that needs to be done before the DMM Ecosystem is maximally decentralized.

Decentralization is an ongoing process

DMM launched in a fairly controlled and safe manner under the DMM Foundation (DMMF) to ensure a smooth rollout with flexibility needed to swiftly fix any unforeseen issues that may arrive in these early days. However, minimizing the role of the Foundation has always been the goal. DMM has been designed to continually decentralize over time, like many other DeFi applications, to minimize the trust barrier needed. We will be handing over control of the DMM protocol, its off-chain assets, and the fiat treasury over to the DMM DAO (Decentralized Autonomous Organization) which will be managed by DMG governance token holders. The DAO is a crucial step to reducing single points of failure and growing user trust in DMM.

To begin this process of decentralization and trust-minimization of the DMM Ecosystem, we have already integrated Chainlink’s decentralized oracle framework using their independent, sybil-resistant, and security reviewed nodes to ensure our smart contracts live on mainnet always receive an accurate and up-to-date valuation of the underlying crypto (reserve held for liquidity), real world assets (interest generating), and eventually the intermediary fiat currency (held before purchasing real world assets). These metrics are used to calculate the current global collateralization ratio of the entire DMM system (designed to be ≥100%). The on-chain calculated collateralization ratio is used by the DMM smart contracts to autonomously restrict how many new mTokens can be minted ensuring there is always enough collateral backing each token. These valuations and resulting collateralization ratios are fully viewable on-chain or through our Explorer page.

Recently, we have also initiated a smart contract security audit with firm SECBIT (who previously audited Loopring, DDEX, and more) to ensure our on-chain business logic does not contain any bugs in the code that would put user’s funds at risk from external malicious parties. While we made sure to write our code with care using best practices, unforseen bugs are often a fact of life and should be exposed and fixed before it becomes a bigger issue down the line.

Current and Future Control of the DMM Protocol

Currently, the DMM Foundation is in possession of a multi-signature admin key which currently allows us to update DMM parameters such as the interest rate (6.25%), liquidity reserve ratio (50% but is currently at >100%), minimum collateralization ratio (100%), and price feed addresses (Chainlink Data Feeds). This functionality also enables us to create new markets (support new digital assets), raise/lower total supply of mTokens (subject to minimum collateralization), enable/disable markets (redeeming still available), transfer ownership of the protocol (move to the DAO), withdraw underlying crypto (purchase real world assets), deposit crypto (pay user’s accrued interest or fix liquidity reserve ratio after user withdrawals), pause DMM Ecosystem (during unforseen vulnerability), and blacklist addresses (legal action).

Changes to these on-chain parameters using the admin key are first fed through a DelayedOwner contract which currently has a timelock of one hour. The only admin function that bypasses this timelock is when pausing the DMM Ecosystem in the event a vulnerability is found and users need to have their funds immediately protected from malicious external parties. Pausing the DMM Ecosystem restricts all deposits, withdraws, minting, and redeeming by both users and the admin. This admin key currently gives the DMM Foundation quite subsational power over the DMM smart contracts, but we do not want to keep this power. Ownership of the protocol (and thus control of any changes) will be, in the near future, transferred to a transitional DAO which will consist of a limited number of trusted members with equal voting rights, but will evolve to include key DMG token holders, along with fewer members of the core team. No single legal entity will be responsible for the DMM protocol or have unilateral control of changes.

After the initial transitional DAO, voting tools and procedures will be refined in order to launch the proper DMM DAO which will create a permissionless governance structure leveraging the DMG token for voting rights. This will substantially reduce single point of failures and create a diversity of independent voters with direct skin in the game. The final structure is still being built but the current plan is for a representative democracy. All votes by all representatives will be available for review and if delegating token holders are displeased with results, they can withdraw their support and the representation will be removed. Building the DAO will be an ongoing process and we are open to feedback on how to improve the evolution of the DMM DAO.

Verification of DMM’s Real World Assets

A common question we receive is how can the DMM Foundation (and eventually the DMM DAO) definitively prove that the real world assets backing mTokens actually exist and that the DMM Foundation / DMM DAO really own the contractual rights to these assets?

As an initial step to bringing transparency in this regard, we have published the lien documents of the ~1,000 automobiles currently backing mTokens on our Explorer page. The documents have personal information redacted to comply with privacy regulations, but contains important information about the year, make, model, and registered state of each vehicle. These documents are hosted on the decentralized and censorship-resistant IPFS protocol. While proving proof of ownership is a built-in feature of native cryptocurrencies built on top of blockchain technology and private/public key cryptography (like ETH), there’s no such definitive cryptographic proof for the ownership of assets that reside in the messy, fractionalized, and commonly opaque traditional financial system.

In order to overcome this fundamental limitation of bringing real world assets on-chain, we are working with entities with specialized knowledge of the DeFi ecosystem in order to design and build an ongoing verification scheme which will provide an independent attestestation of asset ownership in the DMM Ecosystem. As the real world assets collateralized in the DMM Ecosystem are always in flux, a one-time audit is not very helpful or informative over the long term. Because of this, it will be created as an ongoing procedure that can provide our users with the most up-to-date and accurate attestations of the Foundation’s (and eventually DMM DAO’s) ownership of these real world assets. Information about each verification report will be posted to our website and is likely to be hosted on IPFS in a similar manner to our lien documents for maximum censorship resistance.

Ideally we want this process to also be performed in a decentralized manner as well. This could mean including a mixture of multiple independent third party auditors across different industries to minimize conflicts of interest. We are also looking into how we can leverage the Chainlink protocol in a unique way to bridge these ongoing attestation reports on-chain. A decentralized network of Chainlink nodes could compare off-chain the attestation reports versus what the DMM Foundation / DMM DAO claims to own and post any differences on-chain. If there are no resulting discrepancies, it is business as usual. If there do happen to be discrepancies, then a series of events take place on-chain that can include but not limited to revoking the ability for the DMM Foundation / DMM DAO to issue new mTokens or withdraw underlying deposited crypto. End-user withdrawals and transfers would be unaffected in this regard. Full functionality of the DMM system would only be restored once Chainlink nodes have confirmed there is no longer a discrepancy and the system is properly collateralized.

Knowing all this, why does DMM include itself under the moniker of DeFi?

DeFi is a wide spectrum of varying levels of decentralization.

Image courtesy of David Hoffman from his great article on The Two Faces of Ethereum

This is the fundamental concern of Ethereum’s #DeFi ecosystem. It’s not totally De. There are humans at the helm.

On one end of the spectrum, there are the maximally decentralized and entirely automated DeFi projects that require no external oracles, no human governance, no admin keys, and no native upgradability. This is where projects such as the Uniswap DEX and the iearn yield aggregator are located. Decentralized Applications (dApps) on this end of the spectrum are completely immutable and static. While this is good for knowing the rules of the game are set in stone and the rug can’t be pulled out from underneath you, it creates the trade-off of a highly inflexible dApp and it isn’t always possible to go this route for every use case (like bringing real world assets on-chain).

If there is a bug in the contract’s code, then the entire contract needs to be redeployed with a fix and users have to manually transfer to save their funds. In the worst case scenario, an attacker could clear the entire contract’s funds before users have time to intervene (as no admin can lock down the protocol). This could leave deposited funds completely stuck or gone with no chance of recovery (To those who point out the DAO hack hard fork, I will point you to the funds still stuck in the Parity Multisig). This is an inherent downside to immutable code, and is largely the reason why projects like Augur v1 have struggled with bugs and unforeseen malicious actors. Resilient code is a work in progress and this is why many projects are designed to decentralize over time.

On the other end of the DeFi spectrum are the largely centralized applications that leverage blockchains like Ethereum for its network effects, increased efficiency, transparency, and composability. This is where projects like RealT and the initial version of DMM are. These applications commonly utilize admin keys for major upgradability and can even be considered custodial in nature. But as mentioned above there are very real reasons for leveraging Ethereum smart contracts beyond decentralizing every layer to its maximum extent. Projects in this part of the spectrum benefit from Ethereum’s growing user base, lowered transaction costs and latency, transparency of live deployed code, pluggable “Money Lego’’ nature enabled by composability, and much more while still remaining flexible enough to upgrade and pivot development as needed in the early days. While this part of the spectrum is where DMM currently lives, we do not want to stay on this side of the spectrum for long. This brings us to the third section of DeFi, everything in between.

As is true with many things in life, there is no such thing as total absolutes. Decentralization is not a binary metric, but is instead a fluid spectrum ranging from maximally decentralized to minimally decentralized. Some aspects of a protocol may be built to be highly decentralized, while other components aren’t nearly as decentralized. Projects such as MakerDAO, Compound, and Aave are some examples of projects living in this “inbetween land” of DeFi, due to their use of external oracles, human governance, or admin keys for compartmentalized upgradability.

This inbetween land of DeFi is where the DMM Ecosystem as a whole will continually march towards. We want DMM to get as close to the maximally decentralized side of the DeFi spectrum as possible in order to create a protocol that enables anyone in the world to gain permissionless exposure to a positive stable yield backed by interest-generating real world assets with just an internet connection and an Ethereum address. We have just begun on our journey on making this become a scalable reality. This cannot be completed as a solo mission, and as such we are inviting anyone and everyone to contribute their brain power, on the sidelines or as directly as a DMG token holder, so we can bring yield to those who need it most.

We Are All in This Together.