MakerDAO Loans Can Be Gamed to Hold Out Funds From Liquidation, Startup Finds

A loophole in MakerDAO’s collateralized debt market enables positions to be closed far more leniently than intended due to an oversight in the auction process.

AccessTimeIconNov 16, 2020 at 2:00 p.m. UTC
Updated Aug 19, 2021 at 5:39 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Borrowers can close debt positions on lending platform MakerDAO under the 150% collateral minimum with this one simple trick.

A loophole in MakerDAO’s collateralized debt positions (CDPs) market, discovered by Israel-based startup B.Protocol, enables CDPs to be closed far more leniently than the system intends due to a small oversight in the auction market, according to a blog shared early with CoinDesk.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The lending protocol is meant to close positions automatically after collateral backing outstanding dai (DAI) falls below the 150% ratio. But a simple call function provides a workaround while decreasing the chance of being smacked by a liquidation penalty around that value.

    If borrowers split CDPs into tiny positions around $100, B.Protocol analysis shows, the Keepers – who bid on liquidated assets from undercollateralized positions – won't liquidate positions because of the difficulties in calculating the profit margin, B.Protocol CEO Yaron Velner said in a phone interview. 

    A position – big or small – could theoretically be held under the collateral limit for some time and be closed without a liquidation penalty, he said. Exact values were not provided because of the odd nature of the problem; how long an extension lasts depends on Keepers who don’t seem interested in purchasing small underwater positions, Velner said.

    “Extrapolating these results to a Vault of $1M suggests that it will cost around $5K in gas to split it into 7,800 Vaults. Or in other words, one could protect his Vault from future liquidations by sacrificing only 0.5% of his Vault size,” the blog states.

    That’s compared to the typical 13% or more haircut liquidated CDP holders usually sustain when their debt-to-loan ratios fall below the minimum threshold. 

    Liquidation heuristics

    The finding puts pressure on MakerDAO’s liquidation markets, which are already being overhauled by the community. Creating and destroying the platform’s native dai stablecoin is dependent on Maker self-executing liquidations when appropriate. Yet, as B.Protocol puts it, “It is not clear such a threshold exists.” Rather, Keepers rely on vague “heuristics.”

    “The core reason for the fact that small Vaults were not liquidated is likely because the liquidators did not find it profitable to initiate the liquidation process,” the blog states.

    One decentralized finance (DeFi) arbitrage firm CoinDesk spoke with under the condition of anonymity concurred with B.Protocol’s assessment, adding that other DeFi lending schemes such as Aave or Compound are far simpler. “With those protocols we don't have to price things and just need to consider whether there is enough liquidity,” the source said.

    The ten-thousand-foot picture is far more flattering, however. Not only has MakerDAO's total value locked (TVL) shot north of $2 billion, but its ability to address architectural slights on the fly throughout 2020 does give some credence to DeFi's ever-growing dependency on governance tokens.

    The finding is B.Protocol’s second in the last few weeks, the last being the use of a flash loan on Maker’s governance portal to close an election early. (B.Protocol offers lending market liquidation products).

    The startup disclosed the vulnerability to the Maker smart contract team, which is preparing options for community review Monday, Velner said.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.