MakerDAO proposes new security feature to prevent losing all its collateral to hackers
Dec 10, 2019
The Maker Foundation has introduced a new security proposal to set a 24-hour governance delay on new executive contracts after a blog post warned of possible theft of $340 million worth of ETH
The existing loophole allows any attacker holding approximately 52,000 MKR to transfer all collateral in the MakerDAO system to themselves without resistance
The Maker Foundation has added a new poll to its governance portal aiming to introduce a 24-hour governance delay to its protocol after a community member flagged a loophole that can potentially compromise the system's $340 million worth of ETH collateral.
On Monday, freelance developer Micah Zoltu published a blog post warning the public of a security vulnerability MakerDAO, the protocol behind the ERC20 synthetic stablecoin, Dai. According to Zoltu, since there are currently no safeguard features regarding emergency shutdown and governance delays, anyone with a substantive amount of MKR tokens can simply create an executive contract programmed to transfer all collateral from Maker to their account, immediately vote on and activate the contract, and effectively steal all of Maker's collateral.
In response to Zoltu’s criticism, MakerDAO released an official blog post claiming that Zoltu’s article has increased the possibility of hackers exploiting this loophole. It has therefore added an additional poll to introduce the Governance Security Module (GSM). If the proposal goes through, the Governance Security Module (GSM) delay will increase from 0 to 24 hours.
Funds aren't safe
In his blog post, "how to turn $20M into $340M in 15 seconds," Zoltu elaborates on how the loophole can lead to a severe attack which he claims any “good script kiddie” can easily execute.
Right now, he explains, there are around 80,000 MKR staked on the current executive contract, which means that anyone holding more than this amount of tokens can pass any proposal of their choosing. To make the situation worse, he says, since these tokens could potentially be split between two contracts each with 40,000 MKR in it, attackers can find the right timing and steal all of the system’s collateral with only around $20 million.
Typically, to mitigate malicious attacks like this, there would be a delay period before a new executive contract is activated for community members to flag and shut down the contract. But since the delay is currently set at 0 seconds, there is no safeguard against such thefts.
“This isn’t #DeFi, this is #CeFi,” he said. “Instead of only one person being able to steal all your money (the bank), the bank or any of a number of large individual shareholders, or a group of smaller shareholders could decide to steal all of your money at any time.”
On Nov. 18, MakerDao launched the Multi-Collateral DAI (MCD) MakerDAO protocol, an upgrade from its single-collateral system, which allows almost all tokenized assets with appropriate risk parameters to serve as collateral in its system.
According to its Head of Engineering Wouter Kampmann, MakerDAO had always had plans to implement the delay. However, since the system is still fresh, the community needs to first agree on which routine governance actions to exempt from the delay. The team has been waiting until consensus has been reached to roll out the delay mechanism.
"The system has only been launched for three weeks. We are just trying to find the desired governance model, especially because the migration from Single-Collateral DAI is still going on," Kampmann said. "I think it would be unreasonable to think that we can figure it out immediately after launch."
However, after Zoltu's article received wide attention, the team believes the risk of hacking has increased and decided to move up the proposal.
“The community previously considered the possibility of the exploit but it was not an immediate issue,” MakerDAO's blog post says. “However, the probability of this exploit grew due to potential publicity from the aforementioned blog. For this reason, the community is being presented with a poll to mitigate this hypothetical exploit in advance of our typical debate and consensus-seeking processes.”