340 million USD ETH collateral risks increase, MakerDAO may need urgent upgrade

The Maker Foundation has added a new poll to its governance portal aimed at introducing a 24-hour governance delay proposal into its agreement, after a community member discovered a loophole that could compromise the value of the system 3.4 Billion USD ETH Collateral.

maker-logo-1200x675

Image source: Theblock

On Monday, free developer Micah Zoltu published a blog post warning the public about a security breach in MakerDAO, the protocol behind ERC20 synthetic stable coin Dai. According to Zoltu, since there are currently no safeguards regarding emergency shutdowns and governance delays, anyone with a large amount of MKR tokens can simply create an execution contract that is programmed to transfer all collateral from Maker to their Account, vote immediately and activate the contract, and can effectively steal all Maker's collateral.

In response to Zoltu's queries, MakerDAO published an official blog post claiming that Zoltu's article increased the likelihood that hackers could exploit this vulnerability. As a result, they added an additional poll to determine if a Governance Security Module (GSM) was introduced. If the proposal is passed, the governance security module (GSM) delay will increase from 0 hours to 24 hours.

Funds are no longer safe

In his blog post, Zoltu elaborated on how vulnerabilities can lead to serious attacks, "how to turn $ 20 million into $ 340 million in 15 seconds", and he claims that any "good-level script kid Scholars "can be easily implemented.

He explained that currently, about 80,000 MKR is pledged on the current execution contract, which means that anyone holding more than this token can pass any proposal of their choice. To make matters worse, he said, because these tokens are likely to be split into two contracts, each of which contains 40,000 MKR, so an attacker can find the right time to steal the system with only about $ 20 million All collateral.

Generally, to mitigate such malicious attacks, there will be a delay before a new execution contract is activated, giving community members the ability and time to mark and close the contract. However, because the delay is currently set to 0 seconds, this type of theft cannot be prevented.

He said:

"This is not #DeFi, but #CeFi." "Unlike only one person can steal all your money (bank), a bank or many large holders or a group of small holders can decide to steal all your money at any time . "

New poll

On November 18, MakerDao launched the Multi-Mortgage DAI (MCD) MakerDAO protocol, an upgrade of its single mortgage system, which allows almost all tokenized assets with appropriate risk parameters to act as collateral in its system.

According to Wouter Kampmann, its engineering director, MakerDAO has always planned to implement such governance delays. However, as the system is still very new, the community needs to first agree on what regular governance can avoid delays. The team has been waiting for consensus to roll out a delay mechanism.

Kampmann says:

"The MakerDAO multi-collateral system has only been launched for three weeks. We are still looking for the required governance model, especially because the migration of single-collateral DAI is still continuing. I think it is not reasonable to resolve this issue immediately after the new system goes live . "

However, after Zoltu's article received widespread attention, the MakerDAO team decided that the risk of hacking had increased and therefore decided to increase the implementation priority of the proposal.

MakerDAO's blog post says:

"The community has previously considered the possibility of hackers exploiting this vulnerability, and believes that this is not a direct problem. However, the potential of hackers to exploit this vulnerability has increased due to the potential publicity of this vulnerability by the aforementioned blog. Prior to the regular debate and consensus-seeking process, a poll is now available to the community to ease the use of this hypothetical loophole. "

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

DeFi

Cardano’s Indigo v2 Upgrade: A New Era for Synthetic Assets

Exciting news for fans of Indigo - the leading DApp on the innovative Cardano blockchain! The Indigo team has hinted ...

Blockchain

Tether (USDT): Brazil’s New Crypto Darling

USDT has emerged as the dominant crypto in Brazil, accounting for an overwhelming 80% of all crypto transactions made...

Market

Bitcoin’s Remarkable February Performance: Is the Bull Run Here to Stay?

Bitcoin (BTC)'s price ended February on a high note, with a 44% gain that analysts predict will lead to even more ral...

Blockchain

FTX’s Redemption Plan: A Second Chance for Crypto Dreamers

FTX announces revised plan to reimburse creditors affected by bankruptcy with significant payouts.

Blockchain

Terraform Labs CEO Arrested and Ruled Against in Lawsuit: The Collapse of the Blockchain

On Thursday, a US judge issued a ruling against Terraform Labs and its CEO Do Kwon for violating federal securities l...

Market

Crypto.com: Making Waves in the Crypto Sea with FCA Approval

In exciting news for the fashion world, Crypto.com has reached a major achievement by obtaining an Electronic Money I...