← Back to Hack Archive

MakerDAO Black Thursday

March 12, 2020$8 millionMarket Collapse / Auction FailureEthereum

The Story

On March 12, 2020, a day that would become known as "Black Thursday" in the crypto community, the price of Ethereum plummeted by nearly 50% in less than 24 hours, dropping from around $200 to below $100. This dramatic market crash triggered a cascade of liquidations in the MakerDAO system, one of the largest DeFi protocols and creator of the DAI stablecoin.

Under normal conditions, MakerDAO's liquidation system auctions off collateral from undercollateralized vaults to maintain DAI's stability. However, on Black Thursday, the combination of extreme market volatility, Ethereum network congestion, and high gas prices created the perfect storm for a systemic failure.

The most damaging outcome was that many liquidation auctions received "zero bids," allowing some liquidators to win collateral auctions for free. Approximately $8 million worth of ETH was liquidated for 0 DAI, leaving many vault owners with nothing. The event also temporarily caused DAI to lose its peg, trading as high as $1.10.

In response, the MakerDAO community voted to compensate affected users and implement significant changes to the auction system to prevent similar failures in the future.

Technical Analysis

The MakerDAO Black Thursday incident was a complex system failure caused by several interrelated factors:

  1. Extreme Market Volatility: The rapid ETH price drop triggered mass liquidations
  2. Network Congestion: The Ethereum network became congested with transactions
  3. Auction Mechanism Flaws: The auction system wasn't designed for extreme conditions

The key technical vulnerability was in the auction system's design:

// Simplified representation of the vulnerable auction mechanism
contract Flipper {
    // Auction state variables
    struct Auction {
        uint256 bid;   // Current highest bid
        uint256 lot;   // Collateral being auctioned
        address guy;   // Address of highest bidder
        uint48 tic;    // Auction expiry time
        uint48 end;    // Max auction duration
    }
    
    mapping (uint => Auction) public auctions;
    
    // Vulnerability: No minimum bid requirement
    function tend(uint id, uint lot, uint bid) external {
        Auction storage auction = auctions[id];
        require(bid >= auction.bid, "Bid not higher");
        require(lot == auction.lot, "Lot size doesn't match");
        
        // Accept bid without minimum threshold
        auction.bid = bid;
        auction.guy = msg.sender;
        auction.tic = now + ttl;
    }
}

The key issues were:

  1. No minimum bid requirement, allowing valid 0 DAI bids
  2. The system's reliance on price oracles that couldn't keep up with market volatility
  3. The auction's short duration, which didn't allow enough time for bidders to participate during network congestion
  4. Keepers (auction participants) weren't prepared for the extreme gas prices and transaction failures

Lessons Learned

  1. DeFi protocols should implement circuit breakers to handle extreme market conditions
  2. Auction mechanisms need minimum bid requirements and gradual collateral liquidation
  3. Oracle systems must be robust enough to handle high volatility and network congestion
  4. Emergency shutdown mechanisms should be readily available in extreme situations
  5. System parameters should be stress-tested under a wide range of market conditions