A Multichain Strategy and Roadmap for Maker

The aim of this forum post is to present a bird’s eye view of the Layer 2 ecosystem and the various opportunities that exist. By presenting our interpretation of the multichain landscape we hope to be able to (1) Guide and engage with the broader community on this specific topic, (2) Gather feedback regarding the various opportunities, and (3) Align technical and development resources to agree on a strategy for how MakerDAO should embrace this new and complex landscape.

This approach will help to define our collective focus on the Layer2 priorities that exist - specifically, which ones offer the right balance of growth, exposure and security to protect the integrity of DAI as a stablecoin across multiple chains. We welcome community feedback and plan to host a series of AMA / discussions in the coming weeks as we solidify the strategy and roadmap for the coming months.

Today’s Multichain Environment

We currently stand at the cross-roads of two questions:

“How will DeFi grow?” and “Where will the liquidity go?”

The rapid and evolving growth of DeFi makes these difficult questions to answer; Will it be one chain? One Layer2 implementation? Will liquidity concentrate in one or multiple places? It appears that at this nascent stage, concentration in any one particular place is unlikely due to the innovation and development happening in various ecosystems.

Ethereum is likely to become a global settlement layer (think of it as the Manhattan of crypto), in this context it is unreasonable to assume that everybody will fit into a single “city” where property prices skyrocket. Instead, people with growing DeFi needs will establish new, thriving communities by creating their own islands. Haseeb Qureshi also draws out this line of thinking in ETH2 Cities, Suburbs, Farms where “blockchain urban planning” and sharding will be used to meet demand.

Nasa photo1432×681 342 KB

(above) Apps may cluster into rollup, chains or sidechains based on their need to maintain close communication ties - the same way populations tend to cluster in regions and cities.

Expanding upon this, there is no reason to assume that people would not go to places where it is cheaper to live or have a better job - similarly, in the case of DeFi, people will be drawn towards the highest yield. Therefore, we need to capture the value as it exists in these different blockchain environments and allow the value - denominated in DAI, to flow safely between them. In some cases, value is unlikely to flow out of cities (Solana, BSC etc) and so there is a competitive advantage for us to capture this value where it lies. The multichain environment is a diverse and growing universe of ecosystems:

Environment1781×362 69.9 KB

This is an evolving environment where it is not only the ecosystems that change, but also the bridges and technical implementations that determine the rules within which they operate. This movement of tokens introduces technical risk that must be assessed for different Layer2 solutions.

A Deeper Dive: Scaling and Scalability/Security trade offs

Without going into the weeds of the semantic discussion of what constitutes a “true” Layer2 scalability solution, the scaling trilemma still applies to every chain that claims to provide “better scalability and cheaper transactions”. What makes DAI unique and powerful is that it is built on the most decentralized smart contract platform today, i.e. Ethereum, that, in its long-term vision, will try to achieve scale without compromising on decentralization (and - as a corollary - security). Given that DAI is non-upgradable, it inherits much of its security and properties from base-layer Ethereum (e.g. censorship resistance). Suffice to say that every scaling solution, including Rollups, adds an additional security risk that MKR holders, DAI holders and Vault users should be aware of.

Similarly, each new collateral type should be looked at from financial and technical risk perspectives. Extending the MakerDAO protocol to new chains necessitates a thorough analysis of security assumptions and risks that these new chains or Rollups introduce. While on Ethereum we tend to ignore the very real technical risks associated with Ethereum itself (e.g. if Ethereum breaks down, the whole DeFi ecosystem including MakerDAO will break - we can therefore consider this to be a systemic risk that we simply accept). When we consider moving DAI or minting DAI on other chains, these risks become real and cannot be ignored by MKR holders.

Examples of such risks are:

• New, possibly untested and hard-to-audit cryptographic primitives used in zkRollups
• Complexity of the new AVM on Arbitrum or the strategy for handling Ethereum hard forks on Optimism on Optimistic Rollup Platforms
• MassExit problem on Plasma-based chains
• Cartel formation in DPoS systems
• Upgradability and reliance on MultiSigs on most platforms
• Risks related to data availability
• Security assumptions underlying bridge operators and the risks related to funds being frozen / seized there
• Risks associated with using sidechains as opposed to L2 Rollups that inherit their security from base-layer Ethereum

Based on the risk evaluation framework, Maker holders can choose to either;

• Support the above chains by allowing direct minting of DAI using collateral from these, or
• Support (underwrite) different bridges smoothing transfer of DAI from Ethereum to these chains so that it is cheaper and safer for end-users to use DAI there or,
• Entirely refrain from directly supporting these chains at a protocol level, thereby leaving it up to the community to decide how DAI should be used on these chains (as is the case for most current sidechains like BSC, Polygon, Klaytn, etc…).

Types of Bridges

Most end users tend to think of moving DAI from one chain to another as similar to moving USD from one bank account to another bank. Perhaps an even better analogy would be depositing DAI to a centralised crypto exchange, where DAI disappears from a user’s wallet and credit appears in the user’s exchange account. A similar user experience can be provided on platforms such as Loopring and dYdX (both being ZkRollups), where there is only a single way to deposit and withdraw tokens.

On a permissionless blockchain, however, where everybody can deploy their own bridge, it is far more likely that users will have more than one bridge to choose from, like in the diagram below:

In this example, each bridge (Bridge A and Bridge B) will create its own “version” of DAI on a child chain - these different versions of DAI won’t be fungible (similarly to, say, wBTC vs renBTC). Moreover, if the MakerDAO community does not control the narrative around the DAI brand, end users may end up having many different non-fungible versions of DAI in their wallet creating potential confusion.

An example of this can be seen on multichain.xyz (two versions of DAI on Ethereum-Fantom bridge) or Polygon (two different versions of non-fungible DAI depending on whether the PoS or Plasma bridge was used)

Multichainxyz1633×501 44.5 KB

Furthermore and more importantly, each bridge may have different functionality and security models ranging from being fully permissionless, non-upgradable bridge, where its behaviour is formally defined and verified, compared to a scam designed to lure users into a false sense of security by depositing their tokens, only to rugpull them later e.g. through an upgrade mechanism.

On permissionless chains, where everybody is allowed to deploy any token and bridge, it will be ultimately up to the community to reach social consensus on what is the “true” DAI on a child chain. MakerDAO community can either create and support their own bridge (more on that below) or simply endorse one of the existing bridges. Likewise, at the UI level, we may see centralised UIs favoring one “version” of DAI over another, or where UI developers adopt standardization efforts and token lists with social consensus around which token is the “real” token that is - for all intents and purposes - fungible from the “original”, and which should be considered a wrapper / synthetic asset.

Maker’s Opportunities and Challenges

The evolving multichain ecosystem provides both opportunities and challenges for the Maker protocol that need to be recognised and discussed.

MakerDAO is uniquely positioned to take advantage of the growing ecosystem by:

• Providing cheap access to DAI on Rollups and Sidechains for users currently priced out of Ethereum due to high gas prices. By doing so, the demand for DAI amongst retail users will increase.
• Allowing minting of DAI directly on L2s and other chains using whatever collateral is available on those chains. That will promote growth in the overall supply of DAI.
• Minting DAI to provide virtually unlimited liquidity for fast withdrawal bridges, chain-to-chain communication channels (see Connext, Hop) and other protocols potentially suffering from a liquidity crunch
• Using collateral that is native to other chains including base tokens such as FTM, SOL, AVAX, etc… without needing to bridge and wrap them on Ethereum

The complexity of the multichain world brings new challenges and risks, including:

• Many versions of DAI create confusion in the community, especially amongst retail users
• Minting rights for DAI outside of L1 Ethereum creates a serious attack vector if the minter is compromised (unlimited amount of L2 DAI could be minted and withdrawn to L1)
• DAI can get stolen/stuck in the L1 part of the bridge (either through user error sending DAI to the bridge or a bug in the bridge)
• Collateral on L1 that is currently used to mint DAI may be increasingly moved to various L2s or other chains in pursuit of better yield opportunities flowing out of current Vaults, thereby reducing the overall amount of collateral that is available to mint DAI on L1 Ethereum
• Complexity regarding collateral liquidations and global settlement will greatly increase

Maker protocol needs collateral to mint DAI. If more and more collateral is moved to other chains, Ethereum may eventually become a global settlement layer for these chains / rollups while most of the actual DeFi transactions will happen on L2s. The Maker protocol will need to chase the value flowing out of Ethereum while properly managing risks and maintaining the base ledger of all DAI minted in the entire multichain universe. Ultimately, when the multichain ecosystem matures, in the post ETH 2.0 world, it may be worth considering moving Maker’s ledger (VAT) onto a rollup with most liquidity (for composability) or its own Rollup (for speed of execution and the low cost of Oracle updates)

Maker Strategy for Multichain Ecosystem

Various protocols employed different strategies towards a multichain ecosystem. These vary from:

• Building a Sidechain / Rollup:
  • Compound Cash
  • Loopring Exchange
  • dYdX (zkRollup on StarkDEX)
  • ImmutableX (Validium on StarkDEX)
• Selecting a specific scalability solution / rollup. This strategy places a bet on a specific scalability solution ultimately tying it’s users to it. Examples include:
  • Synthetix on Optimism
  • Uniswap on Optimism (and now, potentially on Arbitrum as well)
• Deploying on multiple chains (Polygon, BSC, Fantom, Avalanche, etc…)
  • Aave, Curve, 1inch, SushiSwap, mStable, PoolTogether, Frax Finance, bzX, Augur on Polygon

There is no one strategy that fits all. What makes sense for one project (e.g. a DEX that may want to get deployed on different chains) will not fit the needs for other projects (e.g. an NFT issuance platforms or Games that may want to choose one particular Rollup).

We recommend that the The MakerDAO community focuses on two primary use cases:

• Bridging DAI that originated on L1 to other rollups / chains so that DAI is cheap for end users to use.
• Assessing the feasibility of minting DAI directly on other chains using collateral that is available there. For this to be achieved, an appropriate risk assessment and framework must be developed.

The ideal solution would aim at making bridged DAI and minted DAI fully fungible so for the end user this is the same DAI. This is ultimately possible only if MakerDAO controls the bridge used to transfer DAI to other chains / rollups. DAI bridged with third party bridges should be always considered “wrapped” DAI (see e.g. KDAI on Klaytn or bridged DAI on xDAI). This diagram shows the concept of “wrapped DAI” created by a third-party “Uni Bridge” vs DAI created by a “Maker Bridge” that can be fungible with DAI minted directly on L2:

Maker Bridge 31211×786 50.4 KB

Proposed Roadmap for Community Discussion

Note: the Optimism DAI bridge was already approved by the community

1. Create a Risk Framework to assess different scalability solutions.

2. Design a blueprint for minting DAI on L2 while still tracking all minted DAI in the “Vat” L1 base contract. This could include implementing a special ilk-type that would allow minting a capped amount of DAI (depending on the security risk of a given L2). This DAI would be immediately locked in a bridge so that it is available for users minting DAI directly on L2 and wanting to move it to L1.

3. Optimism (see announced roadmap)

4. Deploy the upgradable Maker bridge to make DAI available as soon as possible

5. Implement a fast withdrawal scheme

6. Allow minting of DAI directly on Optimism

7. Set up a PSM-like contract that allows users to swap wrapped DAI that will be created by third party bridges with DAI minted through Maker bridge (if it is safe to do so)

8. Arbitrum - According to the recent announcement Arbitrum plans to launch their mainnet on 28th of May. As their architecture is very similar to Optimism, we propose the same steps as with Optimism

9. Continue working with Starkware and zkSync to create specific roadmaps aimed at making DAI available on these chains in a manner that will allow direct minting of DAI there in the future

10. Explore Non-Rollup Scalability Solutions (Polygon, Klaytn, Avalanche, BSC, etc…) - given their much weaker security (they do not inherit Ethereum’s base layer security like L2 Rollups) work primarily with the Integration and Growth Teams to help properly and safely bridge DAI and track DAI liquidity

Additional thanks to the Protocol Engineering Team, in particular @bartek , @hexonaut and @krzkaczor for coming together to document our thoughts. As a team we welcome community questions and feedback and will be following up with an upcoming AMA / Discussion to dive into the next steps and share our L2 progress. Thank you!

100% agree with this.

You just described the equivalent of counterfeit money–which to be honest is more than likely unavoidable. Who’s to say that some of the DAI in chains like BSC are not original DAI minted via Maker. I believe All, including USDC will have this issue. Probably why their won’t be a “Stablecoin” to Rule them All.

BTW, these L1s are All working on EVM compatible (support) solutions

I wouldn’t call it counterfeit – wrapped DAI can be 100% properly collateralized by L1 DAI in a decentralized bridge. It has value (b/c it’s exchangeable 1:1 to L1 DAI) but it doesn’t exactly behave as L1 DAI (slightly different interface). Finally, it cannot be fungible with L2 DAI produced by DSS deployment because DSS doesn’t have minting rights.

I can’t come up with a good TradFi metaphor…

The tradfi metaphor is GDRs and ADRs

Global Depository Receipt
American Depository Receipt

Right, good ole’ ADRs. @krzkaczor I meant someone can spin-up an AMM on BSC and create a liquidity pool with BUSD/SyntheticUnauthorizedDAI – would be easy to fool newbies on BSC. But I get your drift–TY for the input

EDIT: By no means am I only picking on BSC–I’m seeing a lot odd things being spun-up on Solana as well. Some are hilarious like Degen Banana

Such a bridge with one operator would probably be considered a Money Service Business and would require KYC/AML from Alice and Bob (or violate U.S. law) and FinCEN registration. We have a legal opinion on the topic

… and creating opportunities for services like Component or Curve or Uni v3 or Balancer with low slippage between bridged stable tokens.

Well, there are federated bridges managed by broad and decentralized governance, which are audited, with years of track record without major security incidents. The ranging of models is actually stressing on showing tails of normal distribution of different designs which are not used in production. Most bridges are federated and upgradable, and minority are scammy or to be permissionless. What’s your point?

agree till you see fractioned Dai. e.g. Dai mintable by a third party bridge without 100% reserves. or Dai compounded (rehypothecatated) on the Ethereum side which will create more Dai supply than locked in the bridge. We did it once with DSR by converting Sai to Chai on xDai bridge till DSR went to 0. Now we are working on compounding of locked Dai (~20mm Dai locked in xDai bridge)

It’s kind of like the good old days of Wildcat Money (mid-1800s), when American banks could mint their own currencies. Some were sound, others not so much. Any dollar issued that was backed by gold that could actually be redeemed would have been worth the same. But some banks weren’t so reliable… (ringing any bells?)

So long as you can get your hands on the L1 Dai backing the Wildcat Dai, you’re good.

Such a great analysis!!

such method is used in science and known as retrospective study which is a research method that is used when the outcome of an event is already known. E.g. if you know that Dai can be redeemed from some bridges for a long time while being locked in a hostile and also open environment than most likely it can be redeemed during the same constrains in the future.

Btw, many have asked how much Dai is already bridged over to other chains and here are the numbers.

Most bridges are federated and upgradable, and minority are scammy or to be permissionless. What’s your point?

The point is that if anybody is allowed to deploy a bridge easily (this will be the case with e.g. Optimism or Arbitrum using their generic L1<–>L2 message passing infrastructure), we will undoubtedly see many bridges allowing users to deposit DAI into them. Some will mint wDAI on L2s, some may only pretend to do so. Others will mint wDAI but they will allow their owners to steal all deposit DAI. These bridges will be alike ATM Cash Deposit Machines. Some will be legit, some will be scams.

Fantastic post. Thank you.

On the two proposed areas of focus:

Where does this:

fit? Actually I think I don’t get what that describes exactly.

On having canonical, Maker-blessed DAIs for each L2: that seems very important and worthy of early focus. I can easily picture many users going for a non-confusing L2 stablecoin rather than expending the mental energy necessary to choose among 4 versions of DAI.

Optimistic rollups suffer from 7-day withdrawal period. You can alleviate this through so-called LP-assisted exit, but that requires liquidity. MakerDAO, given that it can mint DAI, can provide unlimited liquidity to support fast withdrawals as described here.

If you mint DAI directly on L2 and want to withdraw it to L1 (which, IMO, you should be able to do), protocol also needs to ensure that there is enough DAI in the bridge

Finally if you mint DAI on L1, you may want to bridge it to L2 to enjoy cheap and fast transactions

These are three very different use cases

Thank you! That sounds important on any L2s with DAI, whether L1 or L2 DAI.

@Derek First of all, this is awesome! It’s great to see deep engineering thinking going on behind the scenes. This topic brings up a huge number of technical, security, existential and risk (both technical and financial) questions, which you exposed with mastery. I am totally with you on the analogy of Ethereum as a base financial layer, which will someday transform DeFi in simply Fi. I’ve made a few comments or questions below. Some of them, I have some ideas on options to consider others it’s purely to help with the thought process designing the analytical framework to move forward.

This development of L2, sidechains and rollups is mind-bending. For end-users it may cause confusion in the early days while exploratory, but I think it will be eventually more of an engineering issue. I think we may need to consider reflecting on it based on a parallel like the evolution of Linux distros and how frameworks were developed by engineers to make choices for their organisations. The majority of end-users have no-idea what servers their apps run on. But the engineering challenges working across platform infra & OS can be daunting. Same will happen in DeFi imho.

This brings some challenging risks, technical and financial. A new collateral type on another bridge / rolloup inherits its own L2 native implementation risk on that chain and that of the brigde / rollup itself. We never consider those on L1 because we assume it secure. We just look at some sc audits. Security stamps will need to be way more rigorous for those L2 implementations to give similar level of confidence. Not all security houses will be up for that task. In my view, Risk teams also would have to become very very security conscious to talk a similar language of engineers and security folks. From a financial risk pov, L2 collaterals will likely not have same level of liquidity, or liquidity will be unequal depending on stage of evolution of projects wrt L2 implementations. Also risk framework may have to assume a greater level of “technology debt” risk. Let us assume in the future a new shiny L2 may cause users to migrate collateral to another chain with subsequent dry up of liquidity in the original L2 one where Maker may have allowed DAI minting at some point.

This will be a technical challenge, particularly in zk ones. From a risk and analytics pov, this may be even more challenging to assess risks, as it all data dependent. It would require projects like theGraph or others to be playing catch up indexing L2 sc data for it to be readily available for risk management. And even then data engineering will need to quickly reconcile that L1 and several L2 data for flow of funds to make analytical sense. Composability/Cross protocol risk might be another to consider. With greater inter-protocol integrations like MIP50: Direct Deposit Module, how will we manage these across to L2.

Growth of DAI liquidity will be a plus. Are we assuming then to “port” all MCD smart contracts over to those L2 and have a similar MCD-2, MCD-3, MCD-n across them?

Reconciliation and fungibility of all that DAI will get complex.

Currently, these scenarios are not fully baked in the existing financial models and the implications of these to end-users, both individuals and institutions. This brings serious financial risk imho, which we’ll need to model. It will most likely be theoretical at the start. Our L1 balance sheet of assets could shrink significantly should this move of collateral out of L1 happen fast. We’ll need monitoring of these migrations to cater for that risk, which we currently do not have. From the end user and institutional side of things, this may cause disruptions for DAI liquidity in DEXes and CEXes linked to L1. For crypto educated counterparties the risk is mitigated, but for RWA ones that are largely new to this space, the liquidity risk can be considerable, scaring deals away. And eventually delaying the realisation of the “from DeFi to simply Fi” narrative.

I would recommend to add on this one a “composability” factor to the thought framework. Explore solutions in-line with protocols where Maker has the most integration and shared liquidity with. For example, where are Aave, Uniswap etc likely to be “playing”.

@Derek More than happy to put my Risk/IT BA/SC Auditing hat to assist with work-shopping some of the risks pointed above.

Great article!

Just the opportunity to see the immense amount of work which Maker and its core units do to address fundamental issues of DeFi, is amazing!. I’m very excited to see what the future of crypto holds and, upon reading this article, I’m sure Maker will be a part of it!

p.s.: someone should contact Ethereum community and tell them to change their motto to “Ethereum - Manhattan of Crypto”.

You make an interesting point Igor, I personally had not dived into it from this angle. I’d be interested to see/learn more about the implications from a legal perspective and how to best mitigate. We’ll need to add this to the technical and financial risk framework that @williamr expanded upon above as well.

Cool, thanks @Doo_StableLab . I’ll also point the community to a tool built by @krzkaczor called https://www.l2beat.com/ which shows a number of current L2 projects, value locked, market share and their underlying tech - an awesome tool for a quick overview!

Thank you @williamr , much of the credit must go to @bartek , who has spent many hours conceptualising the theory above and throwing ideas back and forth with the team.

Indeed, as we see more end-customer frontends such as nexo etc, the technical challenges of understanding L1 and L2 will be abstracted away. Services that target the pain points of customers (security, speed, gas costs etc) will come out in front - this is great for the end customer but emphasises the importance for us to conduct technical and risk analysis ensuring that the reputation and security of DAI in whichever L1/L2 environment is maintained and upheld.

100%. We are at the beginning of a scaling journey here - not only are auditors in high demand for existing L1 projects, experience with L2 implementations is limited in this new and complex environment. A good takeaway from your statement is the need for a risk framework/checklist - we need to connect the technical, financial, legal analysis together so we have a holistic view accounting for risks over time.

I would like to engage with a data core unit - there is a wealth of knowledge that can be surfaced in this space not only for protocol engineering but also for Oracles as we reveal where liquidity is flowing and why there is demand.

Pursuing the theme that there is not going to be one solution to meet all needs, I expect there to be multiple implementations - however as we know, MCD core contracts are not something that can be simply copy pasted. I’m hoping we can be proactive, not reactionary by using data to determine where liquidity is going (seeking long-term flows - not short-term cycles) and use that to determine the optimal pattern/replication where needed.

Yeah, it’s pretty theoretical at the moment, I’d definitely like to work with you on what this financial risk could entail - and likewise how we scale these concepts as they relate to real world assets.

Similarly, we have @sctannr leading research into math and computational modelling (currently just for L1) but in time I could see this expand to include L2 variables, thereby giving us a parameter suite to conduct montecarlo-like simulations through computer aided governance to understand the implications of new environments - that’s a little further into the distance but we’re getting there.

All in all, we have a lot of work to do here The immediate steps with Optimism and Arbitrum are our first foray into this space with much more to follow.

Thanks Milan, welcome to the Maker community and the L2 journey!!

@Derek
100%. As the ecosystem becomes more complex I can only see data engineering becoming a core function of everything we do. In my view, this should be a top priority in the Maker roadmap and one of the biggest gaps within Maker atm.

Sounds great. I’ve been doing some R&D for the RWA team to embed those risks into the multi-tranche securitisation model. I think a wider framework may have to be thought to encompass RWA and crypto-native for these risks in a multi-chain environment.

Absolutely. We don’t have to reinvent the wheel for everything here. There are some strong maths/analytics communities already doing solid work in this space (multi-agent computations etc). I know some guys in these communities and have been “playing” with some maths models.