Summary
The most critical subjects covered in our audit is the functional correctness, security of assets managed and impact/added risk on the existing Maker system.
This iteration of the review focussed on the redesigned implementation of the D3MHub and fixes of issues raised in the last review. The documentation available only gives a high level description of the system, description of detailed behavior (e.g. temporary exceeding debt limits during a transaction) or limitations (unsupported/broken distribution of pool shares in case of loss) is missing.
In summary, apart from the raised concerns when a third party system makes a loss and the pool shares held no longer cover the expected DAI amount, we find that the codebase provides a high level of functional correctness and security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO Direct Deposit V2
Direct Deposit Module V2 is a modular framework which allows to generate and deposit DAI into third party systems in order to earn yield. For each supported third party a Plan contract implements the calculations to reach the target state while a pool contract manages the interaction between the D3MHub and the protocol.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)