“How to turn $20 million USD into $340 million USD” is the latest call against Decentralized Finance (DeFi) products as posted on a Medium article on December 9th. All of the Maker tokens (MKR), and Dai (DAI) stablecoins held in collateral at risk of being stolen as author unveils a loophole in Maker’s governance protocol.
Micha Zoltu wrote,
“Anyone with ~40,000 MKR (about 20,000,000 USD) can steal all of the collateral in Maker DAO, both DAI and SAI, along with a good chunk of assets from Compound, Uniswap, and other Maker integrated systems (over 340,000,000 USD).”
The Maker protocol at risk of losing all collateral
Here is how that happens. First off, you need to understand the how governance on the Maker protocol works – the protocol’s contracts are voted in using a “stake the leader system” whereby the leading contracts with the highest stake are adopted. The ‘executive contract’ currently needs about 80,000 MKR (about $41 million USD) to change the proposal.
With control over the ‘executive contract’ the hackers or thieves can easily set a contract that allows them to gain control of all the MKR, DAI and Uniswap collateral, currently worth around $340 million dollars.
While any change to the executive proposal (or any proposal) will require a pre-determined delay before approval, Maker has set the delay to a mere 0 (zero) seconds, which gives anyone rich enough power to control the contract.
A $320 million bad decision by Maker
While a number of complaints have been sent to Maker in the past, little has been done to change the protocols laws. If a thief can acquire 80,000 MKR by any means possible including buying it from exchanges, forming a private collection fund, gain a hold of MKR governance kitty or az16’s wallet they can;
- Create an executive contract that is programmed to transfer all collateral from Maker to you.
- Immediately (in the same transaction) vote on the contract.
- Immediately (in the same transaction) activate the contract.
- Ride off into the sunset with 340M USD worth of ETH (don’t bother going back for your MKR, it will be worthless after this).
While having slightly above 80,000 MKR gives you power over the ‘executive contract’ out rightly, you can spend slightly above 40,000 MKR and achieved the same result. Here’s how.
Once the voting on an executive proposal is done, the MKR are transferred to the new executive protocol from the old protocol in a period of time. During the transaction, there is a very slight window whereby both the contracts hold 40,000 MKR each giving the thief a chance to take over the contract during the window with slightly more than 40,000 MKR ($20 million dollars).
It may never happen…
However, at this time the hack remains plausible but requires a number of MKR holders to collude in order to make it happen due to the cost of the process. Notwithstanding, the governance protocol can work towards increasing the delay period to give the executives a chance to stop the contract change before the thief gains access to the MKR and DAI collateral.
For now, the $340 million USD locked up in collateral remains in the hands of malicious people with $20million dollars at their disposal for a possible 7X gain.