Maker DAO (MKR) have responded to accusations that they could be vulnerable to an attack, stealing $340 Million worth of Ether (ETH).
Following these accusations, the Maker Foundation have announced they will conduct a series of governance polls. These polls are aimed at security, after a software developer, Micah Zoltu exposed a severe risk in the current code. He continued by explaining how any hacker with $20 million at their disposal could conduct an attack on the MakerDAO network. And through this attack steal close to $340 million in Ether.
On December 9th the Maker Foundation addressed these claims in a blog post. Due to the risk brought to light, the team announced a series of governance polls into its voting system. With one poll asking the community if the Maker governance security module (GSM) should overgo an upgrade. Increasing its time from 0 seconds to 24 hours.
On December 9th, Zoltu also made the claims that it would only cost a hacker around $20 million to attack the MakerDAO network. Potentially walking away with $340 million worth of Ether (ETH) locked within the MakerDAO. Zoltu stated:
“Maker DAO v2 was supposed to launch with safeguards against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.”
He continued by explaining that MakerDAO will attempt to mitigate the threat of exploits in the network by enforcing the GSM delay once each new contract is chosen. This safety window will allow Maker the network to check each contract and make the decision whether it was malicious transaction or not.
It’s important to note that during this delay it is also possible for a malicious actor with sufficient funds to vote up their own contracts. This would still allow them essentially steal all of the collateral. Zoltu stated that it currently would only take around 80,000 Maker (MKR), or about $41million, to do “just about whatever you want to the Maker contracts.”
Zoltu further made claims that the value for the GSM delay which is currently set at 0 seconds, is a major problem. As it gives no possibility for network defenders “to defend against an attack launched by a wealthy but malicious party.”
#Maker Foundation involve community in the decision
Although Zoltu stated in his blog post that Maker is not willing to give up instantaneous governance control. Helping them to protect against this kind of attack, the Maker Foundation’s risk team did respond. Followed by adding a community vote on the issue.
If the governance security module (GSM) proposal will pass, then the GSM delay would be raised from 0 to 24 hours. This would at least give defenders of the Maker Network enough time to fight back, or even prevent malicious attacks.