MakerDAO Loans Can Be Gamed to Hold Out Funds From Liquidation, Startup Finds

A loophole in MakerDAO’s collateralized debt market enables positions to be closed far more leniently than intended due to an oversight in the auction process.

AccessTimeIconNov 16, 2020 at 2:00 p.m. UTC
Updated Sep 14, 2021 at 10:31 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Borrowers can close debt positions on lending platform MakerDAO under the 150% collateral minimum with this one simple trick.

A loophole in MakerDAO’s collateralized debt positions (CDPs) market, discovered by Israel-based startup B.Protocol, enables CDPs to be closed far more leniently than the system intends due to a small oversight in the auction market, according to a blog shared early with CoinDesk.

The lending protocol is meant to close positions automatically after collateral backing outstanding dai (DAI) falls below the 150% ratio. But a simple call function provides a workaround while decreasing the chance of being smacked by a liquidation penalty around that value.

If borrowers split CDPs into tiny positions around $100, B.Protocol analysis shows, the Keepers – who bid on liquidated assets from undercollateralized positions – won't liquidate positions because of the difficulties in calculating the profit margin, B.Protocol CEO Yaron Velner said in a phone interview. 

A position – big or small – could theoretically be held under the collateral limit for some time and be closed without a liquidation penalty, he said. Exact values were not provided because of the odd nature of the problem; how long an extension lasts depends on Keepers who don’t seem interested in purchasing small underwater positions, Velner said.

“Extrapolating these results to a Vault of $1M suggests that it will cost around $5K in gas to split it into 7,800 Vaults. Or in other words, one could protect his Vault from future liquidations by sacrificing only 0.5% of his Vault size,” the blog states.

That’s compared to the typical 13% or more haircut liquidated CDP holders usually sustain when their debt-to-loan ratios fall below the minimum threshold. 

Liquidation heuristics

The finding puts pressure on MakerDAO’s liquidation markets, which are already being overhauled by the community. Creating and destroying the platform’s native dai stablecoin is dependent on Maker self-executing liquidations when appropriate. Yet, as B.Protocol puts it, “It is not clear such a threshold exists.” Rather, Keepers rely on vague “heuristics.”

“The core reason for the fact that small Vaults were not liquidated is likely because the liquidators did not find it profitable to initiate the liquidation process,” the blog states.

One decentralized finance (DeFi) arbitrage firm CoinDesk spoke with under the condition of anonymity concurred with B.Protocol’s assessment, adding that other DeFi lending schemes such as Aave or Compound are far simpler. “With those protocols we don't have to price things and just need to consider whether there is enough liquidity,” the source said.

The ten-thousand-foot picture is far more flattering, however. Not only has MakerDAO's total value locked (TVL) shot north of $2 billion, but its ability to address architectural slights on the fly throughout 2020 does give some credence to DeFi's ever-growing dependency on governance tokens.

The finding is B.Protocol’s second in the last few weeks, the last being the use of a flash loan on Maker’s governance portal to close an election early. (B.Protocol offers lending market liquidation products).

The startup disclosed the vulnerability to the Maker smart contract team, which is preparing options for community review Monday, Velner said.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.