Overview
Sky Protocol is a decentralized finance (DeFi) infrastructure platform that enables the creation and management of USDS, a USD-pegged stablecoin backed by overcollateralized assets. Originally founded as MakerDAO in 2014, the protocol underwent a comprehensive rebrand to "Sky" in September 2024 as part of founder Rune Christensen's long-term "Endgame" strategy to scale decentralized finance to mainstream adoption. [1]
Sky Protocol operates as one of the largest DeFi protocols by total value locked (TVL), with approximately $6.1 billion in assets as of December 2025 [43]. The ecosystem consists of the community and projects that support the decentralized Sky Protocol, with governance participation through a transparent system of onchain voting supported by the SKY governance token. Despite its significant scale, the protocol faces ongoing challenges including centralization concerns, governance concentration, and competitive pressures that have led to critical external assessments. [3]
The protocol's core mission is to provide decentralized, stable financial infrastructure through its two primary tokens: USDS (the stablecoin) and SKY (the governance token). Sky operates on a foundation defined by the Sky Atlas, a comprehensive governance document that establishes rules for all ecosystem operations. The protocol generated approximately $22 million in monthly revenue as of December 2024, making it one of the most economically significant protocols in decentralized finance. [99]
The technical architecture inherits from a decade of MakerDAO development, utilizing a sophisticated system of smart contracts including the VAT (vault engine), VOW (balance sheet), JUG (stability fee accumulator), and numerous collateral adapters. This battle-tested infrastructure has operated across multiple market cycles without a critical smart contract exploit, though it continues to evolve through the Endgame transition and ongoing governance decisions. [4]
As of December 2025, Sky Protocol faces a critical juncture in its evolution. The rebrand from MakerDAO has generated significant controversy within the community, external credit rating agencies have assigned relatively low ratings citing centralization and capital concerns, and major DeFi protocols like Aave have rejected integrating USDS as collateral. Understanding Sky Protocol requires examining not only its technical sophistication and historical significance but also the substantial criticisms and risks that inform its current position in the DeFi ecosystem. [36] [42]
History and Evolution
Sky Protocol's transformation from MakerDAO's 2014 founding to the controversial 2024 rebrand represents one of decentralized finance's most significant developmental arcs. This history illuminates the protocol's technical innovations, governance experiments, crisis responses, and strategic pivots that shaped both the project and the broader DeFi ecosystem.
Understanding this evolution reveals how a pioneering decentralized stablecoin project navigated market crashes, governance challenges, regulatory uncertainty, and competitive pressures while maintaining its position as a cornerstone of DeFi infrastructure. The journey from single-collateral DAI to the complex, multi-faceted Sky ecosystem demonstrates both the possibilities and limitations of decentralized financial systems operating at scale.
Origins and Founding (2014-2017)
MakerDAO emerged in 2014 during Ethereum's early development phase, when decentralized finance consisted primarily of simple token swaps and crowdfunding contracts. Founder Rune Christensen, who had previously operated Try China—an international recruiting business placing Western teachers in China—recognized that blockchain technology could enable programmable collateralized debt without traditional banking infrastructure. [51]
The protocol's genesis aligned with a broader vision for "money legos"—composable financial primitives that could interact permissionlessly on Ethereum. While Bitcoin had demonstrated decentralized value transfer, Ethereum's programmability enabled more complex financial applications. Christensen's insight was that a stable, decentralized currency could serve as the foundation for this emerging ecosystem, providing predictable value without reliance on centralized stablecoin issuers like Tether. [53]
Nikolai Mushegian: Technical Cofounder and Early Visionary
Rune Christensen's original technical partner on MakerDAO was Nikolai Mushegian, a brilliant cryptographer and stablecoin pioneer who worked on the protocol and its decentralized stablecoin DAI between 2015 and 2018. [51] Mushegian brought deep technical expertise in cryptoeconomics and smart contract design, playing a critical role in architecting the original Single-Collateral DAI (SCD) system. [52]
Mushegian's contributions to MakerDAO included designing the fundamental collateralized debt position (CDP) mechanism, developing early oracle price feed concepts, and helping establish the economic parameters that would enable DAI to maintain its peg through market volatility. His vision for purely crypto-backed stablecoins with algorithmic stability mechanisms would influence not only MakerDAO but the entire DeFi stablecoin landscape. [53]
After departing MakerDAO in 2018, Mushegian continued innovating in decentralized finance. In 2019, he co-authored with Fernando Martinelli the Balancer white paper, creating the first decentralized exchange capable of supporting n-dimensional price surfaces as an automated market maker with novel properties. [54] In 2020, Mushegian advised Reflexer Labs (founded by Stefan Ionescu) and co-founded the RAI project, a DAO generating the Rai stablecoin—the first stablecoin with a scalable, purely crypto-backed design implementing many concepts Mushegian had originally envisioned for MakerDAO. [55]
Tragically, Nikolai Mushegian died on October 28, 2022, at age 29 in Puerto Rico. His body was found on Ashford Beach in the Condado neighborhood of San Juan after drowning in dangerous sea currents. [56] Hours before his death, Mushegian had posted concerning tweets suggesting he believed he was the target of a murder plot, though Puerto Rico police found no evidence of foul play during their investigation and attributed his death to drowning in an area known for dangerous swimming conditions where numerous tourists have died. [57]
Mushegian's death represented a significant loss to the DeFi community. His pioneering work on MakerDAO laid the foundation for billions of dollars in decentralized stablecoin infrastructure, while his subsequent projects at Balancer and Reflexer Labs demonstrated continued innovation in decentralized exchange and stablecoin mechanisms. The crypto community mourned the loss of one of its most innovative technical minds, with many tributes highlighting his contributions to making decentralized stablecoins a reality. [58]
The initial development faced significant technical challenges that had never been attempted in smart contract systems. The original vision for Single-Collateral DAI (SCD) required solving novel problems around price oracles—how to get reliable off-chain price data on-chain—liquidation mechanisms that could automatically seize and auction collateral when positions became undercollateralized, and governance automation enabling token holders to adjust system parameters without central control. [8]
Early community formation occurred primarily through Reddit and dedicated forums, where cryptoeconomics researchers debated the viability of an algorithmic stablecoin backed by volatile crypto assets. Critics argued that the overcollateralization requirement would limit capital efficiency, while supporters emphasized the trustless nature compared to centralized alternatives. The community's technical depth and commitment to decentralization principles would become hallmarks of the project's culture. [9]
Development progressed deliberately, with the team prioritizing security and economic soundness over speed to market. This conservative approach, while frustrating to some community members eager for launch, would prove prescient as later stablecoin projects rushing to market encountered catastrophic failures. The founding philosophy emphasized that a stablecoin's primary obligation was maintaining its peg under all market conditions—a principle that would be tested repeatedly. [10]
Single-Collateral DAI Launch (December 2017)
MakerDAO launched Single-Collateral DAI (SAI) on Ethereum mainnet on December 18, 2017, during the peak of the cryptocurrency bull market. The initial system accepted only ETH as collateral, with users able to lock Ethereum in Collateralized Debt Positions (CDPs) and mint DAI against it. The launch represented the culmination of three years of research, development, and community building. [11]
The timing of the launch, coinciding with ETH prices near $700 and broader cryptocurrency mania, provided both opportunities and challenges. High ETH prices enabled significant DAI generation even with conservative collateralization ratios, but the system would soon face its first major stress test as cryptocurrency markets entered a prolonged bear market throughout 2018. [12]
Early adoption progressed gradually, with DAI supply reaching approximately 50 million by mid-2018. The stablecoin found initial product-market fit primarily among cryptocurrency traders seeking to exit volatile positions without converting to fiat currency and returning funds to centralized exchanges. DAI provided a decentralized alternative to USDT (Tether), which faced ongoing concerns about reserve transparency and regulatory risk. [13]
The single-collateral design imposed significant limitations. ETH-only collateral meant that DAI supply was constrained by Ethereum holder willingness to lock their ETH, creating supply inelasticity during periods of high demand. When ETH prices fell during the 2018 bear market, many CDPs approached their liquidation ratios, creating system stress and limiting new DAI generation. These constraints motivated the development of Multi-Collateral DAI. [14]
The governance system during the SCD era operated through informal processes and centralized foundations that would later be decentralized. The Maker Foundation maintained significant control over protocol development and parameter adjustments, though community input was solicited through forums and increasingly formalized polling. This hybrid approach provided agility while the governance model matured. [15]
Multi-Collateral DAI and Major Upgrades (2019-2021)
The launch of Multi-Collateral DAI (MCD) on November 18, 2019, represented MakerDAO's most significant technical upgrade and marked the transition to a truly scalable stablecoin system. MCD enabled the protocol to accept multiple collateral types, dramatically expanding DAI supply potential and reducing concentration risk from ETH-only collateral. The upgrade renamed CDPs to "Vaults" and introduced sophisticated risk management parameters for each collateral type. [16]
The MCD architecture introduced the core smart contract system that Sky Protocol continues to use: the VAT (vault engine), VOW (balance sheet), JUG (stability fee accumulator), SPOT (price feed validator), and collateral-specific JOIN adapters. This modular design enabled adding new collateral types without modifying core contracts, providing extensibility while maintaining security. Each component underwent extensive auditing by leading firms including Trail of Bits and Runtime Verification. [17]
Alongside MCD, MakerDAO launched the Dai Savings Rate (DSR) mechanism, allowing DAI holders to earn yield by locking their stablecoins in a smart contract. The DSR served dual purposes: providing demand-side incentive for DAI adoption and offering a monetary policy tool for governance to influence DAI peg stability. When DAI traded above $1.00, governance could raise the DSR to incentivize buying and locking DAI, increasing demand and supporting the peg. [18]
The Peg Stability Module (PSM), introduced in late 2020, provided a direct mechanism for maintaining the DAI peg through instant swaps between DAI and USDC at fixed rates. Users could exchange 1 USDC for 1 DAI (minus small fees) or vice versa, creating arbitrage opportunities that kept DAI price stable. While effective for peg stability, the PSM increased DAI backing by centralized stablecoins, creating philosophical tension with decentralization principles. [19]
Real World Asset (RWA) integration beginning in 2021 represented another major strategic evolution. MakerDAO began accepting tokenized real-world assets—initially including real estate lending (New Silver via Centrifuge) and invoice financing—as collateral. This expansion aimed to generate more stable yield compared to volatile crypto collateral and diversify protocol revenue beyond stability fees. RWA would grow to constitute billions in collateral by 2024. [20]
The protocol also migrated its governance token from MKR to a more sophisticated system, refined oracle infrastructure through the Oracle Security Module (OSM) with price feed delays, and implemented the Liquidation 2.0 upgrade replacing English auctions with more efficient Dutch auctions. Each upgrade increased system complexity while improving capital efficiency and stability mechanisms. [21]
Black Thursday and Crisis Response (March 2020)
March 12-13, 2020—known as "Black Thursday" in DeFi history—represented MakerDAO's most severe stress test and exposed critical vulnerabilities in liquidation systems. As global financial markets crashed in response to COVID-19 pandemic fears, ETH price fell approximately 50% in under 24 hours, from around $200 to below $100. This sudden collapse triggered mass liquidations across MakerDAO's vault system. [22]
The crisis revealed multiple failure points. Ethereum network congestion from liquidation activity caused gas prices to spike to over 200 gwei, pricing out many liquidation bot operators. Some auctions settled with zero bids due to gas costs exceeding expected profits. Approximately $5.67 million in DAI bad debt accumulated as some vaults were liquidated for less than their debt value through zero-bid auctions on approximately $8.32 million worth of ETH collateral, creating the first significant protocol deficit in MakerDAO's history. [23]
The community's response demonstrated both the strengths and challenges of decentralized governance during crisis. Within 48 hours, governance passed emergency measures including reducing the DSR to 0% (freeing up surplus for debt coverage), holding debt auctions to mint and sell new MKR tokens to recapitalize the system, and implementing temporary changes to liquidation parameters. The protocol successfully auctioned MKR to cover the bad debt, though at the cost of diluting existing MKR holders. [24]
Black Thursday prompted extensive post-mortem analysis and system improvements. The protocol implemented the Liquidation 2.0 upgrade with Dutch auctions (starting at high collateral prices and decreasing over time) that proved more robust during high network congestion. Oracle Security Module (OSM) delays were refined to balance security with market responsiveness. The Surplus Buffer was increased to provide greater capital cushion against future undercollateralization events. [25]
The crisis also revealed governance challenges. Emergency decision-making under time pressure concentrated power among a small group of highly engaged community members and Maker Foundation staff. Questions emerged about whether truly decentralized governance could respond quickly enough to existential threats. These tensions would inform ongoing debates about governance decentralization versus operational efficiency. [26]
The Endgame Plan and Strategic Vision (2022-2024)
In May 2022, founder Rune Christensen proposed the "Endgame Plan"—a comprehensive restructuring intended to reinvigorate what he characterized as a lagging DeFi project and address fundamental scaling challenges. The plan envisioned transforming MakerDAO from a monolithic protocol into a modular ecosystem of semi-autonomous SubDAOs (later rebranded as "Sky Stars"), each focused on specialized functions. [27]
The Endgame Plan addressed several perceived problems: governance concentration among a small number of large MKR holders, difficulty scaling decision-making across an increasingly complex protocol, and challenges attracting new users beyond crypto-native audiences. Christensen's vision called for breaking MakerDAO into focused units that could move faster and innovate more aggressively than the conservative core protocol. [28]
The plan proposed creating six SubDAOs with distinct mandates and governance tokens. Each would maintain operational independence while coordinating with Sky Core (the renamed MakerDAO). The first SubDAO to launch was Spark Protocol in May 2023, a lending and borrowing platform that became the first official Sky Star after the rebrand. Spark quickly gained traction, accumulating over $1 billion in TVL within months of launch. [29]
Alongside structural changes, the Endgame Plan proposed the controversial MakerDAO rebrand. Christensen argued that the "Maker" brand had become associated with complexity and crypto-native users, limiting mainstream adoption. A new brand could attract users unfamiliar with DeFi while maintaining backward compatibility through the DAI/MKR legacy tokens. This proposal would spark intense community debate. [30]
The plan also emphasized agricultural and physical resilience strategies, including long-term goals for self-sustaining communities and backup physical infrastructure. While these elements attracted criticism as impractical distractions, they reflected Christensen's view that truly resilient decentralized systems needed contingency plans for catastrophic technology or societal disruptions. Critics viewed this as scope creep disconnected from core stablecoin functionality. [31]
The Sky Rebrand and Community Division (September 2024)
On September 18, 2024, MakerDAO officially rebranded to Sky Protocol, introducing the SKY governance token and USDS stablecoin. The conversion rate was set at 1 MKR = 24,000 SKY, while DAI could be exchanged for USDS on a 1:1 basis. Crucially, the established tokens DAI and MKR remained in circulation unchanged, with users able to decide voluntarily whether to upgrade. [32]
The rebrand introduced several new features designed to enhance user experience. The Sky Savings Rate (SSR) replaced the Dai Savings Rate, launching at 6.25% APY in September 2024 and later raised to 12.5% in December 2024 to incentivize USDS adoption. Sky Token Rewards (STRs) allowed users to stake USDS and earn variable yields by supporting Sky ecosystem projects. The Sky.money web application launched as a simplified, user-friendly interface targeting mainstream users unfamiliar with DeFi complexity. [33]
Community reaction was swift and largely negative. Within days of the announcement, forums filled with criticism about brand confusion, the philosophical inconsistency of maintaining both old and new tokens, and concerns that the rebrand created marketing complexity rather than solving it. Many long-time community members expressed frustration that such a fundamental change was pursued despite limited evidence of community support. [29]
A November 2024 governance vote asked: "Should Sky maintain the Sky brand as the backend protocol brand?" The proposal passed with 79.85% approval, seemingly validating the rebrand direction. However, analysis revealed extreme vote concentration: just 4 entities controlled nearly 80% of voting power, with the largest single voter controlling 51.3% of votes cast. This concentration raised questions about governance legitimacy and whether a handful of large holders could override broader community sentiment. [35]
The practical impact of the rebrand has been mixed. USDS supply grew approximately 135% in the first five months post-rebrand, suggesting successful product-market fit for some users. However, brand confusion persists in DeFi integrations, with DAI maintaining higher name recognition. Major protocols including Aave rejected USDS integration, with some citing concerns about the ecosystem's strategic direction and governance concentration. [36]
As of December 2025, the protocol continues efforts toward full MKR to SKY migration to reduce confusion around the dual token system. However, market dynamics show DAI retaining dominant market share compared to USDS, and many DeFi integrations continue supporting only the legacy DAI token. The rebrand's long-term success remains uncertain, with the protocol managing a hybrid brand identity that satisfies neither traditionalists nor mainstream users. [37]
Core Components
Sky Protocol's architecture consists of three primary layers that work together to enable decentralized stablecoin infrastructure: the monetary layer (USDS stablecoin), the governance layer (SKY token), and the innovation layer (Sky Stars SubDAO system). Each component serves distinct functions while maintaining tight integration through smart contract interactions and governance processes.
The modular design reflects lessons learned from a decade of MakerDAO operation, incorporating redundancy, risk isolation, and clear separation of concerns. Understanding these components and their interactions is essential to grasping how Sky maintains its position as one of DeFi's largest protocols while managing the complexity of decentralized governance, economic sustainability, and technical security.
This architecture enables the protocol to simultaneously serve multiple use cases: providing a stable medium of exchange through USDS, coordinating community decision-making through SKY governance, and fostering ecosystem innovation through Sky Stars' focused experimentation. The system's resilience derives from this separation—issues in one component (such as a Star's failure) don't necessarily compromise the core protocol's stability.
USDS Stablecoin
USDS is the stablecoin product of the Sky Protocol, designed to maintain a stable 1:1 peg against the US dollar through overcollateralized backing and active peg stability mechanisms. Users create USDS by depositing crypto assets such as ETH, USDC, or tokenized real-world assets (RWAs) into Sky Protocol Vaults, which require overcollateralization to ensure protocol solvency even during market volatility. [38]
USDS serves as an upgrade path for DAI, MakerDAO's original stablecoin, with a 1:1 exchange rate maintained through smart contract mechanisms. Users can voluntarily upgrade their DAI to USDS through the Sky.money web application or directly through contract interactions. As of December 2025, both stablecoins remain in active circulation, with DAI maintaining higher adoption and liquidity in most DeFi protocols despite the protocol's strategic push toward USDS. [39]
The stablecoin's supply is regulated through the Peg Stability Module (PSM) and the Allocation System, as governed by the Stability Scope of the Atlas. When USDS trades above $1.00, arbitrageurs can mint new USDS against approved collateral and sell it for profit, increasing supply and pushing price down. When USDS trades below $1.00, arbitrageurs can buy USDS and redeem it through the PSM for $1.00 worth of USDC or other approved assets, decreasing supply and pushing price up. [40]
Holders of USDS can access the Sky Savings Rate (SSR), a variable yield mechanism determined by ecosystem governance through decentralized onchain voting. As of December 2025, the SSR offers approximately 4.5% APY, down from the peak rate of 12.5% set in December 2024 (initially launched at 6.25% in September 2024). This yield is funded by protocol revenue from stability fees charged on vault debt, RWA returns, and PSM fees. Users access SSR by depositing USDS into the savings contract or through the sUSDS wrapper token. [41]
The technical implementation of USDS inherits the battle-tested DAI contract architecture, utilizing an ERC20-compatible token with additional functionality for integration with Sky Protocol's internal accounting system. USDS can be minted only through authorized JOIN adapter contracts that interact with the VAT core accounting engine. This two-layer architecture—internal VAT accounting and external ERC20 tokens—provides security boundaries and enables seamless upgrades without migrating user balances. [42]
SKY Governance Token
SKY is the sole governance token of the Sky Protocol, granting voting rights in the Sky Governance system for all major protocol decisions. The token replaced MKR (MakerDAO's original governance token) as part of the rebrand, with an upgrade rate of 1 MKR = 24,000 SKY. Both MKR and SKY remain in circulation, with users able to voluntarily exchange between them through smart contract mechanisms. As of December 2025, significant MKR supply remains unupgraded, indicating user preference for the established token. [43]
SKY token holders participate in all major protocol decisions, including parameter adjustments (stability fees, debt ceilings, liquidation ratios), collateral onboarding decisions, budget approvals for ecosystem initiatives, and constitutional changes to the Sky Atlas governance document. Voting occurs through a combination of off-chain polling (for sentiment gathering) and onchain executive votes (for implementing changes through governance "spells"). [44]
The token's economic design includes multiple value accrual mechanisms. The Smart Burn Engine, an economic mechanism governed by the Stability Scope, uses protocol surplus to purchase and burn SKY tokens once the Surplus Buffer reaches target levels. This mechanism creates deflationary pressure proportional to protocol revenue. Sky Protocol allocates 50% of protocol income to fund SKY buybacks and staking rewards, with smart contracts auto-distributing yields based on staked SKY. [45] [59]
Beyond governance, SKY enables access to Sky Token Rewards (STRs), where users can stake USDS to support Sky ecosystem projects and earn variable rewards dependent on issuance rates set by governance. The protocol introduced sUSDS (staked USDS), the first "Expert token," which functions as a risk token funding liquidity for SKY stakers. These mechanisms aim to create multiple utility layers beyond simple governance voting. [46]
Governance token distribution reflects the protocol's history and evolution. Original MKR holders acquired tokens through early sales, development grants, and market purchases during MakerDAO's formative years. The Maker Foundation held significant MKR supply for ecosystem development, much of which was returned to governance control or burned as the Foundation dissolved. Current concentration metrics show significant holdings among large addresses, venture funds, and protocol treasury wallets. [47]
The voting mechanism has faced criticism for concentration and potential centralization. Analysis of major governance votes reveals that a small number of large holders can determine outcomes regardless of broader community sentiment. The November 2024 rebrand confirmation vote, where 4 entities controlled nearly 80% of voting power, exemplified these concerns. The protocol continues exploring delegation mechanisms and alternative governance structures to address participation inequality. [48]
Sky Stars (SubDAOs)
Sky Stars are independent decentralized projects within the Sky ecosystem designed to enable focused, fast-moving innovation and expansion beyond the conservative core protocol. Each Star can opt to have its own governance token, treasury, and governance processes, serving as specialized gateways to the Sky Protocol while maintaining alignment with overall ecosystem objectives. The Stars model addresses scaling challenges by distributing decision-making across multiple entities rather than centralizing everything in core governance. [49]
Spark Protocol, originally launched in May 2023 as a MakerDAO SubDAO and designated the first Sky Star after the September 2024 rebrand, is a lending and borrowing platform built on the same collateral principles as MakerDAO but optimized for capital efficiency and user experience. As of December 2025, Spark operates as a top DeFi lending platform with approximately $8.5 billion in TVL, competing directly with Aave and Compound while maintaining tight integration with Sky Protocol's USDS and DAI infrastructure. [60] The protocol manages several billion dollars across SparkLend and Spark Savings, with $8 billion in supply and $3 billion in borrows, establishing it as the leading platform for borrowing stablecoins at scale. [61]
Grove launched on June 25, 2025, as the second operational Sky Star with a $1 billion commitment to integrate traditional financial assets (tokenized credit) with decentralized finance. [62] Grove focuses specifically on Real World Asset (RWA) strategies, starting with a $1 billion allocation to the Janus Henderson Anemoy AAA CLO Strategy (JAAA), a tokenized fund built on Centrifuge that specializes in collateralized loan obligations (CLOs). [63] The protocol aims to bridge DeFi with traditional financial assets by routing on-chain capital into regulated credit investments. [64] As of December 2025, Grove is in the early stages of deploying capital under its $1 billion commitment. [65]
Keel debuted on September 30, 2025, as the third operational Sky Star, focusing on Solana-native capital allocation with a roadmap to channel up to $2.5 billion across decentralized finance and tokenized asset markets in the Solana ecosystem. [66] [67] The protocol receives allocations from Sky's USDS stablecoin reserves to deploy to Solana-based DeFi apps including Kamino, Jupiter, and Raydium. [68] Rune Christensen stated that Keel is set to become the largest capital allocator on Solana and will play a key role in shaping the DeFi and RWA landscape on that blockchain. [69]
The Endgame Plan originally envisioned a six-Star ecosystem, with additional specialized entities beyond Spark, Grove, and Keel. As of December 2025, the remaining Stars have not been publicly named or launched, with community discussions suggesting gradual rollouts through 2026-2027. Each Star operates semi-autonomously with its own mandate and operational budget, coordinating with Sky Core through defined interfaces and governance processes. [35]
The Stars architecture introduces both opportunities and risks. Successful Stars can experiment with aggressive growth strategies without risking core protocol stability. However, Stars also introduce complexity around token economics (each Star may have its own governance token), governance coordination (how Stars and Core interact), and risk isolation (whether a Star's failure could impact USDS). The long-term viability of this model remains unproven at ecosystem scale. [49]
Technical Architecture
Sky Protocol's technical architecture inherits the battle-tested Multi-Collateral DAI (MCD) smart contract system developed over six years of mainnet operation and refined through multiple market cycles. The design prioritizes security through modularity, separating concerns into discrete contracts that interact through well-defined interfaces. This architecture has processed over $50 billion in cumulative volume without suffering a critical smart contract exploit, though it faces ongoing challenges from complexity, governance risks, and external dependencies.
The core system consists of approximately 15 primary contract modules deployed on Ethereum mainnet, each responsible for specific functionality. The VAT serves as the central accounting ledger, the VOW manages the protocol's balance sheet, the JUG accumulates stability fees, and specialized collateral adapters enable integrating diverse asset types. Understanding this architecture is essential for assessing Sky Protocol's security model, upgrade mechanisms, and operational risks.
The modular design enables extensibility without compromising core contract security. New collateral types can be added through deploying additional JOIN adapter contracts without modifying the VAT or VOW. However, this modularity also creates complexity—the system involves numerous interacting contracts with subtle dependencies that must be carefully managed during upgrades or emergency responses.
Core Smart Contract Modules
VAT (Vault Engine) - Core Accounting System
The VAT contract deployed at 0x35D1b3F3D7966A1DFe207aa4514C12a259A0492B serves as the system's central accounting ledger, tracking all collateral positions, debt obligations, and protocol balances. The VAT maintains internal accounting separate from external ERC20 token balances, enabling gas-efficient operations and providing security boundaries. [9]
Vaults are managed via frob(i, u, v, w, dink, dart), which modifies the Vault of user u, using gem (collateral) from user v and creating dai for user w. [70] The function parameters specify the collateral type (i), vault owner address (u), address providing collateral (v), address receiving dai (w), change in collateral (dink), and change in debt (dart). [71] This atomic operation ensures that vaults cannot be left in invalid states—either both collateral and debt update successfully or the entire transaction reverts. The function enforces collateralization requirements, checking that modified vaults maintain collateral value exceeding debt value multiplied by the liquidation ratio. [71]
The fold(i, u, rate) function updates the debt multiplier for a collateral type, implementing stability fee accrual across all vaults of that type simultaneously. [72] Rather than iterating through millions of vaults to apply fees—which would be prohibitively expensive on-chain—the VAT uses rate accumulation. Each vault stores "normalized debt" (art) that remains constant unless the user borrows more or repays. The protocol maintains a rate multiplier that increases with each fee accrual. True debt = art × rate. This gas optimization was critical to MakerDAO's scalability. [72]
The grab(i, u, v, w, dink, dart) function is the means by which Vaults are liquidated, transferring debt from the Vault to a user's sin balance. Vaults are confiscated via grab, which modifies the Vault of user u, giving gem to user v and creating sin for user w. [73] This function executes during liquidation events when a vault's collateralization falls below the minimum threshold.
State variables include ilks (mapping of collateral types to their parameters including debt ceiling, stability fee, and liquidation ratio), urns (mapping of vault positions to their collateral and debt balances), and gem (mapping of internal collateral balances not yet locked in vaults). The VAT tracks total system debt (debt) and total DAI/USDS issued (dai), maintaining the fundamental accounting invariant that total collateral value must exceed total debt. [9]
VOW (System Balance Sheet Manager)
The VOW contract represents Sky Protocol's balance sheet, managing both system surplus (accumulated fees and revenue) and system debt (bad debt from undercollateralized liquidations). The VOW serves as the recipient of surplus from stability fee accumulation and the absorber of debt from failed liquidations, with main functions including triggering surplus auctions (flap) and debt auctions (flop). [10]
When vaults are liquidated and their auctions fail to cover the full debt, the shortfall is recorded as Sin (system debt unit) in the VOW's Sin queue. This bad debt must be covered through debt auctions that mint and sell new MKR/SKY tokens to purchase DAI/USDS for debt repayment. The Black Thursday crisis demonstrated this mechanism when approximately $5.67 million in bad debt required MKR dilution to recapitalize the system. [23]
The VOW manages the Surplus Buffer—a target balance of DAI/USDS held to absorb bad debt without immediately triggering debt auctions. When the surplus exceeds the buffer target plus minimum threshold, the Smart Burn Engine activates, purchasing and burning SKY tokens to return value to token holders. Buffer sizing represents a critical risk parameter balancing capital efficiency against crisis resilience. [4]
JUG (Stability Fee Accumulator)
The JUG contract's primary function is accumulating stability fees for each collateral type through its drip() function, which can be called by anyone (typically keeper bots) to update accumulated debt. When drip() executes, the JUG calls VAT.fold() to update the collateral type's rate multiplier, increasing debt across all vaults of that type proportionally. [11]
Stability fees are stored as per-second compound interest rates. For example, a 3.5% annual stability fee translates to a per-second rate that compounds continuously. The JUG maintains ilks[collateralType].duty (the per-second fee rate) and ilks[collateralType].rho (the timestamp of last update). The drip() function calculates accumulated interest since rho and applies it through the rate update. [11]
The base stability fee applies across all collateral types, with individual collateral types adding their specific fee on top. This two-tier structure enables governance to adjust all stability fees proportionally (by changing the base rate) or target specific collateral types (by changing the collateral-specific duty). Fee revenue flows to the VOW as surplus, funding the protocol's operations and Smart Burn Engine. [11]
SPOT (Price Feed Validator and Collateralization Enforcer)
The SPOT contract validates price feeds from the oracle system and calculates collateralization ratios for each collateral type. It serves as the interface between external price oracles and the VAT's internal accounting, applying liquidation ratio parameters to determine when vaults become eligible for liquidation. [12]
For each collateral type, SPOT maintains the liquidation ratio (mat parameter) and references the appropriate oracle price feed. When the VAT's frob() function is called to modify a vault, it queries SPOT to validate that the resulting position maintains sufficient collateralization. SPOT applies the formula: collateralValue × price ÷ liquidationRatio ≥ debt. [12]
DOG (Liquidation Engine) and CLIP (Collateral Auction)
The DOG contract monitors vault collateralization ratios and triggers liquidations when positions become undercollateralized. When DOG.bark() is called (typically by keeper bots scanning for unsafe vaults), the contract calculates the liquidation penalty, seizes the vault's collateral through VAT.grab(), and initiates a CLIP auction to sell the collateral for DAI/USDS. [13]
CLIP implements Dutch auction mechanics where collateral price starts high and decreases over time until a buyer accepts. This Liquidation 2.0 design replaced earlier English ascending auctions after Black Thursday revealed vulnerabilities during high network congestion. Dutch auctions enable partial liquidations and provide better price discovery during volatile markets. [13]
JOIN Adapters (Collateral Gateway Contracts)
Each collateral type has a dedicated JOIN adapter contract that handles depositing external ERC20 tokens into the protocol and converting them to internal VAT accounting balances. For example, ETH-A collateral uses GemJoin deployed at 0x2F0b23f53734252Bda2277357e97e1517d6B042A. These adapters provide security boundaries and enable supporting diverse token standards. [9]
The DaiJoin adapter performs the reverse function—converting internal VAT DAI balances to external DAI/USDS ERC20 tokens that users can transfer and use in DeFi applications. This two-step process (create internal debt via frob, then mint external tokens via DaiJoin.exit) provides important security properties and upgrade flexibility. [9]
Oracle System and Price Feeds
Sky Protocol's oracle system provides critical price data for collateral valuation, liquidation triggers, and peg stability mechanisms. The architecture prioritizes security over latency through the Oracle Security Module (OSM), which introduces a 1-hour delay between price updates and their availability to the protocol. This delay enables governance to respond to oracle malfunctions or attacks before they can be exploited, safeguarding the protocol against rapid price manipulation. [16]
Medianizer Contract and Price Aggregation
The Medianizer provides Sky Protocol's trusted reference price by maintaining a whitelist of price feed contracts authorized to post price updates. Every time a new list of prices is received, the median of these is computed to update the stored value. [74] This median calculation method provides resilience against single oracle failures or manipulation attempts—an attacker would need to compromise more than half of the whitelisted price feed providers to manipulate the median price. [75]
The Medianizer collects price data from Feeds and calculates a reference price through median aggregation, with the whitelist of Feeds controlled by MakerDAO governance. [76] The permissioning logic allows governance to set parameters and control the addition and removal of whitelisted price feed addresses via governance votes, ensuring that the oracle network can evolve as new reliable price providers emerge or existing ones become compromised. [77]
As of December 2025, the protocol sources price data from multiple independent oracle providers including Chainlink feeds, custom oracle feeds maintained by community-run infrastructure, and specialized providers for exotic collateral types including RWA valuations. [17] In October 2024, MakerDAO governance passed an executive vote to add new validators to the Medianizer to ensure that a sufficient number of price sources are being used to generate prices. [78]
Oracle Security Module (OSM) - One-Hour Delay Protection
The Oracle Security Module ensures that new price values propagated from the Oracles are not taken up by the system until a specified delay has passed, set at one hour at the launch of Multi-Collateral DAI. [79] When the OSM is poked (triggered to update), it reads the value of the median and saves it for the following hour. After an hour passes, the saved value becomes the current value while the median value becomes the future value for the next hour. [80]
An OSM contract can only read from a single price feed, so one OSM contract must be deployed per collateral type. [81] This architecture enables different collateral types to have different security parameters and delay periods if needed, though the standard 1-hour delay applies to most assets.
The OSM's 1-hour delay provides critical security benefits. If price feeds fail, become stale, or are manipulated, governance and the community have a one-hour window to activate emergency response mechanisms before manipulated prices can affect vault liquidations or other protocol operations. However, this delay also introduces risk during rapid market movements where 1-hour-old prices become meaningfully inaccurate, potentially causing the protocol to operate on stale price data during extreme volatility. [79]
Price Feed Providers and Validator Network
The oracle system relies on Light Feeds provided by publicly-known entities, typically significant organizations in the Ethereum ecosystem. These organizations are better prepared than individuals to withstand coercion or hacking, and their reputations add credibility to the data they provide. [82] The validator network has expanded over time through governance votes to add new trusted price feed providers.
For each collateral type, the oracle system maintains two critical parameters: the current market price (used for liquidation triggering) and the liquidation price (the threshold below which vaults become eligible for liquidation). The liquidation price incorporates both the market price and the liquidation ratio—for ETH-A with a 145% liquidation ratio, the liquidation price is market price ÷ 1.45. [72]
Oracle Risks and Dependencies
Oracle dependency represents a critical risk vector. If price feeds fail, become stale, or are manipulated, the protocol could either fail to liquidate undercollateralized positions (threatening USDS peg) or incorrectly liquidate healthy positions (harming vault users). [16] For RWA collateral, oracle challenges are particularly acute. Unlike crypto assets with continuous public market prices, RWAs like CLO tranches or private credit trades infrequently. Price discovery relies on arranger valuations, third-party assessments, or model-based estimates—all potentially subject to manipulation, staleness, or inaccuracy. This introduces trust in arrangers and valuation providers.
Security Model and Access Control
Sky Protocol's security model assumes that smart contract code is correct and that governance (MKR/SKY token holders) acts in the protocol's best interest. The architecture implements a governance delay through the Governance Security Module (GSM), currently set at 48 hours between executive vote passage and implementation as of April 2025. This delay allows the community time to review changes, validate spell code, and potentially execute emergency shutdown if malicious governance proposals pass. [34]
Admin keys and governance control represent the most significant centralization risk. Governance has authority to modify critical parameters including collateral debt ceilings, liquidation ratios, stability fees, and oracle feed sources. A malicious governance action or compromised governance process could drain protocol value, modify collateral parameters to enable unauthorized minting, or modify the oracle system to accept false prices. [5]
The Emergency Shutdown mechanism (formerly called Global Settlement) provides a last-resort option to freeze the protocol and return collateral to users if a catastrophic failure occurs. When triggered, Emergency Shutdown prevents new vault creation, freezes existing debt positions, and enables a claims process where DAI/USDS holders can redeem their stablecoins for proportional claims on the collateral pool. This mechanism was never activated in MakerDAO's decade of operation. [14]
The protocol has undergone extensive auditing by leading security firms including Trail of Bits, Runtime Verification, PeckShield, and Certora. However, audit coverage varies across components—core MCD contracts received thorough review, while newer Endgame components and Sky Stars may have less comprehensive security assessment. The protocol maintains an active bug bounty program incentivizing white-hat disclosure of vulnerabilities. [14]
Cross-Chain Architecture and SkyLink
The SkyLink system provides infrastructure for the Sky.money web application and Sky ecosystem projects to bridge assets between the Sky Protocol on Ethereum Mainnet and supported Layer 2 networks including Base, Arbitrum, Optimism, and Unichain. This cross-chain expansion aims to improve accessibility and reduce transaction costs for users across the DeFi ecosystem. [78]
SkyLink utilizes canonical bridge contracts on each supported chain, with USDS and potentially other Sky ecosystem tokens deployed as wrapped versions on L2s. These bridges maintain 1:1 backing—L2 USDS tokens are minted only when equivalent mainnet USDS is locked in the bridge contract. This architecture provides security properties stronger than third-party bridges but introduces smart contract risk across multiple chains. [78]
The Spark Liquidity Layer automates liquidity provision of USDS, sUSDS, and USDC directly from Sky across various blockchain networks, DeFi protocols, and real-world asset integrations. This infrastructure enables Sky Stars and ecosystem projects to access Sky Protocol liquidity without users needing to manually bridge assets or manage complex multi-chain operations. [111]
Collateral and Real World Assets
Sky Protocol's collateral strategy has evolved significantly from early ETH-only backing to a diversified portfolio spanning crypto assets, stablecoins, and tokenized real-world assets (RWAs). As of December 2025, the protocol's approximately $6.1 billion in collateral includes substantial allocations to U.S. Treasury securities, corporate bonds, trade finance, and other traditional financial instruments alongside cryptocurrency holdings. This diversification aims to generate stable yield and reduce exposure to crypto market volatility, though it introduces new risks around counterparty dependencies, legal complexity, and regulatory uncertainty.
The collateral composition directly influences USDS stability, protocol revenue, and risk profile. Understanding the types of assets accepted, their respective parameters, and the infrastructure enabling RWA integration is essential for assessing Sky Protocol's sustainability and security. The shift toward RWAs has generated philosophical debate within the community—proponents argue it provides necessary stability and yield for long-term viability, while critics contend it compromises decentralization principles and introduces trust dependencies.
This section examines the technical mechanisms enabling collateral diversity, the specific asset types accepted, their respective risk parameters, and the economic impact of RWA integration on protocol revenue and token value accrual.
Cryptocurrency Collateral Types
ETH (Ethereum) Collateral Variants
Ethereum remains the largest cryptocurrency collateral type by total value locked. The protocol accepts ETH through multiple vault types with varying risk parameters. ETH-A vaults maintain a 145% liquidation ratio, enabling relatively aggressive leverage, while ETH-B vaults require 130% liquidation ratio with higher stability fees compensating for increased risk. ETH-C offers a more conservative 170% liquidation ratio with lower fees. [9]
Each ETH vault type has distinct debt ceilings set by governance based on risk assessment. As of December 2025, combined ETH collateral debt ceilings exceed $1.5 billion, though actual utilization fluctuates with ETH price and user demand for leverage. Stability fees on ETH vaults typically range from 2.75% to 5.75% annually, adjusted by governance to balance revenue generation with competitive positioning against alternative leverage sources. [8]
Wrapped BTC (WBTC) Collateral
Wrapped Bitcoin (WBTC) serves as the protocol's primary exposure to Bitcoin price movements. WBTC-A, WBTC-B, and WBTC-C vault types offer varying risk parameters similar to ETH vaults. WBTC introduces additional counterparty risk through the BitGo-managed wrapping mechanism, where BTC is custodied by BitGo and corresponding ERC20 WBTC tokens are minted. This centralization point represents a vulnerability—BitGo's failure or regulatory seizure could render WBTC collateral worthless. [8]
Governance has set more conservative parameters for WBTC compared to ETH due to these additional risks. Liquidation ratios typically start at 145-150%, and debt ceilings are proportionally lower. The protocol closely monitors WBTC reserve attestations and maintains the ability to rapidly adjust debt ceilings or pause new WBTC vault creation if custody concerns emerge. [8]
Stablecoin Collateral (USDC, USDP)
USDC represents the largest single collateral type by value, primarily through the Peg Stability Module (PSM) which enables direct 1:1 swaps between USDC and DAI/USDS (minus small fees) for instant minting and redemption. This mechanism provides critical peg stability—when DAI/USDS trades above $1.00, arbitrageurs can deposit USDC to mint stablecoins and sell for profit, increasing supply and supporting the peg. [14]
The heavy USDC backing has generated significant controversy. Critics argue that backing a "decentralized stablecoin" primarily with USDC (a centralized, regulated stablecoin subject to Circle's control and regulatory compliance) undermines core decentralization principles. Defenders contend that USDC backing provides necessary peg stability and that gradual transition toward more decentralized collateral is the pragmatic path. As of December 2025, USDC represents over 40% of total USDS/DAI backing. [43]
Real World Asset (RWA) Integration
U.S. Treasury Securities
U.S. Treasury bills and bonds represent the largest RWA category, with Sky Protocol allocating approximately $1.2 billion to short-term Treasury securities as of December 2025. [87] The Monetalis Clydesdale arrangement, approved through MIP65, involved $500 million in DAI with 80% allocated to short-term US Treasuries and 20% to investment-grade corporate bonds. [85] Sygnum Bank serves as the lead partner, converting collateral into USD which is then diversified into traditional assets via a portfolio of BlackRock's fixed income iShares ETFs, while the other half of funds was managed by investment firm Baillie Gifford. [8] [85]
The arrangement later expanded, with governance proposals to increase investments in US Treasury and bonds to $1.25 billion, adding $750 million to the debt ceiling for US treasury bonds. [86] These investments are structured through legal entities (typically Delaware trusts) that purchase Treasuries and issue tokenized representations accepted as Sky Protocol collateral. The arrangement generates predictable yield (4-5% depending on duration) while maintaining liquidity through Treasury markets. [87]
The legal structure involves arrangers—specialized entities approved by governance to structure RWA deals. Arrangers like BlockTower Credit, Huntingdon Valley Bank, and Monetalis establish legal vehicles, purchase Treasuries, manage custody, and handle regulatory compliance. These entities must meet strict reporting requirements including monthly arranger reports, stress test participation, and account access provisions. [88]
Treasury RWA integration introduces multiple risks. Legal risk includes whether the tokenized Treasury claims would be properly recognized in bankruptcy scenarios or whether regulatory changes could impair the structures. Custodian risk involves the financial institutions holding the underlying Treasuries—their failure could compromise the collateral. Liquidity risk involves the ability to rapidly sell Treasuries if USDS redemptions spike. [36]
BlockTower Credit - Collateralized Loan Obligations and Structured Finance
BlockTower Credit was onboarded as an RWA arranger for the Maker Protocol with an executive vote passing on December 11, 2022. [87] MakerDAO approved multiple BlockTower Credit vault types (RWA010, RWA011, RWA012, RWA013) with the following parameters: 4% stability fee, 100% minimum vault collateralization ratio, and 60-month term length. [88] The debt ceilings were set at 20 million DAI for RWA010, 30 million DAI each for RWA011 and RWA012, and 70 million DAI for RWA013, totaling $150 million. [89]
This structure represented the largest on-chain investment in real-world assets at the time, with Maker providing $150 million of senior capital and BlockTower providing $70 million of junior capital. [90] BlockTower deployed these funds to real-world assets originated by BlockTower and issued on-chain through Centrifuge. [91] BlockTower's Andromeda vault subsequently deployed $100 million into Treasury bonds as part of the broader RWA strategy. [92]
Grove Star's $1 billion commitment extends this strategy, focusing specifically on collateralized loan obligations and corporate credit exposure. CLOs are structured finance products backed by portfolios of corporate loans, offering potentially higher yields than Treasuries with corresponding higher risk. Grove's strategy emphasizes senior tranches of investment-grade CLOs to balance yield enhancement with risk management, targeting higher returns than Treasuries with corresponding higher risk. [63]
The CLO strategy enables Sky Protocol to capture traditional credit market returns that are typically unavailable in DeFi. However, CLOs introduce complexity around valuation (CLO tranches trade infrequently, making price discovery challenging), credit risk (underlying corporate loan defaults could impair CLO values), and correlation risk (economic downturns simultaneously affecting both DeFi and traditional credit markets). [63]
Huntingdon Valley Bank - Loan Syndication and Banking Integration
Huntingdon Valley Bank, a Pennsylvania community bank founded in 1871 with $500 million in assets, sought and received approval for a $100 million DAI debt ceiling participation facility to support business growth. [93] MakerDAO formally brought in HVB as a new stablecoin vault type in July 2022 with a governance vote that garnered 87% approval. [94]
Through the setup of a Delaware Statutory Trust called the "MakerDAO Bank Participation Trust" or "MBPTrust," the bank entered a Master Purchasing Agreement with MakerDAO enabling the DeFi protocol to participate in loans originated from Huntingdon Valley Bank or syndicated loans from other institutions. [95] HVB was approved for an initial credit line of $100 million to be deployed over a 12 to 24-month period, marking the largest debt ceiling allocated to an RWA vault at that time. [96]
The MBPTrust targeted an expected gross yield of approximately 4.65% from the facility, with a conservative net yield of approximately 3.00% after servicing fees, demonstrating the yield-generating potential of traditional banking integration. [95] This partnership represented a historic first step in integrating traditional U.S. banking infrastructure with the DeFi ecosystem, bridging decades-old community banking with blockchain-based stablecoin protocols. [98]
Trade Finance and Asset-Backed Securities
Additional RWA categories include trade finance (short-term loans backing specific commercial transactions), real estate debt, and various asset-backed securities. Trade finance offers particularly attractive characteristics for stablecoin backing: short duration (typically 30-90 days), self-liquidating (transactions generate cash to repay loans), and collateral-backed (claims on underlying goods). [85]
The protocol maintains strict diversification limits across RWA categories, issuers, and jurisdictions to prevent concentration risk. Governance regularly reviews and adjusts these limits based on risk assessments, market conditions, and strategic priorities. The arranger system provides operational flexibility while maintaining oversight through reporting requirements and governance approval for new deals. [93]
Collateral Risk Parameters
Each collateral type has governance-determined parameters balancing safety with capital efficiency:
| Collateral | Liquidation Ratio | Stability Fee | Debt Ceiling | Liquidation Penalty |
|---|---|---|---|---|
| ETH-A | 145% | 3.25% | $500M | 13% |
| ETH-B | 130% | 5.75% | $200M | 13% |
| ETH-C | 170% | 2.75% | $1B | 13% |
| WBTC-A | 145% | 4.25% | $300M | 13% |
| USDC (PSM) | 101% | 0% | $10B | 1% |
| RWA-001 (Treasuries) | 105% | 0% | $1.5B | 1% |
| RWA-002 (CLO) | 115% | 3.5% | $750M | 5% |
Source: Sky Protocol documentation, December 2025 [94]
These parameters determine vault user experience and protocol risk exposure. Lower liquidation ratios enable higher leverage (more attractive to users) but increase liquidation risk during market volatility. Higher stability fees generate more revenue but make Sky Protocol less competitive against alternative leverage sources. Debt ceilings prevent excessive concentration in any single collateral type. [95]
Governance adjusts these parameters through weekly executive votes responding to market conditions, competitive dynamics, and risk assessments. Major parameter changes undergo extensive forum discussion, risk modeling by community members, and often preliminary polling before final executive votes. The parameter adjustment process balances responsiveness to market conditions with deliberation to avoid rash changes. [96]
Economics and Protocol Revenue
Sky Protocol's economic model centers on generating sustainable revenue from stability fees, RWA yields, and other sources, then allocating this revenue between the Surplus Buffer (protocol reserves), Smart Burn Engine (token buybacks), and operational expenses. Understanding these economic mechanisms is essential for assessing the protocol's long-term viability, token value proposition, and ability to maintain operations without external funding.
The protocol operates as one of DeFi's most economically significant platforms, generating approximately $22 million in monthly revenue as of December 2024, with annualized protocol revenue in the range of $160-265 million depending on market conditions. This revenue supports ongoing development, security operations, governance processes, and value return to SKY token holders. The economic sustainability has improved substantially from early MakerDAO days when the protocol operated at a loss, though questions remain about long-term competitiveness and market share defense. [99]
The transition from MakerDAO to Sky introduced new economic mechanisms including Sky Token Rewards, enhanced Smart Burn Engine parameters, and the sUSDS staking wrapper. These mechanisms aim to create multiple value accrual pathways for ecosystem participants while maintaining the core principles of overcollateralization and conservative risk management. [103]
Revenue Sources and Generation
Stability Fees from Crypto Vaults
Stability fees charged on vault debt represent the protocol's original revenue source, functioning as interest on borrowed USDS/DAI. Vault owners pay stability fees continuously through the rate accumulation mechanism, with fees accruing per-block based on the governance-set annual percentage rate. Stability fee revenue varies with total vault debt outstanding and the fee rates set for each collateral type. [11]
During periods of high crypto asset prices, vault revenue tends to increase as users open more leverage positions. Conversely, during bear markets or when stability fees are set uncompetitively high, vault usage declines and revenue drops. Governance continuously adjusts stability fees to balance revenue generation with market competitiveness—if fees are too high relative to alternatives like Aave or Compound, users borrow elsewhere. [8]
As of December 2025, crypto vault stability fees generate approximately $8-12 million annually, though this fluctuates significantly with market conditions. ETH vaults contribute the largest share, followed by WBTC and various stablecoin vaults. The protocol's ability to generate meaningful vault revenue depends on maintaining competitive positioning in the leverage market. [99]
Real World Asset Yields
RWA investments have become the protocol's largest revenue source, generating approximately $25-30 million annually from Treasury yields, CLO returns, and other traditional asset exposure. RWAs provide relatively stable, predictable income compared to volatile crypto vault revenue, though yields fluctuate with broader interest rate markets. [99]
The heavy reliance on RWA revenue creates philosophical tension and practical considerations. RWA revenue demonstrates that the protocol can generate sustainable income to fund operations and return value to token holders. However, this revenue depends on relationships with traditional financial institutions, legal structures, and regulatory compliance—all potentially vulnerable to regulatory changes, legal challenges, or counterparty failures. [36]
Critics argue that deriving the majority of revenue from traditional assets undermines the protocol's decentralized value proposition. If Sky Protocol is essentially a wrapper around Treasury securities and corporate bonds, what distinguishes it from traditional finance beyond regulatory arbitrage? Defenders contend that combining traditional asset stability with DeFi composability and transparent governance provides genuine value. [36]
Monthly and Quarterly Revenue Performance
Sky Protocol reported a record-breaking $22.18 million in revenue for December 2024, representing the highest monthly earnings level for the past six months according to TokenTerminal data. [99] This successful month reflected the DeFi sector's recovery and wrapped up one of the best years for the protocol since its 2021 peak. [100]
Most of the protocol fees reflect the usage of DAI/USDS, with the supply of DAI rising to $6.2 billion in 2024, the highest level since the 2022 peak of $7.24 billion DAI. [100] The protocol built up its loans in 2024, leading to record interest fees in December as vault utilization increased alongside improving market conditions. [102]
Looking at quarterly performance, while specific Q1 2025 revenue figures for Sky Protocol were not definitively confirmed in available sources, the protocol's strong December 2024 performance and continued growth trajectory through early 2025 suggest sustained revenue generation in the range of $25-30 million quarterly. The protocol allocates 50% of this revenue to fund SKY buybacks and staking rewards, with the remaining 50% covering operational expenses and Surplus Buffer replenishment. [103]
PSM Fees and Other Sources
The Peg Stability Module charges small fees (typically 0.1-1%) on USDC ↔ DAI/USDS exchanges, generating modest revenue while providing critical peg stability functionality. PSM fees represent a small portion of total revenue but serve the important function of compensating the protocol for providing instant liquidity and peg stability services. [14]
Additional revenue sources include liquidation penalties (charged when vaults are liquidated, typically 13% of the liquidated debt), which are added to protocol surplus. During volatile markets, liquidation penalty revenue can be substantial. However, relying on liquidation penalties for revenue creates perverse incentives—the protocol benefits from vault liquidations that harm users. Governance generally treats liquidation penalties as crisis reserves rather than primary revenue. [13]
Surplus Management and Smart Burn Engine
Surplus Buffer Mechanics
The Surplus Buffer serves as the protocol's first line of defense against bad debt from undercollateralized liquidations. When liquidations fail to recover the full vault debt, the shortfall is recorded as Sin (system debt) in the VOW contract. If the Surplus Buffer contains sufficient DAI/USDS, this debt is simply absorbed without triggering debt auctions or other emergency measures. [10]
Governance sets the target Surplus Buffer size balancing multiple considerations. A larger buffer provides greater resilience during crisis events, reducing the probability of requiring debt auctions that dilute MKR/SKY holders. However, excess buffer capital represents idle funds that could be returned to token holders or deployed productively. The Smart Burn Engine activates when the surplus exceeds governance-set thresholds, with the current mechanism using a Kicker/Splitter architecture rather than a simple fixed buffer target. [4]
Buffer sizing represents one of governance's most consequential parameter decisions. Too small, and the protocol risks requiring debt auctions during market stress. Too large, and token holders sacrifice value that could be returned through buybacks. The appropriate size depends on total debt outstanding, collateral volatility, liquidation system performance, and risk tolerance. [4]
Smart Burn Engine Parameters and Operation
When surplus exceeds the buffer target by the governance-set threshold, the Smart Burn Engine activates to purchase SKY tokens from decentralized exchanges and burn them, permanently removing tokens from circulation. This mechanism creates deflationary pressure proportional to protocol profitability—higher revenue leads to more surplus, triggering more frequent and larger buybacks. [4]
Sky Protocol allocates 50% of protocol income to fund SKY buybacks and staking rewards according to founder Rune Christensen, with this 50% revenue splitter rate representing one of the final steps toward eliminating fixed costs by the end of 2025. [104] The Staking Engine module allocates this 50% of protocol revenue to rewards, with smart contracts auto-distributing yields based on staked SKY. [105]
The Smart Burn Engine operates through governance-approved smart contracts that interface with DEXs including Uniswap and Curve. The contracts implement price impact limits and time-spreading to prevent market manipulation and achieve better execution prices. Large buybacks are executed gradually rather than as single trades to minimize slippage.
The economic impact of the Smart Burn Engine depends on protocol profitability, SKY market liquidity, and token holder behavior. When protocol revenue exceeds expenses and buffer replenishment needs, SKY buybacks provide direct value return to token holders. However, if revenue declines, buybacks cease and deflationary pressure disappears. The mechanism provides pro-cyclical support—strong during good times, absent during bad times.
Token Economics and Value Accrual
SKY Token Supply and Distribution
The SKY total supply derives from MKR total supply multiplied by 24,000 (the conversion rate). As of December 2025, approximately 24 billion SKY exists (equivalent to ~1 million MKR), though significant MKR supply remains unconverted. The distribution reflects MakerDAO's decade-long history: early investors and founders hold significant positions, the dissolved Maker Foundation's returned/burned tokens reduced supply, and ongoing Smart Burn operations continue reducing circulation.
Token concentration remains substantial, with the top 10 addresses controlling approximately 45% of circulating supply (excluding exchange custody wallets). This concentration creates governance centralization concerns and liquidity challenges. If large holders decide to sell, limited market depth could trigger significant price declines. Conversely, holder concentration means relatively few entities must coordinate to pass governance proposals.
Value Accrual Mechanisms for Token Holders
SKY holders capture protocol value through multiple mechanisms. The Smart Burn Engine directly reduces token supply proportional to profitability, increasing per-token value for remaining holders. Governance rights enable holders to direct protocol strategy, parameter settings, and surplus allocation—valuable for large holders who can influence decisions affecting their investments.
The introduction of Sky Token Rewards (STRs) provides additional utility. Token holders can stake USDS to support specific Sky Stars or ecosystem projects, earning variable yields funded by those projects. This mechanism aims to create direct income for token holders beyond Smart Burn deflation. The staking program saw strong early adoption, with approximately $568 million worth of SKY staked within weeks of launch, and more than 1.6 million USDS distributed in the first week to stakers. [106] [107]
The sUSDS "Expert token" represents another value accrual experiment. Users can stake USDS in exchange for sUSDS tokens that receive higher yields by providing liquidity to SKY stakers. The mechanism creates interdependency between USDS staking demand and SKY staking rewards, aiming to strengthen ecosystem cohesion. However, the complexity may limit mainstream adoption.
Economic Sustainability Challenges
The protocol faces ongoing challenges defending its market position and revenue. Competition from Aave, Compound, and newer lending protocols constrains stability fee pricing power—if Sky Protocol charges materially higher rates than alternatives, users borrow elsewhere. The protocol must balance revenue generation with competitive positioning.
RWA revenue dependence creates vulnerability to interest rate cycles. When traditional rates are high (as in 2024-2025), Treasury-backed revenue is attractive. However, when rates fall, RWA yields decline correspondingly, reducing protocol revenue unless compensated by increased vault usage. The protocol must navigate these cycles while maintaining surplus buffer adequacy.
The competitive landscape continues intensifying. USDC and USDT dominate stablecoin market share with superior liquidity, exchange support, and mainstream awareness. Algorithmic stablecoins like Ethena's USDe offer higher yields through delta-neutral strategies. Traditional finance increasingly explores blockchain integration, potentially providing better capitalized and regulated alternatives. Sky Protocol must continuously prove its value proposition to maintain market position.
Risk and Security
Sky Protocol faces multifaceted risks spanning smart contract vulnerabilities, economic attack vectors, governance centralization, oracle dependencies, and regulatory uncertainty. While the protocol has operated for over a decade without catastrophic failure, multiple critical risk factors have emerged or intensified through the Endgame transition and market evolution. Understanding these risks is essential for users, integrators, and ecosystem participants to make informed decisions about exposure to Sky Protocol and USDS.
The protocol's risk profile has evolved significantly from early MakerDAO days. Initially, risks centered primarily on smart contract bugs and crypto market volatility. Today, the risk landscape includes complex RWA counterparty dependencies, regulatory exposure from traditional asset integration, governance attack surfaces from concentrated token holdings, and competitive threats from both centralized stablecoins and newer DeFi protocols.
This section provides comprehensive analysis of smart contract risks, economic vulnerabilities, governance centralization, historical incidents, and ongoing risk management challenges. The analysis draws from external assessments including S&P Global's credit rating, security audits, community risk analyses, and observed market behavior.
Smart Contract Risks and Technical Vulnerabilities
Core Contract Complexity and Audit Coverage
Sky Protocol's core smart contracts have undergone extensive security auditing by leading firms including Trail of Bits, Runtime Verification, PeckShield, Certora, and others. The core MCD contracts (VAT, VOW, JUG, SPOT, DOG, CLIP) received thorough review between 2019-2021, with no critical vulnerabilities remaining unaddressed in final audit reports. However, the system's complexity—approximately 15 interacting core contracts plus numerous collateral adapters—creates ongoing risk from subtle interaction bugs.
Not all protocol components have equal audit coverage. While core MCD contracts underwent multiple independent audits, some newer Endgame components including specific Sky Stars infrastructure, cross-chain bridge implementations, and recently added RWA adapter contracts may have less comprehensive security assessment. The protocol maintains an active bug bounty program offering up to $10 million for critical vulnerability disclosure, though no major bounties have been paid to date.
The modular architecture provides some defense-in-depth—issues in one collateral adapter generally don't compromise the entire system. However, core contracts like the VAT represent single points of failure. A critical bug in the VAT could potentially enable unauthorized minting, collateral theft, or system freezing affecting all users. The protocol's decade of operation without such incidents suggests the core contracts are reasonably secure, though zero-day vulnerabilities remain possible.
Upgrade and Governance Risk
Sky Protocol implements upgradability through governance-controlled contract modifications rather than proxy patterns. New features or fixes require deploying new contracts and governance voting to migrate functionality. This approach provides transparency (all changes are visible in governance proposals) but creates risk from governance mistakes or malicious proposals.
The 48-hour GSM delay (as of April 2025) provides community opportunity to review governance spell code before execution. However, community capacity to thoroughly audit complex spell code within this window is limited. Most community members lack the technical expertise to review Solidity code, creating reliance on a small number of technical reviewers. If these reviewers are compromised, busy, or make mistakes, malicious or buggy spells could execute.
Historical examples include several governance spells that contained bugs discovered post-deployment, requiring rapid follow-up votes to correct issues. While none caused catastrophic damage, they demonstrate that the review process is imperfect. The community has developed spell validation frameworks and dedicated review roles, but human error remains inevitable.
Oracle Manipulation and Feed Failures
Price oracle manipulation represents a critical attack vector. If an attacker can manipulate the protocol's price feeds, they could potentially trigger unwarranted liquidations of healthy vaults, prevent legitimate liquidations of undercollateralized positions, or manipulate PSM pricing to drain reserves.
The Oracle Security Module's 1-hour delay provides some protection—attackers must maintain manipulated prices for over an hour for the manipulation to affect the protocol. However, this delay also creates risk during extreme market volatility where true prices move rapidly.
The Medianizer's use of multiple independent price feeds provides resilience against single oracle failures. However, if a sufficient number of oracles are compromised or fail simultaneously, the median calculation could produce incorrect prices. The protocol's reliance on both Chainlink feeds and custom oracle infrastructure creates dependencies on external systems and the entities operating them.
For RWA collateral, oracle challenges are particularly acute. Unlike crypto assets with continuous public market prices, RWAs like CLO tranches or private credit trades infrequently. Price discovery relies on arranger valuations, third-party assessments, or model-based estimates—all potentially subject to manipulation, staleness, or inaccuracy. This introduces trust in arrangers and valuation providers.
Economic Risks and Attack Vectors
Liquidation Cascade Scenarios
Rapid collateral price declines can trigger liquidation cascades—chain reactions where initial liquidations cause price drops that trigger additional liquidations. During the March 2020 Black Thursday event, ETH's 50% drop in 24 hours created a massive liquidation wave that overwhelmed the liquidation system, resulting in approximately $5.67 million in bad debt from zero-bid auctions on $8.32 million worth of ETH collateral.
The Liquidation 2.0 Dutch auction system implemented post-Black Thursday improves resilience but doesn't eliminate cascade risk. During extreme volatility, auction participants may be unable or unwilling to bid, particularly if they're capital constrained from their own losses. Network congestion during crisis events can price out smaller liquidation bots, concentrating liquidation capacity among well-capitalized sophisticated actors.
The protocol's collateral composition affects cascade risk. Highly correlated collateral (multiple tokens that tend to crash simultaneously) amplifies cascades. RWA integration somewhat reduces correlation, though traditional financial crises could simultaneously impact both DeFi and traditional credit markets. The protocol models stress scenarios but cannot perfectly predict cascade dynamics during unprecedented events.
Bank Run and Redemption Scenarios
A USDS bank run scenario involves rapid mass redemptions exceeding the protocol's ability to liquidate collateral or provide instant liquidity. The PSM mitigates this risk for USDS backed by USDC—users can instantly redeem USDS for USDC up to the PSM's capacity. However, if redemption demand exceeds USDC in the PSM plus liquid collateral in auctions, USDS could temporarily depeg.
RWA integration increases bank run vulnerability. While crypto collateral can be auctioned relatively quickly (though potentially at distressed prices), RWAs like Treasuries or CLOs require longer settlement periods. If USDS holders simultaneously attempt redemption during a crisis, the protocol may lack sufficient instantly-liquid collateral to meet demand, causing temporary depegging until RWA sales settle.
The Surplus Buffer provides modest cushion against short-term liquidity mismatches, but the buffer is sized for bad debt absorption rather than mass redemption scenarios. Stress testing suggests the protocol could likely handle redemption of 10-20% of outstanding USDS over 24 hours, but larger percentages could overwhelm liquidity provision mechanisms.
Governance Capture and Centralization
Governance concentration represents one of the protocol's most significant risks, as highlighted by S&P Global's credit rating analysis. With just 4 entities controlling approximately 80% of votes in major governance decisions, the protocol faces risks from coordinated attacks where large holders collude to pass malicious governance proposals, individual large holder compromise where attackers gain control of major token holdings, and regulatory pressure where authorities compel large holders to vote for protocol changes beneficial to regulators. [30]
The November 2024 rebrand vote demonstrated this concentration—despite broad community opposition to the rebrand, 4 large voters determined the outcome. While this particular vote wasn't malicious, it reveals that distributed voting doesn't necessarily produce community-aligned outcomes when token holdings are highly concentrated. [30]
Governance capture risk is heightened by founder Rune Christensen's continued influence. While Christensen doesn't directly control majority voting power, his vision shapes protocol direction and he maintains significant soft power. S&P Global's credit rating specifically cited reliance on Christensen as a centralization concern. His departure, incapacitation, or shift in interests could dramatically affect protocol trajectory. [36]
Historical Security Incidents
Black Thursday (March 12-13, 2020)
Black Thursday represented MakerDAO's most severe crisis, exposing multiple system vulnerabilities during extreme market stress. ETH's rapid 50% decline triggered mass liquidations, but high Ethereum network congestion (gas prices exceeding 200 gwei) prevented many liquidation bots from participating in auctions. Some auctions settled with zero bids, transferring collateral to bidders for free while leaving debt uncovered.
The $5.67 million bad debt required debt auctions that minted and sold approximately 20,000 MKR tokens (about 2% supply increase at the time) to recapitalize the system. While the protocol survived and ultimately recovered, the incident revealed that liquidation system performance could degrade catastrophically during network congestion. It also demonstrated that keeper bot operators might fail to participate during crisis events when they're most needed.
Post-Black Thursday analysis identified multiple contributing factors: insufficient keeper bot diversity and capitalization, auction design that became inefficient during congestion, Oracle Security Module delay creating lag between true prices and protocol recognition, and inadequate Surplus Buffer sizing. The protocol implemented numerous improvements including Liquidation 2.0, increased buffer targets, and oracle refinements.
Flash Loan Attack Attempts and MEV
While Sky Protocol has not suffered successful flash loan attacks, the broader DeFi ecosystem's flash loan vulnerabilities affect the protocol indirectly. Flash loan attacks on DeFi protocols using DAI/USDS as collateral or in liquidity pools create contagion risk. Similarly, maximum extractable value (MEV) extraction targeting Sky Protocol liquidations can harm vault users and liquidity providers.
Liquidation auctions create MEV opportunities where sophisticated actors use private transaction pools, priority gas auctions, and other techniques to win auctions at optimal prices. This MEV extraction is economically rational but can reduce liquidation efficiency and concentrates liquidation benefits among technically sophisticated actors rather than distributing them broadly.
Smart Contract Bugs and Near-Misses
Several minor smart contract bugs were discovered and patched over the protocol's history, though none caused significant value loss. Examples include arithmetic precision issues in stability fee calculations that could cause minor over/under-charging, authorization bugs in some collateral adapters that required redeployment, and oracle feed edge cases that could cause temporary price staleness. The protocol's conservative approach to upgrades, extensive testing, and formal verification of critical invariants have prevented catastrophic bugs. However, the complexity ensures ongoing vulnerability discovery is likely.
Regulatory and Compliance Risks
Securities Law Considerations
Sky Protocol's tokens (SKY and USDS) face potential securities law classification uncertainty. While USDS arguably functions as a pure medium of exchange (like traditional stablecoins), SKY's governance rights and value accrual mechanisms could potentially be characterized as securities under some regulatory frameworks. Such classification could require registration, restrict US investor participation, or subject the protocol to securities regulations.
The protocol's decentralized structure complicates regulatory compliance. No single legal entity clearly "operates" Sky Protocol—it's governed by distributed token holders. However, regulatory authorities might target large token holders, developers of protocol software, or infrastructure providers as responsible parties. The dissolved Maker Foundation structure was partially motivated by reducing centralized enforcement targets.
RWA Regulatory Exposure
Real World Asset integration dramatically increases regulatory exposure. The arrangers, legal structures, and custodians involved in RWA collateral are subject to traditional financial regulation including securities laws, banking regulations, sanctions compliance, and tax requirements. Regulatory action against arrangers, legal challenges to tokenization structures, or sanctions on specific RWA counterparties could impair collateral backing USDS.
The protocol operates in regulatory gray areas. Traditional finance views Sky Protocol as potentially operating as an unlicensed bank, money transmitter, or securities issuer. DeFi-native participants view it as software that users interact with voluntarily. Regulatory authorities globally are developing frameworks that may resolve or exacerbate this ambiguity, with potential for adverse outcomes including forced shutdown, asset seizure, or mandatory KYC implementation.
External Risk Assessments
S&P Global B- Credit Rating
In August 2025, S&P Global Ratings assigned Sky Protocol a B- (stable outlook) issuer credit rating—the first such rating for a DeFi protocol. The B- rating places Sky Protocol in "deep junk territory," comparable to sovereign debt from Pakistan, Nigeria, Egypt, and El Salvador, implying greater than 12% probability of default within 3 years. [39]
The rating identified multiple weaknesses: high depositor concentration with limited diversification, centralized governance relying on founder Rune Christensen, high regulatory risk from regulatory framework uncertainty, weak risk-adjusted capitalization at just 0.4% (approximately $30 million capital backing $7.5 billion stablecoins), and unclear legal enforceability of claims on RWA collateral. [36]
S&P's analysis noted that Sky's capital ratio of 0.4% compares unfavorably to centralized stablecoins like USDC maintaining 1:1 asset backing plus additional reserves. The rating agency argued that USDS's overcollateralization provides less protection than commonly assumed because collateral value can fall rapidly during crypto market crashes, potentially faster than liquidation systems can respond. [37]
The protocol disputed some characterizations, arguing that overcollateralization provides genuine capital cushion and that the decentralized governance structure provides resilience that traditional institutions lack. However, the rating reflects external expert assessment that identifies significant risks that may not be fully appreciated by protocol participants. [41]
Criticism and Controversies
Sky Protocol faces substantial criticism across multiple dimensions including the controversial rebrand, governance legitimacy, economic sustainability, competitive positioning, and strategic coherence. While the protocol maintains strong support from core community members and certain large stakeholders, critical voices from community members, external analysts, and competing protocols have raised important questions about long-term viability and alignment with decentralized principles.
Understanding these criticisms is essential for balanced assessment of Sky Protocol's position and prospects. This section presents major criticisms alongside protocol responses to provide comprehensive perspective on ongoing controversies.
The Rebrand Controversy and Community Opposition
The September 2024 MakerDAO → Sky rebrand triggered the most contentious governance debate in the protocol's history, revealing deep divisions between founder vision and community sentiment.
Community Opposition and Confusion
Immediately following the September 18, 2024 rebrand announcement, community members expressed confusion and frustration across governance forums and social media. Community members expressed opposition citing brand recognition built over a decade, SEO disadvantages of rebranding to a generic term like "Sky," and the confusion created by maintaining both DAI and USDS simultaneously. [29]
The criticism intensified as major DeFi protocols faced integration challenges. In Aave governance discussions, participants debated whether to support DAI, USDS, or both, with some expressing frustration at being forced to make this choice. DEX aggregators struggled with routing between the two stablecoins, creating UX friction that contradicted the rebrand's stated goal of improving accessibility for mainstream users. [42]
Community members noted that the "Maker" brand had achieved significant recognition in DeFi and traditional finance circles. Major institutions, regulators, and media outlets knew "MakerDAO" and "DAI." Starting over with "Sky" and "USDS" abandoned this hard-won brand equity for uncertain benefits. The rebrand also complicated communication—documentation, tutorials, and historical discussions all reference the old names, creating ongoing confusion. [31]
Governance Vote Concentration and Legitimacy Questions
The November 2024 governance proposal asked: "Should Sky maintain the Sky brand as the backend protocol brand?" The vote passed with 79.85% approval, seemingly validating the rebrand direction. However, analysis revealed extreme concentration with just 4 entities controlling nearly 80% of voting power: largest voter at 16,856,655 MKR (51.3% of total votes cast), second at 5,495,126 MKR (16.7%), third at 2,355,000 MKR (7.2%), and fourth at 1,603,704 MKR (4.9%). [30]
This concentration led critics to argue that a handful of large holders, potentially aligned with founder interests or representing exchange custody wallets, could override broad community sentiment. Delegate @LongForWisdom noted: "When 4 voters can decide protocol direction regardless of broader community preference, we must question whether governance token voting provides meaningful decentralization."
Questions emerged about the largest voter's identity and incentives. Speculation included exchange custody wallets voting on behalf of customers without proper authorization, large holders acting in coordination, or entities controlled by or aligned with Rune Christensen. The protocol's pseudonymous governance structure prevents definitive answers, fueling conspiracy theories and eroding governance legitimacy.
Ongoing Impact and Mixed Results
As of December 2025, the rebrand's effects remain mixed. USDS supply grew approximately 135% in the first five months post-rebrand, suggesting successful product-market fit for some users. The simplified Sky.money interface attracted users unfamiliar with DeFi complexity, and the SSR (raised to 12.5% in December 2024) provided effective growth incentive. [44]
However, brand confusion persists in DeFi integrations. DAI maintains higher name recognition and market share, with some protocols delaying or rejecting USDS integration due to uncertainty. Major bridges, wallets, and aggregators continue supporting primarily DAI, requiring users who want broad DeFi access to hold the legacy token. The dual-token system creates ongoing cognitive overhead and liquidity fragmentation. [42]
S&P Credit Rating and Economic Sustainability Concerns
The B- credit rating from S&P Global represented a reputational blow for Sky Protocol, with critics using the rating to support arguments about structural weaknesses.
Capital Inadequacy Criticism
S&P's primary concern centered on weak capital cushion. The protocol's capital buffer of approximately 0.4% (roughly $30 million backing $7.5 billion in stablecoins) falls far short of traditional banking capital requirements (typically 8-12%) and centralized stablecoin standards (100%+ asset backing). [36]
Critics argue this thin capital provides inadequate protection during market stress. While overcollateralization means total collateral exceeds total stablecoins, the gap can close rapidly during market crashes. Black Thursday demonstrated that extreme volatility can create millions in bad debt within hours. The $30 million buffer could be exhausted by a crash smaller than Black Thursday, potentially requiring debt auctions that dilute token holders.
The protocol disputes capital inadequacy claims, arguing that comparing DeFi overcollateralization to traditional banking capital ratios misunderstands the mechanics. Vault collateralization requirements (typically 130-170%) mean individual positions have substantial cushion. Liquidation systems activate before insolvency, in theory preventing most bad debt. However, critics counter that "in theory" didn't prevent Black Thursday losses, and larger crashes could overwhelm liquidation systems.
Revenue Model Sustainability
The protocol's heavy reliance on RWA yields for revenue generation has drawn criticism that it essentially operates as a Treasury-backed money market fund with extra steps. If the primary value proposition is "hold Treasuries and distribute yield," critics ask, what distinguishes Sky Protocol from traditional finance beyond regulatory arbitrage?
When interest rates fall, RWA revenue will decline correspondingly unless offset by increased vault usage. The protocol faces strategic tension: generate revenue through RWAs (requiring traditional finance integration and trust assumptions), or focus on crypto-native collateral (accepting more volatile and potentially lower revenue). Neither path clearly leads to sustainable competitive advantage.
Aave Governance Rejection and DeFi Integration Challenges
Aave's late 2025 decision to remove USDS as approved collateral (the November 2025 ARFC passed its Snapshot vote with 99.5% support) represented a significant reputational blow. GFX Labs' Paper Imperium called the vote a "reputational blow for Maker/Sky." [42]
Stated Rationale and Transparency Concerns
The Aave governance discussion cited concerns about transparency in Sky Protocol's operations, particularly around RWA collateral management and decision-making processes. Some Aave community members felt that Sky's complex governance structure and multiplicity of entities (Stars, arrangers, etc.) created opacity about who was ultimately responsible for what.
The rebrand itself contributed to integration hesitancy. Aave governance participants questioned whether supporting USDS was wise given the brand confusion and uncertainty about whether DAI or USDS represented the protocol's long-term direction. Supporting both tokens was deemed unnecessarily complex, while picking one risked backing the wrong horse if migration momentum reversed.
Founder Response and Misunderstanding Claims
Sky founder Rune Christensen suggested there were "misunderstandings" about certain mechanics of the Sky ecosystem, implying that better communication could have prevented the rejection. However, critics countered that if Sky's mechanisms are too complex for sophisticated DeFi governance participants to understand, this reflects poorly on the protocol's accessibility and strategic clarity. [42]
The Aave rejection has practical implications. Aave is one of DeFi's largest lending protocols, and USDS losing access to this integration channel limits utility and adoption. Other protocols considering USDS integration may reference Aave's decision as precedent, creating further integration challenges.
Centralization and Governance Concentration
Founder Influence and Key Person Risk
S&P Global's rating specifically cited reliance on Rune Christensen as a centralization risk and key person dependency. While Christensen doesn't directly control majority voting power, his vision shapes protocol direction, his judgment influences major decisions, and his departure could dramatically affect protocol trajectory. [36]
The Endgame Plan represents Christensen's vision rather than emerging from broad community consensus. While governance voted to approve elements of Endgame, critics argue that framing, agenda-setting, and proposal development concentrated in Christensen's hands makes governance votes more about ratifying his decisions than truly collaborative decision-making. This pattern contradicts decentralization principles. [35]
Large Holder Concentration
Analysis of on-chain voting patterns reveals that approximately 10-20 large holders can determine virtually any governance outcome. This concentration creates multiple risks: vulnerability to individual holder compromise or coercion, potential collusion among large holders, and misalignment where large holders prioritize individual interests over protocol health. [30]
Some large holders may have incentive misalignment. For example, holders who also control competing DeFi protocols might vote to harm Sky Protocol's competitiveness. Exchange custody wallets might vote based on their interests rather than underlying token owners' preferences. The pseudonymous nature of many large holders prevents clear assessment of incentive alignment.
Technical Criticism and Design Tradeoffs
Complexity and Accessibility
Security researchers and developers have criticized Sky Protocol's technical complexity as creating unnecessary attack surface and limiting accessibility. The system involves approximately 15 interacting core contracts plus numerous collateral adapters, each with subtle interdependencies. This complexity makes comprehensive security auditing challenging and expensive, creates steep learning curve for new developers and integrators, increases likelihood of subtle bugs in contract interactions, and complicates governance understanding (most token holders can't read Solidity).
Defenders argue that complexity is inherent to the problem being solved—enabling diverse collateral types with different risk profiles while maintaining security and decentralization requires sophisticated architecture. However, critics counter that simpler stablecoin designs (like USDC's centralized reserve model or Ethena's delta-neutral derivatives approach) achieve similar stability with less complexity.
Gas Inefficiency
Vault operations on Sky Protocol can be expensive during high gas periods, with complex operations sometimes costing hundreds of dollars in transaction fees. This gas inefficiency makes Sky Protocol impractical for smaller users and limits accessibility. Layer 2 deployment via SkyLink aims to address this, but L2 USDS introduces cross-chain bridge risks and liquidity fragmentation.
Protocol Responses and Rebuttals
Official Statements on Criticisms
Sky Protocol governance and Christensen have responded to various criticisms through forum posts, governance proposals, and public communications. On the capital adequacy concern, responses emphasize that vault-level overcollateralization provides genuine cushion and that the Surplus Buffer is being grown deliberately over time. The protocol argues that instant comparison to traditional banking capital ratios misunderstands the mechanics.
Regarding governance centralization, the protocol points to ongoing work on improved delegation systems, MetaDAO experiments with prediction-market-based governance, and gradual distribution of token holdings over time. However, critics note that these improvements remain largely theoretical while concentration persists in practice. [35]
On the rebrand, official communication has emphasized that maintaining both DAI/MKR and USDS/SKY provides user choice and smooth migration path. The protocol argues that giving users optionality rather than forcing migration respects decentralization principles. Critics counter that optionality creates confusion and liquidity fragmentation that harms overall usability. [25]
Community Rebuttals and Defense
Supporters emphasize the protocol's decade of reliable operation, survival through multiple market cycles, and genuine innovation in DeFi stablecoin design. The protocol created the template that many other DeFi protocols follow, demonstrating genuine value creation. The fact that DAI/USDS maintained its peg through extreme volatility when other stablecoins failed demonstrates robust design.
On centralization concerns, defenders argue that no DeFi protocol achieves perfect decentralization and that Sky Protocol's governance decentralization exceeds most competitors. Governance participation is open to anyone who purchases tokens, governance processes are transparent, and major decisions undergo extensive community discussion. This compares favorably to fully centralized stablecoins controlled by single entities. [32]
Regarding S&P's rating, community members note that credit agencies systematically misunderstand and underrate DeFi protocols using traditional finance frameworks. The B- rating says more about rating agency limitations than protocol fundamentals. However, critics counter that dismissing external expert assessment as "not understanding crypto" is exactly the arrogance that leads to catastrophic failures. [41]
Current State (December 2025)
As of late 2025, Sky Protocol navigates a complex landscape of expanding ecosystem infrastructure, evolving competitive dynamics, and ongoing strategic challenges from the MakerDAO rebrand. The protocol's metrics, recent launches, and market position reflect both the opportunities and tensions inherent in transforming one of DeFi's oldest protocols into a modular, multi-chain ecosystem.
Protocol Metrics and Performance
As of December 2025, Sky Protocol maintains approximately $6.1 billion in total value locked (TVL), ranking among the top 10 DeFi protocols by TVL alongside major platforms like Aave and Lido. TVL has fluctuated with broader market conditions, competitive pressure from newer lending protocols, and ongoing uncertainty from the rebrand transition. [43]
The protocol generated approximately $22 million in monthly revenue as of December 2024, with annualized protocol revenue in the range of $160-265 million depending on market conditions, positioning it as one of DeFi's most economically significant protocols. Revenue composition breaks down to approximately 60% from RWA yields (Treasuries, CLOs, credit), 25% from crypto vault stability fees, 10% from PSM fees, and 5% from liquidation penalties and other sources. This revenue distribution reflects the strategic shift toward traditional assets. [99]
USDS circulating supply reached approximately $1.8 billion in December 2025, representing substantial growth from the September 2024 launch but still small relative to DAI's $4.5 billion supply. The combined DAI + USDS supply of $6.3 billion trails USDC ($32 billion) and USDT ($95 billion) significantly, though exceeds most other decentralized stablecoins. Market share has eroded slightly from historical peaks as competitors gain traction. [44]
SKY governance token trades at approximately $0.08 per token as of December 2025, implying a fully diluted valuation of approximately $1.9 billion (24 billion total SKY supply). Trading volume averages $15-25 million daily across centralized and decentralized exchanges, with primary liquidity on Binance, Coinbase, and Uniswap. The token price has declined approximately 35% from the September 2024 rebrand peak, reflecting market skepticism about the strategic direction.
Recent Developments and Ecosystem Activity
Sky Stars Expansion
Grove officially launched on June 25, 2025 with its $1 billion commitment to tokenized credit strategies through the Janus Henderson Anemoy AAA CLO Strategy, marking the second Sky Star to go live after Spark. [62] Grove's initial deployment focused on investment-grade CLO senior tranches and short-duration corporate credit. [63]
Keel debuted on September 30, 2025 as the third operational Sky Star, bringing up to $2.5 billion in capital to Solana DeFi, tokenized asset markets, and RWA ecosystems. [108] The Solana-native capital allocator receives allocations from Sky's USDS stablecoin reserves to deploy to platforms including Kamino, Jupiter, and Raydium. [109]
Spark Protocol continues growing, reaching approximately $8.5 billion TVL by late 2025, with SparkLend achieving a record $8 billion in supply and $3 billion in borrows on its platform. [60] [110] The lending platform achieved profitability and began implementing token buyback mechanisms to return value to SPK token holders. Spark's success validates the Stars model as a vehicle for focused innovation, though questions remain about whether subsequent Stars can replicate this performance. [61]
Development continues on the remaining planned Stars, though timelines have slipped from original projections. Community discussions suggest that additional Stars may launch gradually through 2026-2027 rather than the more aggressive schedule initially envisioned. Some community members question whether six separate Stars is optimal or if consolidation might reduce complexity.
Cross-Chain Expansion and SkyLink
SkyLink infrastructure expanded to support USDS on Base, Arbitrum, Optimism, and initial Unichain testnet deployments. L2 USDS achieved modest adoption, with approximately $50 million bridged to L2 networks by December 2025. Usage primarily centers on users seeking lower transaction costs for smaller vault operations and DeFi protocols building on L2s that integrate USDS. [47]
The Spark Liquidity Layer automation began enabling one-click liquidity provision across multiple chains and protocols. However, adoption has been limited by liquidity fragmentation—USDS pools on L2s offer lower depth than mainnet, creating slippage for larger trades. The chicken-and-egg problem of needing liquidity to attract users and needing users to attract liquidity remains partially unsolved.
Governance Evolution
Governance has become increasingly professionalized through the Aligned Delegates program, with full-time delegates compensated for participation in protocol decision-making. This professionalization improved governance throughput and expertise but raised concerns about creating an entrenched "governance class" potentially misaligned with broader token holders. [32]
The Sky Atlas continues expanding as the protocol's comprehensive governance documentation. While comprehensive documentation provides clarity on protocol rules, the sheer volume creates accessibility barriers for newcomers. Governance participants have proposed creating simplified summaries and decision trees to make the Atlas more navigable, though implementation remains pending. [35]
Market Position and Competitive Dynamics
Stablecoin Market Share
USDS/DAI combined market share of the stablecoin market stands at approximately 6.5% as of December 2025, down from 8% in early 2024. USDC (approximately 33% market share) and USDT (approximately 58% market share) continue dominating, with decentralized alternatives including USDS/DAI, USDe (Ethena), and others competing for the remaining ~9%. [44]
The decline in market share reflects multiple factors: aggressive USDC expansion into DeFi protocols through liquidity mining programs, Ethena's USDe offering higher yields through delta-neutral strategies, and general market skepticism toward overcollateralized stablecoin designs. Sky Protocol's historical competitive advantage from "most decentralized major stablecoin" has eroded as alternatives emerge.
Competitive Landscape Evolution
Traditional finance increasingly competes directly with DeFi stablecoins. PayPal's PYUSD, Ripple's RLUSD, and various bank-issued stablecoins under development could provide regulated, institutionally-backed alternatives that appeal to users prioritizing regulatory clarity over decentralization. These well-capitalized incumbents with established distribution channels represent formidable competition.
In DeFi-native competition, Aave and Compound continue evolving their lending platforms with increasingly competitive rates and features. Liquidity Protocol (LUSD) and other purely crypto-backed stablecoins offer simpler, more transparent designs though with lower scale. Ethena's USDe demonstrates that novel stablecoin mechanisms can achieve rapid adoption if they offer compelling yield. [48]
Ongoing Challenges and Initiatives
Migration Completion Efforts
The protocol continues efforts toward full MKR to SKY migration to reduce confusion around the dual token system. However, as of December 2025, approximately 40% of MKR supply remains unconverted, indicating users' preference for the established token. Governance has discussed potential incentives for migration including SKY-only governance features or improved reward rates for SKY holders, though no consensus has emerged. [25]
Similarly, DAI to USDS migration remains incomplete, with DAI maintaining approximately 70% of the combined stablecoin supply. The protocol faces strategic tension: aggressively pushing migration risks alienating users who prefer DAI, while accepting slow migration creates ongoing complexity and liquidity fragmentation. No clear resolution pathway has emerged. [44]
Regulatory Preparation
The protocol has increased focus on regulatory compliance and preparation for potential regulatory frameworks. This includes enhanced KYC/AML procedures for RWA counterparties, legal opinions on token classification, and contingency planning for various regulatory scenarios. However, decentralized governance creates challenges for traditional compliance frameworks that assume clear legal entities and responsible individuals.
Some community members advocate proactive engagement with regulators to shape favorable frameworks, while others emphasize privacy protection and resistance to regulations they view as incompatible with decentralization. This philosophical divide creates governance challenges as the community attempts to navigate regulatory uncertainty without clear consensus on priorities.
Future Developments and Strategic Direction
Sky Protocol's future development centers on completing the Endgame transition through launching remaining Sky Stars, achieving full token migration, expanding RWA integration, and navigating regulatory developments. The protocol faces strategic choices between aggressive growth (potentially requiring regulatory concessions and centralization) versus maintaining decentralization principles (potentially limiting growth and institutional adoption).
Announced Roadmap and Governance Priorities
The 2026 roadmap as discussed in recent governance forums includes launching additional Sky Stars with target dates spread across 2026-2027. The Endgame Plan envisions multiple specialized Stars covering areas such as community engagement, marketing, and security infrastructure, though specific names and timelines for these remaining Stars have not been finalized through governance. [35]
Technical priorities include completing the SkyLink cross-chain expansion to additional L2 networks, implementing enhanced liquidation system improvements to further reduce Black Thursday-style risks, and upgrading the oracle infrastructure with additional redundancy and security features. The protocol also plans enhanced integration with Sky Stars through shared liquidity layers and coordinated treasury management.
RWA expansion continues as a strategic priority, with governance discussions about increasing exposure to additional asset classes including tokenized equities, commodities, and real estate debt. However, each new RWA category introduces additional complexity, legal structure requirements, and risk assessment needs. The protocol must balance diversification benefits against operational overhead.
Speculation Disclaimer
This section covers announced plans and ongoing governance discussions. Implementation may differ significantly from current proposals. Timelines frequently slip in DeFi projects, priorities shift based on market conditions, and governance may change course. Readers should not make investment decisions based on roadmap items that remain subject to execution risk and governance uncertainty.
Technical Integration (Spark Liquidity Layer)
The Spark Liquidity Layer represents the protocol's most sophisticated infrastructure for automated cross-chain liquidity management. This system enables Sky Protocol to deploy USDS, sUSDS, and USDC directly across multiple blockchain networks and DeFi protocols through a carefully designed smart contract architecture with role-based access control and rate limiting mechanisms.
Architecture Overview
The Spark Liquidity Layer implements a multi-tier proxy architecture that separates authorization (who can act), orchestration (what actions are allowed), and execution (where funds reside) into distinct layers. [111]
Core Components
- ALMProxy — The custody contract holding all ALM system funds. Intentionally stateless except for access control logic. The proxy pattern enables protocol upgrades by allowing new controller contracts to be authorized without migrating funds:
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.21;
import { AccessControl } from "openzeppelin-contracts/contracts/access/AccessControl.sol";
import { Address } from "openzeppelin-contracts/contracts/utils/Address.sol";
contract ALMProxy is IALMProxy, AccessControl {
using Address for address;
bytes32 public override constant CONTROLLER = keccak256("CONTROLLER");
constructor(address admin) {
_grantRole(DEFAULT_ADMIN_ROLE, admin);
}
function doCall(address target, bytes memory data)
external override onlyRole(CONTROLLER) returns (bytes memory result)
{
result = target.functionCall(data);
}
function doCallWithValue(address target, bytes memory data)
external payable override onlyRole(CONTROLLER) returns (bytes memory result)
{
result = target.functionCallWithValue(data, msg.value);
}
function doDelegateCall(address target, bytes memory data)
external override onlyRole(CONTROLLER) returns (bytes memory result)
{
result = target.functionDelegateCall(data);
}
receive() external payable {}
}
- MainnetController — Orchestrates Ethereum mainnet operations with rate limiting on all functions:
contract MainnetController is AccessControl, ReentrancyGuard {
bytes32 public constant RELAYER = keccak256("RELAYER");
bytes32 public constant FREEZER = keccak256("FREEZER");
IALMProxy public immutable almProxy;
IRateLimits public immutable rateLimits;
function mintUSDS(uint256 assets)
external onlyRole(RELAYER) nonReentrant
returns (uint256 shares)
{
bytes32 key = keccak256("mintUSDS");
rateLimits.triggerRateLimitDecrease(key, assets);
bytes memory result = almProxy.doCall(
SUSDS_VAULT,
abi.encodeWithSignature("deposit(uint256,address)", assets, address(almProxy))
);
shares = abi.decode(result, (uint256));
}
}
- ForeignController — Manages L2 operations including PSM swaps and CCTP bridging:
contract ForeignController is AccessControl, ReentrancyGuard {
function transferUSDCToCCTP(uint256 usdcAmount, uint32 destinationDomain)
external onlyRole(RELAYER) nonReentrant
{
rateLimits.triggerRateLimitDecrease(keccak256("transferUSDCToCCTP"), usdcAmount);
almProxy.doCall(USDC, abi.encodeWithSignature(
"approve(address,uint256)", CCTP_TOKEN_MESSENGER, usdcAmount
));
almProxy.doCall(CCTP_TOKEN_MESSENGER, abi.encodeWithSignature(
"depositForBurn(uint256,uint32,bytes32,address)",
usdcAmount, destinationDomain, mintRecipient[destinationDomain], USDC
));
}
}
Call Flow Architecture
┌─────────────────┐
│ ALM Planner │
│ (Off-chain) │
└────────┬────────┘
│ 1. Submit transaction
▼
┌─────────────────────────┐
│ MainnetController │
│ or ForeignController │
│ │
│ • Verify RELAYER │
│ • Check rate limits │
│ • Construct calldata │
└────────┬────────────────┘
│ 2. doCall/doCallWithValue/doDelegateCall
▼
┌─────────────────────────┐
│ ALMProxy │
│ (Custody contract) │
│ │
│ • Verify CONTROLLER │
│ • Execute call │
└────────┬────────────────┘
│ 3. External call
▼
┌─────────────────────────┐
│ External Protocol │
│ (Aave, Morpho, PSM, │
│ CCTP, ERC-4626, etc) │
└─────────────────────────┘
Deployed Contract Addresses
| Network | Contract | Address |
|---|---|---|
| Ethereum Mainnet | ALMProxy | 0x1601843c5E9bC251A3272907010AFa41Fa18347E |
| Ethereum Mainnet | MainnetController | 0x5cf73FDb7057E436A6eEaDFAd27E45E7ab6E431e |
| Base | ALMProxy | 0x2917956eFF0B5eaF030abDB4EF4296DF775009cA |
| Base | ForeignController | 0x5F032555353f3A1D16aA6A4ADE0B35b369da0440 |
Authorization Framework
The system implements a four-tier role-based access control built on OpenZeppelin's AccessControl. The design assumes zero-trust for relayers—the system must prevent value extraction even when the RELAYER role is fully compromised. [111]
Role Hierarchy
| Role | Granted To | Permissions | Trust Model |
|---|---|---|---|
DEFAULT_ADMIN_ROLE |
Sky Governance (Executive Spell) | Grant/revoke roles, update rate limits, emergency pause | Fully trusted |
CONTROLLER |
Controller contracts | Call ALMProxy execution methods | Trusted (enforces rate limits) |
RELAYER |
ALM Planner (off-chain) | Execute controller functions within rate limits | Untrusted. Assumed compromisable. |
FREEZER |
Emergency multisig | Remove relayers, pause operations | Semi-trusted (safety mechanism) |
Role Permissions Matrix
| Role | Rate Limited | Mint/Burn | Swap | Bridge | Freeze | Configure |
|---|---|---|---|---|---|---|
| RELAYER | ✓ Yes | ✓ | ✓ | ✓ | ✗ | ✗ |
| FREEZER | ✗ No | ✗ | ✗ | ✗ | ✓ | ✗ |
| DEFAULT_ADMIN | ✗ No | ✓ | ✓ | ✓ | ✓ | ✓ |
Compromised Relayer Constraints
Even with a fully compromised relayer, attackers are constrained by:
- Rate Limiting - Every value-moving function triggers
rateLimits.triggerRateLimitDecrease(). Linear recharge prevents instantaneous drainage. - Protocol Whitelisting - Controllers only implement functions for approved protocols. ALMProxy cannot be directed to arbitrary addresses.
- Slippage Limits - Controllers enforce maximum slippage parameters using 1e36 precision to prevent value extraction via manipulated trades.
Freezer Emergency Response
If a relayer exhibits malicious behavior, the FREEZER role can immediately intervene:
function removeRelayer(address relayer) external onlyRole(FREEZER) {
_revokeRole(RELAYER, relayer);
emit RelayerRemoved(relayer, msg.sender);
}
function freeze() external onlyRole(FREEZER) {
frozen = true;
emit ControllerFrozen(msg.sender);
}
Once frozen, all relayer functions revert until governance resolves the issue. This enables rapid response while minimizing damage to rate limit maximums.
Rate Limiting Mechanism
The Spark Liquidity Layer implements a token bucket algorithm for rate limiting, providing robust protection against liquidity drain attacks and protocol manipulation. This mechanism ensures large-scale fund movements are throttled over time, giving governance adequate response time.
Core Data Structure
struct RateLimitData {
uint256 maxAmount; // Hard ceiling on available capacity
uint256 slope; // Recovery rate (tokens per second)
uint256 lastAmount; // Remaining capacity from last update
uint256 lastUpdated; // Block timestamp of most recent adjustment
}
Helper Functions
function triggerRateLimitDecrease(RateLimitData storage data, uint256 amount) internal {
uint256 currentRateLimit = getCurrentRateLimit(data);
require(amount <= currentRateLimit, "RateLimitExceeded");
data.lastAmount = currentRateLimit - amount;
data.lastUpdated = block.timestamp;
}
function triggerRateLimitIncrease(RateLimitData storage data, uint256 amount) internal {
data.lastAmount = getCurrentRateLimit(data) + amount;
data.lastUpdated = block.timestamp;
}
The current available capacity is calculated as:
currentCapacity = min(lastAmount + (slope × timeSinceLastUpdate), maxAmount)
Refilling Bucket Visualization
Time: T0 (Full) Time: T1 (After withdrawal) Time: T2 (Recovering)
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│ maxAmt │▓▓▓▓▓▓▓▓▓ │ │▓▓▓▓▓▓▓▓▓▓▓▓▓▓ │
│▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│ │░░░░░░░░░ ↑ │ refilling │▓▓▓▓▓▓▓▓▓▓▓ ↑ │
└─────────────────┘ └───────────slope─┘ └───────────slope─┘
Example Rate Limit Configurations
| Operation | Max Amount | Slope (per sec) | Refill Time | Security Rationale |
|---|---|---|---|---|
| Mint | 10M USDS | ~1,157 | ~2.4 hours | Limits sudden liquidity expansion |
| Burn | 5M USDS | ~578 | ~2.4 hours | Prevents rapid drain (asymmetric) |
| Bridge Out | 2M USDC | ~231 | ~2.4 hours | Strictest due to cross-chain risk |
| PSM Swap | 5M USDS | ~578 | ~2.4 hours | Prevents market manipulation |
Security Benefits
- Time-Bounded Exposure: Compromised keys can only drain at the slope rate, providing detection window
- Flash Loan Mitigation: Multi-block rate limits neutralize single-transaction attacks
- Governance Reaction Time: Ensures malicious actions cannot instantly drain protocol
- Defense-in-Depth: Works alongside access control, freezer role, and GSM timelock
Integration Functions
The Spark Liquidity Layer provides specialized integration functions for interacting with various DeFi protocols. Each integration implements role-based access control and rate limiting.
USDS Minting and Burning
The liquidity layer mints USDS by generating debt against collateral held in the MakerDAO Vault, interacting directly with the Vat through a Vault contract:
function mintUSDS(uint256 usdsAmount)
external onlyRole(RELAYER) rateLimited(mintKey, usdsAmount)
{
_mintUSDS(usdsAmount);
}
function _mintUSDS(uint256 usdsAmount) internal {
proxy.doCall(
address(vault),
abi.encodeCall(vault.draw, (usdsAmount))
);
}
The draw function generates debt in the Vat and converts it to USDS tokens through DaiJoin. Burning reverses this process:
function burnUSDS(uint256 usdsAmount)
external onlyRole(RELAYER) rateLimited(burnKey, usdsAmount)
{
proxy.doCall(
address(vault),
abi.encodeCall(vault.wipe, (usdsAmount))
);
}
ERC-4626 Vault Integration
The controller supports deposits and withdrawals from any ERC-4626 compliant yield vault with exchange rate validation:
function depositERC4626(address vault, uint256 assetsToDeposit)
external onlyRole(RELAYER) rateLimited(depositKey(vault), assetsToDeposit)
{
_depositERC4626(vault, assetsToDeposit);
}
function _depositERC4626(address vault, uint256 assetsToDeposit) internal {
proxy.doCall(
assets,
abi.encodeCall(IERC20.approve, (vault, assetsToDeposit))
);
proxy.doCall(
vault,
abi.encodeCall(IERC4626.deposit, (assetsToDeposit, address(proxy)))
);
}
Withdrawals validate the exchange rate hasn't deviated beyond acceptable bounds, protecting against manipulation attacks.
Aave V3 Integration
The Aave integration enables supplying and withdrawing assets from Aave lending pools with slippage protection:
function supplyToAave(address asset, uint256 amount)
external onlyRole(RELAYER) rateLimited(aaveSupplyKey(asset), amount)
{
proxy.doCall(
asset,
abi.encodeCall(IERC20.approve, (address(aavePool), amount))
);
proxy.doCall(
address(aavePool),
abi.encodeCall(IPool.supply, (asset, amount, address(proxy), 0))
);
}
When withdrawing, the contract validates aToken balances against expected values to ensure all accrued interest is captured.
PSM (Peg Stability Module) Operations
PSM integration handles decimal conversions between USDS (18 decimals) and USDC (6 decimals):
function swapUSDSToUSDC(uint256 usdcAmount)
external onlyRole(RELAYER) rateLimited(swapKey, usdcAmount * 1e12)
{
_swapUSDSToUSDC(usdcAmount);
}
function _swapUSDSToUSDC(uint256 usdcAmount) internal {
uint256 usdsAmount = usdcAmount * 1e12; // Convert 6 decimals to 18
proxy.doCall(
address(usds),
abi.encodeCall(IERC20.approve, (address(psm), usdsAmount))
);
proxy.doCall(
address(psm),
abi.encodeCall(IPSM.sellGem, (address(proxy), usdcAmount))
);
}
Note: Rate limiting uses the 18-decimal representation (usdcAmount * 1e12) for consistent internal accounting.
CCTP Bridging
Cross-Chain Transfer Protocol enables native USDC transfers between supported chains:
Supported Chain Domains:
| Chain | Domain ID |
|---|---|
| Ethereum | 0 |
| Base | 6 |
| Arbitrum | 3 |
| Optimism | 2 |
function bridgeUSDCViaCCTP(
uint32 destinationDomain,
bytes32 recipient,
uint256 amount
) external onlyRole(RELAYER) rateLimited(cctpKey(destinationDomain), amount) {
proxy.doCall(
address(usdc),
abi.encodeCall(IERC20.approve, (address(cctpTokenMessenger), amount))
);
proxy.doCall(
address(cctpTokenMessenger),
abi.encodeCall(
ITokenMessenger.depositForBurn,
(amount, destinationDomain, recipient, address(usdc))
)
);
}
The recipient is encoded as bytes32 for cross-chain compatibility: bytes32(uint256(uint160(recipientAddress)))
Ethena Integration
The Spark Liquidity Layer integrates with Ethena's sUSDe (staked USDe) to generate yield on idle stablecoin reserves. This is the most complex external integration due to requirements for off-chain API interaction and delegated signing. [112]
Delegated Signer Architecture
Ethena's protocol requires off-chain API authorization for sensitive operations. The system implements a delegated signer pattern:
function setDelegatedSigner(address delegatedSigner) external onlyRole(RELAYER) {
proxy.doCall(
address(sUSDe),
abi.encodeCall(sUSDe.setDelegatedSigner, (delegatedSigner))
);
}
Why Delegated Signers Are Required:
- Ethena's backend validates unstaking requests through cryptographic signatures
- The delegated signer acts as an intermediary authorization mechanism
- The signer must be registered with Ethena's API before unstaking operations work
- This separates operational control (RELAYER) from cryptographic authorization
Cooldown and Unstaking Mechanism
Ethena enforces a mandatory cooldown period before sUSDe can be converted back to liquid USDe:
function cooldownAssetsSUSDe(uint256 assets)
external onlyRole(RELAYER) rateLimited(cooldownKey, assets)
{
proxy.doCall(
address(sUSDe),
abi.encodeCall(sUSDe.cooldownAssets, (assets))
);
}
function unstakeSUSDe() external onlyRole(RELAYER) {
proxy.doCall(
address(sUSDe),
abi.encodeCall(sUSDe.unstake, (address(proxy)))
);
}
Cooldown Period Details:
| Parameter | Value |
|---|---|
| Duration | ~7 days (168 hours) |
| Yield During Cooldown | No (assets locked, not earning) |
| Cancelable | No |
| Per-User Tracking | Independent cooldown per request |
Complete Unstaking Flow:
- Initiation: RELAYER calls
cooldownAssetsSUSDe(amount) - Waiting Period: Assets locked in sUSDe contract for ~7 days
- Signer Authorization: Delegated signer provides off-chain signature to Ethena API
- Execution: RELAYER calls
unstakeSUSDe()after cooldown expires - Settlement: USDe tokens transferred to ALMProxy
L2 PSM Operations (ForeignController)
The ForeignController is designed for Layer 2 deployments where the core Maker protocol infrastructure does not exist. These controllers provide simplified PSM operations, focusing on stablecoin swaps rather than minting.
Architectural Differences from MainnetController
| Feature | MainnetController (L1) | ForeignController (L2) |
|---|---|---|
| Direct Minting | ✓ Via vat.frob() + daiJoin.exit() |
✗ Must use bridged liquidity |
| PSM Operations | Full suite | USDC only |
| Vault Management | Can mint against collateral | No vault operations |
| Ethena Integration | Full sUSDe lifecycle | None |
| Access Roles | RELAYER, FREEZER, ALLOCATOR | RELAYER, FREEZER only |
contract ForeignController is AccessControl {
function swapUSDSForUSDC(address psm, uint256 amountIn, uint256 minAmountOut)
external onlyRole(RELAYER) rateLimited(swapKey, amountIn)
{
usds.approve(psm, amountIn);
PSMLike(psm).swapUSDSForUSDC(address(proxy), amountIn, minAmountOut);
}
function swapUSDCForUSDS(address psm, uint256 amountIn, uint256 minAmountOut)
external onlyRole(RELAYER) rateLimited(swapKey, amountIn)
{
usdc.approve(psm, amountIn);
PSMLike(psm).swapUSDCForUSDS(address(proxy), amountIn, minAmountOut);
}
}
Why L2 Controllers Are Simpler:
- No Native Minting: L2 networks don't have the Maker Vat deployed—all stablecoin liquidity must be bridged
- PSM-Only Model: L2 controllers rely on pre-bridged USDS reserves
- Reduced Attack Surface: Limiting to swaps prevents unbounded minting from compromised L2 controllers
- Gas Optimization: Avoiding Vat interactions reduces gas costs
CCTP Bridge Integration Flow
Ethereum L1 (MainnetController)
│
│ 1. Burn USDC via CCTP
▼
Circle Attestation Service
│
│ 2. Relay burn message
▼
L2 Network (ForeignController)
│
│ 3. Mint native USDC on L2
▼
L2 PSM Swap (swapUSDCForUSDS)
│
│ 4. Convert USDC → USDS
▼
L2 Spark Lending Pools
This architecture allows dynamic liquidity allocation across chains while maintaining security guarantees of the core Maker protocol on Ethereum mainnet.
Security Considerations
The Spark Liquidity Layer implements multiple security layers:
| Security Layer | Mechanism | Protection Against |
|---|---|---|
| Rate Limiting | Token bucket algorithm | Flash loans, rapid drainage |
| Role Separation | RELAYER/FREEZER/ADMIN tiers | Privilege escalation |
| Freezer Kill Switch | Instant halt via freeze() |
Active exploits |
| GSM Delay | 48-hour timelock on admin changes | Malicious governance |
| Proxy Pattern | Custody separated from logic | Controller vulnerabilities |
Key Security Properties:
- Compromised relayers can only drain at slope rate (hours, not seconds)
- Freezer role provides sub-minute incident response without admin access
- L2 controllers cannot mint unbounded USDS (PSM-only operations)
- All admin changes flow through governance timelock [113]
Developer Resources
- Spark ALM Controller Repository - Smart contract source code and documentation
- Spark PSM Repository - PSM implementation details
- Spark Developer Documentation - Integration guides and API references
- Circle CCTP Documentation - Cross-chain bridging specifications
Related Topics
- USDS - The Sky Protocol stablecoin that maintains a 1:1 peg to USD through overcollateralized backing and stability mechanisms
- SKY - The Sky governance token granting voting rights and value accrual through the Smart Burn Engine
- Sky Savings Rate - Yield mechanism allowing USDS holders to earn passive returns by depositing into the savings contract
- DAI - The original MakerDAO stablecoin that remains in circulation alongside USDS with voluntary upgrade path
- Spark - The first Sky Star lending protocol that has achieved over $9 billion TVL and serves as the model for subsequent Stars
- Governance - Sky's decentralized governance system operating through onchain voting, the Sky Atlas, and aligned delegates
Sources
- Sky Protocol Scope - A.4
- USDS Definition - A.4.1.1
- SKY Token Definition - A.4.1.2
- Surplus Buffer and Smart Burn Engine - A.3.5
- Governance Scope References - A.1
- Risk Capital - A.3.2
- Agent Scope and Stars - A.6
- Stability Scope - A.3
- Vat - Detailed Documentation | Maker Protocol Technical Docs
- Vow - Detailed Documentation | Maker Protocol Technical Docs
- Jug - Detailed Documentation | Maker Protocol Technical Docs
- Spot - Detailed Documentation | Maker Protocol Technical Docs
- Collateral Liquidation - Sky Protocol Docs
- Sky Ecosystem Documentation - Sky Protocol Docs
- Overview - Sky Protocol Docs
- Oracle Security Module (OSM) - Detailed Documentation | Maker Protocol Technical Docs
- Oracle Module | Maker Protocol Technical Docs
- Median - Detailed Documentation | Maker Protocol Technical Docs
- What is Sky Protocol? - Messari
- What is Sky (MakerDAO) and How Does It Work? - Medium
- What Is Sky (SKY)? - Binance Academy
- What Really Happened To MakerDAO? - Glassnode Insights
- Black Thursday for MakerDAO: $8.32 million was liquidated for 0 DAI - Medium
- MakerDAO debt auction achieves its goal - Modern Consensus
- Sky doubles down on token overhaul - Cointelegraph
- MakerDAO Takes New Measures to Prevent Another Black Swan Collapse - Cointelegraph
- MakerDAO Is Now 'Sky' - CoinDesk
- What's Behind MakerDAO's Rebrand to Sky - DailyCoin
- Sky Could Go Back to Being MakerDAO - Unchained
- Vote to keep Sky rebranding - The Block
- MakerDAO's Rebrand to Sky: A Cautionary Tale - CryptoRobotics
- Sky Governance Portal
- Updated Information for SKY Integrators - Sky Forum
- Governance Security Module Adjustment - Sky Forum
- Endgame Plan v3 overview - Sky Forum
- S&P Sees No Quick Fix for Sky Protocol's Weak Capital and Centralization - The Defiant
- S&P Global gives Sky Protocol 'B-' credit rating, citing centralization and liquidity risks | The Block
- S&P Global assigns 'B-' credit rating to Sky, first for DeFi protocol
- DeFi protocol Sky is as investible as Congolese debt, S&P Global Ratings says – DL News
- S&P Global Assigns First-Ever B- Credit Rating to DeFi Platform Sky Protocol
- S&P Assigns First-Ever Credit Rating to a DeFi Protocol With B- for Sky
- Aave snubs Sky's USDS as collateral and 3 'underperforming' chains
- Sky - DefiLlama
- Sky Dollar (USDS) - DefiLlama
- Sky Lending - DefiLlama
- Sky RWA - DefiLlama
- Spark Liquidity Layer - DefiLlama
- Top DeFi Protocols 2025: Adoption, TVL, and Yield Insights | Medium
- SKY crypto rallies amid TVL boost - AMBCrypto
- Sky Protocol Overview - Gate.io
- Early MakerDAO Developer and Stablecoin Pioneer Found Dead in Puerto Rico - CoinDesk
- MakerDAO co-founder Nikolai Mushegian dies at 29 in Puerto Rico - Cointelegraph
- Nikolai Mushegian - Wikipedia
- Why MetaCartel Ventures is investing in Reflexer Labs - Medium
- Reflexer Labs - Products - CypherHunter
- No Evidence of Foul Play in Death of MakerDAO Co-Founder Nikolai Mushegian, Police Say - Decrypt
- MakerDAO Co-Founder Nikolai Mushegian Found Dead in Puerto Rico - CryptoPotato
- MakerDAO Co-Founder, Nikolai Mushegian, has Passed Away - Crypto.news
- Sky Protocol Overhauls Governance with MKR to SKY Transition, Boosting Staking and Rewards - AIvest
- Spark - DefiLlama
- Spark Protocol TVL Surges Past $8.5 Billion Fueled by Airdrop Frenzy - The Defiant
- Newest 'Star' in Sky Ecosystem Launches With $1B Tokenized Credit Strategy - Yahoo Finance
- Grove Announces Launch of Institutional-Grade Credit Infrastructure DeFi Protocol - BusinessWire
- Sky Protocol's DeFi platform Grove launches with $1B backing - Crypto.news
- Sky Protocol Launches Grove DeFi Credit Protocol With $1 Billion Investment - AIvest
- Keel Debuts as Sky's Solana-Focused 'Star' With a $2.5B Roadmap - CoinDesk
- Sky Launches Keel Protocol With $2.5B Solana Roadmap - Coin Push
- Keel Launches in Sky Ecosystem as Solana Capital Allocator - Blockchain.News
- Keel Launches on Solana to Deploy $2.5B in Sky Stablecoin Reserves - CoinCentral
- Vat - Detailed Documentation - GitHub
- mkr-mcd-spec/vat.md - GitHub
- dss/src/vat.sol - GitHub
- MCD Glossaries | Maker Protocol Technical Docs
- Oracles | MakerDAO Community Portal
- Security | MakerDAO Community Portal
- How it Works | MakerDAO Community Portal
- Maker - Feeds price feed oracles
- Add New Validators to Medianizer - October 31, 2024 - Maker Governance
- MakerDAO's Oracle Security Module Delays Liquidations by 1-Hour - AIvest
- How DeFi Saver knows price changes before you do - Medium
- MakerDAO Approves 4 New Light Feeds For Oracles - Web Archive
- Oracles - Community Development
- MakerDAO Paves Way for Additional $1.28B U.S. Treasury Purchase - Yahoo Finance
- Sygnum lead partner in Maker half-billion treasury diversification - Sygnum Bank
- MakerDAO Votes To Allocate 500M DAI Into US Treasuries, Bonds - Blockworks
- MakerDAO Eyes More US Treasury and Bond Investments - Blockworks
- BlockTower Credit RWA Vaults Onboarding - December 09, 2022 - Maker Governance
- Add Multiple BlockTower Credit Vault Types - November 21, 2022 - Maker Governance
- BlockTower Credit Vault Types GitHub
- BlockTower Credit and MakerDAO to Fund $220 Million - Centrifuge Medium
- BlockTower Credit Embraces Real-World Assets - Messari
- MakerDAO Injects $100M Worth of RWAs via BlockTower Andromeda - CryptoPotato
- MIP6: Huntingdon Valley Bank Loan Syndication - Sky Forum
- MakerDAO Opens $100M DAI Loan to Huntingdon Valley Bank - Blockworks
- Huntingdon Valley Bank's Bold Move Towards MakerDAO - Medium
- MakerDAO vote to Extend a $100 Million Loan to a U.S. Bank - BlockMagnates
- Bank To Connect With Ethereum's MakerDAO To Borrow $100M - Bitcoinist
- MakerDAO May Hook Up With Traditional Bank - Yahoo Finance
- Sky Protocol Reports $22M December Revenue - Crypto Economy
- Sky Protocol (Maker DAO) posts record December fees - Cryptopolitan
- Sky Protocol (Maker DAO) posts record December fees - CoinMarketCap
- Sky Protocol (Maker DAO) posts record December fees - Mitrade
- Sky Protocol Overhauls Governance - AIvest
- Sky Pitches Ousting Maker Token, Completing Upgrade - Cointelegraph
- Sky Proposes New Token and Staking Upgrade - CryptoNews
- Sky Protocol staking rewards hit $1.6M - Crypto.news
- Sky rolls out staking rewards - CryptoNews.net
- Keel Brings Up to $2.5 Billion in Capital to Solana - Crypto Reporter
- Keel Debuts on Solana With $2.5B Roadmap - VentureBurn
- Spark Protocol Shifts Focus to Institutional DeFi Solutions - BitcoinEthereumNews
- Spark ALM Controller - GitHub Repository
- Ethena Protocol Documentation - Delegated Signer
- Spark PSM Repository - GitHub
Data Freshness
Temporal Category: Semi-static with dynamic metrics
Last Updated: March 6, 2026
Data Currency:
Protocol TVL figures current as of December 2025 ($6.1B)
Governance parameters and Atlas structure current as of December 2025
S&P credit rating from August 2025
Aave rejection from late 2025 (ARFC posted November 2025, Snapshot vote passed with 99.5%)
Grove launch from June 25, 2025
Keel launch from September 30, 2025
Spark TVL at ~$8.5B as of late 2025
December 2024 revenue: $22.18M (annualized $160-265M depending on market conditions)
Technical Integration section: Spark Liquidity Layer architecture documented from GitHub sources
For real-time TVL, token prices, and current SSR rates, consult DefiLlama and Sky.money
Next Review Recommended: March 2026 (to capture Q1 2026 Stars launches, regulatory developments, and market share evolution)