MakerDAO/Sky RWA vault — DAO governance + off-chain Treasury collateral. Identity is inverted: the vault manager qualifies to the DAO, not vice versa.
"The board resolution — except the board is 80,000+ MKR token holders, the resolution is a Maker Improvement Proposal, and the vote executes an on-chain spell. No human officer signs the authorization — code does."
A new RWA vault type (e.g., 'RWA-014: BlockTower Andromeda') begins with a forum post on the Maker Governance forum. Technical MIPs (Maker Improvement Proposals) specify the vault: debt ceiling, stability fee, liquidation ratio (or bypass for RWA types), oracle source, and the mandated actors (risk, oracle, compliance). Signal polls precede executive votes; the executive vote casts a 'spell' — a one-time governance contract that mutates protocol state. A 48-hour Governance Security Module (GSM) delay follows before the spell executes, providing a last-chance window to detect malicious proposals. This is the governance 'board resolution' — fully code-enforced at L3/L5: no authorization exists until the spell executes on-chain. D16 (programmable governance as compliance) fires.
"The job interview, reversed — in every other structured finance path, the investor proves they're qualified to invest. Here, the vault manager proves to 80,000 anonymous MKR holders that they're trustworthy enough to borrow $500M of protocol-minted DAI."
The identity gate is inverted. In I4 (BUIDL) or S6 (ABS), the investor proves accreditation. Here the borrower (vault manager — Monetalis, BlockTower, Coinbase Asset Management) must prove to the DAO they're trustworthy enough to borrow hundreds of millions of DAI against off-chain collateral. The manager forms an SPV (Cayman Islands trust or Delaware LLC) with an independent director; law firms (Ogier, Walkers) issue enforceability opinions; the DAO reviews the structure in public governance forum posts. KYB is inverted but informal — no regulator accredits the vault manager. D1 (manager identity disclosure, public and reputational) and D8 (SPV structure / trust / law-firm opinions — licensing proxies in the absence of a regulator) fire. Policy-enforced.
"The investment policy statement — the DAO's governance sets the collateral guidelines: what the vault manager can buy, how much duration risk they can take, and what credit quality floor applies."
The DAO's governance ratifies an investment mandate: eligible collateral (typically 1–3 month US Treasuries, occasionally corporate bonds capped by rating), duration limits (weighted-average maturity ≤ X months), single-issuer concentration, credit-quality floor (AAA / AA sovereign, IG-only for corporate), haircuts, and manager operational limits. Custodial relationships opened: BNY Mellon or State Street as custodian; broker-dealer agreement (Siebert Williams Shank, or prime broker) for execution. Pricing feeds (Tradeweb, Bloomberg) for NAV. All off-chain — DAO governance ratifies the terms, the manager and custodian execute. D9 (prudential mandate: duration + concentration) and D10 (market-conduct / investment-policy disclosure via public DAO forum) fire.
"The credit committee resolution — except the credit committee is the DAO, the credit limit is the debt ceiling, and the interest rate is the stability fee. All enforced by code, not by a loan officer's discretion."
The governance-ratified parameters — debt ceiling (line, e.g., $500M), stability fee (duty, e.g., 5% annualized), instantaneous borrow limit, utilization target — live in the Maker Vat as immutable storage values until the next governance spell. Every draw() against the vault calls frob() on the Vat, which atomically checks: (1) new debt ≤ debt ceiling, (2) new debt × stability_fee ≤ surplus requirement, (3) collateralization ratio maintained (or, for RWA types, collateralization check bypassed — RWA vaults trust the manager within the debt ceiling). If any check fails, the frob reverts. Keeper bots call drip() to accrue stability fees continuously. Fully code-enforced at L3 Execution — no loan officer, no override, no discretion. D9 (prudential debt-ceiling limit) and D16 (automated parameter enforcement) fire.
"The drawdown — the vault manager calls frob() on the Maker Vat, DAI appears in their wallet, they swap it for USDC on Curve or PSM, wire the dollars to the custodian, and buy Treasuries. The on-chain/off-chain bridge is the weakest link."
The manager draws DAI against the vault (frob() on the Vat, generating DAI up to the debt ceiling), swaps DAI → USDC via the Peg Stability Module (PSM, 1:1 atomic swap) or on Curve, then takes USDC → USD off-chain: Circle redemption (USDC burn, bank wire to the SPV's custody account), then the custodian (BNY Mellon) uses USD to buy Treasuries on Tradeweb. The on-chain portion (DAI mint + PSM swap) is fully code-enforced and atomic. The on-chain → off-chain bridge is the structurally weakest link: between USDC redemption and Treasury settlement, funds sit in fiat at a bank (counterparty risk), the wire has to be correctly routed to the SPV (operational risk), and T+1 Treasury settlement is not atomic with the mint. The mint itself is code-enforced; the deployment is policy-enforced. D16 (programmable on-chain mint + PSM swap) fires.
"The daily valuation — the vault manager marks the portfolio to market, reports the NAV to the oracle, and the Maker protocol uses this to determine whether the vault is still safely collateralized. The oracle is the protocol's eyes on the off-chain world."
Daily NAV cycle: vault manager marks the off-chain Treasury portfolio to market using Tradeweb/Bloomberg prices + custodian-attested positions, signs the NAV value and submits to the oracle relayer. Chronicle (or Chainlink for other vaults) aggregates signatures from multiple relayers and pushes the value through the Oracle Security Module — a 1-hour delay that gives the protocol a window to detect manipulation. After the OSM delay, the new NAV is the canonical on-chain value. The protocol computes collateral ratio = NAV / debt_outstanding; for RWA vaults, the ratio is informational rather than a liquidation trigger (RWA collateral can't be liquidated on-chain — it's Treasuries sitting at a custodian). A sustained ratio below 100% triggers a governance response rather than automated liquidation. D9 (collateral-ratio prudential monitor) and D16 (OSM delay as code-enforced integrity mechanism) fire.
"The coupon date — the off-chain Treasuries earn yield, the vault manager pays the stability fee to the Maker protocol, and the protocol distributes this revenue to MKR holders (via buyback) and DAI holders (via the DAI Savings Rate)."
Two yield flows. Off-chain: the Treasury portfolio earns its coupon; the vault manager collects a management fee (typically 15–50 bps on AUM) paid to the SPV, with net yield flowing back as stability-fee coverage. On-chain: stability fees accrue continuously inside the Vat (drip() keeps the state fresh) and flow into the Maker surplus buffer; from the buffer, the Flap auction burns MKR (returns value to governance-token holders) and the DAI Savings Rate contract (DSR) pays DAI depositors. Stability-fee accrual is fully code-enforced; the off-chain yield leg depends on the custodian/manager. The structural circularity: the DAO creates DAI, the vault manager uses DAI to buy Treasuries, Treasury yield repays the DAO, the DAO burns MKR — a fiat-native revenue engine inside a crypto-native governance system. D11 (fee-flow recordkeeping, on-chain audit trail) and D16 (programmable fee distribution) fire.
"The annual audit — except the 'issuer' is a DAO with no corporate officer, the 'securities' might not be securities, and no regulator has definitively claimed jurisdiction. The reporting happens anyway, into a regulatory void."
Three parallel reporting streams against an ambiguous regulatory backdrop. On-chain: every draw, repay, stability-fee accrual, and oracle update is public, immutable, and real-time — Makerburn.com and Dune Analytics dashboards expose the full state. Off-chain: the custodian publishes quarterly position statements, auditors (KPMG, Deloitte) issue annual opinions on the SPV, and Steakhouse Financial publishes monthly transparency reports. Regulatory: MakerDAO is not a registered issuer anywhere; MKR is not a registered security (SEC has not tested this); the vault manager SPV is typically registered in a friendly jurisdiction (Cayman, BVI) with minimal local filing. The 'issuer' has no Form 10-K. The 'investor' (MKR holder) has no K-1. The 'audit' is voluntary disclosure against a best-practice target set by the DAO itself. This is a genuine regulatory void — part of the honesty marker for this path. Obligation checkpoint (diamond) but discharged into ambiguity. D10 (voluntary transparency in lieu of required disclosure), D11 (on-chain immutable record as de-facto recordkeeping), and D12 (custodian + auditor reports as de-facto filings) fire.
Resolved 8 steps across 1 chain(s). 0 threshold(s) triggered. Frameworks: Common Reporting Standard / FATCA.
Coverage notes: 5 disclosed gap(s).