[TEMP CHECK] Freeze MAI from Aave

Risk
1

Simple Summary

A proposal to completely remove MAI from Aave V3 Optimism and Arbitrum over centralisation risks.

Motivation

The objective of this proposal is to improve the quality of decentralised collateral on Aave by removing MAI, even from the isolation mode.

Below is the explanation and the data for the same:

As per this ARFC, MAI is a decentralized stablecoin minted by the Qidao Protocol. However, MAI seems to be controlled by a 2 of 4 multi-sig completely in the control of the team.

Specification

Looking at MAI contract, it can be minted by OnlyOwner here:
image

and, the owner is a multi-sig
image

which is controlled by these four addresses, under the 2 of 4 scheme
image

Out of these four addresses, only one of them seems to be publicly admitted DAO address.

Potential Loss

At combined debt ceiling of $3.1mil, under the hands of only 2 signers, this presents a big risk to the DAO.

If these two actors act not in the best interests of the DAO, Aave can lose upto $3.1mil.

Disclaimer

I am not associated to QiDAO or any other competing DAO. I am doing this to add value to the community.

Next Steps

  1. Discuss over possible flaws in the proposal.
  2. Discuss other ways to mitigate this risk.
  3. Develop a long term strategy to prevent this in the future.

Edits

  1. Changed from ARC to Temp Check
  2. Changed Remove to Freeze
1 Like
2

Hello @IncentiveLord and thanks for publishing a proposal.

  1. ARC process has been deprecated, is this proposal a temp check or a ARFC? following governance guidelines a TEMP CHECK for offboarding would be more fit.

  2. Aave is a decentralized & permissionless protocol, an offboarding can’t happen overnight as the protocol can’t (and thxfully) touch user positions, are you advocating for a freeze that will remove the capabilities to have any additional deposits & borrows of this asset? followed by a offboarding plan making deposit unattractive via modified risk parameters and reserveFactor?

  3. MAI is present since a long time on Polygon market, are you targeting MAI in general or only MAI on Arb & optimism?

  4. The ACI is not in favor of this proposal as we’re supportive of stablecoin diversity and do not consider MAI as a particularly risky asset for the protocol. but if this proposal reach support on TEMP CHECK snapshot stage, we will assist with ARFC & AIP stage following our policy to support aave governance.

Disclaimer: I own QI & vQI representing a small portion of my portfolio.

3

Thanks @MarcZeller for the reply.

  1. This is one of my first governance contributions. Will check now.

  2. Yes, freeze followed by offboarding.

  3. Though Polygon has a higher security assumption at 3 of 5 multi-sig, I will update the proposal to include Polygon as well.

4

Here’s the updated temp check.

Simple Summary[Updated Proposal]

A proposal to freeze MAI from Aave over centralisation risks.

Motivation

The objective of this proposal is to improve the quality of decentralised collateral on Aave by freezing MAI, even from the isolation mode.

Below is the explanation and the data for the same:

As per this ARFC, MAI is a decentralized stablecoin minted by the Qidao Protocol. However, MAI seems to be controlled by a 2 of 4 multi-sig on Optimism and Arbitrum, and 3 of 5 multising on Polygon. Completely in the control of the team.

Specification

Looking at MAI contract, it can be minted by OnlyOwner here:
image

and, the owner is a multi-sig
image

which is controlled by these four addresses, under the 2 of 4 scheme
image

Out of these four addresses, only one of them seems to be publicly admitted DAO address.

Potential Loss

At combined debt ceiling of $7.1mil on Optimism, Arbitrum, Avalanche and Polygon – under the hands of only 2 signers – this presents a big risk to the DAO.

If these two actors do not act in the best interests of the DAO, Aave can lose upto $7.1mil.

Disclaimer

I am not associated to QiDAO or any other competing DAO. I am doing this to add value to the community.

Next Steps

  1. Discuss over possible flaws in the proposal.
  2. Discuss other ways to mitigate this risk.
  3. Develop a long term strategy to prevent this in the future.

Edits

  1. Changed from ARC to Temp Check
  2. Changed Remove to Freeze
1 Like
5

Hey, thank you for the feedback.

While I don’t agree with your proposal, I think that your concerns are valid and merit action from QiDao. We should post a proposal on QiDao’s governance forum to address these issues.

From reading your proposal, the main perceived issue is the ownership of contracts by a multisig of a few internal members of QiDao’s community.

I’ve spoken to many active members of Aave’s governance community in order to arrive at a solution that best addresses the concerns you’ve mentioned. The general consensus is that QiDao should make certain changes, such as moving to a system similar to Aave Guardians. This of course needs to go through the proper governance process at QiDao. We should see a proposal posted on the QiDao forum sometime this week.

If you have any other feedback for QiDao, I would encourage you to visit the governance forum on QiDao’s Discord. Community members often propose ideas for governance approval and it’s a great way to improve the protocol collectively.

3 Likes
6

Following up on this, the proposal has been posted on QiDao’s governance forum: https://twitter.com/Benjamin918_/status/1660590473583493120?s=20

2 Likes
7

I begrudgingly agree. I was just looking at the implementation of QiStablecoin on Polygon, which is the same token listed as MAI on Aave’s polygon deployment. (0xa3fa99a148fa48d14ed51d610c367c61876997f1)

The contract has a burn function, shown below:

    function burn(address account, uint256 amount) external onlyOwner() {
        _burn(account, amount);
    }

The owner of this contract is a Multisig (0x3FEACf904b152b1880bDE8BF04aC9Eb636fEE4d8), which is a 3/5 multisig. This should not be acceptable.