The Maker Foundation, the group behind the decentralized crypto platform MakerDAO, has issued a response over their potential $340 million vulnerability.
On Dec. 9, software developer Micah Zoltu outlined in a Medium post how a hacker could use $20 million in order to launch an attack on the MakerDAO network and secure close to $340 million--all in about 15 seconds.
According to Zoltu,
Anyone with ~40,000 MKR (about 20,000,000 USD) can steal all of the collateral in Maker DAO, both DAI and SAI, along with a good chunk of assets from Compound, Uniswap, and other Maker integrated systems (over 340,000,000 USD).
Maker DAO v2 (AKA Multi-Collateral DAI, AKA McDAI) was supposed to launch with safeguards (emergency shutdown and governance delay) against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.
The Maker Foundation responded with its own blog post later in the day, announcing a series of governance polls into its voting system. One poll, in particular, asks the Maker community whether its current governance security module (GSM) should be upgraded to increase the delay from 0 seconds to 24 hours.
According to the proposal,
The GSM is designed to give the MKR token holders a chance to review any changes that will go into the system and act accordingly if those changes are deemed to be malicious. Since the launch of MCD, the delay has been set to 0. This allowed the community to take immediate action to mitigate technical errors, oracle malfunctions, or outlier cases like a market panic or an economic attack.
Assuming the proposal passes, the increased GSM delay would allow network security time to prevent the malicious attack outlined by Zoltu.
Featured Image Credit: Photo via Pixabay.com