Bitcoin can now be used as collateral in a tokenized form on MakerDAO’s algorithmically dollar pegged crypto token DAI.
“WBTC will help bring greater liquidity to the Ethereum and decentralized finance (DeFi) ecosystems, and to decentralized exchanges (DEXs),” Maker said.
Meaning you can now in a roundabout way ‘borrow’ against your bitcoin holdings though the DAI dapp.
WBTC, as you might know, is a bit like tether but for bitcoin where you hand over BTC to a defi consortium of sorts and then get back WBTC, a token like any other, with that WBTC allowing you to exchange it back to BTC whenever you want.
As WBTC and BTC are pretty much one to one pegged, this allows you to access the decentralized finance (defi) space on the ethereum ecosystem.
You can therefore lock in WBTC and get about half of that locked value in DAI while still having ownership of the WBTC.
If price increases then you’d kind of be gettin potentially tax free dollars, but if it decreases your tokenized bitcoin might be sold off to cover the dai dollar debt in order to keep the dai dollar peg to $1.
Usually these tokenized bitcoins are sold at market price, making dai potentially a fairly complicated hedge.
In some rare circumstances however there can be the equivalent of a run on the bank, leading to a liquidity crunch.
The DAI Collapse
On Sunday March the 8th 2020, ethereum saw a 20% drop from $240 to $200. Milan had just been put under curfew, stocks would crash next day on Red Monday, but as far as DAI was concerned, all was normal.
Then comes the real shock with the collapse of oil on Black Thursday, March 12th, clearly indicating cryptos have now become a tool among many within traditional finance.
Panic on March 12th began at around six o’clock London time with it continuing until 2am on Friday March 13th.
The biggest drop was just $20 within a 15 minutes period, so the speed of the drop was not an issue. What was an issue was the amount of people wanting to get out.
Just like in a physical bank people would storm the door, here they stormed the blockchain all at once. And just like a door can limit entry, here the blockchain’s limited capacity did so.
“The MakerDAO oracle reported an invalid ETH/USD price for many hours, while oracle operators were trying to unravel the tangle of stuck transactions created by the increased demand on the network,” says Emilio Frangella of Aave, a defi dapp best known for their flashloans.
Oracles are price feeds that tell smart contracts at what price eth is trading on Coinbase and other exchanges.
That communication line has clearly not been well designed to take into account the fee market, that being those that pay the highest fee get into the network first even if they came after someone else.
This fee market works fine generally but here we had a rush all at once outbidding each other by the second with many competing forces in addition to a force that arguably can’t be outcompeted, the hack attacker/s.
Under the hood dai feeds or is fed by many bots who automatically take the eth and sell it if the smart contract code says the eth has fallen below the amount owned.
In this way thus we have a code based loaning system, and we have the rule of code which doesn’t know such a thing as the ‘spirit’ of the law, in addition to the ‘letter of the law.’
Just like for the rich, in defi there’s only the letter of the law, and in the case of dai that said you can bid for eth even at just above zero dollars, like $0.0001.
The attack here is obvious for anyone who studied this system and quite rationally expected it to be just a matter of time before they could use this obvious flaw in this smart contract with it all being conceptually basic if/then.
That being if the network is congested then you can outbid everyone and you can so uncontestedly bid zero for one eth, thus you can get the eth for ‘free.’
Which is exactly what occurred, with the attacker able to afford a fee of even $10 or $50 per transaction in an atmosphere where he or she or a group did not even need to ddos spam the network first as people were doing that themselves.
Maker claims they did not know if this was an attack or hack, but it clearly was an exploit of this zero bidding ability which allowed whoever to run away with about $5.4 million worth of ‘free’ eth.
If the above analysis is correct, and obviously we’re going by what they’re reporting, then this is reassuring because the solution is simple and there can even be many of them.
You could for example simply suspend the whole thing temporarily or implement circuit breakers by analyzing the ethereum network in the same way EthGasStation does.
You could have the bid minimum set as a certain percentage of the price feed, which in this sort of circumstance may have led to the minimum being far too high due to the incorrect price feed, but the effect of that would have only been that the dai would have been a bit out of peg temporarily.
No one would have cared about that out of peg part anywhere near the fact they could still have their eth.
As it happened dai did get out of peg anyway because these zero eths were not used to buy dai, but probably to buy some yacht.
What through reading these primary sources therefore sounds very complex and even undecipherable, may instead be a very simple oversight by coders who naturally can’t take into account all eventualities, but arguably should have taken into account the effects of a congested network.
The attacker did, and did so because that ethereum has very limited capacity has been known since December 2017. Why didn’t the MKR devs?
That’s something they should answer, but at a very high level view their product is MKR, not DAI which is only useful in as far as it assists MKR. Therefore there are at a basic human level natural incentives to dismiss anything that might reflect negatively on the primary product with criticism often in this space taken more as an insult, and with criticism often met with a circling bandwagon of an echo chamber.
Which ultimately means dai needs competition. It needs a fork with the mkr backstop replaced by an eth backstop with that eth, like in current dai, coming from a percentage of the opened and/or closed positions in addition to some percentage for the devs to give them bread.
That now nearly two years on there isn’t such a fork is quite interesting, but as we see it anyway, all this conceptually appears to be a non event in as far as it does not look like there is anything fundamental to it but more a simple human oversight in a very new ‘product’ where there are little resources to have a more interdisciplinary approach and a more thorough approach and even then ultimately experience is the only science.