The MakerDao team recently published a series of governance polls after a blog post detailed a possible vulnerability in its system. The polls will give users a chance to choose how they want the problem to be resolved.
Micah Zoltu on MakerDao’s System
Software developer Micah Zoltu recently exposed how a hacker could take advantage of a loophole in MakerDao’s system. In his recent blog post titled “How to turn $20M into $340M in 15 seconds,” Zoltu claimed that all of the 340 million Ethereum (ETH) deposited in MakerDao were at risk.
The developer said a vulnerability in the system would allow any hacker with around 40,000 MKR (or an estimated $20 million) can transfer all the ETH in MakerDao to their personal account. He said the hacker only has to take advantage of the company’s governance model to vote for their own proposal using the previously mentioned MKR numbers. For instance, the attacker can propose to send all the ETH tokens to the address they specify.
MakerDao’s development team immediately responded to the points made by Zoltu. They claimed they were aware of the alleged loophole and hadn’t taken any specific action because it wasn’t a credible or real threat.
Delay on GSM
The team explained that their Governance Security Module (GSM) had a delay time that would allow the community to conclude a contract and take instant action against technical errors and oracle malfunctions. They also pointed out that the odds of the loophole being exploited grew because of the publicity Zoltu’s blog generated.
As part of its response to Zoltu’s claims, the Maker Foundation’s risk team published several polls related to the problem. The polls were on the Governance Security Module, a Dai Stability Fee adjustment, a Dai Savings Rate adjustment, and a Sai Stability Fee adjustment.
The surveys would give the Maker community the opportunity to vote on the GSM. The GSM poll focused on when the delay will be activated. The Dai Savings Rate poll asks voters to choose their support for a rate within a 0% to 8% range. The same options are given in the Dai Stability poll. Meanwhile, the Sai Stability poll asks voters to choose from a range of 1% to 7%.
The polls have been active since Monday, Dec. 9. The results will inform an Executive Vote that will go live on Friday, Dec. 13. The vote will ask MKR token holders if they will reject or support the proposed changes.