MKR AVC member. Researching all things MakerDAO. Self custody is the future.
MKR AVC member. Researching all things MakerDAO. Self custody is the future.
Subscribe to opensky
Subscribe to opensky
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Stability, Security and Deep Work…
The last week was dedicated to discussions of the Stability Scope. An unstable stablecoin is like yesterday’s papers. Useless.
Risk management is a key element of DAI’s stability and MakerDAO is happy to have BA Labs as advisors here.
Another important aspect of stability is managing and monitoring what RWA arrangers are doing. After all just two entities, Monetalis Clydesdale and BlockTower Andromeda manage the majority of MakerDAO’s RWA allocation. While the trust structure’s and investments are transparent, tight monitoring and reporting are essential to make sure everything stays above board.
Allan Pedersen published his idea of Policies, Procedures and Guidelines (PPG) for MakerDAO Arrangers on the forum last month.
https://forum.makerdao.com/t/clydesdale-tool-policies-procedures-guidelines/22143
His call out is to give arrangers some degree of autonomy how they conduct their business while making sure the community is in the loop on what PPGs are in place.
KISS AVC discussed this at length in our latest meeting, and some come to the conclusion that autonomy can only happen in the context of radical transparency.
We, opensky, posited that without transparency the community could not correctly assess when to stop an experiment and when to reign arrangers back in. Given the absolutely essential amounts arrangers manage, there is little to no room for experiments to go haywire.
Conversely, experts know best how to run their business, and the token holders should not micro-manage them, but pick the best and let them do their thing.
Some housekeeping
In our last newsletter the post-mortem of the Matrix and Discord communication issues contained some reports that turned out not to be accurate. Here is what really happened, thanks to IAmMeeoh.
At about 14h00 UTC the matrix server HackLiberty.org went down. This appears to be a rare event. The server came back online about at 16h30 UTC . This meant that all users who registered their accounts with HackLiberty could not log-in.
Users whose accounts were registered with other servers were unaffected.
In Matrix channels are not bound to any specific server. They are "replicated" across all servers having at least one user in the channel. This is what is called a "federated server" structure.
This means that all users not registered with HackLiberty.org (including the Discord bridge BOT) could still access the " #KISS AVC Weekly Calls " channel and communicate.
Users from Hackliberty could not login. As emergency solution, they used the Discord channel. The bridge bot, which could still access Matrix (since the server t2bot.io was UP), did its job of bridging messages between Matrix and Discord.
We had some issues with formatted text, but plain text messages were bridged without any issue.
Towards the end of the call, another very rare and uncorrelated event occurred. MakerDAO's Discord admins made a series of human mistakes, which resulted in several users being kicked out of the Discord channel, including the bridge bot.
This was a human error, since confirmed by TechOPs, and uncorrelated to Hackliberty.org being down.
When (the day after) MakerDAO's admins fixed the Discord issues, the Bridge bot joined the Discord channel again. However, the Discord admins forgot to give the bot "write" permissions, leaving it unable to perform its duties.
KISS AVC decided that ADs and AVC members should create accounts on two Matrix servers as fallbacks. Matrix, with its federated server structure, is a decentralised and resilient communication infrastructure.
We, opensky, would like to see MakerDAO run a set of its own Matrix servers and leave Discord behind on its way to true decentralization.
Another hot discussion topic we want to focus on is whether or not a veteran bug hunter was getting paid enough for finding additional exploits, recently.
https://forum.makerdao.com/t/request-to-change-incorrect-bug-bounty-decision/22440
theexplorer argues that finding two bugs in the Emergency Shutdown Module should have earned him 160k DAI, but he was awarded only 15k DAI.
Immunefi spokesperson psychnaut argued that the 160k was the theoretical limit, and a governance attack would have been required to trigger the ESM, making the possible damage far less. If the ESM is triggered, the DAO has essentially liquidated its entire treasury.
Security is the result of a lot of eyes looking at the same attack surface through different lenses. It is unrealistic that any single entity can detect all possible ways of how an attacker could think and go about his craft.
In that regard, MakerDAO is fortunate to have Immunefi, but relies on bug hunters like theexplorer to care enough to go about their difficult work.
While budgets have to be managed carefully, we believe bug bounties play a very important role in responsible disclosure and hope theexplorer sticks around.
Rune Christensen’s GAIT example collection elicited a lot of great responses and is scheduled to go into the next round this week. Human’s training AI is a novel way of toolmaking that we are especially excited about.
We want to commend BLUE AD for their exceptional work in that we point out here:
https://forum.makerdao.com/t/atlas-and-gait-call-tasks-for-next-week/22458/16
DAI supply update
DAI supply is down 77M since last week. We can not certainly say what caused this. We hope the DSR is still attractive enough, even though Coinbase offers the same rate for USDC holders.
Stablecoin collateral is down to 9%. The last time it was that low was in 2020, on 11 September.
Poll update
There are no current polls on the portal.
Image credits
The image is by BING Image Creator, a free version of DALL-E3.
The prompt used was: stability, security and deep work, in a vibrant, upbeat mood
Outro
If you are an MKR holder and want to contribute to MakerDAO governance, please join KISS AVC.
Stability, Security and Deep Work…
The last week was dedicated to discussions of the Stability Scope. An unstable stablecoin is like yesterday’s papers. Useless.
Risk management is a key element of DAI’s stability and MakerDAO is happy to have BA Labs as advisors here.
Another important aspect of stability is managing and monitoring what RWA arrangers are doing. After all just two entities, Monetalis Clydesdale and BlockTower Andromeda manage the majority of MakerDAO’s RWA allocation. While the trust structure’s and investments are transparent, tight monitoring and reporting are essential to make sure everything stays above board.
Allan Pedersen published his idea of Policies, Procedures and Guidelines (PPG) for MakerDAO Arrangers on the forum last month.
https://forum.makerdao.com/t/clydesdale-tool-policies-procedures-guidelines/22143
His call out is to give arrangers some degree of autonomy how they conduct their business while making sure the community is in the loop on what PPGs are in place.
KISS AVC discussed this at length in our latest meeting, and some come to the conclusion that autonomy can only happen in the context of radical transparency.
We, opensky, posited that without transparency the community could not correctly assess when to stop an experiment and when to reign arrangers back in. Given the absolutely essential amounts arrangers manage, there is little to no room for experiments to go haywire.
Conversely, experts know best how to run their business, and the token holders should not micro-manage them, but pick the best and let them do their thing.
Some housekeeping
In our last newsletter the post-mortem of the Matrix and Discord communication issues contained some reports that turned out not to be accurate. Here is what really happened, thanks to IAmMeeoh.
At about 14h00 UTC the matrix server HackLiberty.org went down. This appears to be a rare event. The server came back online about at 16h30 UTC . This meant that all users who registered their accounts with HackLiberty could not log-in.
Users whose accounts were registered with other servers were unaffected.
In Matrix channels are not bound to any specific server. They are "replicated" across all servers having at least one user in the channel. This is what is called a "federated server" structure.
This means that all users not registered with HackLiberty.org (including the Discord bridge BOT) could still access the " #KISS AVC Weekly Calls " channel and communicate.
Users from Hackliberty could not login. As emergency solution, they used the Discord channel. The bridge bot, which could still access Matrix (since the server t2bot.io was UP), did its job of bridging messages between Matrix and Discord.
We had some issues with formatted text, but plain text messages were bridged without any issue.
Towards the end of the call, another very rare and uncorrelated event occurred. MakerDAO's Discord admins made a series of human mistakes, which resulted in several users being kicked out of the Discord channel, including the bridge bot.
This was a human error, since confirmed by TechOPs, and uncorrelated to Hackliberty.org being down.
When (the day after) MakerDAO's admins fixed the Discord issues, the Bridge bot joined the Discord channel again. However, the Discord admins forgot to give the bot "write" permissions, leaving it unable to perform its duties.
KISS AVC decided that ADs and AVC members should create accounts on two Matrix servers as fallbacks. Matrix, with its federated server structure, is a decentralised and resilient communication infrastructure.
We, opensky, would like to see MakerDAO run a set of its own Matrix servers and leave Discord behind on its way to true decentralization.
Another hot discussion topic we want to focus on is whether or not a veteran bug hunter was getting paid enough for finding additional exploits, recently.
https://forum.makerdao.com/t/request-to-change-incorrect-bug-bounty-decision/22440
theexplorer argues that finding two bugs in the Emergency Shutdown Module should have earned him 160k DAI, but he was awarded only 15k DAI.
Immunefi spokesperson psychnaut argued that the 160k was the theoretical limit, and a governance attack would have been required to trigger the ESM, making the possible damage far less. If the ESM is triggered, the DAO has essentially liquidated its entire treasury.
Security is the result of a lot of eyes looking at the same attack surface through different lenses. It is unrealistic that any single entity can detect all possible ways of how an attacker could think and go about his craft.
In that regard, MakerDAO is fortunate to have Immunefi, but relies on bug hunters like theexplorer to care enough to go about their difficult work.
While budgets have to be managed carefully, we believe bug bounties play a very important role in responsible disclosure and hope theexplorer sticks around.
Rune Christensen’s GAIT example collection elicited a lot of great responses and is scheduled to go into the next round this week. Human’s training AI is a novel way of toolmaking that we are especially excited about.
We want to commend BLUE AD for their exceptional work in that we point out here:
https://forum.makerdao.com/t/atlas-and-gait-call-tasks-for-next-week/22458/16
DAI supply update
DAI supply is down 77M since last week. We can not certainly say what caused this. We hope the DSR is still attractive enough, even though Coinbase offers the same rate for USDC holders.
Stablecoin collateral is down to 9%. The last time it was that low was in 2020, on 11 September.
Poll update
There are no current polls on the portal.
Image credits
The image is by BING Image Creator, a free version of DALL-E3.
The prompt used was: stability, security and deep work, in a vibrant, upbeat mood
Outro
If you are an MKR holder and want to contribute to MakerDAO governance, please join KISS AVC.
No activity yet