Emergency Proposal: Risk and Governance Parameter Changes (11 March 2023)

Emergency Governance Proposal

The @Risk-Core-Unit is using our authority under the MIPs framework to request an urgent executive proposal to mitigate risks to the protocol.

Proposed Actions

• UNIV2USDCETH-A
  • Reduce debt ceiling to 0
• UNIV2DAIUSDC-A
  • Reduce debt ceiling to 0
• GUNIV3DAIUSDC1-A
  • Reduce debt ceiling to 0
• GUNIV3DAIUSDC2-A
  • Reduce debt ceiling to 0
• PSM-USDC-A
  • Reduce gap to 250 million DAI
  • Increase tin to 1%
• PSM-GUSD-A
  • Reduce gap to 10 million DAI
• PSM-USDP-A
  • Increase debt ceiling to 1 billion DAI
  • Increase gap to 250 million DAI
  • Reduce tin to 0%
  • Increase tout to 1%
• Compound v2 D3M
  • Set bar to 0 (eliminate exposure)
• Aave v2 D3M
  • Set bar to 0 (eliminate exposure)
• Governance Security Module Delay
  • Reduce GSM delay to 16 hours (value chosen following discussion between GovAlpha and PE - note that arguments were also made both against reduction and in favour of further reduction, this value ultimately was chosen as a compromise solution).

Background

Over the past week, the collapse of first Silvergate and then earlier today Silicon Valley Bank has thrown the banking industry into crisis. In particular, centralized stablecoins may face significant impairment due to their high exposures to impacted banks as well as other potentially at risk institutions. Only the first $250,000 of bank deposits are insured by the FDIC, with the vast majority of stablecoins’ bank deposits representing unsecured deposits to underlying banks. These funds are more senior than bank equity and bonds, but still bear some risk of not receiving full repayment if a bank is closed.

While Silvergate is voluntarily winding down with no reported losses to depositors (uninsured and insured), Silicon Valley Bank has been placed into receivership by the FDIC with the possibility of losses to uninsured depositors. Circle has reported roughly $3.3 billion in exposure to SVB, or a bit more than a quarter of their roughly $11 billion in bank deposit exposure. Certain other banks may also be at risk next week of bank runs and general contagion.

The proposed changes are intended to limit Maker’s exposure to potentially impaired stablecoins and other risky collaterals, while maintaining enough liquidity to prevent DAI from trading significantly above $1 if conditions change, and ensuring there is adequate market liquidity to process potential liquidations of crypto collateralized vaults.

Reasoning for Specific Changes

LP Collaterals Containing USDC

These collaterals are exposed to potential USDC tail risk, and available debt ceilings are not critical to maintaining adequate DAI liquidity. Therefore, it is proposed to reduce debt ceilings (line) for each of these assets to 0 DAI: UNIV2USDCETH-A, UNIV2DAIUSDC-A, GUNIV3DAIUSDC1-A, GUNIV3DAIUSDC2-A.

PSM-USDC-A

The USDC PSM has historically been Maker’s primary liquidity sources, keeping DAI close to target price and preventing price spikes that can interfere with safe and sound liquidation of crypto collateralized vaults. However, under current conditions, excessively daily minting limits put Maker at risk of greater losses in the event that USDC vault faces impairment from underlying uninsured bank deposit exposures.

We are proposing to reduce the gap parameter from current 950 million DAI to 250 million DAI (effectively reducing daily mint limits to 250 million DAI), and increasing the tin parameter to swap USDC into DAI from current 0% to 1%. The increased fee will help prevent excessive dumping of USDC into the PSM, potentially incentivizing users to dispose of USDC via other methods and ensuring it is only used if DAI price significantly diverges upwards (which could be indicative of liquidity crunch from crypto collateralized vault liquidations).

PSM-GUSD-A

GUSD has not faced exposure to Silvergate or Silicon Valley Bank, but they have large uninsured bank deposit exposure which potentially could be associated with at risk institutions (specific breakdown of deposit balances by institution are not provided in attestations). To limit potential losses if Gemini faces contagion risk from their bank deposits, it is proposed to reduce gap from current 50 million to 10 million DAI.

PSM-USDP-A

Paxos has relatively stronger reserve assets versus other available centralized stablecoins, consisting primarily of US treasury bills, reverse repurchase agreements collateralized by US treasury bonds, insured bank deposits (placed through deposit broker networks to remain under FDIC limits), and privately insured bank deposits, with a relatively small portion of uninsured bank deposits per their latest reserves reports. They face relatively lower potential for impairment versus other available stablecoins, but can still provide important backstop liquidity to prevent DAI from trading over $1 target price and impacting liquidation safety in the event of a crypto market crash.

We are proposing to increase the maximum debt ceiling line to 1 billion from current 450 million DAI, increase gap from 50 million to 250 million DAI, reduce tin from 0.2% to 0%, and increase tout from 0% to 1%. This will allow USDP to effectively provide liquidity when DAI trends above $1, while limiting arbitrage opportunities to drain stronger USDP collateral from the protocol in exchange for weaker stablecoins.

Compound v2 D3M

Compound v2 uses a fixed $1 price for USDC. This presents a risk of bad debt accrual and potentially bank runs with cascading market insolvency if the market price of USDC falls significantly below the current collateral factor. We are proposing to temporarily deactivate the Compound v2 D3M and pull all funds (via setting bar to 0 via the MOM mechanism) to prevent exposure to this potential tail risk.

Aave v2 D3M

While Aave v2 uses live oracle pricing so is not vulnerable to the same risk as Compound, the overall risk reward of depositing funds into the D3M are not favorable under current conditions. For this reason we are proposing to temporarily deactivate the Aave v2 D3M and pull all funds (via setting bar to 0 via the MOM mechanism) to prevent exposure to potential insolvencies.

Governance Security Module

It is anticipated that Maker governance may want to make further parameter changes to account for rapidly changing market conditions over the coming days. Reducing the governance security module delay will allow for greater agility. This update should be calibrated to balance desire for quick governance action against the need to maintain vigilance and protection against potentially malicious governance proposals. A GSM delay of between 12 to 24 hours could be considered, at the discretion of the Protocol Engineering core unit.

Timeline and Next Steps

Proposal(s) implementing the above changes are expected to be posted in the next ~12 hours or less. The changes may be split into several independent proposals at the discretion of the Protocol Engineering core unit, to ensure timeline implementation of the most critical updates and overall efficiency and safety. Voters are encouraged to review and support the relevant executive proposal(s) as soon as possible.

Edited by Patrick to update GSM delay value in top-level post

@Core-Facilitators @Recognized-Delegates

Why wouldnt a first emergency proposal use the Oracle Instant Access Module to set all these vault types oracle to 0 to pause them immediately, and then another exec to set the debt ceiling to 0 that still requires the 48hour wait and restore the oracle prices to re-enable them again?

@ChrisB Agreed. We shouldn’t risk another 1.9B (950M * 2) USDC flowing into the system to further endanger the peg.

Personally don’t agree on the aave D3M. The current DC is low as it is.

Otherwise really good proposal and good thinking. Thanks for the swift action here.

This is proposed to increase in passed vote on Monday. Hate to pull funds from friendly protocol but I feel this is the prudent option.

Increasing tin is great.
But what is the math behind the 250m gap modification? (Which will significantly reduce the gains from the tin)?

Let USDC_depegged be the value of 1 USDC on the event that USDC permanently loses the peg.

Hence, at our current 3.5b exposure,

depeg_loss = 3.5b * (1- USDC_depegged)

Examples:
USDC_depegged = 0.99 usd → depeg_loss = 35m
USDC_depegged = 0.95 usd → depeg_loss = 175m

Maybe we can survive a 1% depeg (to 0.99) but probably not much more.
So what is the point of the 250m gap modification? We are already too exposed.

I think it makes sense to keep the current gap and bet on the event that USDC does not depeg, and make money from the tin.

But i’d really like to see your math and be convinced your proposal is right.

Confirming that we are treating this as an Emergency situation as per MIP24 due to the risk to the peg.

GovAlpha, PE, and Risk Core Units have been in communication for the past few hours and will continue to be so throughout the day.

GovAlpha will keep in touch with delegates and other known large holders throughout today as we approach the time of the vote to ensure that an emergency executive will be passed as quickly as possible. PE have already started working on the relevant code. Once live we will ensure that the voting portal links are shared as widely as possible.

We would like to share our opinion the changes to the USDC PSM.

1. Temporary shutdown the USDC PSM to further anymore exposure to USDC

Reason: Technically USDC will depeg by a MAX of 8.25% if the SVB only holds 3.3B of its 43B of assets. Further exposure will increase the correlation of DAI towards a MAX depeg of 8.25%

2. If shutdown not possible, change the parameters:

• DEBT CEILING @ 2B,
• TIN @ 2%
• TOUT @ 0%
• GAP @ 10 to 25M

Our stance is conservation not gambling the protocol success away.

Main reason is that currently there is a large probability of general panic in the crypto market which can result in significant demand for dai to unwind vaults, which could push the price above 1.

We want to limit exposure towards USDC but still allow for dai liquidity in the case of large market drawdown.

The 250M figure is based on an estimate of how much liquidity would potentially be needed in such a case.

I am not sure I explained myself.
I am advocating for “tin increase” but “no gap change”.

The argument for “gap change to 250m” seems to be to “limit exposure towards USDC” but that seems a bit late to be honest, we are already too exposed.

My request to @monet-supply was to see some actual quantitative calculations.

Maybe I’m missing the point entirely, but how does leaving the Psm on help if Dai demand goes above 1 (it’s already above 1 relative to usdc which is why no outflows). Leaving it open soon as gap fires it will be absorbed instantly and in a market crash, demand for Dai increases but the Psm is already maxed out in the Dai it can give so how does leaving it open for 48 hours help with anything?

It’s just free money being given away?

Or I’ve misunderstood something entirely

Update: Ok, I’ve just been told the Psm doesn’t use an oracle so it isn’t possible to use the IAM to instantly freeze the psm. Ill drop this point now

what u are proposing is degen gambling, where they are mitigating risk

Yes i agree on a temp shutdown of the USDC PSM, for further entanglement with USDC

I am asking for some math to be made public.
I want to see some quantitative analysis from the risk team and not just “we feel this is OK”.

We need asap work on auditing and implementing the PSM v2 with oracles so we can use market price of USDC (capped to $1) when inflow and market price of USDC (floored by $1) when outflow.

This will not solve this crisis (too late) but might the next time.

It also shows that we should diversify exposure to stablecoin not doubling down on USDC. Moreover, we should move faster on off-chain MMF and tokenized MMF.

Thank you for the proposal. Can someone please clarify what this means: " We are proposing to temporarily deactivate the Compound v2 D3M and pull all funds (via setting bar to 0 via the MOM mechanism)" Thanks again!

So makers usdc oracle is hardcoded to $1 right? Which is absolutely unbelievably stupid to me! Or why arent usdc deposits liquidated like eth would be?.. confused why maker can absorb eth being down 50%+ but not usdc being down 10%

This will pull DAI supply from D3Ms which is currently supplied to Compoundv2 and would be supplied to Aavev2 based on current executive vote. The emergency proposal spell will disable both, basically disabling D3Ms for time being.