Developer says $340M of collateral in MakerDAO could have been easily wiped out 🚨 This article is 4 years old...
Developer says $340M of collateral in MakerDAO could have been easily wiped out
2 min read
Updated: Feb. 20, 2022 at 2:37 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
The Maker Foundation is introducing a new security proposal after a well-known software engineer revealed that a malicious actor with enough Maker (MKR) could steal all of the collateral in MakerDAO, taking with him over $340 million.
The art of the heist
In a recent Medium post, freelance developer Micah Zoltu revealed that anyone with approximately 80,000 MKR could wipe out all of the collateral in MakerDAO. This includes DAI and SAI, as well as all the assets in other integrated systems, such as Compound and Uniswap. The hacker could potentially walk out with over $340 million.
Zoltu disclosed that Multi-Collateral Dai (MCD) was supposed to launch with security features to prevent bad actors from disrupting the system. However, the Maker Foundation failed to implement more stringent safeguards.
The lack of protocols regarding emergency shutdowns and governance delays allows malicious actors to steal all of the collateral in MarkerDao. And, defenders would have 0 seconds to defend the system against the attack.
“An attacker could do the following: acquire 80,000 MKR through whatever means possible. Create an executive contract that is programmed to transfer all collateral from Maker to you. Immediately (in the same transaction) vote on the contract. Immediately (in the same transaction) activate the contract. [And,] ride off into the sunset with 340M USD worth of ETH,” explained Zoltu.
MakerDAO takes immediate actions
A few hours after Zoltu published the infamous article, MakerDAO released an official statement claiming that measures would be taken to fix this loophole.
The firm introduced the Governance Security Module (GSM) into the core protocol. GSM increases the governance delays from 0 to 24 hours. This allows MKR holders to have enough time to review executive contracts before they are deployed.
“The GSM is designed to give the MKR token holders a chance to review any changes that will go into the system and act accordingly if those changes are deemed to be malicious,” reads the announcement.
Despite the flaw that Zoltu found in MakerDAO’s protocol, it seems like the team acted quickly. Thus far, no attacks have been reported. The same can be seen in the price of Maker, which was not affected by the news.
Maker Market Data
At the time of press 2:37 pm UTC on Feb. 20, 2022, Maker is ranked #21 by market cap and the price is up 1.66% over the past 24 hours. Maker has a market capitalization of $507.25 million with a 24-hour trading volume of $4.28 million. Learn more about Maker ›
Crypto Market Summary
At the time of press 2:37 pm UTC on Feb. 20, 2022, the total crypto market is valued at at $197.31 billion with a 24-hour volume of $58.54 billion. Bitcoin dominance is currently at 66.68%. Learn more about the crypto market ›
Mentioned in this article
You might also enjoy...
In this article
Maker is a decentralized autonomous organization on the Ethereum blockchain seeking to minimize the price volatility of its own stable token — the Dai — against the IMF’s international currency basket SDR.
Dai
$1.00009
Dai (DAI) is a cryptocurrency token and operates on the Ethereum platform.
Single Collateral DAI
$1.28634
Dai is a cryptocurrency that automatically reacts to emergent market conditions in order to stabilize its value against the major world currencies.
Ethereum
$3,134.15
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
Maker is a Decentralized Autonomous Organization that creates and insures the dai stablecoin on the Ethereum blockchain.