340 million USD ETH collateral risks increase, MakerDAO may need urgent upgrade

The Maker Foundation has added a new poll to its governance portal aimed at introducing a 24-hour governance delay proposal into its agreement, after a community member discovered a loophole that could compromise the value of the system 3.4 Billion USD ETH Collateral.

maker-logo-1200x675

Image source: Theblock

On Monday, free developer Micah Zoltu published a blog post warning the public about a security breach in MakerDAO, the protocol behind ERC20 synthetic stable coin Dai. According to Zoltu, since there are currently no safeguards regarding emergency shutdowns and governance delays, anyone with a large amount of MKR tokens can simply create an execution contract that is programmed to transfer all collateral from Maker to their Account, vote immediately and activate the contract, and can effectively steal all Maker's collateral.

In response to Zoltu's queries, MakerDAO published an official blog post claiming that Zoltu's article increased the likelihood that hackers could exploit this vulnerability. As a result, they added an additional poll to determine if a Governance Security Module (GSM) was introduced. If the proposal is passed, the governance security module (GSM) delay will increase from 0 hours to 24 hours.

Funds are no longer safe

In his blog post, Zoltu elaborated on how vulnerabilities can lead to serious attacks, "how to turn $ 20 million into $ 340 million in 15 seconds", and he claims that any "good-level script kid Scholars "can be easily implemented.

He explained that currently, about 80,000 MKR is pledged on the current execution contract, which means that anyone holding more than this token can pass any proposal of their choice. To make matters worse, he said, because these tokens are likely to be split into two contracts, each of which contains 40,000 MKR, so an attacker can find the right time to steal the system with only about $ 20 million All collateral.

Generally, to mitigate such malicious attacks, there will be a delay before a new execution contract is activated, giving community members the ability and time to mark and close the contract. However, because the delay is currently set to 0 seconds, this type of theft cannot be prevented.

He said:

"This is not #DeFi, but #CeFi." "Unlike only one person can steal all your money (bank), a bank or many large holders or a group of small holders can decide to steal all your money at any time . "

New poll

On November 18, MakerDao launched the Multi-Mortgage DAI (MCD) MakerDAO protocol, an upgrade of its single mortgage system, which allows almost all tokenized assets with appropriate risk parameters to act as collateral in its system.

According to Wouter Kampmann, its engineering director, MakerDAO has always planned to implement such governance delays. However, as the system is still very new, the community needs to first agree on what regular governance can avoid delays. The team has been waiting for consensus to roll out a delay mechanism.

Kampmann says:

"The MakerDAO multi-collateral system has only been launched for three weeks. We are still looking for the required governance model, especially because the migration of single-collateral DAI is still continuing. I think it is not reasonable to resolve this issue immediately after the new system goes live . "

However, after Zoltu's article received widespread attention, the MakerDAO team decided that the risk of hacking had increased and therefore decided to increase the implementation priority of the proposal.

MakerDAO's blog post says:

"The community has previously considered the possibility of hackers exploiting this vulnerability, and believes that this is not a direct problem. However, the potential of hackers to exploit this vulnerability has increased due to the potential publicity of this vulnerability by the aforementioned blog. Prior to the regular debate and consensus-seeking process, a poll is now available to the community to ease the use of this hypothetical loophole. "

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Bakkt also can't impact traditional cryptocurrency futures trading? - Coin, OKex, Matcha, and the same station

Text | Mutual Chain Pulse · Liang Shan Hua Rong Mutual chain pulse: Although Bakkt has not been able to detonate...

Blockchain

Latest updates on regulatory events: CZ releases internal memo, Gensler criticizes two exchanges again.

According to Gensler, his agency has obtained internal communications that allegedly indicate intentional illegal beh...

Blockchain

Circle stripped Poloniex, its valuation plummeted 80%

Circle is a world-renowned blockchain startup with investors including Goldman Sachs, IDG Capital, Bitcoin and hedge ...

Blockchain

Can the community restart and can the losses be recovered? 8 big events to clarify the way for FCoin to defend your rights

On February 17, 2020, FCoin founder Zhang Jian released the "FCoin Truth" announcement. FCoin was unable to...

Market

Get Ready for a Crypto Carnival - New Listings and Delistings!

Check out our latest rundown of notable digital asset listings, delistings, and trading pair updates from crypto exch...