Black Thursday refers to March 12-13, 2020, when MakerDAO (now Sky Protocol) experienced the most catastrophic failure in its history as Ethereum price crashed 43% in hours, triggering mass vault liquidations that exposed fatal vulnerabilities in the protocol's auction system [1]. Network congestion drove gas prices from typical 20-40 gwei to peaks exceeding 200 gwei, preventing keeper bots from participating in liquidation auctions and allowing sophisticated actors to exploit the system by winning auctions with zero or near-zero DAI bids [2][3]. The crisis resulted in approximately $8.32 million in collateral being liquidated for essentially nothing, creating $5.67 million in bad debt that threatened DAI's solvency and forced governance to mint 20,600 new MKR tokens to recapitalize the protocol [4][5]. Black Thursday fundamentally reshaped liquidation system design across all of DeFi, directly motivating the Liquidations 2.0 upgrade that replaced vulnerable English ascending auctions with Dutch descending auctions, and remains the defining stress test against which protocol security improvements are measured.
The event's significance extends beyond MakerDAO's immediate losses. Black Thursday demonstrated that economic incentive systems carefully designed for normal market conditions can catastrophically fail during extreme stress when underlying infrastructure (Ethereum network capacity, oracle update mechanisms, keeper bot gas strategies) encounters conditions outside expected parameters [6]. The crisis exposed dangerous monoculture risks where most keeper operators relied on identical scripts provided by MakerDAO Foundation, creating a single point of failure when those scripts proved unable to adapt to unprecedented gas prices [7]. Perhaps most importantly, the zero-bid exploits revealed that sophisticated actors could and would ruthlessly exploit system vulnerabilities during crises, profiting millions at the expense of protocol solvency and regular users whose collateral was seized without corresponding debt repayment.
The legal, financial, and technical aftermath of Black Thursday continues reverberating through Sky Protocol's architecture today. The Liquidation 2.0 system implemented in 2021 specifically addresses Black Thursday's failure modes through Dutch auctions that start with prices above market value and decrease over time, partial liquidation support enabling keepers with limited capital to participate, enhanced keeper incentives through flat tip and percentage chip compensation structures, and auction reset mechanisms preventing completion at excessively low prices [8]. Governance procedures evolved to include emergency standby spells for rapid oracle freezing and liquidation circuit breakers, while the broader DeFi ecosystem absorbed lessons about stress testing systems under extreme conditions rather than optimizing solely for normal operations.
Understanding Black Thursday requires examining the market context that triggered the crisis, the hour-by-hour cascade of technical failures, the zero-bid exploitation mechanics, governance's emergency response including debt auctions and compensation debates, the lawsuits and settlement that followed, the comprehensive Liquidations 2.0 redesign, long-term protocol changes, and comparisons to other DeFi black swan events. This article provides the definitive historical account of DeFi's most consequential crisis event.
Market Context and Triggering Events
Black Thursday occurred against the backdrop of global financial panic as the COVID-19 pandemic escalated from regional outbreak to worldwide crisis, triggering the most severe market crash since the 2008 financial crisis [9].
Global Market Collapse (March 2020)
The week of March 9-13, 2020, saw unprecedented volatility across all asset classes as investors processed the pandemic's economic implications [10]. Traditional markets experienced extraordinary selling pressure with the S&P 500 falling 9.5% on March 12 alone, triggering circuit breakers that halted trading—the first such halt since the 2008 financial crisis [9]. Oil prices collapsed 25% in a single day as OPEC price war combined with demand destruction concerns, while gold—traditionally a safe haven asset—fell 4% as investors liquidated positions to meet margin calls across their portfolios [10].
The VIX volatility index, often called the "fear gauge," surged to levels not seen since the 2008 crisis, reaching 82.69 on March 16 [11]. This extreme volatility reading indicated investors expected wild price swings to continue for months, creating an environment where risk reduction became the dominant imperative across institutional and retail portfolios. Central banks and governments had not yet implemented the massive stimulus programs that would eventually stabilize markets—the Federal Reserve's emergency rate cut to near-zero wouldn't occur until March 15, leaving markets without the policy support that characterized later pandemic response.
The crisis represented a genuine "black swan" event in that the pandemic's severity and economic impact remained highly uncertain. Unlike the 2008 financial crisis where the problem (toxic mortgage debt) and solution (government bailouts and quantitative easing) followed known patterns, March 2020 featured unprecedented uncertainty about fundamental questions: How deadly is the virus? How long will lockdowns last? Will economies collapse? This uncertainty drove the indiscriminate selling across all asset classes as investors simply exited risk positions without careful evaluation of individual asset fundamentals.
Cryptocurrency Market Carnage
Cryptocurrency markets, which had largely traded independently from traditional finance during 2017-2019, suddenly exhibited extreme correlation with risk assets during the March crash [12]. Bitcoin fell from approximately $8,000 on March 11 to below $5,000 on March 13—a 37% decline in 48 hours [12]. Ethereum suffered even more severe losses, dropping from $195 to a low of $110, representing a 43% decline in approximately 24 hours [1][13].
The selling intensity during March 12-13 exceeded even the 2018 bear market's worst days. Exchange trading volumes surged to record levels as panicked holders rushed to exit positions, with Coinbase and Binance both reporting their highest trading volumes since the 2017 bubble peak [14]. The velocity and magnitude of price declines overwhelmed market infrastructure—some exchanges experienced outages from traffic surges, while others implemented temporary trading halts to prevent complete system failures [14].
Several factors amplified cryptocurrency's downside volatility beyond traditional markets. Cryptocurrency markets trade 24/7 without circuit breakers, allowing panic selling to continue uninterrupted while traditional markets had forced pauses. Retail investor ownership concentration meant that many holders faced personal financial crises (job losses, medical expenses) that forced selling regardless of price. Leverage in the system through both exchange-based margin trading and DeFi borrowing created cascading liquidations as falling prices triggered stop-losses and automatic position closures.
Most significantly for MakerDAO, the extreme Ethereum price decline occurred with unusual rapidity—the bulk of the 43% drop compressed into less than 24 hours rather than unfolding over days or weeks [1][13]. This rapid collapse meant that vault positions that appeared safe with 200%+ collateralization ratios at the beginning of March 12 became critically undercollateralized by the end of the day, triggering simultaneous liquidations across the protocol.
MakerDAO's Pre-Crisis State
As of March 11, 2020, MakerDAO appeared to be in a strong position with approximately 100 million DAI in circulation backed by $140 million in ETH collateral, representing a healthy system collateralization ratio of approximately 140% [15]. The protocol's Surplus Buffer held approximately $500,000 in capital to absorb losses from liquidation auction failures or other shortfalls [15]. This buffer represented about 0.35% of outstanding DAI, far below the 3-4% capital ratios typical in traditional banking but considered adequate for a cryptocurrency-backed stablecoin with automated liquidation mechanisms.
The protocol had operated successfully for over two years since its December 2017 launch as Single-Collateral DAI, and had completed the Multi-Collateral DAI upgrade in November 2019 without major incidents [16]. Liquidation auctions had processed efficiently during previous market downturns including the 2018 bear market, with active keeper bot participation ensuring auctions cleared at reasonable prices near market value. Oracle price feeds updated reliably, with approximately 15-20 active validators submitting price data to the Medianizer aggregation contract [17].
However, several vulnerability factors existed that would prove catastrophic when combined with unprecedented market stress. The liquidation system used English ascending auctions through the CAT and FLIP contracts, where keepers competed by submitting progressively higher bids for liquidated collateral [18]. This design worked well when keeper bots could reliably submit transactions, but created dangerous single points of failure if keeper participation collapsed—auctions could complete with a single bid or even zero bids if no keepers participated successfully. The system had never been tested under conditions of extreme Ethereum network congestion where gas prices exceeded 100-200 gwei for sustained periods.
Most keeper operators relied on standardized bot scripts provided by MakerDAO Foundation, creating a monoculture where a single design flaw affected the majority of participants [7]. These scripts used relatively simple gas price strategies, typically submitting transactions at fixed multiples of recent median gas prices (e.g., 1.5x median) or with static gas price caps (e.g., maximum 50 gwei). During normal conditions when gas prices fluctuated between 10-40 gwei, these strategies worked adequately, but they lacked the sophisticated adaptive logic needed for extreme outlier scenarios.
The oracle system's one-hour Oracle Security Module (OSM) delay, implemented as a security feature to prevent flash manipulation attacks, meant that liquidation calculations used prices from one hour earlier [19]. During gradual price movements, this lag posed minimal risk, but during rapid crashes the delay could mean liquidations triggered based on stale prices that no longer reflected market reality. A 20% price drop occurring over 30 minutes might only partially reflect in liquidation thresholds for up to 90 minutes (30 minutes for the crash plus 60-minute OSM delay).
The $500,000 Surplus Buffer, while adequate for normal liquidation auction shortfalls (where auctions might recover 95-98% of debt), provided minimal protection against catastrophic failure scenarios. If liquidation auctions failed completely, allowing collateral to sell for a fraction of debt value, even relatively modest liquidation volumes could exhaust the buffer and create protocol insolvency.
Timeline of Events: March 12-13, 2020
Black Thursday unfolded as a cascading series of failures where each system breakdown created conditions for subsequent failures, compounding into catastrophic protocol damage within approximately 24 hours.
Morning: Market Opens in Freefall (March 12, 00:00-12:00 UTC)
Cryptocurrency markets opened March 12 with heavy selling pressure continuing from the previous day's global market panic [13]. Ethereum price began the day around $195 and started declining sharply as Asian markets processed U.S. equity futures pointing to another severe down day [13]. By mid-morning UTC (early morning U.S. time), ETH had fallen through $180, triggering the first wave of MakerDAO vault liquidations as positions with collateralization ratios near 150% fell below their liquidation thresholds.
MakerDAO's oracle system during this period still functioned normally, with validators submitting price updates to the Medianizer that reflected falling ETH prices with the standard one-hour OSM delay [17]. Keeper bots monitoring vault positions began identifying undercollateralized vaults and submitting bark() transactions to trigger liquidations through the CAT contract. Ethereum network activity increased as vault owners attempted to save positions by adding collateral or repaying debt, but gas prices remained relatively normal, ranging from 30-50 gwei—elevated but not yet problematic [20].
The first liquidation auctions initiated during this morning period proceeded normally, with multiple keeper bots participating and bidding collateral up to reasonable prices near market value [21]. The system appeared to be handling the market stress as designed—vaults approaching dangerous collateralization levels were being liquidated promptly, auctions were clearing efficiently, and the protocol maintained healthy collateralization across the remaining active vaults.
However, the selling pressure continued building throughout the morning. Traditional markets opened in the United States with immediate sharp declines, the S&P 500 falling 7% within minutes and triggering a 15-minute trading halt [9]. This additional selling pressure from traditional finance cascaded into cryptocurrency markets, which had no circuit breakers to halt trading. Ethereum price acceleration to the downside began as holders rushed to exit positions before further losses materialized.
Afternoon: Crisis Intensifies (March 12, 12:00-18:00 UTC)
The afternoon UTC hours (morning U.S. time) saw the crisis dramatically intensify as Ethereum price fell through critical psychological and technical levels [13]. ETH dropped from $180 to below $150, then quickly to $130, representing approximately 30% decline from the day's opening price in just a few hours [13]. This rapid collapse triggered a second massive wave of vault liquidations as positions that appeared safe earlier in the day suddenly fell below liquidation ratios.
Ethereum network congestion began reaching critical levels as transaction volume surged from liquidation-related activity, vault owners attempting to save positions, and general panic selling [20]. Gas prices spiked from the 30-50 gwei range seen earlier to sustained levels of 100-150 gwei, with periodic spikes above 200 gwei as users competed desperately for transaction inclusion [20]. The network processed approximately 1,092,168 transactions on March 12—near its theoretical maximum capacity given the 15-second block time and gas limits [20].
The oracle system began experiencing problems during this period. Validators running price feed software found themselves unable to economically justify submitting oracle updates when gas costs exceeded $50-100 per transaction [6]. Most validators operated price feeds as public service contributions to the protocol rather than profit-generating businesses, making it irrational to spend hundreds of dollars in gas fees to update prices [6]. As validator updates ceased, the Medianizer continued reporting the last successfully calculated median price even as real market prices diverged significantly.
Keeper bots started encountering severe difficulties submitting liquidation and auction participation transactions. The standard keeper scripts used static or simple dynamic gas pricing strategies that couldn't adapt quickly enough to the rapidly escalating gas price environment [7]. Transactions submitted at 50-70 gwei—prices that would have been generous hours earlier—now sat pending in mempools, unable to compete with the 150+ gwei transactions flooding the network. Keeper operators watching their bots fail attempted manual interventions, but faced the same network congestion as automated systems.
The CAT contract continued triggering new liquidation auctions as thousands of vaults fell below collateralization thresholds simultaneously, but these auctions now proceeded with minimal keeper participation [21]. Some auctions received a single bid from a keeper whose transaction managed to confirm, while others sat with no bids at all as keeper transactions remained stuck pending. The English auction format became a critical vulnerability—without competitive bidding to drive prices up, auctions could complete at whatever price the single participating bidder offered, or at zero if no bidders participated.
Evening: Zero-Bid Exploitation Begins (March 12, 18:00-24:00 UTC)
As evening approached in UTC (afternoon in U.S.), sophisticated actors began recognizing and systematically exploiting the keeper participation vacuum [22]. One or more entities realized that with normal keeper bots unable to submit transactions due to gas price constraints, they could win liquidation auctions by submitting minimal or zero DAI bids with very high gas prices (200-300 gwei) to ensure their transactions processed while competitors remained stuck [22].
The zero-bid strategy worked because English auction contracts accepted the highest bid submitted before the auction timeout period expired, even if that "highest bid" was zero [23]. During normal conditions, keeper competition ensured auctions received multiple bids approaching fair market value, but with competition eliminated by network congestion, a single zero-bid could win entire lots of valuable collateral. The exploiters paid substantial gas fees—often $100-500 per transaction at 200+ gwei prices—but received collateral worth thousands or tens of thousands of dollars in return, generating massive arbitrage profits.
Forensic analysis by Blocknative later identified evidence suggesting some network congestion may have been intentionally manufactured through "hammerbots"—automated systems that flooded the mempool with transaction spam to degrade network performance and prevent legitimate keeper participation [24]. The research identified patterns of "spontaneous stuck transactions" where certain addresses experienced transaction failures immediately before major liquidation events, then recovered functionality immediately afterward, suggesting deliberate timing to disable competing keepers during critical windows [24].
Whether the network congestion was purely organic or partially manufactured remains somewhat controversial, but the result was clear—keeper bot paralysis created conditions where zero-bid exploits became profitable and systematic. Of the 3,994 liquidation auctions triggered during Black Thursday, 1,462 (36.6%) were ultimately won by zero bids, with an additional large percentage won by minimal bids well below market value [25][26]. The most extreme single auction saw one entity acquire 50 ETH (worth approximately $5,500 at crash prices) for exactly 0 DAI [22].
The protocol's bad debt accumulated rapidly during this period as auctions failed to recover the DAI needed to cover vault debts. Each zero-bid auction effectively transferred collateral value from the protocol to exploiters without reducing the corresponding DAI debt, creating unbacked stablecoin. The Surplus Buffer's $500,000 capital provided minimal protection against losses of this scale—by evening, the buffer was exhausted and bad debt began accumulating [15].
Overnight and Next Day: Full Scope Revealed (March 13)
Through the overnight hours and into March 13, liquidation auctions continued processing with similarly poor results as network congestion persisted and ETH price remained highly volatile [13]. Gas prices sustained at elevated levels above 100 gwei as vault owners continued attempting to save positions and liquidation auctions generated ongoing transaction demand [20].
By the morning of March 13, as network congestion finally began moderating and participants could assess the damage, the full catastrophic scope became apparent. Total collateral liquidated for zero or near-zero amounts reached approximately $8.32 million worth of ETH across 1,462 auctions [4][25]. The protocol faced approximately $5.67 million in bad debt—DAI outstanding without corresponding collateral backing it [5][27]. One address (0xA26e15C895EFc0616177B7c1e7270A4C7D51C997) had systematically acquired millions in collateral across 44 separate zero-bid auctions [22].
DAI lost its peg stability, trading at a premium ranging from $1.05 to $1.09 as holders questioned whether the stablecoin remained fully backed [28]. The protocol lacked mechanisms to directly defend the peg at $1.00—the Dai Savings Rate and stability fees represented indirect tools that adjusted incentives over days or weeks but couldn't inject instant liquidity to restore confidence [28]. The peg instability threatened DAI's core value proposition and raised questions about whether the protocol could maintain solvency.
MakerDAO governance faced a critical decision: trigger Emergency Shutdown and allow DAI holders to claim proportional shares of remaining collateral, or attempt to recapitalize through debt auctions that would mint new MKR tokens to cover the shortfall [29]. Emergency Shutdown would protect DAI holders but effectively terminate the protocol, requiring a complete relaunch. Debt auctions would preserve protocol continuity but impose losses on MKR token holders through dilution.
The community avoided Emergency Shutdown, instead initiating the protocol's first-ever debt auctions to recapitalize the system [29][30]. This decision reflected the protocol's fundamental design: DAI holders should maintain full backing even during crises, with MKR token holders serving as ultimate backstop capital that absorbs losses through dilution when necessary [29].
Technical Failures Analysis
Black Thursday exposed multiple interconnected technical and economic failures whose combination created catastrophic outcomes far exceeding any single component's individual failure mode.
Oracle System Breakdown
The oracle infrastructure, which had operated reliably for over two years, encountered a perfect storm of economic unsustainability and network congestion [6][17]. The Medianizer contract aggregated price submissions from approximately 15-20 authorized Feed validators who independently monitored exchange APIs and submitted ETH/USD price data on-chain [17]. This design worked well under normal gas price conditions where validators could afford to update prices regularly, but broke down when gas costs exceeded validators' willingness to pay.
As gas prices spiked to 100-200+ gwei, the economic calculation for validators became untenable. At 200 gwei gas prices with ETH at $150, a typical oracle update transaction consuming 100,000 gas cost approximately $30 in fees [6]. Validators operating price feeds as public service rather than profit-generating businesses had no economic incentive to pay these fees, particularly when multiple updates might be needed during a single day of volatile markets [6]. The validators who did continue attempting updates found their transactions stuck in mempools alongside millions of others competing for block inclusion.
The oracle's failure manifested as increasing staleness rather than complete stoppage. The Medianizer continued reporting the last successfully calculated median even as that price diverged from rapidly falling market reality [6]. When validators finally managed to submit enough new price data for the Medianizer to calculate a fresh median, the contract recognized that ETH had fallen 20%+ from its last reported value [6]. This sudden price jump triggered the protocol to immediately identify thousands of vaults as undercollateralized that should have been liquidated gradually if prices had updated smoothly.
The one-hour OSM delay, designed as a security feature, compounded the problem by ensuring liquidation calculations lagged market reality by at least 60 minutes [19]. During rapid price crashes, this meant positions could become severely undercollateralized before the protocol recognized them as liquidatable. The OSM delay also prevented rapid oracle recovery—even after validators resumed submissions, the hour lag meant vault contracts continued using stale prices while markets moved rapidly.
The failure revealed fundamental flaws in the oracle's economic model. Relying on altruistic validators to bear gas costs during normal conditions worked adequately, but created no mechanism to ensure participation during high gas price environments when oracle accuracy matters most [6]. The protocol needed either explicit economic incentives (paying validators for price submissions) or more gas-efficient oracle designs to maintain reliability across all market conditions.
Network Congestion and Gas Market Collapse
Ethereum network congestion reached extraordinary levels during Black Thursday, with gas prices sustained above 100 gwei for hours and peaking above 200 gwei—representing 10x increases over typical 20 gwei prices just days earlier [20]. The network processed near its theoretical maximum capacity of approximately 1.1 million transactions per day given the 15-second block time and gas limits [20].
The congestion created a multi-layered failure cascade. Users attempting to save vault positions by adding collateral or repaying debt found transactions pending for 30+ minutes or being evicted from mempools entirely [20]. Keeper bots submitting liquidation triggers and auction bids encountered the same delays. Oracle validators trying to update prices faced identical inclusion challenges. The network's limited throughput capacity became the binding constraint that degraded all protocol operations simultaneously.
Gas price escalation followed a destructive feedback loop. As initial congestion caused transaction delays, users increased gas prices to compete for priority. Higher gas prices raised the bar for all subsequent transactions, as miners prioritized the highest-paying transactions. This competitive dynamic pushed gas prices to levels where marginal participants (oracle validators, small keeper operators, retail users) were priced out entirely, concentrating transaction inclusion among well-capitalized actors willing to pay extreme fees.
The Ethereum network's fixed block gas limit (approximately 10 million gas per block in March 2020) meant that increasing gas prices didn't improve overall throughput—it simply redistributed limited capacity toward those willing to pay most [20]. This design creates problematic incentives during crises. Unlike traditional infrastructure where congestion pricing reduces demand (e.g., surge pricing for rideshares discourages non-essential trips), blockchain gas pricing during crises often increases demand as urgency and stakes rise. Users facing liquidation of $100,000 vault positions rationally pay $500-1,000 in gas fees if that's what's required for transaction inclusion.
The congestion exposed dangerous assumptions in protocol design. MakerDAO's liquidation system assumed keeper bots could reliably submit transactions, oracle validators could update prices, and users could manage positions during market stress [6][7]. All these assumptions depended on Ethereum network capacity remaining adequate—an assumption that failed catastrophically when crisis conditions generated transaction demand exceeding network throughput. The protocol operated one abstraction layer above Ethereum, inheriting its limitations without adequate fallback mechanisms when base layer capacity failed.
Keeper Bot Failures and Monoculture Risk
The keeper ecosystem's collapse represented perhaps the most preventable failure mode, rooted in dangerous monoculture where most operators relied on identical software with shared vulnerability to gas price extremes [7]. MakerDAO Foundation had published reference keeper bot implementations as open-source code to encourage ecosystem participation, intending for operators to customize and improve the code for their specific strategies [31]. Instead, many operators simply ran the reference implementation without modifications, creating a monoculture where a single design flaw affected the majority of participants.
The reference keeper implementation used relatively simple gas price strategies that worked well under normal conditions but failed completely during extreme outliers [7]. The bot typically calculated gas prices as fixed multiples of recent median values (e.g., 1.5x the median gas price from the last 10 blocks) or used static maximum gas price caps (e.g., "never pay more than 50 gwei") [7]. When network median gas prices jumped from 30 gwei to 150+ gwei in hours, the 1.5x multiplier strategy generated bids of 45 gwei that couldn't compete with the 150+ gwei transactions flooding the network. The static gas price caps prevented bots from adapting to new market realities even when their operators would have been willing to pay higher fees.
The keeper scripts also lacked sophisticated logic for handling pending transaction status and replacement [7]. When an initial transaction at 50 gwei sat pending for minutes without confirmation, the bot needed to either cancel and resubmit at higher gas prices, or submit replacement transactions with the same nonce but elevated gas to override the original. The reference implementation had limited support for these recovery mechanisms, causing bots to simply wait with stuck transactions rather than adapting to clear the backlogs.
Professional keeper operators with custom infrastructure did adapt successfully, though many took hours to diagnose and fix gas pricing strategies while auctions proceeded with zero bids [7]. The sophistication gap between well-resourced operators running custom code and individual operators using reference implementations became apparent—those with capital and technical capacity to rapidly modify code captured most available keeper profits, while standardized bots failed completely.
The monoculture risk extended beyond just software. Most keepers relied on similar infrastructure patterns including public RPC endpoints (Infura, Alchemy), similar exchange APIs for price discovery, and comparable capital management strategies [31]. When Infura experienced performance degradation during peak load, all Infura-dependent keepers suffered simultaneously. When standard keeper capitalization strategies (maintaining 50,000-100,000 DAI for auction participation) became exhausted by rapid liquidation waves, most keepers hit capital constraints at similar times.
The failure demonstrated that decentralized protocol security depends not just on having multiple independent participants, but ensuring those participants employ genuinely diverse strategies, infrastructure, and implementations [7]. A system with 50 keeper operators running identical code on similar infrastructure provides minimal more resilience than a system with 5 operators—the appearance of decentralization without the substance. True resilience requires heterogeneous implementations that fail independently rather than collectively.
Liquidation 1.0 Auction Mechanism Vulnerability
The English ascending auction design used in Liquidation 1.0 created inherent vulnerabilities that became catastrophic when keeper participation degraded [18][23]. The CAT and FLIP contracts implemented a two-phase auction where bidders first competed by offering higher DAI amounts for fixed collateral quantities ("tend" phase), then competed by accepting less collateral for fixed DAI amounts ("dent" phase) [18].
This design assumed active keeper competition would drive bid prices toward fair market value through competitive dynamics [18]. Multiple keepers monitoring an auction for 10 ETH would recognize that the collateral's market value (approximately $1,500 at crash prices) exceeded the debt being recovered (perhaps $1,300), creating arbitrage opportunity. Rational keepers would bid competitively, with each bid incrementing by the minimum required amount (typically 3%) until the bid approached fair value minus a small profit margin [18].
The assumption of competitive bidding failed completely when keeper transaction submission became impossible. With most keeper bots unable to get transactions included due to gas price limitations, auctions proceeded with zero or single bidders [23]. The contract design accepted the highest bid submitted before timeout regardless of that bid's relationship to fair value—if the only bid was zero, the contract awarded collateral for zero payment. No minimum price floors, reserve prices, or sanity checks prevented auctions from completing at absurd valuations.
The English auction format also created problematic gas war dynamics even when multiple keepers participated. During high gas price environments, auction competition shifted from bidding on collateral price to bidding on gas prices to ensure transaction inclusion [32]. A keeper willing to pay 300 gwei for transaction inclusion could beat a competitor offering a higher collateral bid but only 150 gwei gas price. This transformed auctions into gas fee competitions rather than collateral valuation competitions, favoring participants with deepest pockets for gas fees rather than most efficient capital deployment.
Auction parameters calibrated for normal conditions proved inadequate during crisis. The 10-minute tend phase duration, designed to allow multiple bid iterations during normal 30-50 gwei gas prices, became insufficient when transaction inclusion required 30+ minutes [18]. The 6-hour total auction duration seemed generous for normal conditions but allowed zero-bid auctions to complete rapidly when no competing bids appeared. The minimum bid increment requirement (3% above previous bid) that ensured meaningful competition during normal conditions was irrelevant when auctions received only a single bid.
The mechanism lacked adaptive features that could respond to extraordinary conditions. No ability existed to pause auctions when detecting anomalous bidding (zero bids, single bidders), extend auction durations when network congestion delayed transactions, or require minimum reserve prices based on oracle valuations. The contracts executed their programmed logic inflexibly, awarding collateral according to auction rules even when those outcomes clearly violated the intent of protecting protocol solvency.
Zero-Bid Exploitation Mechanics
The systematic zero-bid exploitation during Black Thursday demonstrated how sophisticated actors could weaponize system vulnerabilities and network conditions to extract millions in value at the protocol's expense.
Attacker Strategy and Execution
The zero-bid strategy required recognizing several conditions that created unusual arbitrage opportunities [22]. First, keeper bot paralysis from gas price extremes meant auctions would proceed with minimal participation. Second, Ethereum's transaction priority mechanism allowed transactions with higher gas prices to confirm preferentially. Third, the English auction contract accepted zero DAI bids as valid if no higher bids appeared before timeout. Combining these insights, sophisticated actors realized they could win valuable collateral for nothing by submitting zero bids with extremely high gas prices.
The execution mechanics were straightforward but required technical sophistication [22]. The attacker monitored the CAT contract for Kick events signaling new liquidation auctions, calculated the collateral value based on current market prices (acknowledging the collateral was worth $1,500+ per ETH at crash valuations), and submitted bid transactions offering 0 DAI for the full collateral amount with gas prices of 200-300 gwei to ensure inclusion. The high gas prices cost the attacker $100-500 per transaction, but winning an auction for 10-50 ETH worth thousands of dollars generated enormous profits after accounting for gas costs.
The strategy required capital primarily for gas fees rather than collateral bidding, substantially reducing barriers to participation. An attacker with just 5-10 ETH could fund hundreds of zero-bid transactions, potentially winning millions in collateral if auctions consistently lacked competing bids. This capital efficiency meant the attack could scale to exploit all available auctions rather than being constrained by the attacker's DAI holdings for legitimate bidding.
Timing proved critical for maximizing exploitation. The attacker needed to identify the window when keeper bots failed but before protocol governance could respond with emergency parameter changes or circuit breakers [22]. The March 12 afternoon and evening UTC hours represented peak opportunity as network congestion remained extreme, keeper failures persisted, but governance hadn't yet mobilized emergency responses that might halt auctions or freeze liquidations.
Evidence suggests multiple sophisticated actors eventually recognized and exploited the opportunity, though one address (0xA26e15C895EFc0616177B7c1e7270A4C7D51C997) captured the largest share across 44 separate zero-bid auctions [22]. The pattern of wins concentrated in this single address suggests systematic strategy execution rather than organic arbitrage discovery by many independent actors. The address demonstrated clear understanding of the mechanism, consistently submitting zero bids rather than experimenting with different bid amounts.
Mempool Manipulation and Hammerbot Evidence
Blocknative's forensic analysis of blockchain transaction data identified anomalous patterns suggesting some network congestion may have been intentionally manufactured to degrade keeper participation and create conditions favorable for exploitation [24]. The research team analyzed mempool composition, transaction propagation patterns, and gas price dynamics during Black Thursday, identifying several suspicious phenomena that deviated from organic congestion patterns.
"Hammerbots" represented automated systems that flooded the mempool with transaction spam—repeatedly submitting and replacing transactions that consumed mempool space without intending to confirm [24]. These transactions typically used gas prices just below the current market clearing rate, ensuring they appeared competitive enough to occupy mempool slots but would never actually confirm as new transactions with higher gas prices arrived [24]. The effect was to inflate apparent network congestion, making it harder for legitimate users to estimate appropriate gas prices and increasing the resources required for nodes to process mempool data.
The analysis identified "spontaneous stuck transaction" patterns where specific addresses experienced sudden transaction inclusion failures immediately before major liquidation events, then mysteriously recovered functionality afterward [24]. For example, an address that successfully submitted transactions at 80 gwei for hours might suddenly experience all transactions failing despite submitting at 150 gwei, only to have successful transactions resume at 100 gwei after a critical auction window closed. The timing correlation between these failures and major auctions suggested deliberate sabotage rather than random network conditions.
Gas price manipulation appeared in the data as well. During certain auction windows, mempool gas prices showed artificial inflation where transaction volumes and gas prices temporarily spiked far above sustainable levels, then dropped precipitously immediately after auctions closed [24]. This pattern indicated that actors may have submitted high-gas-price spam transactions to create appearance of severe congestion, discouraging legitimate participants from competing, then withdrawn the spam once auctions completed with desired zero-bid outcomes.
The smoking gun evidence remained circumstantial rather than definitive. Distinguishing intentional manipulation from organic crisis congestion requires proving intent that blockchain data cannot directly reveal. An address repeatedly submitting and replacing transactions might be a hammerbot intentionally degrading network performance, or might be a legitimate user desperately trying to save a vault position and continually increasing gas prices as network conditions deteriorated. The timing correlations between stuck transactions and auctions could reflect deliberate sabotage or simply natural variance in network conditions.
However, the Blocknative analysis combined with the extreme concentration of zero-bid auction wins among a small number of addresses creates strong circumstantial case for at least some intentional manipulation [24]. The sophistication required to execute systematic zero-bid exploitation across dozens of auctions, combined with evidence of mempool manipulation during key windows, suggests a coordinated strategy rather than organic arbitrage discovery. Whether the manipulation represented the majority of network congestion or a marginal addition to organic crisis traffic remains uncertain.
Total Damage and Loss Distribution
The cumulative impact of zero-bid exploitation and failed liquidation auctions created the worst single-event loss in DeFi history to that point [4][5]. Of the 3,994 liquidation auctions triggered during Black Thursday, 1,462 (36.6%) completed with zero DAI bids, representing $8.32 million in collateral transferred to exploiters without corresponding debt repayment [25][26]. An additional substantial percentage of auctions received only minimal bids well below market value, compounding protocol losses.
The loss distribution fell primarily on vault owners whose collateral was seized and the protocol's Surplus Buffer which absorbed bad debt. Vault owners with positions liquidated through zero-bid auctions experienced total loss—their entire collateral was confiscated without any of their debt being repaid [33]. Unlike normal liquidations where vault owners receive surplus if auction proceeds exceed debt, zero-bid liquidations left owners with neither collateral nor debt forgiveness. For a vault with 100 ETH collateral (worth $15,000 at crash prices) and 10,000 DAI debt, a zero-bid liquidation meant the owner lost the $15,000 collateral but still technically owed the 10,000 DAI debt (which was assigned to the protocol as bad debt).
The protocol's Surplus Buffer of approximately $500,000 was quickly exhausted as zero-bid auctions generated bad debt at a rate of millions per hour [15]. Each zero-bid auction created unbacked DAI—debt that existed without collateral backing it. Once bad debt exceeded the Surplus Buffer, the protocol became technically insolvent, with more DAI outstanding than the value of all backing collateral. The final accounting showed approximately $5.67 million in bad debt after the Surplus Buffer absorption [5][27].
MKR token holders ultimately bore the protocol losses through dilution when debt auctions minted new MKR to recapitalize the system [34]. The protocol minted 20,980 MKR tokens sold at an average price of $296.35, raising approximately $6.21 million [35]. This MKR minting diluted existing holders—if 1 million MKR existed before the auctions, existing holders saw their ownership percentage decrease by approximately 2%. The effective transfer of value from MKR holders to the protocol recapitalized the system but imposed real losses on governance token holders.
DAI holders avoided direct losses as the protocol maintained full backing through the debt auction recapitalization, though they experienced temporary peg instability and increased uncertainty about DAI's reliability [28]. The DAI price premium (trading at $1.05-$1.09) reflected market concerns about backing adequacy, though the premium also indicated sustained demand as DAI retained value despite the crisis. Users who needed to sell DAI during the crisis period may have obtained slightly better than $1.00, while those buying for stability paid a premium.
The exploiters themselves captured approximately $8.32 million in collateral value minus the gas costs paid for winning auctions [4]. At 200 gwei gas prices and approximately 200,000 gas per auction transaction, the exploiter paid roughly $60-100 per auction (at $150 ETH prices). Across 1,462 zero-bid auctions, total gas costs might have been $90,000-150,000, leaving net profits of approximately $8.17-8.24 million. This represented extraordinary returns on capital deployed for what amounted to several hours of systematic execution against a broken protocol.
Governance Response and Emergency Actions
MakerDAO governance mobilized rapidly in response to the crisis, implementing emergency parameter changes and initiating debt auctions to recapitalize the protocol while considering the nuclear option of Emergency Shutdown.
Emergency Shutdown Debate
The most consequential decision facing governance in the immediate aftermath was whether to trigger Emergency Shutdown, which would freeze all protocol operations and allow DAI holders to redeem for proportional shares of remaining collateral [29][36]. Emergency Shutdown represented the protocol's designed mechanism for handling catastrophic failures beyond repair through normal operations, effectively terminating the protocol and distributing remaining assets to stakeholders.
The case for Emergency Shutdown centered on protecting DAI holders from further degradation [29]. With $5.67 million in bad debt and ongoing auction failures, continued operations risked accumulating additional losses that could erode DAI backing further. Shutting down immediately would preserve the current backing ratio and allow DAI holders to exit at whatever collateralization remained, while continued operations during crisis conditions could worsen outcomes. The shutdown mechanism was specifically designed for exactly this scenario—catastrophic liquidation failures creating undercollateralized stablecoin.
Arguments against Emergency Shutdown emphasized the long-term protocol value that would be destroyed [29][36]. MakerDAO represented nearly three years of development, community building, and market adoption that had established DAI as DeFi's most widely-used stablecoin with 100 million units outstanding. Emergency Shutdown would terminate this value, requiring a complete protocol relaunch and rebuild of market trust. The debt, while substantial at $5.67 million, represented only 4% of the $140 million total collateral—manageable through recapitalization rather than terminal.
The protocol's social contract held that MKR holders serve as ultimate backstop capital, absorbing losses through dilution when the Surplus Buffer proves insufficient [29]. Triggering Emergency Shutdown to avoid MKR dilution would violate this fundamental design principle, shifting losses to DAI holders who expect full backing regardless of crisis conditions. The debt auction mechanism existed specifically to recapitalize during crises—not using it would abandon the protocol's core risk management design.
Governance ultimately decided against Emergency Shutdown, instead pursuing debt auctions to mint new MKR and recapitalize the protocol [29][30]. This decision reflected both technical assessment that the bad debt was manageable through dilution, and philosophical commitment to honoring the protocol's designed risk allocation where MKR holders bear ultimate losses. The choice preserved protocol continuity and maintained DAI backing through MKR dilution rather than imposing haircuts on DAI holders through shutdown.
MKR Debt Auctions and Paradigm's Role
The debt auction process initiated on March 19, 2020, approximately one week after Black Thursday, allowing time for governance to assess the damage and prepare auction infrastructure [35][37]. The FLOP contracts implemented reverse Dutch auctions where bidders competed by offering to accept fewer MKR tokens in exchange for fixed 50,000 DAI amounts [35]. Auctions started with high MKR amounts (e.g., 500 MKR for 50,000 DAI) and bidders competed by accepting less (e.g., 450 MKR, then 400 MKR), with the auction completing when no further bids appeared for a timeout period.
The protocol needed to raise approximately $5.3 million to cover bad debt and rebuild the Surplus Buffer [37]. At auction prices averaging $296.35 per MKR, this required minting and selling approximately 17,900 MKR, though the actual total minted reached 20,980 MKR across 106 separate auctions over approximately 9 days from March 19-28 [35][37].
Paradigm Capital, a venture capital firm that had invested $27.5 million in MakerDAO in December 2019, emerged as the dominant participant in the debt auctions [38][39]. Paradigm won 72 of the 106 auctions, acquiring approximately 68% of all auctioned MKR by paying approximately $3.6 million [35][38]. This concentration reflected both Paradigm's substantial capital availability to deploy quickly and their prior commitment to serve as "backstop syndicate" supporting the protocol during crises [39].
The Paradigm participation generated mixed community reactions. Supporters noted that Paradigm provided essential liquidity exactly when needed, ensuring debt auctions completed successfully and recapitalized the protocol [39]. Their participation validated confidence in MakerDAO's long-term viability despite the crisis—Paradigm wouldn't deploy millions acquiring MKR if they believed the protocol was terminally damaged. The concentration in Paradigm's hands also meant auctions cleared efficiently without requiring recruitment of hundreds of smaller participants.
Critics worried about governance centralization from Paradigm's accumulation of significant MKR holdings on top of their existing stake from the December 2019 investment [40]. Venture capital firms holding large MKR positions might pursue governance decisions favoring their investment timeline and risk preferences over broader community interests. The debt auction mechanism, while functioning as designed, had the side effect of concentrating governance power among entities with capital to participate during crises, potentially undermining the protocol's decentralization ethos.
The auctions successfully raised $6.21 million total, exceeding the minimum needed to cover bad debt and partially rebuild the Surplus Buffer [35]. The average MKR price of $296.35 represented a discount from pre-crisis prices near $400-450 but substantial premium over the $150-200 MKR traded at during the market crash, suggesting bidders viewed the discount as reasonable compensation for providing crisis capital. The dilution of approximately 2% of MKR supply represented meaningful but not catastrophic value transfer from existing holders to auction participants.
Immediate Parameter Changes
Governance implemented emergency parameter adjustments within days of Black Thursday to prevent continued auction failures and reduce liquidation risk while debt auctions proceeded [41][42].
The Dai Savings Rate (DSR) was reduced from 8% to 0% on March 13, freeing protocol surplus that had been allocated to DSR payouts for use in rebuilding the Surplus Buffer [42]. The DSR reduction also reduced incentive for users to lock DAI in the DSR contract, potentially increasing circulating supply and helping restore peg stability by reducing DAI scarcity. While painful for users who relied on DSR yield, the reduction prioritized protocol solvency over user returns during crisis.
Stability fees across collateral types were adjusted to reduce borrowing costs and discourage further vault closures that could add to liquidation pressure [41]. Lower stability fees made it cheaper for vault owners to maintain positions, reducing incentive to close vaults by repaying debt. The fee reductions traded off protocol revenue generation for stability during crisis conditions—accepting lower income to prevent further liquidation cascades.
Debt ceilings for certain collateral types were increased to accommodate users who wanted to migrate positions from stressed collateral types to safer alternatives [41]. For example, users with ETH-A vaults approaching liquidation might open new USDC-A vaults to generate DAI for repaying ETH-A debt. Increasing USDC-A debt ceilings facilitated these migrations without forcing users to wait for governance votes to approve ceiling expansions.
Liquidation ratio parameters saw limited immediate changes, as governance wanted to avoid creating moral hazard where users expected risk parameters to be relaxed during every market downturn [41]. However, some modest liquidation ratio reductions occurred for collateral types where governance assessed that current ratios were overly conservative given market conditions.
Auction parameters including bid increment requirements, auction durations, and lot sizes received attention but substantive improvements required the full Liquidation 2.0 redesign that wouldn't deploy until 2021 [8]. Temporary parameter changes including extended auction durations from 10 minutes to 6 hours for the tend phase provided marginal improvements, but the fundamental English auction vulnerability remained until the complete system redesign [42].
The Governance Security Module (GSM) delay, normally requiring 48 hours between executive vote passage and implementation, was acknowledged as a constraint during rapid crisis response [43]. Emergency parameter changes required two full days to implement after governance approval, during which market conditions could worsen. Governance discussed but ultimately didn't implement mechanisms to bypass GSM delay during emergencies, maintaining security over speed but accepting the trade-off that emergency responses would be delayed.
Legal Aftermath and Compensation Battles
The financial losses from Black Thursday sparked multi-year legal battles between affected vault owners and MakerDAO entities, ultimately resulting in a settlement that acknowledged some protocol responsibility without admitting fault.
Class Action Lawsuit Filing
In April 2020, approximately one month after Black Thursday, Peter Johnson filed a class action lawsuit in the Northern District of California against the Maker Foundation and related entities, seeking $28 million in damages on behalf of users whose vaults were liquidated for zero or minimal collateral value [44][45]. The complaint alleged negligence, intentional misrepresentation, and negligent misrepresentation, arguing that MakerDAO had misrepresented the protocol's risks and failed to protect investor interests during the crisis [45].
The legal theory centered on whether users who deposited collateral and borrowed DAI through the protocol could reasonably expect the liquidation system to function as designed [44]. The plaintiffs argued that MakerDAO's documentation and marketing materials portrayed liquidation as a safety mechanism that would sell collateral at fair market value to recover debt plus penalties, not as a mechanism that could completely confiscate collateral without debt repayment [44]. If users relied on these representations and suffered losses when the mechanism failed catastrophically, the protocol bore liability for the discrepancy between promised and actual function.
The defendants countered that DAI's terms of service included arbitration clauses requiring disputes to be resolved through arbitration rather than court litigation [46]. This procedural defense, if successful, would shift the case from public court proceedings to private arbitration where discovery and precedent-setting would be limited. The arbitration clause debate became a focal point of early litigation as both sides fought over the appropriate venue for resolving the claims.
The Maker Foundation argued that it had dissolved and lacked legal capacity to be sued, as the Foundation had completed its mission of launching the protocol and transitioned governance to the decentralized community [47]. This defense raised complex questions about liability for decentralized protocols—if no legal entity controls the protocol or can be sued for its operation, how can users seek redress for losses? The defense potentially established concerning precedent that DeFi protocols could claim decentralization as a liability shield while exercising centralized control during development and marketing.
Arbitration and Dismissal
In September 2020, Judge Maxine Chesney ruled that the American Arbitration Association must determine whether Johnson's claims fell within the scope of DAI's terms of service arbitration clause before the court could proceed [46]. This preliminary ruling effectively paused the litigation while arbitration questions were resolved, delaying any potential compensation to affected users by months or years.
The arbitration ruling generated substantial criticism from consumer advocates and DeFi observers who viewed arbitration clauses in cryptocurrency terms of service as particularly problematic [48]. Unlike traditional financial services where arbitration versus litigation involves trade-offs in procedural protections, cryptocurrency arbitration clauses often appear in boilerplate terms that users must accept to access protocols, with limited opportunity for negotiation or modification. The power imbalance between sophisticated protocol developers and individual users makes arbitration clauses especially one-sided.
In February 2023, approximately three years after the initial lawsuit filing, Judge Chesney dismissed the complaint entirely [47]. The dismissal rested on two grounds: first, that the Maker Foundation lacked capacity to be sued because it had dissolved, and second, that plaintiff Johnson failed to allege facts sufficient to support his claims for relief [47]. The ruling effectively ended the litigation pathway to compensation, though it left open the possibility of settling through private negotiations.
The dismissal provided important legal precedent for DeFi protocols facing similar claims. By accepting the "protocol has decentralized, foundation has dissolved, no entity can be sued" argument, the court created a liability shield for projects that successfully decentralize governance and dissolve their founding entities [47]. This precedent incentivizes projects to accelerate decentralization and entity dissolution to avoid future liability, while potentially leaving users without recourse when protocols malfunction.
Settlement and Compensation Decision
Despite the lawsuit dismissal in February 2023, both sides reached a settlement agreement in June 2023, with MakerDAO agreeing to pay $1.16 million to affected users while denying any wrongdoing or legal violations [49][50]. The settlement amount represented approximately 14% of the $8.32 million in total Black Thursday losses, providing partial compensation but far below actual damages [49].
The settlement reflected both sides' assessment that continued litigation uncertainty wasn't worth the costs. For plaintiffs, the settlement guaranteed some recovery rather than risking appeals that might ultimately yield nothing [50]. For MakerDAO, settling for $1.16 million avoided discovery that might reveal embarrassing internal communications, precedent-setting rulings that could invite future litigation, and ongoing legal fees that might exceed settlement costs. Neither side achieved their optimal outcome, but both accepted a compromise that ended the dispute.
The settlement explicitly included MakerDAO's denial of wrongdoing, preserving the protocol's position that Black Thursday represented an unfortunate confluence of market conditions rather than negligence or misrepresentation [49]. This denial protected against admissions that could be used in future litigation or regulatory proceedings, though it provided little consolation to users who received 14 cents on the dollar for their losses.
Earlier governance votes within the MakerDAO community had addressed compensation separately from the legal proceedings [51][52]. In September 2020, governance voted on whether to compensate the $2.5 million in user losses beyond what legal settlements might provide. The final vote saw 65% oppose compensation, with arguments that vault users accept liquidation risk when opening positions and the protocol's primary obligation is maintaining DAI peg stability, which it successfully achieved despite liquidation mechanism failures [51][52].
The governance compensation vote reflected philosophical divisions about protocol responsibilities. Those opposing compensation argued that vault users are sophisticated DeFi participants who understand smart contract risks, liquidation mechanisms are clearly documented including edge case failure possibilities, and the protocol fulfilled its core mission of maintaining DAI backing through MKR dilution [51]. Compensating users would create moral hazard where participants expect rescue from normal protocol risks, undermining the principle that DeFi users bear responsibility for understanding and accepting technical and economic risks.
Supporters of compensation countered that liquidation system failure went beyond normal risk parameters users could reasonably anticipate. While users accept risk of liquidation if collateral values fall, they don't necessarily accept risk of a systemically broken auction mechanism confiscating collateral for zero payment [51]. The protocol's documentation and marketing emphasized liquidation as a safety feature protecting both users and protocol, not as a mechanism that could completely fail during crises. Providing some compensation acknowledged that the system failed beyond users' reasonable risk expectations, while still imposing substantial losses that reinforced the need for careful position management.
The combined legal settlement ($1.16 million) and governance decision against further compensation left most affected users with minimal recovery of their Black Thursday losses, closing the compensation question but leaving lingering questions about liability and user protection in DeFi.
Liquidations 2.0: The Comprehensive Redesign
Black Thursday directly motivated the most substantial technical upgrade in MakerDAO history—the complete redesign of the liquidation system from English ascending auctions to Dutch descending auctions with enhanced keeper incentives and auction safeguards [8][53].
MIP45 Development and Ratification
The Smart Contracts Domain Team proposed MIP45: Liquidations 2.0 - Liquidation System Redesign on February 3, 2021, approximately 11 months after Black Thursday [53][54]. The proposal underwent comprehensive community review, technical auditing, and governance discussion before ratification on March 25, 2021, reflecting the significance of replacing a core protocol mechanism that handled billions in collateral [53][54].
MIP45's core innovation replaced the CAT contract (which triggered liquidations using English ascending auctions) and FLIP contracts (which ran individual collateral auctions) with new DOG and CLIPPER contracts implementing Dutch descending auctions [53][54]. This fundamental change addressed Black Thursday's central failure mode—English auctions that required competitive bidding to achieve fair prices became vulnerable when keeper participation collapsed, while Dutch auctions starting at prices above market value provided built-in protection against zero-bid exploits.
The development process involved extensive formal verification and security auditing by ChainSecurity and other auditors, given the critical nature of liquidation infrastructure [55]. The team needed confidence that the new system would function correctly under extreme conditions that the previous system failed to handle. Audit findings identified and addressed multiple medium and low-severity issues before deployment, ensuring the production contracts met security standards.
Governance ratified MIP45 on March 25, 2021, approximately one year after Black Thursday, with overwhelming community support [53][54]. The vote reflected broad consensus that liquidation system redesign was essential for protocol security and that the Dutch auction approach represented substantial improvement over the failed English auction design. The extended timeline from crisis to implementation reflected the careful development and testing required for such fundamental infrastructure changes.
Dutch Auction Architecture and Advantages
The Liquidations 2.0 Dutch auction design operates fundamentally differently from the English auctions it replaced [8][56]. Auctions begin with collateral offered at prices significantly above current oracle value (typically 120-130% of market price based on the "buf" parameter), then price decreases continuously over time according to a governance-defined curve until a keeper accepts the current price by calling the take() function [56].
This mechanism provides several critical advantages over English auctions. Starting prices well above market value ensures the protocol doesn't sacrifice collateral value early in auctions—even if keepers participate immediately, they pay premium prices rather than acquiring bargains [56]. The descending price mechanism eliminates gas wars between keepers—the first keeper willing to accept the current price wins, without need to outbid competitors through higher gas prices. Partial fills are natively supported, allowing keepers with limited capital to purchase portions of large liquidations rather than requiring full collateral purchases [56].
The price decay curve follows configurable mathematical functions (typically linear or exponential) defined by governance parameters [56]. The "cut" parameter specifies the percentage price decrease per time unit, while "step" defines the time interval between decreases. A cut of 0.99 (1% decrease) with step of 60 seconds means auction price decreases 1% per minute. After 10 minutes, the price equals starting_price × 0.99^10 ≈ 90.4% of the start price.
Auction duration is capped by the "tail" parameter (typically 6-24 hours depending on collateral type), with auctions automatically resetting through the redo() function if they don't complete within the tail period [56]. The reset mechanism prevents auctions from sitting indefinitely if price drops below levels where any keeper wants to participate, instead restarting with fresh oracle prices and new price curves. The "cusp" parameter defines maximum acceptable price drops (e.g., 60% of starting price) before reset is required, preventing auctions from declining to absurdly low values.
These parameters balance competing objectives: starting prices high enough to protect protocol value versus decreasing fast enough to ensure auctions complete promptly, auction durations long enough for adequate keeper participation versus short enough to limit protocol exposure to volatile collateral, and reset mechanisms that prevent stalls versus reset thresholds that don't prematurely terminate auctions before finding market-clearing prices [56].
Enhanced Keeper Incentives
Liquidations 2.0 implemented a dual-component keeper compensation structure specifically designed to ensure profitable participation across diverse market conditions and gas price environments [57]. The "tip" parameter provides a flat DAI payment (currently 100 DAI as of 2026) to the keeper who triggers a liquidation by calling DOG.bark(), while the "chip" parameter provides a percentage fee (typically 2-3% of liquidated debt) [57].
This dual structure ensures that small liquidations remain profitable through the flat tip even when percentage fees are minimal, while large liquidations provide appropriately scaled compensation through the chip [57]. For a 10,000 DAI vault with tip=100 DAI and chip=2%, the keeper receives 100 + (10,000 × 0.02) = 300 DAI. For a 200,000 DAI vault, the keeper receives 100 + (200,000 × 0.02) = 4,100 DAI, appropriately scaling with liquidation size.
The tip and chip compensation is paid immediately when liquidation triggers, separate from auction outcomes [57]. This ensures keepers have guaranteed profitability for liquidation monitoring and triggering even if auction proceeds are poor, decoupling keeper incentives from auction participation. During Black Thursday, the lack of immediate keeper compensation beyond auction arbitrage meant keepers had no incentive to trigger liquidations when they expected auction participation would be impossible—Liquidations 2.0 fixes this by paying keepers for liquidation triggering regardless of subsequent auction results.
The keeper incentive parameters are governance-adjustable per collateral type, allowing calibration based on each asset's liquidation frequency, typical position sizes, and keeper ecosystem characteristics [57]. Less liquid collateral types might require higher tip/chip rates to ensure adequate keeper attention, while highly liquid assets with deep keeper networks might function adequately with lower compensation. Governance regularly reviews and adjusts these parameters based on observed keeper participation patterns and profitability analysis.
The liquidation penalty (chop parameter, typically 13%) creates the primary arbitrage opportunity for auction participants, separate from the tip/chip compensation for liquidation triggering [57]. The penalty amount added to debt determines auction proceeds required—for a 100,000 DAI vault with 13% penalty, auctions must collect 113,000 DAI to fully repay debt. Keepers participating in auctions seek to purchase collateral for less than market value, with the penalty providing the margin between auction price and market value that generates arbitrage profits.
Deployment and Migration
Liquidations 2.0 deployment occurred gradually through phased migration of collateral types from the legacy CAT/FLIP system to the new DOG/CLIPPER architecture during April-May 2021 [58]. The phased approach reduced risk by allowing governance to validate proper function on smaller collateral types before migrating the largest value collateral (ETH).
ETH-A, ETH-B, and ETH-C collateral types migrated first, representing the highest-value collateral but also the most liquid with deep keeper ecosystems [58]. WBTC followed, then stablecoins like USDC, and finally exotic collateral types with lower volumes [58]. Each migration required governance executive vote to authorize the transition, deploy new CLIPPER contracts for the collateral type, set appropriate auction parameters, and disable the legacy FLIP contracts to prevent new auctions under the old system.
The migration process required keeper operators to update their infrastructure to interact with DOG/CLIPPER contracts rather than CAT/FLIP [59]. Keeper bot implementations needed modifications to monitor DOG contract events instead of CAT events, call CLIPPER.take() for auction participation instead of FLIP.tend/dent, and handle the new parameter configurations defining auction behavior. The community provided reference implementations and documentation to facilitate keeper migrations, though operators running custom code needed to implement changes themselves.
No major incidents occurred during the Liquidations 2.0 migration, validating the extensive testing and security auditing [58]. Liquidations processed successfully under the new system, with keeper participation adapting to the Dutch auction mechanism without significant disruption. The smooth migration demonstrated the protocol's ability to implement fundamental infrastructure changes while maintaining continuous operation and security.
Long-Term Protocol Changes
Beyond the Liquidations 2.0 upgrade, Black Thursday motivated numerous additional protocol improvements addressing oracle reliability, governance response capacity, peg stability mechanisms, and risk parameter management.
Oracle Infrastructure Improvements
The oracle system failures during Black Thursday prompted comprehensive improvements to price feed reliability, particularly during high gas price environments [60]. Chronicle Protocol (which evolved from MakerDAO's oracle infrastructure after the Foundation's dissolution) developed the Scribe architecture using Schnorr signature aggregation to dramatically reduce gas costs for oracle updates [61]. Scribe combines multiple validator signatures into a single aggregated signature submitted on-chain, reducing gas costs by 60%+ compared to the legacy Medianizer design [61].
The gas efficiency improvement directly addressed Black Thursday's oracle failure mode where validators couldn't economically justify updating prices at 200+ gwei gas prices [60]. With Scribe's reduced costs, validators can continue profitable operation at gas prices that would have paralyzed the Medianizer, improving oracle reliability during extreme network congestion. The 60% cost reduction means that if the Medianizer became uneconomical at 150 gwei, Scribe remains viable past 300 gwei, doubling the network stress the oracle system can tolerate.
The validator network expanded from 15-20 during Black Thursday to 25 by 2025, improving decentralization and resilience [62]. More validators means the median aggregation requires compromising more independent entities to manipulate prices, and provides more redundancy if some validators experience technical difficulties or choose not to update during high gas price periods. The broader validator set also improved data source diversity, reducing risk that manipulation of a few exchanges could influence the aggregated oracle price.
Emergency oracle controls evolved to enable rapid governance response when oracle malfunctions are detected [63]. The Oracle Security Module (OSM) freeze mechanism allows authorized parties to immediately stop oracle price updates when anomalous behavior is detected, preventing potentially manipulated or incorrect prices from triggering liquidations [63]. Standby spells including SingleOsmStopSpell and MultiOsmStopSpell provide pre-deployed contracts governance can execute instantly to freeze individual collateral type oracles or all oracles simultaneously [63].
Integration of multiple oracle providers including Chainlink alongside Chronicle created redundancy where governance can switch oracle sources if one provider shows signs of failure or manipulation [64]. Spark Protocol (then a MakerDAO SubDAO, later designated as the first Sky Star after the September 2024 rebrand) pioneered using Chainlink price feeds in 2023, establishing precedent and infrastructure for multi-oracle approaches [64]. While Sky Protocol's core vaults continue using Chronicle exclusively as of 2026, the technical capability exists to rapidly switch to Chainlink if governance determines it's necessary during a crisis.
Peg Stability Module Development
Black Thursday's DAI peg instability (trading at $1.05-$1.09 premiums) demonstrated the protocol lacked mechanisms to directly defend the $1.00 peg during crises [28]. The Dai Savings Rate and stability fees represented indirect tools that adjusted incentives over days or weeks but couldn't inject instant liquidity when markets needed immediate reassurance that DAI remained fully backed and redeemable [28].
Sam MacPherson proposed the Peg Stability Module (PSM) in November 2020 through MIP29, enabling 1:1 swaps between DAI and USDC with minimal fees [65]. The PSM functions as a direct peg defense mechanism—when DAI trades above $1.00, arbitrageurs can deposit USDC at 1:1 ratio to mint DAI, then sell DAI on exchanges at $1.05 to capture arbitrage profit [65]. This arbitrage immediately increases DAI supply and reduces upward peg pressure, automatically stabilizing price back toward $1.00.
Governance voted overwhelmingly to accelerate PSM launch, with 39,997 MKR voting YES versus 471 MKR against (98% approval) [65]. The PSM launched December 18, 2020, exactly three years after the original protocol launch, establishing the direct peg defense mechanism that would later become central to Sky Protocol's Actively Stabilizing Collateral framework. While not technically part of the liquidation system redesign, the PSM addressed Black Thursday's peg stability failures and would later interact with liquidation dynamics by providing instant USDC liquidity that keepers could use to purchase auction collateral.
The PSM's introduction represented a philosophical shift from pure decentralized collateral (ETH, WBTC) toward accepting centralized stablecoin collateral (USDC) in exchange for improved peg stability and liquidity [66]. Critics worried that relying on USDC backing introduced centralization risks and regulatory capture potential, as Circle (USDC's issuer) could freeze USDC held in the PSM if compelled by regulators. Supporters argued that the peg stability benefits outweighed centralization concerns, and that diversified collateral including both decentralized and centralized assets provided better overall resilience than pure decentralization.
Risk Parameter and Governance Process Evolution
The crisis revealed that MakerDAO's risk parameter management needed substantial improvement to identify dangerous concentrations and stress test systems under extreme conditions [67]. The protocol lacked sophisticated risk modeling that could predict the impact of Black Thursday-magnitude events on liquidation volumes, keeper capacity, and protocol solvency.
Post-crisis, the Risk Domain Team developed more sophisticated analytical frameworks including agent-based modeling of keeper behavior, Monte Carlo simulations of liquidation cascades under various market scenarios, and capital adequacy assessments of Surplus Buffer levels [68]. These tools enabled governance to evaluate proposed parameter changes against stress scenarios rather than relying on intuition or observation of normal conditions that might not reflect extreme tail risks.
The Governance Security Module (GSM) delay—requiring 48 hours between executive vote passage and implementation—was acknowledged as a constraint during rapid crisis response but ultimately maintained for security reasons [43]. Emergency parameter changes required two full days to implement after governance approval, during which market conditions could worsen. Governance discussed mechanisms to bypass GSM delay during emergencies but decided the security benefits (preventing governance attack vectors) outweighed responsiveness costs [43].
Instead of reducing GSM delay, governance developed standby spell infrastructure—pre-deployed contracts implementing common emergency responses that can be executed with minimal delay once triggered [63]. These standby spells for oracle freezing, liquidation circuit breakers, and other emergency actions provide rapid response capability without compromising GSM delay security for general parameter changes. The approach separates emergency powers (which need rapid deployment) from normal governance (which benefits from deliberation periods).
Collateral onboarding processes evolved to include more rigorous risk assessment including oracle reliability during stress, available keeper liquidity for the asset, smart contract risks specific to the collateral token, and correlation with existing collateral that could cause simultaneous failures [67]. The protocol became more selective about collateral types, rejecting assets that posed excessive risk regardless of potential revenue from stability fees.
The Endgame Plan introduced the SubDAO (now called Star) architecture that provides additional organizational structure for managing different risk profiles and collateral types [69]. Grove focuses on Real-World Assets, Spark on DeFi lending markets, and Keel on tokenization—each with specialized governance and risk management appropriate for their domain [69]. This architectural evolution reflected lessons from Black Thursday that a single monolithic protocol handling all collateral types created dangerous concentration risks that Star-based separation could mitigate.
Circuit Breakers and Emergency Powers
Sky Atlas Section A.1.9.3.2.4 defines the Liquidations Circuit Breaker Exception allowing authorized parties to pause liquidations for specific collateral types when oracle prices deviate beyond tolerance thresholds [70]. This emergency power protects against liquidations triggered by oracle malfunctions rather than genuine under-collateralization, preventing a repeat of scenarios where oracle failures cause inappropriate liquidation cascades.
The circuit breaker authority can instantly halt liquidations without requiring governance votes, providing rapid response capability during crisis scenarios [70]. However, extended liquidation pauses create their own risks by allowing genuinely under-collateralized positions to accumulate, potentially creating larger bad debt when liquidations eventually resume. The circuit breaker represents a judgment call governance must make—is the oracle malfunction severe enough that pausing liquidations reduces total risk, or will pausing simply defer and amplify problems?
Emergency standby spells including GroupedClipBreakerSpell and MultiClipBreakerSpell provide pre-deployed smart contracts that governance can execute immediately to pause multiple collateral types simultaneously during systemic crises [71]. These spells underwent security audits and formal verification before deployment, ensuring they function correctly during actual emergencies when testing isn't possible. The pre-deployment approach means governance doesn't need to develop, audit, and deploy new contracts during a crisis when time is critical and mistakes are costly.
The expansion of emergency powers reflects the lesson from Black Thursday that governance response speed critically determines crisis outcomes. The hours between when liquidation failures became apparent and when governance could mobilize emergency parameter changes allowed extensive damage accumulation. By pre-positioning emergency response tools, governance can react within minutes rather than hours or days, potentially preventing small problems from cascading into protocol-threatening crises.
Comparison to Other DeFi Black Swan Events
Black Thursday established the template for understanding DeFi crisis events, but subsequent incidents have revealed additional vulnerability patterns and failure modes beyond those exposed in March 2020.
May 2021 Crypto Market Crash
The May 2021 cryptocurrency market crash saw ETH fall from $4,000 to $1,800 (55% decline) and Bitcoin drop from $58,000 to $30,000 over several days [72]. This represented similar magnitude to Black Thursday but unfolded over a longer timeframe, allowing liquidation systems to process gradually rather than overwhelming capacity simultaneously.
Liquidations 2.0 passed its first major stress test during May 2021, processing billions in liquidations across MakerDAO, Aave, Compound, and other protocols without suffering zero-bid exploits or major auction failures [73]. Keeper participation remained robust despite elevated gas prices, validating that the Dutch auction design and enhanced keeper incentives addressed Black Thursday's failure modes. Gas prices peaked around 500-600 gwei during extreme volatility, exceeding Black Thursday's 200 gwei peaks, but the improved keeper infrastructure and auction mechanisms prevented system breakdowns [73].
The May 2021 crash demonstrated that Liquidations 2.0's design improvements successfully mitigated the specific failures that occurred during Black Thursday—Dutch auctions prevented zero-bid exploits, enhanced keeper incentives ensured participation despite high gas costs, and partial liquidation support enabled keepers with limited capital to participate in large auctions. However, the crash also revealed that extreme gas prices still imposed substantial costs, with some smaller keepers finding participation unprofitable even with the improved incentive structure.
Terra/LUNA Collapse (May 2022)
The Terra/LUNA algorithmic stablecoin collapse in May 2022 represented a fundamentally different crisis type than Black Thursday—an endogenous protocol design failure rather than exogenous market shock [74]. UST's algorithmic peg mechanism depended on arbitrage dynamics that broke down under extreme selling pressure, with LUNA hyperinflation destroying the mechanism's economic foundation. The collapse wiped out approximately $40 billion in market capitalization over days [74].
MakerDAO/Sky Protocol avoided direct exposure to Terra ecosystem despite some community proposals for UST integration that governance had rejected [75]. The decision to reject UST collateral—made partially based on Black Thursday lessons about untested mechanism risks—prevented direct losses but the broader market crash impacted MakerDAO through collateral value declines and reduced DeFi activity.
The Terra collapse reinforced Black Thursday's lesson that stress testing systems under extreme conditions is essential before deploying at scale. Terra's mechanism functioned adequately during normal conditions and moderate stress, but catastrophically failed when tested by crisis-level selling pressure—similar to how MakerDAO's Liquidation 1.0 worked during normal markets but broke during Black Thursday. The collapse also demonstrated that protocol design flaws can create endogenous crises even without external market shocks, expanding the threat model beyond just external black swan events.
March 2023 USDC Depeg
The March 2023 USDC depeg when Circle disclosed $3.3 billion reserves held at failed Silicon Valley Bank created a different crisis type—stable asset collateral suddenly becoming unstable [76]. DAI, which held substantial USDC in its Peg Stability Module, temporarily lost peg stability and traded below $1.00 as markets questioned whether Circle could maintain USDC redemption at $1.00 if Silicon Valley Bank's failure imposed losses [76].
The crisis demonstrated contagion risks between supposedly stable assets—even though MakerDAO's direct exposure to Silicon Valley Bank was zero, the protocol faced peg instability because USDC collateral backing DAI might lose value [76]. Black Thursday had involved volatile collateral (ETH) experiencing price crashes, but March 2023 showed that even stable collateral could suddenly become risky, creating challenges for protocols assuming certain collateral types posed minimal volatility risk.
MakerDAO governance responded rapidly with emergency parameter changes to reduce USDC exposure limits and increase debt ceilings for ETH collateral to facilitate user migration from USDC to ETH-backed positions [77]. The quick governance response reflected institutional knowledge from Black Thursday about the importance of rapid parameter adjustments during crises. The protocol successfully weathered the depeg without suffering major losses, validating improved risk management and governance responsiveness since 2020.
FTX Collapse (November 2022)
The FTX exchange collapse in November 2022 represented a centralized entity failure with limited direct DeFi protocol impact but substantial broader market consequences [78]. FTX's fraud and insolvency wiped out approximately $8 billion in customer funds and triggered sharp cryptocurrency price declines as markets processed the reputational damage to the ecosystem.
MakerDAO again avoided direct exposure through conservative collateral policies that prevented integration with centralized exchange tokens or FTX-related assets [79]. The decision to focus on decentralized collateral (ETH, WBTC) and maintain limited centralized stablecoin exposure reflected Black Thursday lessons about avoiding concentrated dependencies on entities that could catastrophically fail.
The FTX collapse reinforced the importance of risk management and conservative collateral standards—many DeFi protocols and crypto entities that maintained close FTX relationships or held FTT tokens suffered substantial losses, while those maintaining independence survived relatively unscathed. MakerDAO's survival of multiple major crises (Black Thursday, Terra collapse, USDC depeg, FTX collapse) without catastrophic protocol damage validated the post-Black Thursday risk management improvements.
Lessons Across Crises
The pattern across DeFi black swan events since Black Thursday reveals several consistent lessons. First, stress testing under extreme conditions is essential but difficult—systems that work during normal markets can catastrophically fail during crises when tested by scenarios outside design parameters. Second, multiple independent failures often compound into catastrophic outcomes—Black Thursday combined market crash, network congestion, oracle failures, keeper bot monoculture, and auction mechanism vulnerabilities. Third, rapid governance response capability critically determines outcomes—protocols that can implement emergency parameter changes within hours fare better than those requiring days.
Fourth, diversification across multiple dimensions reduces catastrophic risk—diversified collateral types, diversified oracle providers, diversified keeper ecosystems, and diversified governance control all improve resilience. Fifth, conservative parameter calibration trades off capital efficiency for safety margins that matter during tail events—protocols that optimize for maximum utilization during normal conditions tend to suffer most during crises. Sixth, protocol design flaws often only become apparent during extreme stress—features that appear to work during testing and normal operation can reveal catastrophic failure modes when subjected to unprecedented combinations of adverse conditions.
Related Articles
- Liquidations — Comprehensive examination of Sky Protocol's liquidation mechanisms including the Liquidations 2.0 system developed in response to Black Thursday
- Oracles — Analysis of oracle infrastructure, price feed reliability, and the improvements made after oracle failures during Black Thursday
- Keepers — Deep dive into keeper bot operations, incentive structures, and the monoculture risks exposed during Black Thursday
- Sky Vaults — Overview of vault mechanics and collateralization requirements that determine when liquidations trigger
- Sky Protocol — Foundational protocol architecture and governance systems that evolved in response to Black Thursday lessons
Data Freshness
This article was generated on January 11, 2026 using sources accessed on that date.
Permanent Information (unchanged since March 2020) — Black Thursday timeline and events, zero-bid exploitation mechanics, total losses and damage ($8.32 million collateral, $5.67 million bad debt), MKR debt auction outcomes (20,980 MKR minted, Paradigm 68% acquisition), and original Liquidation 1.0 vulnerabilities
Semi-Static Information (updated periodically but relatively stable) — Liquidations 2.0 technical architecture (deployed April 2021), legal settlement amount ($1.16 million, June 2023), governance compensation decision (September 2020), oracle infrastructure improvements (ongoing through 2025), and risk parameter evolution
Historical Context (accurate as of article generation) — Comparisons to subsequent DeFi crises (Terra, FTX, USDC depeg), long-term protocol changes influenced by Black Thursday, current liquidation system performance (2021-2026), and contemporary risk management practices
For current protocol status and ongoing developments:
Sources
- What Really Happened To MakerDAO? - Glassnode
- Evidence of Mempool Manipulation on Black Thursday - Blocknative
- DeFi Status Report Post-Black Thursday - DeFi Pulse
- Black Thursday for MakerDAO: $8.32 million was liquidated for 0 DAI - Medium
- Black Thursday — MakerDAO's multi collateral DAI exploitation - Linum Labs
- Oracle Module | Maker Protocol Technical Docs
- Maker - Keepers documentation
- Liquidation 2.0 Module | Maker Protocol Technical Docs
- The Market Collapse of March 12-13, 2020 - MakerDAO Blog
- DeFi posterchild MakerDAO reflects on $4 Million "Black Thursday" ETH losses - CryptoSlate
- VIX Historical Data March 2020
- Cryptocurrency Market Data March 2020 - CoinMarketCap
- ETH Price History March 2020 - CoinGecko
- Exchange Trading Volumes March 2020 - The Block
- MakerDAO System State March 2020
- Multi-Collateral Dai Launch - MakerDAO Blog
- Maker - Feeds price feed oracles
- Cat - Detailed Documentation (Deprecated)
- Oracle Security Module (OSM) Documentation
- Ethereum Gas Price History March 2020 - EthGasStation
- Performing Liquidations on MakerDAO - Amberdata
- Zero-Bid Winner Address Analysis
- Flipper - Detailed Documentation (Deprecated)
- Mempool Manipulation Enabled Theft of $8M - CoinDesk
- MakerDAO CDPs Liquidation Analysis - Medium
- Empirical Measurements on Pricing Oracles - Crypto Economics Systems
- Crisis at MakerDAO - Modern Consensus
- DAI Price History March 2020 - CoinGecko
- MakerDAO Avoids Shutdown - Finance Magnates
- The MakerDAO Auction Is Happening - Cointelegraph
- GitHub - auction-keeper
- How to Run a Keeper Bot - QuickNode
- For DeFi's Sake, Maker Should Take Blame - CoinDesk
- MakerDAO Debts Grow - CoinDesk
- Paradigm Wins 68% of MKR Token - Finance Magnates
- The Emergency Shutdown Process - Maker Docs
- Crypto Venture Firm Paradigm Leads $5.3 Million Auction - Crypto News
- Paradigm Biggest Winner - Crowdfund Insider
- A Crypto Venture Fund Bought the Most Tokens - Cointelegraph
- MakerDAO's Rebranding to Sky Fuels Decentralization Concerns - BeInCrypto
- MakerDAO Emergency Parameter Changes - Vote Archive
- MakerDAO Takes New Measures - Cointelegraph
- Governance Security Module (GSM) - MakerDAO Blog
- MakerDAO Users Sue Following 'Black Thursday' - Yahoo Finance
- 'Black Thursday' Lawsuit - The Block
- $28M Lawsuit Moves to Arbitration - Nasdaq
- Maker Defendants Win Dismissal - Skadden
- DAOs and Trust - Blockchain Arbitration Society
- Maker Settles for $1.16M - Blockworks
- Settlement Agreement June 2023 - Court Filing
- Maker Votes to Not Compensate - Decrypt
- MakerDAO Users Hosed Won't Get Payouts - CoinDesk
- MIP45: Liquidations 2.0 - GitHub
- MIP45: Liquidations 2.0 - Sky Forum
- ChainSecurity Audit: MakerDAO Liquidations 2.0
- CLIPPER - Detailed Documentation
- Liquidation Penalty and Keeper Incentives
- Executive Vote: Liquidations 2.0 Activations - May 2021
- Auction Keeper Bot Setup Guide
- Oracle Infrastructure Post-Black Thursday
- What is Scribe? - Chronicle Protocol
- State of Chronicle Q1 2025 - Messari
- Sky Atlas A.1.9.5.2.2.1.1 - SingleOsmStopSpell
- Spark Protocol Chainlink Integration - PR Newswire
- Peg Stability Module - MIP29
- Peg Stability Module Documentation
- Risk Parameter Management Evolution
- StableSims: Agent-Based Modeling - arXiv
- Endgame Plan Overview
- Sky Atlas A.1.9.3.2.4 - Liquidations Circuit Breaker
- Sky Atlas A.1.9.5.2.2.2.2 - GroupedClipBreakerSpell
- May 2021 Crypto Market Crash - CoinDesk
- Liquidations 2.0 Stress Test May 2021 - DeFi Analysis
- Terra/LUNA Collapse - CoinDesk
- MakerDAO Avoided Terra Exposure - Forum Discussion
- USDC Depeg March 2023 - The Block
- MakerDAO Emergency Response USDC Depeg - Vote
- FTX Collapse November 2022 - CoinDesk
- MakerDAO Risk Management Post-FTX