A co-author of Augur’s original white paper gave a detailed analysis of how a wealthy hacker could turn $20M (40,000 MKR) into $340M in only 15 seconds. Micah Zoltu, a software developer who works independently now, warned that Maker funds are not safe in the ETH blockchain.
The analysis shows how it is possible to steal all the collateral in Maker DAO (MKR), the protocol behind both DAI and SAI cryptocurrencies. A good part of other assets from Maker integrated systems such as Uniswap and Compound are also vulnerable to the attacks.
All these systems are designed to benefit from each other, and their connections make them share a protocol weak-point.
Zoltu claims that Maker knew the problem existed even before they released the Maker DAO v2 or the Multi-collateral DAI or McDAI. This newer version was supposed to contain “emergency shutdown and governance delay” safeguards to prevent these kinds of attacks, but the company did not include them.
The Maker DAO Mother Load Defenders Work with a Zero seconds Response Time against Attacks
Maker DAO, the DAI protocol, has in its reserves $340M in ETH, in both the first and second releases which are governed by a class of wealthy holders. This group poses the first threat to the system because they can control how the entire system behaves and are rich enough to launch a wealthy attack.
The governance uses a system where users stake 80,000 MKR on the contract they want to control the system. The contract with the most staked MKR known as the executive contract is given the control.
This means for the user to start doing what they want, they must stake a starting amount of $41M. To ward off malicious contract users, the system executes a delay between the time a new contract is chosen, and before it starts to make changes.
According to the report, the delay window can be used by anyone with enough MKR to trigger a global settlement of the entire system and shut it down before the new contract has any time to react.
A malicious user with an executive contract programmed to steal all the collateral would have to wait for the delay window and hope the defense mechanisms do not get triggered. The problem is, according to Zoltu, “the Maker Foundation has decided that appropriate value for this governance delay is zero.” This is the weak point because it gives defenders no time at all to defend the system against wealthy and malicious attackers.
Anyone on the Network Poses a Threat
A quick enough hacker can use this window of opportunity to rob all the DAI in Uniswap and all the ETH liquidity in the DAI/ETH pair. The same can be done for Compound and semi-decentralized exchanges on the network.
Zoltu states that Maker Foundation could even attack the system themselves if they wanted to, as they have more than enough amount of MKR to launch executive contracts:
“What should scare you here is that this isn’t #DeFi, this is #CeFi, but instead of only one person being able to steal all your money (the bank), the bank or any of a number of large individual shareholders, or a group of smaller shareholders could decide to steal all of your money at any time.”
Such an Attack Would Cripple the Whole Network
If such an attack occurred, everyone in the CPD/Vault would be completely wiped out, and DAI prices will plummet to the bottom, followed by a zero MKR value. Ethereum would also take a beating since this would be a failed development in its ecosystem.
Even with the unlikely event that Maker would be able to get back on its feet after such an event, Maker expressly stated that this is not worth them giving up instantaneous governance control to protect against attack.
The general outline of their defense procedure looks like a longer version of ‘winging it,’ which is ironic for developers that have some of the most difficult code in the blockchain industry.