Maker is a client of ChainSecurity: the leading smart contract audit company, leading smart contract auditor for DeFi projects and blockchain consortia (blockchain consortium). We provide blockchain security services and secure smart contract. Chainsecurity is your partner for smart contract security

MakerDAO – Direct Deposit Module (D3M)

Security Audit

Download Audit Report
Summary

The Direct Deposit Module (D3M) enables the interaction of the Maker ecosystem with third-party lending pools. DssDirectDepositAaveDai is a smart contract of this module that enables the transaction of DAI tokens from Maker to the respective lending pool of Aave. The goal of this smart contract is to ensure that the maximum variable interest rate for borrowing stays below a targeted interest rate decided by the Maker governance. In Aave, the variable interest rate of a pool depends on the utilization of that pool, which is the ratio of the total debt taken over the total liquidity put in the pool. Therefore, the higher the utilization of a pool, the higher becomes the variable interest rate. This strategy motivates liquidity providers to deposit capital in the pool when utilization is high.

The goal of DssDirectDepositAaveDai is to limit the maximum variable interest rate for the DAI pool in Aave by depositing or withdrawing DAI from the pool as needed. To achieve this functionality, the DssDirectDepositAaveDai needs:

  1. to be an authorized ward in the Vat, and
  2. operate on a special ilk.

The essential feature of this ilk is that it allows the DssDirectDepositAaveDai to generate DAI tokens on the fly without requiring a traditional collateral in another token. The ilk should have the rate set to 1, and the spot price fixed to 1. Note that, the generated DAI over this ilk can only be transferred to the DAI pool in Aave, hence the ink that the contract has in Vat is backed with the aDAI (interest-bearing token in Aave pegged to the value of DAI at 1:1 ratio) the contract holds. This way, the aDAI amount owned by DssDirectDepositAaveDai in Aave serves as ink in this special ilk for the generated DAI. It is important to note that the Aave pool is fully trusted to behave correctly. Whenever the variable interest rate of the pool is below the targeted threshold, DssDirectDepositAaveDai withdraws (if possible) liquidity from the pool and pays back the DAI debt in Vat and destroys the respective gem amount. Finally, all interests earned in the Aave pool by the contract are transferred to the Vow contract.

About MakerDAO – Direct Deposit Module (D3M)

“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”

(Source: https://awesome.makerdao.com/#beginner-guides)

It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)