["pile"] - Does a high price for $DANA jeopardize the protocol

[Benjmhart]

Description

One of the ways ardana-dollar protocol will differ from makerDAO is that $MKR can be minted ad-hoc to prevent unbacked $DAI from accruing in circulation. ardana-dollar will instead maintain a float used to take $dUSD off the market, however this float requires maintenance. Today when discussing this with Ryan and Isaac I realized there may be an exploit here:

Essentially, an attacker who is aware of the details of the protocol and is equipped with suitable amounts of capital can manipulate the price of $DANA upward when there is a large amount of unbacked $dUSD in circulation. this is similar to blocking a short-squeeze by holding GME, the other party (the protocol or an administrator thereof) is now forced to pay additional amounts to obtain sufficient $DANA to keep the system from imploding.

The degree to which this is an effective attack strategy deserves greater analysis.

however three additional differences may compound this challenge: 1) we currently pay $DANA token holders dividends, this serves to steadily drive the price of $DANA 2) $DANA is also backed by a DEX, which will also pay dividends and serves to drive the price upward. 3) if smart contracts have a serious success story on Cardano, we may see a mass exodus from Ethereum onto Cardano and governance token prices may become unglued from reality as a result of this boom. by contrast Maker was launched during a relatively stable period of Ethereum dominance.

additionally, the deflationary nature of the $DANA token may implicate that the ardana-dollar protocol itself cannot self sustain longer than a certain lifetime (let's say 3 years).

Deliverable

economic analysis of this attack vector.

Notes

optional field

[quinn-dougherty]

an attacker who is aware of the details of the protocol and is equipped with suitable amounts of capital can manipulate the price of $DANA upward when there is a large amount of unbacked $dUSD in circulation.

@Benjmhart why is unbacked $dUSD the crux here?

What is our main backing mechanism for $dUSD? glancing at current public-facing whitepaper it doesn't look like unbacked $dUSD is much of a thing?

[Benjmhart]

unbacked $dUSD enters the market during liquidation.

users deposit one of a set of pre-approved assets (ada, etc) into a personalized 'vault' at a collateral ratio such that we have reasonable guarantees that $dUSD can always be redeemed for equivalent value in Ada by the holder of a vault.

when Liquidation occurs, the 'loan' is paid off in $dUSD by a third party, and corresponding collateral is removed. the borrower still retains their $dUSD, and now this amount is unglued from it's backing, Generally the user who performed the liquidation has equivalent collateral in their vault, but this is not guaranteed to be the case.

the real risk here is that a nation state or coordinated group of whales could sit on $DANA during a time when our 'float' is exhausted and the protocol is obligated to buy $DANA at any price. Resulting in us paying for $DANA at a high price, and having perhaps 50 cents on the dollar to actually buy unbacked $dUSD.

current solutions involve: economic approach - build a managed 'war chest' which can be used to run options and change incentives should we ever have to fight this fight. allow debt auctions to use $ADA in place of $DANA

[quinn-dougherty]

Discussed with Bassam and Ben, notes:

• assumption we're making: DANA can be used as collateral to borrow dUSD
• (solved in indented bullet): An obvious comment to make is "why don't we just use the MKR minting policy?", which we should understand the answer to in order to proceed with this research.
  • MKR has no float, it's minted on the spot, used to buy DAI off the market; vice versa, then they burn MKR. DANA on the other hand has a fixed amount for all time. this gives us deflationary economics.
• we want to know more about how the float is working to proceed with this research

This vector is really about the float being exhausted, not about the price of DANA being high (because whales demanding any price they like for DANA is downstream of the float being exhausted)

MITIGATION

1. war chest: treasury funded dividends from Danaswap, managed portfolio to hedge over-inflated prices on DANA.
2. "allow debt auctions to use $ADA in place of $DANA" We will mint dUSD when we're low on dUSD, but when we're high on dUSD we'll buy it back with the DANA float.
3. an administrator can now switch the float between DANA and ADA.
4. admin control is ideally a v1 thing, and will migrate to democracy over time (maybe).

[quinn-dougherty]

This lives in src/attacks/danagoup.md, there is also a google doc that Bassam and I are discussing it in.