TL:DR we chose to delay based on audit recommendations from Sundae Labs. We need to implement multiple changes to the smart contracts that will allow us to improve security and futureproof the USDM token, which prevents liquidity-fragmenting policy ID changes. These changes, plus testing time, and holiday delays make the specific launch date uncertain, but development is proceeding apace, and we are estimating our new target launch date to be March 16, 2024.

On stage at the Cardano Summit, Mehen announced that the USDM fiat-backed stablecoin would be coming to mainnet on December 19, 2023. During our December 7th team meeting, it became apparent that we could not make our deadline, and we announced an indeterminate delay “for security reasons” on December 8th. The team took some time to recoup during the holidays, and now in early January, people are justifiably asking “WEN USDM?” and “Why delay?”

The Cardano community deserves a plain and transparent explanation about why we delayed USDM’s launch, and why these necessary changes are important to safeguard Cardano’s DeFi ecosystem. In this article, we’ll get into the reasons behind the delay, the critical updates being made to USDM, and why this pause is a pivotal step in ensuring a secure and prosperous future for Cardano.

Overview of Mehen Protocol and the Original USDM Design

The Mehen Protocol, at its most basic level, enables Cardano-based tokenization of real-world assets. The USDM stablecoin is the first product of the Mehen Protocol and is intended to be the enabling engine for Cardano DeFi. By bringing the ease and utility of fiat USD cash to Cardano, USDM will unlock substantial potential for the ecosystem.

The architecture of the Mehen Protocol seems simple, but the implementation is intricate and purposeful. The token’s monetary policy is designed to:

1. Know how much of the token is in circulation on-chain without using a blockchain snapshot
2. Know how much is in the reserve account by way of an oracle feed
3. Prevent any minting that brings the circulation above the oracle value

The oracle (off-chain information feed) plays a pivotal role in this setup, providing on-chain updates that attest to the presence of real-world assets. For this purpose, Charli3 was chosen as the oracle, trusted to provide reliable data about the fiat reserves backing USDM.

From the beginning, the Mehen Protocol (and by extension, USDM) included what we term “transparent flexibility.” The issuer of a token, in this case Mehen as controller of USDM, must have the ability to change parts of the protocol, such as the reserves oracle, without changing the policy ID of the token.

Such changes could include rotating signing keys, transitioning to a different version of Charli3, switching to an entirely different oracle provider, or even adopting an aggregate logic across multiple oracles. If anything was changed, this would be transparent and immediately visible on-chain. We assumed that transparency would be a good watchdog and would prevent malicious behavior. While this flexibility was a strength, it was also a vector of vulnerability.

Potential Design Gaps Identified in the Audit

The original token design was groundbreaking. Achieving on-chain global-state awareness in a UTxO local-state environment is notoriously difficult, and USDM’s novel design achieved this.

The audit of USDM’s design by Sundae Labs was a critical juncture in our journey. It brought to light several potential design gaps that, if unaddressed, could have significant implications for the stability and reliability of USDM within Cardano’s DeFi ecosystem.

Latency of ‘Watchdog’ Mechanisms: The audit highlighted concerns about the latency in updating the ‘watchdog’ mechanisms in place to keep the protocol honest. Particularly, the ability of the protocol owner (Mehen for USDM) to rapidly change the oracle and potentially manipulate the market raised red flags. To account for this potential vulnerability, we are implementing time delays that are applied to such critical updates, providing a lengthy window for scrutiny and response, thus safeguarding against malicious internal actions.

Upgradability of the Token: Critically, the audit recognized that if we needed to make any changes to the token itself, it would change the policy ID. For example, if we wanted to use Plutus v3, or change the token to being governed by a sidechain, or distribute governance to a DAO structure. This would cause fragmentation of liquidity and much difficulty for our integration partners due to the need for new policy IDs. This upgradability element has proven the most challenging because again, such flexibility will require additional security, with a stricter multisig setup and lengthy time delays to allow rollbacks to any changes initiated on-chain to the scripts.

It’s important to emphasize that none of these “vulnerabilities” were external security threats. The audit points were recommendations to prevent “internal” threats. As a centralized issuer of a stablecoin, Mehen would still have to redeem all USDM tokens for fiat, even maliciously minted ones. We could solely trust our internal safeguards, or improve things by enhancing on-chain security. In other words, we needed to completely embrace the crypto mantra of “Don’t trust, verify.”

The vulnerabilities were real but manageable. We had two paths forward:

• Launch on time with “internal vulnerabilities” and address them with USDM v2 later. This had the potential to dramatically fragment liquidity and would have given our integration partners the difficult task of supporting two slightly different (but equally fiat-backed) tokens in their protocols.
• Delay and make changes to the token design to address these vulnerabilities, allowing upgrades without changing the USDM policy ID. This would require an unknown amount of time to implement the changes, do the post-change audit review, and perform end-to-end testing following implementation.

Security Enhancements and Future-Proofing

We obviously chose the latter path. The security vulnerabilities were too great and protocol enhancements were not mere tweaks but essential changes aimed at future-proofing USDM against a range of potentialities. Here are the two changes we have already integrated:

Introducing Multi-Signature and Time-Delay Mechanisms: In response to the identified risk of rapid, unauthorized changes, we integrated multi-signature controls and time-delay mechanisms. This ensures that any significant modification to the protocol undergoes thorough scrutiny and provides ample time for the community to react, thereby preventing hasty or malicious actions. Modifications will only go into effect after the prescribed delay period based upon update type and can be canceled if deemed necessary.

Enhancing USDM Upgradeability: Based on guidance from Sundae Labs, we are future-proofing USDM by introducing mutable and upgradable elements, which allows us to make changes to the token’s on-chain controls without changing the policy ID. This prepares USDM for Cardano’s future. By enabling USDM to adapt to future advancements in the ecosystem — including additional smart contract languages, new Cardano Improvement Proposals (CIPs), and potential hard forks — we’ve ensured that USDM will remain adaptable and relevant in the evolving landscape of Cardano.

Transparent flexibility will be enhanced by adding multisig and time-delay security. The token’s base design will be modified such that multiple aspects of the USDM token can be upgraded transparently and with ample time for communication and community review. This future-proofs the USDM token, ensuring that USDM will be maximally fungible within the Cardano blockchain and DeFi ecosystem.

These security enhancements and forward-looking modifications reflect our dedication to creating a stablecoin that is not just secure and reliable at launch, but remains that way well into the future.

The Importance of the Delay for Cardano

The decision to delay the launch of USDM was not easy, but it was right; it carried profound implications for the future of Cardano’s DeFi ecosystem. This pause, while creating a temporary setback, will ultimately provide Cardano with a much more robust stablecoin solution.

In the race to launch and meet deadlines, the priority for robust security cannot be overstated. The mantra of “move fast and break things” might suit the Web2 world, but in immutable Web3, deploying protocols correctly is paramount. By choosing to delay USDM’s launch, we prioritized security and resilience over haste. Cardano is well-known for its contemplative approach, and we agree with this ethos.

At the heart of this decision was our community focus. Launching a token with even minor deficiencies and then addressing these in a v2 would have significantly impacted users and DeFi partners who are eagerly anticipating USDM. We have productive partnerships with dozens of DeFi applications on Cardano, and we did not want to burden them with a v2 token integration down the road. And users of the USDM token would not appreciate the burden of upgrading or dealing with fragmented DEX liquidity that a v2 of the token would bring.

Ultimately, our choice to delay the launch of USDM is driven by Mehen’s vision as a community-first effort. We are committed to delivering high-quality, secure, and sustainable products that serve the community. And it underscores our dedication to building a DeFi ecosystem that is powerful, efficient, and, most importantly, responsible. As we move forward, USDM stands ready to become not just a part of Cardano’s DeFi ecosystem, but a cornerstone of its sustained growth and success.