Vulnerabilities in Maker: predictive machine governance attacks, attack DAOs, and decentralization

Author: Ariah Klages-Mundt

Compile: Sharing Finance Neo

Source: Sharing Finance

The security of Maker Stabilizer Dai relies on a reliable oracle (predictor) to provide price information. These are chosen through chain governance. Therefore, the oracle feed can be operated by the MKR token holder. In this article, I will discuss the attack on Maker, which is similar to 51% of attacks, but does not necessarily require 51% of MKR attacks. In this attack, an alliance can “steal” the system by manipulating governance. Profit and profit. These attacks affect both the current single-aily Dai (SCD or 'Sai') and the upcoming multi-Affiliated Dai (MCD) implementation, as well as similar systems with chain governance.

One consequence of these attacks is that at the current and historical market prices, the "fully dispersed" Dai is unsafe due to incentive misplacement. The "complete dispersion" here requires that the MKR be sufficiently dispersed to achieve the purpose of dispersion. The current Maker system is semi-centralized and it is said that most MKRs are held by a handful of Maker individuals and Maker Foundations. This suggests that the market may underestimate the value of MKR because it is not sufficiently fragmented, so Dai's security relies on trust links with the Maker Foundation and the possibility of legal recourse in the event of an attack. Either the market does not realize that the potential of MKR governance attacks will lead to a lower price limit, or the market believes that if MKR is completely decentralized, its value will be higher.
These attacks also indicate that Dai has serious scalability issues: To maintain security, the value of MKR needs to grow much faster than the supply of Dai and accessories. Dai and CDP holders need to raise these prices to keep them safe. In essence, stable asset holders need to hold large positions in a high-risk asset to ensure their stable position, which may violate the purpose of stabilizing assets.
Maker Governance: Prophet and global settlers
 
The Maker system is managed by MKR token holders who vote in order to determine system parameters and processes. They are given three important tasks related to the safety of the oracle.
First, the MKR holder populates Maker's list of trusted oracles. The Maker system relies on these trusted oracles to provide real-world price data that is used to determine the threshold for debt collateral (CDP) clearing.
Second, MKR holders influence the protection against predictive machine operation. The Maker system built the largest predictor price change ("price feedback sensitivity parameter") in a given time, and delayed the new predictor price every hour. The MKR holder directly determines the price parameters.
Third, the MKR holders decided to "global settlers" to effectively control the global settlers. In the global settlers, the Maker system was frozen and participants (Dai and CDP holders) were able to take back some of their collateral, which was determined by the price of the previous oracle.
Assuming honest MKR governance, predictive machine operations may be reasonably controlled. The hourly price delay provides an emergency, and the predictor (predetermined by the MKR holder) has time to respond to the attack. The price of Maker takes the median price of the predictor, so most of the predictive machines (including emergency predictors) will have to collude. The maximum price change of the predictor limits the immediate severity of the attack. Moreover, if all other methods fail, the price delay will trigger the global settlers to provide time for the global settlers (predetermined by the MKR holder).
Prophecy Machine Attack Attack Maker
 
Through dishonest MKR holders, two important attacks are possible:
MKR→CDP exit attack: MKR holders can hold a large number of CDPs, choose the collusion predictor to let the ETH price →∞, and then trigger the global settlers.
MKR→Dai exits the attack: MKR holders can hold a large number of Dais, choose the collusion predictor to let the ETH price → 0, and then trigger the global settlers.
In both cases, the value of the collateral is transferred to them through dishonest MKR holders (respectively) holding CDPs or Dai. A large number of CDPs or Dais will depend on the values ​​required to promote the attack in MKR (see below for more information).
Please note that the oracle protection built into Maker does not prevent these attacks. Dishonest MKR holders can collude to set a higher maximum hourly price change before the attack. Through the oracle, they can calculate the highest price change within a few hours. This gives the time for other participants (such as Dai and CDP holders) to react. Let's explore what happens next in the Dai market:
In the MKR→CDP exit attack, when the Dai holders realized that they were manipulating the attack, their expectations for the long-term Dai price were zero. The Dai market has become a big sale because all Dai holders are trying to trade other assets. This will trigger a decline in Dai prices, but will not prevent dishonest MKR holders from continuing to manipulate the oracle and subsequently trigger global settlers to realize their gains.
In the MKR→Dai exit attack, when the CDP holder realizes that the attack is maneuvered, its share of the guarantee value in the global settlers is expected to be zero. They are eager to lift the collateral restrictions. MKR holders can partially block this by setting a higher threshold for excess guarantees. In order to unlock the collateral, CDP holders are competing to buy back Dai. However, Dai holders now expect their Dai to be more valuable. The Dai market price increase is to take into account the value of additional collateral, at this point, CDP holders have suffered losses. The dishonest MKR holder can continue to manipulate the oracle and then trigger the global settlers to realize their gains.
In order to ensure the success of the attack, the conspiracy MKR holder needs to control 50% of the MKR token. However, attacking with less money may succeed. For example, voters' participation is usually low, the network may be blocked, honest participants have little chance to respond, and dishonest MKR holders may collude with miners to review voting and CDP secured transactions. Another added complexity is the burning of MKR when CDP is turned off. Therefore, an attacker who exits the attack in MKR→Dai seems to be able to attack the predictor with <50% of the MKR. Once the CDP holder starts to shut down the CDPs, it can actually get the full 50%.
At the current price, Maker governance is fragile
 
The potential reward for these attacks is the total value of the collateral locked in Maker's hands. The cost of these attacks may be 50% of the MKR supply. If the return is greater than the cost, this is an abnormal incentive for the profit-seeking MKR holders, and there may be a balance that most MKR holders collude to commit such an attack.
As of November 5, 2019, these values ​​were collateral value C = $336 million, MKR market value M = $555 million, and Dai market value D = $96 million. This creates a potential attack profit:
Under the MKR→CDP exit attack, this represents the benefits of the United Alliance:
Under the MKR→Dai exit attack, this represents the benefits of the United Alliance
As the price of MKR has risen in the past few days, this measure of attack profitability has fallen to $19 million. This is still substantial, especially considering that profitability comes only from the current SCD system, which has a small cap size, and MKR's price outlook comes from the upcoming MCD system, which is expected to gain even greater scale. Figure 1 tracks the full history of these profitability metrics. In many long periods, the profit margins of these attacks are much higher.
Figure 1: Potential benefits of the MKR oracle attack
Actual profit margin may be much higher
Please note that the actual profit margin may increase significantly for several reasons. First, it is reported that the Maker Foundation, which owns about 30% of MKR, promises not to participate in governance voting. If they insist on this, or to some extent cancel their voting rights in smart contracts, then MKR will give less control to the alliance, which will greatly reduce the cost of attack. Figure 2 shows the significantly improved profitability in this case. Second, a small number of MKR holders and major miners may collude. Third, the attack can be combined with other systems to take advantage of Maker's oracle.
Figure 2: Potential profitability of the MKR oracle attack, the Maker Foundation's shares are restricted from voting
Some other complicated factors
 
There are several complex factors that can affect the analysis. If an attacker needs to get an MKR, they will need to buy or borrow it. Although MKR's borrowing rate may be very low (Nuo's borrowing rate is only 2.6% in a small loan of $300,000 in September), large-scale acquisitions will have a market squeeze effect if many MKR holders If they are honest and long-term, the acquisition may be difficult. Similarly, if an attacker needs to get a lot of Dai or CDPs, it can be difficult considering market power. A successful acquisition can take a long time. Similarly, the cost of gas that performs the attack step will also affect profitability.
Coordinating colluders to create " attack DAO "
That is to say, in fact, we do not know who owns the joint holding of MKR, Dai and CDPs, and many agents may collude. We cannot rule out that some alliances control the portfolio of assets that make this attack profitable. If there is such an alliance, then the alliance will have an improper motive to conspire to launch an attack. To ensure that enough colluders can collaborate well, create an “attack DAO” that brings together the required portfolios and triggers the attack steps to profit.
Consequences of MKR pricing
 
The value of MKR comes from two factors: (1) the (discounted) value of regular cash flow, and (2) the conditional cash flow value of governance manipulation. Frequent cash flow comes from the Maker fee ("stability fee") used to burn MKR – which often reduces supply, similar to a company stock repurchase program. The MKR value associated with regular cash flow is related to expectations surrounding Dai growth, as a larger Dai system leads to more expense. The conditional cash flow of corporate governance controls represents the potential profitability of a carefully planned attack by MKR, such as the 51% attack described above. This is an "alternative" way that MKR holders can cash out.
To avoid governance manipulation, MKR's market capitalization must be >2x total collateral value (may be much higher if you consider the more complex attacks mentioned above and the Maker Foundation's non-voting commitments). It can be said that the price of MKR in the scattered Dai should reach these levels through market forces, otherwise the attack represents a similar arbitrage opportunity for a certain alliance (although this is not entirely clear, discussed in the next section).
Semi-centralized influence
 
As described in the introduction, the Maker system is currently semi-centralized: it is said that most of the MKR is held by the Maker Foundation and a handful of Maker individuals. In this case, the governance attack must actually be performed by Maker itself. They will be identified in such an attack and may therefore be legally responsible. In this case, a lower MKR price may be reasonable because the potential legal liability offsets any incentive to attack for quick profit. But this gives the Maker Foundation a trust link.
Because the attacks outlined above may be profitable today, either the market is unaware that the potential of MKR governance attacks should lead to a lower bound on security pricing, or that the market may be discounted because MKR is not sufficiently fragmented. In other words, if the release of MKR is more fragmented, its value may be higher.
Can cash flow ensure system security?
 
For the above reasons, we can assume that today's MKR price represents the expectation of buying and burning MKR's regular cash flow through CDP operations (this is essentially similar to stock repurchases). This provides valuable data for designing such a security system. Importantly, this suggests that in most cases, these cash flows are not sufficient to ensure protection of the Maker.
In fact, if Maker is sufficiently fragmented, then regular cash flow from stock repurchases may not be necessary for governance security, as we may expect rational agents to raise the price of MKR to attack value. From a security point of view, to push the price of MKR to a level slightly above the attack value, stock repurchase is required. Therefore, since Maker is semi-centralized, an effective tax is imposed on the user to support the MKR price, and the fee income may be better transplanted to support long-term stability.
Expansion problem
These attacks indicate that Dai has serious scalability issues: To maintain security, MKR values ​​must grow at a much faster rate than Dai supply and lock-back collateral. In order to ensure the security of funds, holders of Dai and CDP may need to raise the price of MKR. Therefore, stable asset holders need to hold large positions in a high-risk asset to ensure their stable positions, which may violate the purpose of stabilizing assets.
solve these problems
 
The above attacks and problems occur in a larger environment: a game played between Stabilizing Coins, CDP and MKR holders (and possibly miners) who strategically determine the portfolio of assets they hold. Modeling this game can help us understand the assets that different players need to protect in order to protect the system (for example, how many MKR). It is important to note that players cannot risk a profitable attack by MKR being held by someone with the right portfolio of assets.
In this case, there are several points worth exploring. It helps us understand how to distribute tokens to protect the system. If the risk asset holdings need to be high, then for many players (for example, if you must hold MKR to ensure system security, then stable asset holders), participating in the game may not be worth it. Under what circumstances is it worthwhile for players to raise the price of governance to ensure system security? In addition to bidding on assets for secure pricing, is there any other balance? The consequences of the instability of all involved tokens are what?
At the last point, the MKR price is derived from the “creative” value associated with the collateral, which is several times the value of the collateral. The value of MKR is to reflect the very uncertain prospects of Dai stability. In a system crash (for example, from an attack), the total value of the system collapses into the value of the collateral, leaving many people with nothing. The purpose of MKR is to absorb this part of the funds and become worthless in this incident, while at the same time guaranteeing the settlement obligations of holders of stable currency and CDP. However, through the expansion of the above attacks, the stable currency and CDP location also bear this risk. If the MKR price is below the safe level, then various MKR, stable currency and CDP positions can be taken in the settlement. These risks should take into account the volatility of these assets.
Whether or not it is intentional, Maker solves these problems by centralizing governance ownership and placing trust links on Maker (although it may not be called unless it is seriously threatened). This is not necessarily a problem – many traditional systems operate like this. However, we should publicly understand the existence of this line of trust. It is worth noting that the attack may still collude with miners.
Based on a conversation with Devcon's Maker team, they discussed how to set the correct threshold for calling global settlers—for example, 10% of MKR. However, it is unclear whether this solves the incentive problem discussed here. One thing that is unclear is that for an honest 10% MKR alliance, it is the best response to ask for global settlers early in the attack. This is because in attack-based settlements, their values ​​are still subject to a large impact (possibly 0). A dishonest 10% alliance may also abuse the settlement agreement. Understanding the motivation is back to understanding the game between MKR, CDP and stable currency holders. With this different setup, one potential outcome may be bribery from attacking parties to 10% MKR alliances or other parties.
Solving these problems in a decentralized manner remains an open question, so the importance of rigorous mechanism design work is consistent with the discussion in this section.