What if there were a way to empty all the ETH held by the Maker protocol?
That’s $300 million worth of crypto right now.That’s a lot of money.Even if doing it caused the price to drop in half or even by two-thirds, it could still be well worth the attempt.
Micah Zoltu, an independent software developer who is also one of the co-authors of the original white paper for the decentralized prediction market Augur , published a blog post on Monday describing an attack on MakerDAO that, he argued, could empty all the ETH from the system.(Users lock ETH into the Maker protocol to generate loans of the dollar-pegged DAI stablecoin.)
Related: Decentralized Liquidity Is the Backbone of DeFi
The problem, Zoltu writes, is in how Maker is governed: “Some group of plutocrats can control how the system behaves.”
The attack would only be feasible for a few MKR whales if they wanted to act quickly.
Zoltu said that 40,000 MKR would be enough if the attack had some sophistication.As of this writing, 48,400 MKR, based on the staking approach of the Maker voting system, could do it right away.
So somewhere between $20 million and $25 million in crypto would need to be deployed to do it.
That’s assuming a person could accumulate MKR in a way that didn’t drive up the price, which is unlikely.
“It is worth noting that Maker Foundation could attack the system in this way right now if they wanted,” Zoltu writes.“What is worse, [venture capital firm] a16z has enough MKR on hand right now to execute the attack the patient way!”
Related: Ethereum’s Istanbul Hard Fork Is Now Live
Aside from an inside job by the parties most invested in seeing ethereum’s flagship decentralized finance (DeFi) application survive, accumulating enough MKR to carry out the attack may be a significant hurdle.
“I feel like it’d at least double the price,” Joey Krug, a partner at Pantera Capital who has been briefed on the vulnerability, said.
“You could probably get a lot of whales to sell to you OTC [over-the-counter] if you were paying double market.”
On the open market, the price would “go bonkers, multiples of what it is now,” Krug said.
That’s only if the attacker had to start from zero MKR, though.So first let’s get into the attack that Zoltu describes and then circle back to the Foundation’s objections.
How it works The Maker protocol is governed by the MKR token.
One million MKR has been minted, a sliver of that has been burned.The Maker Foundation still controls several hundred thousand, both in its treasury and in smart contracts that hold them in escrow.
One MKR sells for about $510 as of this writing.Daily turnover is quite variable but lately, there’s been about $4 million to $10 million in MKR turning over daily.
Anyone who holds MKR can put up a proposal as a smart contract on the protocol, one that can change any number of parameters.
Maker uses continuous governance so that provisions can be voted to change at any time.
This is especially important right now because the system just made a major upgrade, implementing multi-collateral DAI and the DAI savings rate.This new upgrade is a whole new version of the protocol, such that there are really two kinds of DAI now and users are being asked to convert their old DAI (now called SAI) to the new.
The new system institutes some important security changes, such as a delay on how long it takes for changes voted through to go into effect and an emergency shutdown provision.
The biggest weakness allowing Zoltu’s attack is the fact that the current parameter for governance delay is zero seconds.That is, any governance provision that gets voted through goes into effect immediately.
This is something Wouter Kampmann, head of engineering at the Maker Foundation, said has been discussed in detail by the MakerDAO community, which has decided it is better to have zero delay for now while it determines which kinds of changes should be able to bypass the delay and which ones should still have a delay.
“It’s really a matter of finding that sweet spot there,” Kampmann said.
As long as it’s in place, though, Zoltu argues, the funds locked in MakerDAO are “not safu.”
In a call with CoinDesk, Kampmann said it would not be as simple as saying that all the ETH currently held as collateral by MakerDAO could just be directly moved to a wallet controlled by the attacker..
