TL;DR: An analyst recently discovered an exploitable quirk in Maker Dao governance, occurring between version upgrades. Researcher Micah Zoltu claims a whale or enterprising group acquiring $20 million worth of the token Maker (MKR) can effectively unlock all the collateral ether (ETH), about $340 million, in Maker DAO … in seconds, wiping out the entire project, and hobbling the integrity of Ethereum in the process.
$340,000,000 Worth of ETH Locked in Maker DAO can be Stolen in Seconds
“Maker has been aware of this issue since before Maker v2 launched,” Zoltu, a researcher at Coinmonks (a non-profit crypto education organization), insisted, “probably since the beginning. Despite this, they are choosing not to plug the hole (the plug is easy). Because of that, I do not believe that it would be responsible for me to keep my mouth shut and hope that no attacker figures out what should be obvious to anyone who understands Maker’s governance model.”
Maker is a smart contract iteration on Ethereum. Its design is to effectively back and keep steady DAI, a stablecoin. This is apparently accomplished through collateralized debt positions (CDP): MKR tokens are minted or burned based on DAI prices with an eye toward US dollar parity. It’s an exotic Ethereum project so Ethereum-like in its conception as to be something crypto analysts watch closely — especially its system of governance.
“What should scare” MKR enthusiasts “is that this isn’t #DeFi, this is #CeFi, but instead of only one person being able to steal all your money (the bank), the bank or any of a number of large individual shareholders, or a group of smaller shareholders could decide to steal all of your money at any time,” Zoltu stressed.
Zoltu found Maker’s latest version 2 “was supposed to launch with safeguards (emergency shutdown and governance delay) against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.” And that has to do with a choice regarding their system of staking.
A stake the leader system is employed through governors: MKR is staked on the desired contract over the system. The most staked gains control. “Since the current executive contract,” Zoltu continues, “has about 80,000 MKR staked on it, the naive cost of doing just about whatever you want to the Maker contracts is about 80,000 MKR, or about 41M USD.” In guarding against that obvious attack opening, there is a built-in delay before a contract can perform a given function. That delay is where everything, according to Zoltu, can go horribly wrong.
“The problem is,” he explained further, “Maker Foundation has decided that the appropriate value for this governance delay is 0 seconds. That is right, defenders have 0 seconds to defend against an attack launched by a wealthy but malicious party.” By Zoltu’s calculations and logic, a cabal or even a singularly rich person looking to make 8X return on their investment would basically ‘only’ need to gather up that 80K in MKR, and in one transaction create an executive contract to funnel collateral ether to themselves, vote on the contract, and then activate it.
Delay in Addressing the Delay
He’s even found a way to cut that 80K MKR price tag in half. “Anytime a governance vote is proposed, there is a time period over which MKR stake migrates from the old executive contract to the new one,” he elaborated. Since that takes time, there inevitably will be a point at which “80,000 actively participating MKR will be split between two executive contracts, with each having approximately 40,000 MKR in it,” a fact Zoltu claims can be exploited with timing “a transaction such that it lands right when the MKR is distributed optimally between the two contracts and execute the above attack at that time, only costing some amount over 40,000 MKR (~20M USD).”
Zoltu does go into further detail about his conversations with the Maker Foundation, and described their reaction to such claimed vulnerabilities above as essentially dismissive gymnastics: too expensive, they’ve known about this for a while, the community would get wind before much damage could be done, the Foundation would prosecute, etc. He believes the Foundation made a purposeful governance decision to retain their power over the project, and thus previously refused to patch the problem.
The Foundation was forced to respond publicly to Zoltu’s claims, and appear to have acknowledged the attack’s legitimacy. The delay had indeed been set to zero on purpose to, in their words, allow “the community to take immediate action to mitigate technical errors, oracle malfunctions, or outlier cases like a market panic or an economic attack.” Nevertheless, the Foundation scheduled moving the now controversial delay up to a full 24 hours by the end of this week, if the governance body approves.
That is due entirely to Zoltu’s charges, which the Foundation refers to in passing as having been “notified of a blog post which details a series of events which could lead to an exploit of the governance system. The community previously considered the possibility of the exploit but it was not an immediate issue. However, the probability of this exploit grew due to potential publicity from the aforementioned blog,” almost blaming the Coinmonks researcher for his discovery. If Zoltu’s logic holds, it would imply a nefarious or otherwise bad actor looking to liquidate the Maker project, and hobble Ethereum in the process, has a couple of days left to accomplish both tasks thanks to the governance model.
CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.
DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.
DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.