The Tally Newsletter, Issue 28
April 21, 2021
Welcome back for issue 28 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen.
This week we cover MakerDAO’s fix for a critical bug affecting the emergency shutdown mechanism, plus quick updates from around the governance ecosystem.
MakerDAO Addresses Critical Bugs
TL;DR: The Maker team resolved interlinked flaws in the emergency shutdown mechanism that could have led to loss of user funds.
MakerDAO’s emergency shutdown mechanism is a key part of the protocol, allowing for the system’s collateral to be gracefully settled in an emergency to prevent loss of funds. If the required amount of MKR tokens are deposited to the shutdown contract, all debts are settled and DAI tokens become redeemable for a basket of underlying collateral.
While the shutdown mechanism is useful for responding to a few types of threats, one of the most important uses is a backstop against governance attacks. MKR voters have expansive powers to adjust parameters, seize system collateral, or mint new tokens. If a malicious proposal is adopted and voters are unable to cancel it within the two day timelock period, shutting down the system offers a final method for neutralizing the attack.
In last week’s newsletter we discussed a proposal to raise the emergency shutdown threshold from 50,000 to 75,000 MKR tokens. While this was planned to go up for a vote last Friday in tandem with liquidation system upgrades, a final review unearthed issues requiring a delay on the vote.
On Monday the team disclosed two interrelated issues in the emergency shutdown and end contracts. First, during emergency shutdown the governance contract retained power over the protocol’s core accounting contract. This could potentially allow a governance attack to steal funds before the shutdown mechanism had been fully completed, rendering it ineffective against this threat.
While the team had discovered this issue earlier and had already planned a fix, a second issue in the end module which apportions collateral assets for DAI redemption forced a delay to last week’s vote. Due to the huge increase in borrowing experienced in the past few months, the value of DAI generated from certain collateral grew high enough to cause an overflow during shutdown calculations.
This would prevent the system from paying out affected assets to DAI holders without further governance intervention. But with voter control during shutdown being removed through the other bug fix, it was necessary to resolve this issue at the same time.
The proposal to implement the necessary fixes is currently live, along with pre scheduled measures to upgrade liquidations for the LINK asset type and increase the shutdown token threshold. But the Maker system remains exposed to greater risk from governance attacks until the vote is executed, so this experience could be a valuable test case to understand voter’s responsiveness to critical issues.
Curve Finance joins Aave in launching on Polygon EVM sidechain:
Kyber Network begins long planned token migration:
Balancer deploys v2 contracts in preparation for launch:
Reflexer proposes partnering with BadgerDAO on a BTC backed stable asset, similar to their previous proposal to Index Coop:
James Waugh 🔥ᴗ🔥 @BlockchainJamesAnother 🔥_🔥 proposal enters the wild! 🌿 Introducing BAI, Bitcoin Backed Stable Credit: A proposal from the @reflexerfinance community to @BadgerDAO! Read more and get involved in the discussion! ⬇️ https://t.co/Vs15xzq86k
Compound Grants committee funds its second batch of projects:
Aave considers grants program proposal:
Also, Tally is hiring full stack engineers anywhere in the Americas time zone. If you’re interested in working with us to make on chain governance work, apply on our jobs page!
Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at firstname.lastname@example.org