DeFi protocol token
Sky SKY
Sky (SKY), formerly MakerDAO, is a DeFi governance protocol on Ethereum with approximately $7.9 billion in stablecoin liabilities (USDS). The protocol has performed zero quantum readiness work: no public cryptographic inventory, no quantum threat model, no post-quantum roadmap, no prototype or testnet, and no production PQC or hybrid-PQC protection. All spend authorization, governance voting, oracle feeds, admin keys, multi-sigs, and bridge dependencies (Skylink/LayerZero, Unichain, Optimism native bridges) rely entirely on classical ECDSA/BLS cryptography inherited from Ethereum L1. The MKR-to-SKY rebrand was a tokenomics migration, not a cryptographic one. Two classical smart-contract audits exist (ChainSecurity, Cantina) but address zero quantum scope. The Eternax industry report (April 2026) explicitly confirms Sky has no disclosed post-quantum migration roadmap. The protocol scores 1.0/100 (Stage 0), reflecting that quantum risk has not been assessed or acknowledged by the project, and no mitigation work exists.
Not AssessedToken Inheritance: Ethereum L1Classical Admin KeysClassical Bridge Dependency
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory: Sky has not published any inventory of critical public-key mechanisms, quantum threat model, or affected assets/layers.
- Active production spend authorization entirely ECC-only: All SKY/USDS token transactions, governance votes, and protocol operations rely on Ethereum ECDSA signatures.
- Governance multisigs, admin keys, oracle feeds, and bridge signer sets are entirely dependent on classical (ECC) cryptography with no disclosed migration path.
- No post-quantum migration roadmap, prototype, testnet, or mainnet support exists for any Sky Protocol component.
- Approximately $7.9 billion in stablecoin liabilities (USDS) plus additional governance-controlled assets are fully exposed to quantum key-recovery attacks.
Key Risks
- Approximately $7.9 billion in USDS stablecoin value plus additional governance-controlled assets are fully exposed to quantum key-recovery attacks with no disclosed protection or migration path.
- Governance multisigs (Chief contract, Pause Proxy, SubDAO admin keys) are entirely ECC-dependent. A quantum compromise of governance keys could lead to malicious parameter changes, unauthorized minting, collateral seizure, or protocol insolvency.
- Oracle feeds (Chronicle/Scribe oracle nodes) rely on classical signatures. Compromised oracle data could trigger false liquidations or manipulate collateral valuation at scale.
- Skylink (LayerZero-based), Unichain, and Optimism native bridges rely on classical cryptographic security models. A quantum break of bridge signer sets or light-client verification could enable cross-chain theft of bridged USDS/sUSDS.
- No quantum incident-response process, emergency governance playbook, or disclosure mechanism exists for quantum-specific threats, leaving the protocol without a coordinated defense if quantum attacks materialize before migration.
- Real-world asset (RWA) custodians and off-chain legal agreements may rely on classical digital signatures, creating additional quantum risk to the protocol's collateral base that is outside the scope of on-chain mitigation.
- Dormant/legacy MKR and DAI holders who have not upgraded to SKY/USDS remain exposed, and the parallel DAI/MKR system creates additional quantum-vulnerable surface area.
Assurance Notes
- Classical smart-contract audits exist (ChainSecurity, Cantina) and are current/relevant for classical security, but cover zero quantum or post-quantum cryptographic scope.
- Sky inherits Ethereum L1 cryptographic properties for transaction signatures; any future Ethereum quantum upgrade would improve Sky's base-layer security but would not automatically protect Sky's governance multisigs, admin keys, oracle feeds, or bridge signer sets.
- The MKR-to-SKY token rebrand (1:24,000 conversion) was a tokenomics and branding migration, not a cryptographic security migration. It provides no quantum protection.
- Sky's Endgame Plan roadmap focuses on governance restructuring, SubDAO formation, collateral strategy, and tokenomics. No quantum or post-quantum cryptography work is mentioned in any Endgame Plan documentation.
- No formal quantum-specific incident-response playbook, security contact for quantum vulnerabilities, or disclosure process for quantum-related threats was found.
Non-Scoring Caveats
- Classical smart-contract audits (ChainSecurity 2025, Cantina 2025) are current for classical security but do not address quantum readiness. Per QRI rules, audit freshness gaps that do not make a quantum-critical property unverifiable are treated as assurance notes, not score deductions.
- The MKR-to-SKY token migration (branding/tokenomics) is unrelated to cryptographic security and provides no quantum protection. It is noted here to prevent confusion with a cryptographic migration.
- Sky inherits Ethereum's L1 quantum vulnerability; Ethereum's published post-quantum roadmap (targeting approximately 2029 for core infrastructure) would eventually benefit Sky's base-layer transaction security, but Sky-specific governance, bridge, and oracle infrastructure would require independent migration.
- Sky's RWA (real-world asset) custodians and off-chain legal agreements may rely on classical digital signatures that are outside the scope of this on-chain protocol evaluation but represent additional quantum risk to protocol solvency.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory
Claim: No public cryptographic inventory of critical public-key mechanisms exists for the Sky Protocol.
Coverage basis: Absent
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory: Sky has not published any inventory of critical public-key mechanisms or quantum threat model.
Assurance: Confirmed by exhaustive search of official docs, GitHub repos, governance forums, and industry reports. No crypto inventory document, quantum threat model, or affected-asset analysis was found across any primary or secondary source.
The absence of a cryptographic inventory is confirmed by the Eternax industry report (April 2026), which explicitly identifies Sky as lacking any disclosed quantum risk assessment or migration roadmap.
Security Assessment & Evidence Preparedness
Public evidence record
Claim: No quantum-specific evidence record exists supporting any assessment of Sky's cryptographic posture.
Coverage basis: Absent
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No evidence record of quantum risk assessment exists.
Assurance: No quantum-specific code references, specs, transaction examples, reproducible analytics, or audit evidence were found in any Sky Protocol source.
Classical smart-contract audits (ChainSecurity, Cantina) exist but contain no quantum or post-quantum scope. They serve as classical assurance only.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: All SKY token and USDS stablecoin transactions rely on Ethereum L1 ECDSA signatures on secp256k1. No PQC or hybrid-PQC spend authorization exists.
Coverage basis: ECC-only, inherited from Ethereum L1
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Active production spend authorization remains entirely ECC-only (Ethereum ECDSA).
Assurance: Confirmed by Sky Protocol official docs, GitHub source code (standard Solidity ERC-20-like contracts), and Ethereum's documented reliance on ECDSA/secp256k1.
SKY is a standard smart-contract governance token. All transaction authorization is delegated to Ethereum L1 ECDSA. The token has no independent signature scheme. Per QRI Token Inheritance rules, Sky inherits Ethereum's L1 quantum vulnerability for transaction signatures.
Production Cryptographic Protection
Account/address/public-key exposure and key-derivation design
Claim: SKY token holders use standard Ethereum EOAs with long-exposure public keys. Any EOA that has sent a transaction has its public key permanently exposed on-chain, creating an indefinite attack window.
Coverage basis: Standard Ethereum account model, no PQ mitigations
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure quantum-vulnerable public keys for all transacted EOAs with no migration path.
Assurance: Ethereum's account model exposes the public key on first spend. Sky inherits this vulnerability. No Sky-specific key-derivation or address-format mitigation exists.
Accounts that have only received tokens (never sent) have not exposed their public key, providing partial protection. However, governance participants, large holders, and active DeFi users have almost certainly exposed keys.
Production Cryptographic Protection
Consensus-critical authentication
Claim: Sky's governance system (Chief contract, Pause Proxy, executive vote spells), SubDAO admin keys, and oracle feeds (Chronicle/Scribe) rely entirely on ECDSA-based Ethereum transactions and multi-sig configurations. No PQC or hybrid-PQC protection exists.
Coverage basis: ECC-only governance and oracle authentication
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Governance multisigs, admin keys, and oracle feeds are entirely ECC-dependent with no quantum migration path.
Assurance: Confirmed by on-chain governance spell executions, official Sky governance documentation, and the Eternax report which identifies Sky's admin keys as quantum-vulnerable.
Sky does not operate its own consensus layer, but governance and oracle authentication serve a consensus-critical role for the protocol. Compromise of governance keys via quantum attack could authorize malicious parameter changes or drain protocol-controlled assets.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: Sky's bridge dependencies (Skylink/LayerZero, Unichain native bridge, Optimism native bridge) rely on classical cryptographic verification (ECDSA-based signer sets, light-client verification). Bridge state integrity is quantum-vulnerable.
Coverage basis: ECC-dependent bridge verification
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Bridge signer sets and light-client verification rely on classical cryptography, enabling quantum-enabled cross-chain theft.
Assurance: Skylink is reported as built on LayerZero infrastructure. Unichain and Optimism native bridges use canonical token bridge contracts governed by Sky's L1GovernanceRelay. The cryptographic details of LayerZero's signer set are not fully documented in Sky's public materials, but all evidence points to classical ECDSA/BLS dependency.
Sky's cross-chain expansion (Avalanche via Skylink, Unichain, Optimism) creates bridge attack surface. A quantum break of bridge verification could enable unauthorized minting of bridged assets on destination chains or theft of locked collateral on Ethereum.
Production Cryptographic Protection
Privacy and proof layers
Claim: Sky Protocol has no privacy layer, shielded transactions, ZK-proof systems, or confidential transfer mechanisms.
Coverage basis: Not applicable
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: N/A subfactor; no quantum vulnerability arises from a layer that does not exist.
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: Sky does not operate an independent P2P network. All network communication is handled by Ethereum L1.
Coverage basis: Not applicable
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: N/A subfactor.
Production Cryptographic Protection
Critical wallet, custody, HSM, and hardware-wallet workflows
Claim: No PQ/hybrid wallet, custody, HSM, or hardware-wallet workflows exist for SKY or USDS. All custody relies on standard Ethereum ECDSA wallets.
Coverage basis: ECC-only wallet and custody paths
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ/hybrid wallet or custody path exists for protocol participants.
Assurance: SKY/USDS are standard ERC-20 tokens supported by MetaMask and other Ethereum wallets. No wallet supports PQ signing for these tokens. No HSM or institutional custody solution offers PQ protection for Sky Protocol assets.
Governance multisigs, foundation treasuries, and SubDAO treasuries holding large SKY positions use standard Ethereum multi-sig wallets (e.g., Gnosis Safe) with ECDSA security.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: Approximately 0% of Sky's approximately $7.9B in stablecoin liabilities and associated governance-controlled value is protected from quantum key-recovery attacks.
Coverage basis: Less than 25% coverage, essentially zero
Implementation score: 0.05 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Approximately $7.9B in value-at-risk with zero quantum protection.
Assurance: The $7.9B figure comes from the BlockEden report (April 2026) describing Sky's stablecoin liabilities. Exact protected/unprotected breakdown cannot be computed because no protection exists. Coverage is 0% for all practical purposes. Per QRI 9.3.1, less than 25% coverage scores 1 out of 20 for this subfactor (implementation score 0.05).
Value-at-risk includes USDS circulating supply, sUSDS (staked USDS), governance-controlled treasuries, Spark Protocol TVL, bridge-locked collateral, and SubDAO-controlled assets. All are quantum-vulnerable. Dormant MKR/DAI that hasn't migrated to SKY/USDS adds additional vulnerable surface.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, foundations, major protocols) have been migrated to or protected by any PQC or hybrid-PQC mechanism.
Coverage basis: Zero critical wallet protection
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No critical wallets have been migrated to PQ/hybrid protection.
Assurance: Governance spell executions show multi-sig addresses (PauseProxy, Chief contract, SubDAO admin multisigs, SPK Company Multisig) all operating via standard Ethereum ECDSA transactions. No PQ address format, PQ signature, or hybrid scheme is used by any critical protocol wallet.
Critical wallets include the Pause Proxy, Chief contract, SPK Company Multisig, Spark SubProxy, Grove SubProxy, and Core Council Multisigs. All are ECC-only.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified and addressed
Claim: No legacy quantum-vulnerable pools have been identified, measured, deprecated, migrated, frozen, or proven not to exist by design.
Coverage basis: No identification or deprecation of vulnerable pools
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No legacy vulnerable pool identification or deprecation exists.
Assurance: Parallel DAI/MKR system continues to operate alongside USDS/SKY. Legacy MKR governance and DAI stablecoin pools represent additional quantum-vulnerable surface that has not been inventoried, measured, or deprecated from a quantum perspective.
The MKR-to-SKY upgrade is a tokenomics migration (branding, supply ratio change), not a cryptographic migration. Legacy MKR holders who have not upgraded remain in a quantum-vulnerable state. No freeze, deprecation, or burn policy exists for quantum-vulnerable legacy positions.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: No public migration or protection roadmap exists for quantum security. The Eternax report (April 2026) explicitly confirms Sky has no disclosed post-quantum migration roadmap.
Coverage basis: No roadmap exists
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No post-quantum migration roadmap exists.
Assurance: Exhaustive search of Sky Forum, official docs, GitHub repositories, and governance proposals reveals zero quantum-related discussion. The Endgame Plan (v3) covers governance restructuring, SubDAO formation, collateral strategy, and tokenomics with no mention of cryptography, signatures, or quantum threats.
Sky's published roadmap (Endgame Plan, 2026 priorities) focuses on USDS supply growth, SubDAO Star launches, RWA scaling, and multi-chain deployment. Quantum security is entirely absent from all public planning documents.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for Sky Protocol users.
Coverage basis: No migration tooling or accessibility
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ/hybrid account creation, wallet tooling, or migration path exists for users.
Assurance: The sky.money interface provides token upgrade paths (MKR-to-SKY, DAI-to-USDS) for the tokenomics migration but contains no quantum-security warnings, education, or PQ account creation options.
Users cannot create a PQ-protected SKY account or migrate to a quantum-safe custody configuration through any Sky-provided tooling. The protocol defaults to quantum-vulnerable ECDSA accounts with no alternative.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms exist (deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking, mandatory migration deadlines). No exchange, custody, bridge, wallet, or infrastructure coordination exists for quantum migration.
Coverage basis: No enforcement or coordination
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No migration enforcement or ecosystem coordination for quantum security.
Assurance: Sky's governance system has enforcement capabilities (GSM Pause Delay, freezability switch on USDS, Protego cancellation module) but none have been configured or purposed for quantum migration enforcement.
The USDS freezability switch (never activated) and GSM Pause Delay (currently 24 hours) are existing governance enforcement tools that could theoretically be repurposed for quantum migration enforcement, but no proposal, plan, or governance discussion exists to do so.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: No quantum-specific emergency disclosure process, incident-response playbook, or governance mechanism exists for quantum-related vulnerabilities.
Coverage basis: No quantum-specific IR process
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: Per QRI Section 8.2, the absence of a formal quantum-specific incident-response playbook does not by itself create a Readiness & Risk Cap. However, it does reduce the Implementation Score for this subfactor to 0.00 since no quantum IR process exists at all.
Sky has general governance security mechanisms (GSM Pause Delay, Protego cancellation, Emergency Shutdown Module disabled in Phase One upgrade) but none are documented, tested, or purposed for quantum-specific incident response.
Algorithm & Implementation Assurance
Uses NIST-standardized or broadly reviewed PQC/hybrid-PQC algorithms
Claim: Sky Protocol uses no PQC, hybrid-PQC, or quantum-resistant algorithms anywhere in its stack.
Coverage basis: No PQC algorithms in use
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No NIST-standardized or reviewed PQC algorithms are used.
Assurance: Sky's smart contracts are standard Solidity using OpenZeppelin libraries and MakerDAO's own DSS framework. No reference to ML-KEM, ML-DSA (Dilithium), SLH-DSA (SPHINCS+), XMSS, LMS, or any other PQC algorithm exists in the codebase.
All cryptographic operations (hashing via Keccak-256, signatures via ECDSA/secp256k1) use classical algorithms standardized for Ethereum. No bespoke or custom cryptography is implemented at the Sky Protocol level.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: Existing audits (ChainSecurity, Cantina) cover classical smart-contract security only. No audit addresses any quantum or post-quantum cryptographic scope.
Coverage basis: Classical audits only, no quantum scope
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: ChainSecurity and Cantina audits are current (2025) and relevant for classical smart-contract security but are scope-mismatched for quantum readiness. They review token conversion logic, governance integration, and minting assumptions, with no PQC algorithm review, side-channel analysis, or quantum threat modeling.
The absence of a quantum-scope audit is a direct consequence of there being no PQC implementation to audit. The Implementation Score is 0.00 because no quantum-critical implementation exists, not because audits are missing.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Sky's classical smart contracts are open source (GitHub: makerdao/sky), but no quantum-critical implementation exists to be open-sourced or reproduced.
Coverage basis: Classical code is open source; no PQ code exists
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No quantum-critical implementation exists to be open-sourced.
Assurance: Sky's Solidity contracts are publicly available and buildable. This supports classical security review but provides no quantum assurance. The subfactor scores 0 because there is no quantum-secure implementation to evaluate for openness or reproducibility.
The classical codebase is well-structured and auditable, but this subfactor specifically concerns the quantum-critical implementation, which does not exist.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: No documented parameter agility or future upgrade path exists for migrating cryptographic primitives to post-quantum algorithms.
Coverage basis: No parameter agility documented
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No parameter agility or cryptographic upgrade path is documented.
Assurance: Sky's governance system can upgrade contracts via executive spells, providing a theoretical upgrade path. However, no documentation, specification, or design exists for how signature scheme agility, key format migration, or algorithm parameter changes would be handled.
Ethereum's planned EIP-8141 (account abstraction for PQ signatures, targeting Hegotá hard fork H2 2026) could eventually provide signature agility at the L1 level, benefiting Sky. But Sky has no documented plan to integrate with or prepare for this Ethereum upgrade.
Algorithm & Implementation Assurance
Stateful-signature safety
Claim: Sky Protocol uses no stateful signature schemes (XMSS, LMS, or similar). This subfactor is not applicable.
Coverage basis: Not applicable
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: N/A subfactor.
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: No performance or resource-impact analysis exists for PQ signature/verification costs in the context of Sky Protocol operations.
Coverage basis: No PQ performance analysis
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: Per QRI Section 8.2, the absence of a formal performance benchmark does not by itself create a Readiness & Risk Cap. However, the Implementation Score is 0.00 because no analysis exists at all, and the absence is relevant since PQ signatures are significantly larger than ECDSA (e.g., ML-DSA at approximately 2.5KB vs ECDSA at approximately 65 bytes), which would affect gas costs for governance votes, bridge transactions, and oracle updates on Ethereum.
PQ signature sizes would materially affect Sky's on-chain operations: governance vote casting, executive spell execution, bridge message passing, and oracle updates all incur Ethereum gas costs proportional to calldata size. No analysis has been done on the economic or operational impact of a PQ transition.
Report metadata