Add MAI Market on Base (Borrow-Only) - CLOSED

Please note that this proposal aims to add MAI as a borrow-only asset to Moonwell, meaning that the CF for MAI should be set to 0%.

General

• Token Asset Name: MAI

Description of the project and the token

MAI is a CDP stablecoin that is native to Base. It is not connected to MAI on any other chain. The only ways to mint MAI are via (1) CDP loans with cbETH, wstETH, WETH, and AERO, or (2) the peg stability module with USDC.

MAI on Base has an impeccable peg. Given it’s interest rate mechanism, any depegs can be corrected via adjusting interest rates or increasing incentives. MAI on Base can be tracked here: MAI (Base) Price: MIMATIC Live Price Chart, Market Cap & News Today | CoinGecko

Benefits to the Moonwell Community

It cannot be underestated how benefitial this integration can be for Moonwell. Being the only native CDP stablecoin on Base, MAI can provide a strong avenue for increasing liquidity on Moonwell’s deployment.

Bootstrapping the market

Integrate moonwellMAI into a new stablecoin, using Reserve Protocol (rMAI). This stablecoin will use yield earned from Moonwell to provide voting incentives on Aerodrome. In addition to this yield flywheel, QiDao will provide extra voting incentives for rMAI-MAI. This will considerably increase the available stablecoin liquidity on Moonwell.

Use cases for MAI market on Moonwell

Having MAI on Moonwell will allow users to farm MAI yield opportunities without having exposure to MAI. This can be done by borrow MAI with other stablecoins as collateral, something that cannot be done already at QiDao.

Resources (Website, Social Media Links, and docs)

MAI’s documentation is the best place to learn more about its architecture: [unable to link due to link limit]

website: https://app.mai.finance/
twitter: https://twitter.com/QiDaoProtocol

The proposal author’s contact information

Our team is already in contact with Moonwell’s team for over a year. You can contact the author at Benjamin891 on Telegram.

The relationship between the author of the new market proposal and the token

Author is a team member at QiDao Protocol.

Market Risk Assessment

• Market cap of the token: MAI on Base has a circulating supply of 3M+.
• The largest central and decentralized exchanges where the token is listed and its respective liquidity: Aerodrome
• Volatility per Gauntlet’s definition (30 days, 90 days, 1 year): L2M: 0.006564136192
• Average daily trading volume on CEX and DEX: L1M: $143,375 (upward trending)

Decentralization

• List the top 10 token holders, the percentage held by each holder:

Top holders are currently farming MAI on Aerodrome. The largest single holder currently holds 7.6% of the supply. Please see the following breakdown of MAI LPs:

1. DeBank | The Real User Based Web3 Community
2. https://debank.com/protocols/pool/0x2cc76ef706b2fc694f86c633b880a6dde81687f1/base/holders

• List all of the privileged roles in the token contract. This can include whitelisted EOAs, Multi-sigs, or DAOs.:

MAI minting ability by Guardian Safe for the purpose of managing debt ceilings at the CDP engine. This is similar to the model followed by DAI, MIM, DOLA, and other CDP stablecoins.

• Is the token pausable? No
• Does the token have a blacklist? No

Smart Contract Risks

Codebase & On-chain Activity

• All contracts related to QiDao Base are verified and can be seen here: [unable to link due to link limit]
• Give the age of the token in days: 1,091 days
• Provide the number of transactions in the contract to date: MAI standard contracts have over 10M cumulative transactions

Security Posture

• What audits, if any, were performed? MAI has had 2 audits: [unable to link due to link limit]
• Provide emergency contacts with their estimated response time/availability: the team is available 24/7. Both Moonwell and Guantlet have group chats with the QiDao team.

Upgradability

• Is it upgradeable? No

Oracle Assessment

• The safest way to price MAI debt is by assuming a $1 price of each MAI debt. This is a long-held standard by QiDao, MakerDAO, Liquity, Inverse, Abracabadra, Angle, and all other CDP stablecoin issuers. Since MAI is not being proposed as a collateral asset, there are no angles by which Moonwell could be manipulated if MAI debt is assumed to be $1. If, at a later time, a proposal is brought up to add MAI to Moonwell’s collateral basket, at that point an oracle should be provided.

• Please provide an analysis of the price deviation from the underlying asset; ie. over the last 180+ days, how much has the price of the token on centralized or decentralized exchanges deviated from the price of the underlying asset?

MAI has kept its peg on Base (normalized volatility of 0.0065) , as can be seen in the following CoinGecko page: MAI (Base) Price: MIMATIC Live Price Chart, Market Cap & News Today | CoinGecko

• What specific events might cause the price to “depeg” or no longer be the same as the price of the underlying asset?

MAI can depeg is currently holders sell their MAIs in a coordinated fashion. No user holds a considerable portion of the supply, reducing the risk of a sell-off. If MAI depegs below $1, then it can be arbitraged using the peg stability module. Additionally, interest rates may be increased to reduce supply and reestabilish peg. If MAI depegs above $1, then users can mint MAI 1:1 with USDC via the PSM to correct the price.

For more information about MAI’s mechanisms, please see its stablecoin economics page here: How Does it Work: Stablecoin Economics | Mai Finance

Stablecoin economics: How Does it Work: Stablecoin Economics | Mai Finance
All contracts: https://docs.mai.finance/functions/smart-contract-addresses

MAI Base tracker: MAI (Base) Price: MIMATIC Live Price Chart, Market Cap & News Today | CoinGecko

MAI Asset Analysis

Gauntlet is currently evaluating the potential inclusion of MAI as a borrowable asset on Moonwell Base. Although the proposal only seeks to list MAI for borrowing purposes, Gauntlet advises that certain criteria should be met to foster a more robust synergy between MAI and Moonwell before proceeding with the listing.

Complexity of Incentivization

The proposal to integrate moonwellMAI with Reserve Protocol (rMAI) raises several concerns. Firstly, the integration would likely increase the overall complexity of the system, making it harder to manage effectively and more vulnerable to potential weaknesses or exploits. This added complexity may also lead to a higher risk of errors or issues during the implementation and execution of the integrated system. Additionally, while the proposal suggests that QiDao, a decentralized lending platform, will provide additional voting incentives to temporarily boost liquidity, there are doubts about the long-term sustainability of these incentives. If the QiDao incentives are not sustainable in the long run, the initial liquidity levels of the integrated system might be negatively affected once these incentives are reduced or discontinued, potentially impacting the overall performance and stability of the integrated system.

Liquidity

When considering the listing of an asset on Moonwell, either as collateral or solely for borrowing purposes, it is generally recommended to strive for high liquidity levels. Adequate liquidity ensures that Moonwell has sufficient opportunity to generate revenue from the listed asset. Currently, MAI exhibits a 25% slippage with a liquidity of 1.9 million tokens. Although some assets on Moonwell may have lower liquidity compared to this benchmark, it is important to note that these assets are presently undergoing a de-risking process. From a risk management perspective, operating with lower liquidity levels is not an ideal situation, as it may expose the platform to potential vulnerabilities and limit its ability to effectively manage risks associated with the listed assets.

image974×924 61.8 KB

Liquidations

We would like to request additional information from QiDAO concerning their liquidation process. According to the current documentation, there is a concern that liquidations on QiDAO may not be executed atomically. This may have an impact on Moonwell’s risk profile. To ensure that we have a clear understanding, we kindly ask QiDAO to provide further details and clarification regarding their liquidation mechanism.

image811×192 28.3 KB

Hi Benjamin, I was unable to find the MAI audits on your website. Both audits linked here are unavailable on the web: Security | Mai Finance

Would you mind providing your audits so that we can research the security of MAI a bit?

Thanks in advance!

hey folks, thank you for the thoughtful feedback on the proposal. Will address each point individually.

Complexity of incentivization

QiDao has put years of research into it’s current incentives regime. The current cost of capital for MAI is below 0%, as fees from trading on Aerodrome outweigh the cost of incentivizing MAI pools. On top of that, all MAI in circulation earns the protocol 10%. As such, the protocol has plenty of room to incentivize MAI use cases while still keeping profit margins close to 100%.

Liquidity

It must be kept in mind that a 1.9M trade would account for 50% of all MAI available. It is highly unlikely that such a large percentage of MAI would find itself in one lending market. Additionally, over 50% of MAI (around $2M) can be redeemed at any point using the protocol’s peg stability module for USDC at a 1:1 rate. This adds a considerable amount of liquidity to the stablecoin on top of the liquidity pools on Aerodrome.

As Base MAI grows in market cap, liquidity will scale with it given the fees-to-incentives flywheel.

Liquidations

The current liquidation system has been in effect for 3 years with over $3bn in loans processed. In that time, no issues have been encountered with liquidations. Much like on Aave, Compound, and other major lending markets, liquidations are fully competitive. This means that any actor wishing to perform the arbitrage transactions can do so on a first-come-first-served basis. In exchange for liquidations, users can get a 10% bonus.

We have a very thorough deep dive on liquidations at QiDao here: Liquidations | Mai Finance

Could you expand on why liquidations would not be completed automatically?

hey ser, here’s a doc with the latest public audit for the codebase. As can be seen in the audit report, no tangible issues were found with the protocol contracts.

Link: Mai Finance - Qi Dao Security Audit - October 2021 - v1.3 - Google Docs

Hey, this audit is unlike anything I’ve ever seen before. Is there any type of severity or impact rating for each finding? Most audits categorize each finding into a severity, such as critical, high, medium, low, informational, and most categorize the impact into whether it can cause loss of funds, denial of service, griefing, etc.

There are also missing graphics and it seems like this audit is incomplete compared to the original version. Notice the missing images/exclamation marks:

Screenshot 2024-05-08 at 10.25.12 PM1854×2138 206 KB

Screenshot 2024-05-08 at 10.25.54 PM1670×2248 259 KB

I also find it incredibly hard to believe that nothing has changed in the MAI protocol since 2001.

Please do the following:

• Provide an audit that includes common best practices such as a severity level for each finding, as well as potential impact, and whether it was remediated, acknowledged, etc.
• Provide a complete list of smart contract changes since the audit in the form of Github/code changes/diffs, and whether those changes were audited or not in a subsequent audit.

Thanks in advance!

hey ser

The audit covers all aspects of the code. graphics are for illustrative purposes only (had to export from PDF).

On the first bullet point, are you asking for a new audit?

I’m simply saying that this audit does not comport with best practices for most smart contract audits, and would not indicate a level of safety or security that would be required to add support for a MAI market.

The audit is incomplete and parts of it are missing.

• Can you please upload a complete audit without missing images or sections?
• Do you have an audit that covers any upgrades or improvements made since 2021?
• Do you have an audit that indicates whether findings were remediated or not?

Thanks in advance.

Gotcha, so you would prefer a new audit of the code, as this audit is the latest public audit on the code.

I think given the years of testing and billions in loans processed, the code has undergone more scrutiny than any auditor in the space could match. If listing on Moonwell requires a new audit, then it might not be the best fit for MAI (cost/benefit wise).

This is a lazy security argument, you’re basically saying “we don’t have a good audit, but trust us, it hasn’t been hacked before…” This type of thinking has led to many losses of funds.

But I’m not a gatekeeper. The community can decide. I’m just providing guidance as a contributor with many years of DeFi experience and smart contract security experience. You are free to put this proposal up for a temperature check vote and see what the community thinks. I don’t want to discourage you from doing that. I do think your proposal will have a greater chance of success if you have a higher quality audit.

Blindly trusting auditors is what has led to many losses of funds. QiDao has an impeccable security track record because we dont rely on less-experienced devs at auditing firms to review our code. We have top tier talent and we also leverage peer devs at other blue chip projects.

If you want a new audit that comports with your idea of a good audit, then this is not a good fit. Auditors will add no material warranties to the safety of our code. It’s just a lazy way of doing due diligence.

If you want to say you should not need an audit just show us the following:

• formal verification for all system components
• extensive invariant testing
• extensive fuzz testing
• symbolic testing
• internal code review logs detailing all code reviews that took place, bugs that were found, and how they were remediated
• 100% unit test coverage
• 100% integration test coverage with all possible scenarios covered
• static analysis
• documentation on attack surface
• protocol architecture documentation