Featured | Some secrets about DAO that you can't see at the developer conference

Today's content includes:

1. How to steal 340 million USD locked by MakerDAO with 20 million;

2.Some secrets about DAO that you can't see at the developer conference;

3.In-depth analysis of the cryptocurrency network economy;

4. All you want to know about HEX: promises, allegations and responses;

5. DeFi interest rate betting product: Maple.

How to steal $ 340 million locked by MakerDAO with 20 million

The author mainly shared a vulnerability. About the Maker vulnerability, you can easily earn 12 million. This article caused a lot of sharing and discussion in the Defi community. The main reason is that attacking the giant whale and the foundation can make Defi become Cefi, and MakerDAO chose not to plug the loophole. Actually, I didn't read the attack process too deeply, but the article brought about the discussion of DAO and Defi on social media, especially the discussion of DAO.

Anyone with about 40,000 MKR (about $ 20,000,000) can steal all collateral in Maker DAO, including DAI and SAI, as well as a large number of assets (more than 340,000,000 USD) from Compound, Uniswap, and other Maker integrated systems.

Maker DAO v2 (aka Multi-Collateral DAI, also known as McDAI) should have been initiated with defensive measures (emergency shutdowns and delays in governance) to prevent hostile MKR holders from stealing all collateral and potentially robbing a large number of Uniswap, Compound. But they decided not to do so.

MakerDAO, which locked in ETH worth about $ 340 million. It is a governance system, and the governance system can call various internal functions. To mitigate the threat of malicious actors, the system has a mechanism that can take any action after selecting a new administrative contract and therefore requires a delay. During this delay, anyone with enough MKR can trigger the settlement of the entire system, shutting it down before new execution contracts can perform dangerous things. This means that if a thief appears and tries to vote in an execution contract that steals all collateral in his own plan, even if they have more shares than other execution contracts, they must wait for this delay and hope that no one will During this period, the defense mechanism was triggered.

The problem is that the Maker Foundation has determined that the appropriate value for this governance delay is 0 seconds.

With the above in mind, an attacker can do the following:

-Get 80,000 MKR by any possible means.

-Create an execution contract that is programmed to transfer all collateral from Maker to you.

-Vote on the contract immediately (in the same transaction).

-Activate the contract immediately (in the same transaction).

-Take away $ 340 million worth of ETH (abandon your MKR).

there are more! Ethereum is a system based on a binding protocol! This means that one person can create a smart contract in which multiple people who do not trust each other can collude under a strict set of rules. The rule could be something like this: if the contract charges 40,000 MKR, then anyone can trigger the contract and it will immediately rob Maker. After a successful robbery, the loot will be divided evenly among MKR contributors. If the robbery fails, participants can withdraw the MKR. Anyone can withdraw their MKR at any time.

I have proposed this attack scenario with Maker, and they have made it clear that it is not worth giving up immediate governance control to prevent this attack. Their arguments are generally as follows

  • Attack channels have been around for a long time, but so far they have been fine.
  • This is too expensive for anyone except a few people to implement.
  • The attackers must telegram their attack.
  • We will take legal action against any attacker.
  • It's hard to be anonymous on Ethereum.
  • This is a known risk, but there are unknown risks that could be worse.

Maker was aware of this problem before the release of Maker v2 (probably from the beginning). Nevertheless, they chose not to block the holes (blocking is easy). I don't want any attacker to figure out the loopholes for understanding the Maker governance model.

Full text link: https://medium.com/@MicahZoltu/how-to-turn-20m-into-340m-in-15-seconds-48d161a42311

Some secrets about DAO that you can't see at the developer conference

This is an article by JYP, co-founder of Decred. It ’s an article from last month. I have seen it recently. It ’s mainly about DAO ’s recent attention at the developer conference. Experience, these lessons correspond to the four aspects needed to achieve the purpose of a successful DAO: 1) modest leadership gradually disappears as the project develops; 2) funding without special benefits; 3) active development; 4) The community is heavily involved in decision-making. The third point inside actually touched my ""

Leaders need to give up on themselves and eliminate themselves. The leader must be able to let go and, over time, give all control to the DAO.

Get enough money. Because funding often comes from traditional financial systems, new approaches are needed to ensure sustainable funding in these unknown areas. Without infrastructure, we have no models to emulate, so DAO must open the way, overcome obstacles and find creative solutions.

Adaptable: keep development. Too many projects are talking about developing new features or upgrades, but in reality, they lack an overall game plan to recruit and retain the right development talent. For example, Ethereum is an important foundation layer for decentralized finance and decentralized applications, but if long-term development delays in Ethereum mean that other projects based on it are also waiting for results.

Let the community decide. DAO members must have real power, not just the ability to comment on decisions. The more people involved in decision-making or voting, the more fair the results will be and the healthier the DAO. Direct voting means that individuals have strict sovereignty and must bear the consequences of their decisions, while the delegation system means that DAO members do not really belong. Instead, they are just staking to make money.

Full text link: https://cointelegraph.com/news/secrets-they-missed-at-devcon-what-its-really-like-in-a-working-dao

In-depth analysis of the cryptocurrency network economy

The author should be a Poca investor, this is a milk text of Poca and Web3, the article is still relatively long. The author mainly wants to express the following "three economic times", which can be considered as a very interesting investment narrative.

So far, the innovation of professional capabilities of economic entities has gone through three different eras, which we call the era of protocols, the era of smart contracts, and the era of interoperability.

Agreement era (2008-2013)

The cyberspace economy dominated by the protocol era and the peak of Bitcoin is its relatively simple economic behavior. In this era, there are significant obstacles to the introduction of new categories of economic agents (Scripts). In addition, in this era, there are major obstacles (forks) to changing economic rules. These disadvantages are the main driving force for the emergence of the cyberspace economy, changes in agreements and the emergence of new economic entities.

The age of smart contracts (2014–2019)

With Ethereum becoming the dominant cyberspace economy, the era of smart contracts has reached its peak. This era provides solutions by reducing the barriers to the introduction of new economic entities and allowing the creation of sub-economy in the larger cyberspace economy to address the shortcomings of the protocol era. The Ethereum Virtual Machine (EVM) and its programmable smart contracts have spawned the explosive growth of new professional economic entities (smart contracts) and sub-economy (tokens). More importantly, the so-called intraoperability brought by this era: the interoperability between these secondary economies but still within the larger cyberspace economy. Limitations on the capacity (cost, throughput) of smart contract platforms are the main driving forces for the replacement of smart contract blockchains, and there have been changes in protocols and the emergence of new economic entities.

The era of interoperability (> 2020)

So far, most blockchains have been (and will remain) in a state of self-sufficiency and retreat. This state exists as long as an entity can survive or continue its activities without external assistance or international trade. If a self-sufficient economy also refuses to do any trade with the outside world, economists can call it a closed economy.

There are clear signs of major innovations in the blockchain industry, making the cyberspace economy a more open economy. An open economy is an economy in which domestic and foreign communities trade in products (goods and services).

The main benefit of an open economy is foreign trade (import and export). In the context of a blockchain, this means that the blockchain has the ability to sell goods and services to and buy goods and services from another blockchain.

By working on blockchain interoperability, many projects are making significant progress toward a more open cyberspace economy. We believe on WEB3SCAN that by cultivating specialized cyberspace economies and establishing the widest foreign trade mechanism imaginable between these specialized cyberspace economies, Poca has the best ability to master the era of interoperability.

Full text link: https://hackernoon.com/the-best-crypto-ever-devised-sl513xyl

All about HEX: promises, allegations and responses

HEX has been very hot recently and very controversial. Richard V, a cryptocurrency maker on Twitter, claims that he has created the best financial product ever. In many ways it is superior to any other cryptocurrency including Bitcoin. There are many cryptocurrency bloggers and bitcoin maximists who attack him as a fraudster, but let's see if this HEX project is really a fraud. I think he just added some Staking designs. The design is a pure shit project, but his narrative and performance art are very high-profile.

Richard Heart gives away his new cryptocurrency for free to Bitcoin scammers.

HEX is a cryptocurrency that behaves like a bank savings account.

It has all the benefits of the blockchain: running on the Ethereum blockchain, the annual fixed inflation rate of HEX is 3.69%, and people who hold HEX for a certain period of time in order to get a minted percentage of 3.69% of new HEX Then he obtained the HEX through BTC. Many high bonus ways,

Why HEX? (Sweaty face, a little speechless, but can be used as what the market needs now)

1- Its transaction volume will exceed any cryptocurrency (including Bitcoin). It used to run on Bitcoin, but switched.

2- Compared with BTC in Lightning Network, there are more BTCs wrapped in HEX network.

3- More developers, the last developer conference of HEX Network had 2,400 attendees.

4- More ambitious roadmap, including zk-SNARK (anonymous), status channel (Layer2), ProgPOW (anti-ASIC), POS (more energy-efficient consensus), sharding (expanding)

5- There are multiple core implementations, one written in RUST and one written in GO.

6- The adoption rate of decentralized exchanges is higher.

7-Atomic Exchange Technology

8-Bitcoin's latest interesting upgrade was Segwit 2 years ago. There are no interesting improvements on the roadmap. If anything, they are likely to be rejected by miners like Segregated Witness.

9- Multiple other blockchains support solid language written in HEX, it can switch to one of them.

Full text link: https://hackernoon.com/polkascan-economic-analysis-financial-accounting-methods-for-cyberspace-economies-57o2lr7

DeFi interest rate betting product: Maple

This is a Defi derivative, similar to a bet on the Defi interest rate. You can use Maple SmartBonds to speculate or hedge the interest rate of Sai's Compound. Not a big innovation, but you can still look at it, I believe there will be more and more such Defi derivative products.

Speculation: If you want to profit when the compound interest rate rises, you can issue Maple SmartBonds and set a fixed interest rate. If the compound interest rate rises above this rate, profits will increase.

Hedging: If the compound supply rate drops, you can also buy Maple SmartBonds and lock in a fixed interest rate for the next 3 or 6 months.

Full text link: https://medium.com/maple-finance/betting-on-defi-interest-rates-b6ef4f589dd6