Sky Protocol ($SKY) Web3 Audit Report

Executive Summary

Sky Protocol (accessible via https://sky.money/) is the rebranded and upgraded evolution of MakerDAO, one of DeFi's foundational protocols [1] [2]. The ecosystem centers around the USDS stablecoin, the yield-bearing sUSDS token, and the SKY governance token [3]. As of April 2026, the protocol demonstrates massive scale with over $8.4 billion in USDS onchain market cap [4]. While it boasts top-tier security practices including a $10M bug bounty [5] and formal verification [6], it faces notable regulatory restrictions (US geo-fencing) [7] and external credit concerns, highlighted by an S&P Global "B-" rating due to weak capital ratios [8].

1. General Description

• What is this project? Sky Protocol is a decentralized finance ecosystem that issues the USDS stablecoin (an evolution of DAI) and the SKY governance token (an evolution of MKR) [3] [2].
• What problem does it solve? It solves the "cash drag" problem of non-yielding stablecoins by allowing users to supply USDS to the Sky Savings Rate (SSR) module to receive sUSDS, an auto-compounding, yield-generating stablecoin [7].
• For what audience? DeFi users, institutional capital allocators, and stablecoin holders seeking non-custodial, risk-adjusted yield [3] [9].

2. Team

• Structure: As an evolution of MakerDAO, Sky operates as a Decentralized Autonomous Organization (DAO). The frontend interface (sky.money) is operated independently by Skybase International, a non-custodial entity separate from SkyDAO [3].
• LinkedIn & Socials: The project maintains a highly active X (Twitter) presence with over 293,000 followers [9]. Legacy MakerDAO core units (like MakerDAO SES) maintain professional LinkedIn presences [10], but there is no traditional centralized "Team" page, which is standard for mature DAOs but presents an anonymity risk in traditional audits.
• Known Members: The protocol relies on decentralized governance and independent "Sky Agents" (capital allocators) rather than a public-facing executive team [9] [7].

3. Concept/Documentation

• Uniqueness: Sky allows a seamless 1:1 conversion between USDC and USDS with zero frontend fees via its LitePSM (Peg Stability Module) [3] [11]. Its yield is funded by real protocol revenue generated by the Sky Agent Network, rather than inflationary token emissions [7].
• Demand Analysis: There is massive proven demand. As of late March/early April 2026, USDS has an onchain market cap of ~$8.43 billion [4], and the sUSDS supply sits at 6.23 billion [3].
• Roadmap & Development: The protocol is actively executing major upgrades. A significant milestone is the automated CEX upgrade of DAI to USDS scheduled for April 9, 2026, supported by Binance, KuCoin, Gate, and others [9]. They are also migrating their Ethereum-Solana bridge from Wormhole to LayerZero [12].
• Technical Details: Built primarily on Ethereum, utilizing ERC-20 standards, ERC-4626 for the sUSDS vault, and Certora-verified smart contracts [6] [11].
• Partnerships: Verified integrations include Morpho for Sky Vaults [3] and major centralized exchanges for token migrations [9].

4. Coin/Tokenomics

• Tokenomics & Distribution: The $SKY token is the governance token, replacing MKR. The conversion rate is strictly fixed at 1 MKR = 24,000 SKY [11] [13]. Because SKY is generated via this conversion, its distribution mirrors the historical distribution of MKR.
• Market Data (as of April 2026):
• Price: ~$0.073 - $0.078 [3] [14].
• Market Cap: ~$1.71 billion to $1.81 billion [3] [14].
• Holders: ~12,532 onchain holders [14].
• Staking: Users can stake SKY to earn a variable APY (advertised at ~10.81%) derived from protocol revenue, and can borrow USDS against staked SKY [3].

5. Code

• Open Source: Yes, the codebase is fully open-source under the sky-ecosystem and makerdao GitHub organizations [15] [16].
• Active Development: Repositories show active commits and maintenance (e.g., updates to converters and Certora specs) [16].
• Security Audits: The protocol utilizes formal verification via Certora for its LitePSM, USDS converters, and SKY converters [6]. It also relies on extensive historical audits from ChainSecurity for its foundational Maker architecture [17].
• Bug Bounty: Sky runs a massive bug bounty program on Immunefi, offering up to $10,000,000 for critical smart contract vulnerabilities [5].

6. Risks

• Financial Risks: S&P Global Ratings assigned Sky Protocol a "B-" issuer credit rating (Stable Outlook), citing a weak capital ratio of ~0.4% and centralization concerns regarding its collateral (heavy reliance on tokenized US Treasuries) [18] [8].
• Regulatory Risks: The sUSDS yield product is explicitly geo-fenced and currently unavailable to users in the United States [3] [7].
• Technical Risks: While heavily audited, the protocol is undergoing complex migrations, including a bridge migration to LayerZero [12], which introduces temporary smart contract risk windows.
• Governance Risks: The sUSDS yield (currently 3.75% APY) is not guaranteed by market utilization but is set by SKY governance token holders based on protocol revenue [7]. If revenue drops, governance can vote to lower the yield.

7. Community

• Social Media Size: The official X (Twitter) account (@SkyEcosystem) has over 293,000 followers and high engagement [9].
• Activity: The community is highly active, particularly around the April 2026 DAI-to-USDS exchange migrations [9]. Primary discussions happen on their Discord and official governance forums [3].

8. Final Assessment

• Risk Level: Medium
• Key Strengths:
• Massive liquidity and proven product-market fit ($8.4B+ USDS market cap) [4].
• Industry-leading security posture (Formal verification, $10M bug bounty) [6] [5].
• Zero-fee 1:1 conversions between USDC and USDS via LitePSM [3].
• Key Issues and Warnings:
• Credit/Capital Risk: The S&P "B-" rating highlights a very thin capital buffer (0.4%) protecting the peg in extreme downside scenarios [8].
• Regulatory Exclusion: Core yield products (sUSDS) are blocked for US persons [7].
• Centralization of Collateral: Heavy reliance on specific real-world assets (like US Treasuries) introduces traditional financial system counterparty risks [8].

References

1. MakerDAO | An Unbiased Global Financial System. https://makerdao.com/
2. MakerDAO's Sky Rebranding Overview. https://messari.io/copilot/share/makerdao-s-sky-rebranding-overview-fa2d1fcb-0870-4cec-bedf-9559ff4be8db
3. Sky.money | Put Stablecoins to Work with sUSDS, Vaults & SKY. https://sky.money/
4. USDS Stablecoin (USDS) | ERC-20 | Address - Etherscan. https://etherscan.io/token/0xdc035d45d973e3ec169d2276ddab16f1e407384f
5. Sky Bug Bounties. https://immunefi.com/bug-bounty/sky/scope/
6. Development Practices | Sky Protocol Docs. https://developers.sky.money/security/security-measures/development-practices/
7. sUSDS | Access the Sky Savings Rate on USDS. https://sky.money/susds
8. S&P Sees No Quick Fix for Sky Protocol's Weak Capital and .... https://thedefiant.io/news/research-and-opinion/s-and-p-sees-no-quick-fix-for-sky-protocol-s-weak-capital-and-centralization
9. Sky (@SkyEcosystem) / Posts / X. https://x.com/SkyEcosystem
10. Structured Data Results (10 entities). http://ses.makerdao.network
11. Protocol Token Routes. https://developers.sky.money/quick-start/protocol-token-routes/
12. Sky Ecosystem | Sky Protocol Docs - Sky.money. https://developers.sky.money/
13. Token Holders | Sky Protocol Docs. https://developers.sky.money/guides/sky/token-governance-upgrade/token-holders/
14. SKY Governance Token (SKY) | ERC-20 | Address - Etherscan. https://etherscan.io/token/0x56072c95faa701256059aa122697b133aded9279
15. Sky Ecosystem. https://github.com/sky-ecosystem
16. sky-ecosystem/sky. https://github.com/makerdao/sky
17. Sky Bug Bounties. https://immunefi.com/bug-bounty/sky/information/
18. Sky Protocol Assigned 'B-' Rating; Outlook Stable. https://www.spglobal.com/ratings/en/regulatory/article/-/view/sourceId/101639449