340 million USD ETH collateral risks increase, MakerDAO may need urgent upgrade

The Maker Foundation has added a new poll to its governance portal aimed at introducing a 24-hour governance delay proposal into its agreement, after a community member discovered a loophole that could compromise the value of the system 3.4 Billion USD ETH Collateral.

maker-logo-1200x675

Image source: Theblock

On Monday, free developer Micah Zoltu published a blog post warning the public about a security breach in MakerDAO, the protocol behind ERC20 synthetic stable coin Dai. According to Zoltu, since there are currently no safeguards regarding emergency shutdowns and governance delays, anyone with a large amount of MKR tokens can simply create an execution contract that is programmed to transfer all collateral from Maker to their Account, vote immediately and activate the contract, and can effectively steal all Maker's collateral.

In response to Zoltu's queries, MakerDAO published an official blog post claiming that Zoltu's article increased the likelihood that hackers could exploit this vulnerability. As a result, they added an additional poll to determine if a Governance Security Module (GSM) was introduced. If the proposal is passed, the governance security module (GSM) delay will increase from 0 hours to 24 hours.

Funds are no longer safe

In his blog post, Zoltu elaborated on how vulnerabilities can lead to serious attacks, "how to turn $ 20 million into $ 340 million in 15 seconds", and he claims that any "good-level script kid Scholars "can be easily implemented.

He explained that currently, about 80,000 MKR is pledged on the current execution contract, which means that anyone holding more than this token can pass any proposal of their choice. To make matters worse, he said, because these tokens are likely to be split into two contracts, each of which contains 40,000 MKR, so an attacker can find the right time to steal the system with only about $ 20 million All collateral.

Generally, to mitigate such malicious attacks, there will be a delay before a new execution contract is activated, giving community members the ability and time to mark and close the contract. However, because the delay is currently set to 0 seconds, this type of theft cannot be prevented.

He said:

"This is not #DeFi, but #CeFi." "Unlike only one person can steal all your money (bank), a bank or many large holders or a group of small holders can decide to steal all your money at any time . "

New poll

On November 18, MakerDao launched the Multi-Mortgage DAI (MCD) MakerDAO protocol, an upgrade of its single mortgage system, which allows almost all tokenized assets with appropriate risk parameters to act as collateral in its system.

According to Wouter Kampmann, its engineering director, MakerDAO has always planned to implement such governance delays. However, as the system is still very new, the community needs to first agree on what regular governance can avoid delays. The team has been waiting for consensus to roll out a delay mechanism.

Kampmann says:

"The MakerDAO multi-collateral system has only been launched for three weeks. We are still looking for the required governance model, especially because the migration of single-collateral DAI is still continuing. I think it is not reasonable to resolve this issue immediately after the new system goes live . "

However, after Zoltu's article received widespread attention, the MakerDAO team decided that the risk of hacking had increased and therefore decided to increase the implementation priority of the proposal.

MakerDAO's blog post says:

"The community has previously considered the possibility of hackers exploiting this vulnerability, and believes that this is not a direct problem. However, the potential of hackers to exploit this vulnerability has increased due to the potential publicity of this vulnerability by the aforementioned blog. Prior to the regular debate and consensus-seeking process, a poll is now available to the community to ease the use of this hypothetical loophole. "

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Market

FTX may be approved to liquidate $3.4 billion worth of tokens this week. What impact will it have on the market?

FTX may obtain court approval for asset liquidation on September 13th. Under the pressure of 3.4 billion sell-off, th...

Opinion

Data Perspective on the South Korean Cryptocurrency Market Strong Growth of CEX and Obsession of Retail Investors with Altcoins

We will study data from centralized exchanges in Korea and explore the characteristics and trends of Korean investors.

News

Exclusive speech by Li Xiaojia, the Hong Kong Stock Exchange: In the 5G era, technologies such as blockchain will give birth to new exchanges and trading models.

On March 31, Li Xiaojia, Chief Executive Officer of the Hong Kong Stock Exchange Group, delivered a speech entitled &...

Blockchain

Being shot, being controlled, and being exiled globally, is the founder of the exchange the most dangerous occupation in the currency circle?

A week ago, Tobias Niemiro, the co-owner of Bitmarket, Poland's second-largest cryptocurrency exchange, was shot...

Blockchain

IEO re-burns the ring of rich dreams, how long can the dozens of income myths go?

There is no doubt that IEO is the hottest word in the currency. Since January 3 this year, the company announced the ...

Blockchain

Crazy currency contract: leverage up to 125 times, and overnight positions of 2 billion US dollars

Text: Ratchet Source: A blockchain 100 times leverage, 125 times leverage … More and more players in the curren...