Maker Addresses $300M+ Governance Vulnerabilities

This past Monday, freelance developer Micah Zoltu released a blog post highlighting a major vulnerability in Maker DAO’s new Multi-Collateral Dai system. For those unfamiliar with the article, the author illustrated how the existing governance parameters surrounding emergency shutdowns would allow anyone to transfer all of Maker’s collateral to an address of the choice in the event that they acquired enough MKR tokens (roughly 40,000 MKR or $20M) to fully control an executive vote proposed by the attacker.

The piece further goes on to illustrate that smaller parties *could* collude to pool the amount of MKR necessary to prompt such an attack and split the *rewards* pro-rata. At the time of the article going live, Micah had expressed concern with the existing governance parameters surrounding executive contract ownerhip:

“To mitigate the threat of malicious actors, the (Maker) system has a mechanism which makes it so after a new executive contract is chosen, there is a delay before it can take any actions. During this delay, anyone with a sufficient amount of MKR can trigger a global settlement of the whole system, effectively shutting it down before the new executive contract can do anything untoward. The problem is, Maker Foundation has decided that the appropriate value for this governance delay is 0 seconds. That is right, defenders have 0 seconds to defend against an attack launched by a wealthy but malicious party.”

In light of this vulnerability, we’re happy to report that Maker announced a new governance poll to tackle executive contract delays. As of yesterday, MKR token holders can vote on the launch of a new executive poll marking a formal integration of a new Governance Security Module – designed to give the MKR token holders a chance to review any changes that will go into the system and act accordingly if those changes are deemed to be malicious. More specifically, the executive contract delay will be changed from 0 seconds to 24 hours.

Furthermore, the official blog states that:

“The (Maker) community should expect a series of discussions and documents over the coming weeks which will explore the implications of the GSM and options for its best application.”

As of writing, the poll has seen 32 unique voters signalling over 39,000 MKR in support, a strong sign that the GSM will almost certainly be put to an executive vote on this coming Friday.

Update: As pointed out by Ben Sparango, the Governance Security Module was discussed on last week’s governance call. Changes are being implemented now because the team is satisfied with how MCD is going – likely indicating it’s less susceptible to an attack. The timing of the GSM announcement in lieu of the article by Micah seems to be coincidental.

“The GSM delay was lowered to 0 for MCD launch so that, in case anything went wrong, they could push code updates and they would take immediate effect. Now that MCD is going smoothly, (Maker) is re-implementing the GSM delay to 24 hours so that there is a delay between executive votes being executed and the code actually being updated. This is to prevent malicious attackers from pushing malicious code and it being merged immediately.”

Stated plainly, this vulnerability arose due to a need for Maker to have full control over the launch of MCD. Moving forward, this specific vulnerability will not be present.

What Makes This Unique?

For those who have been active in the larger crypto market for some time, we’ve all experienced our fair share of FUD (fear, uncertainty and doubt) which have lead to major market slides. In fact, just yesterday we saw Matic Network ($MATIC) suffer from a 70% price slide after a misreport of team token usage.

While the article surrounding Maker governance vulnerability was certainly not FUD but rather cold hard fact, it’s important to recognize that the price of MKR did not suffer as a result of the article. Whether this is due to more sophisticated shareholders or overconfidence that Maker is the future of finance, it’s an interesting point to take note of seeing as the article gained some serious attention on social media.

I’m a bit late to my own party due to Medium timed publish and an irregular sleep cycle, but here it is! https://t.co/T9bbSGiUwB

— Micah Zoltu (@MicahZoltu) December 9, 2019

If anything, the flow of events have gone to show that information is becoming more efficient, with the Maker Foundation vocalizing that these parameters need to be reviewed (and integrated) immediately.

The bigger story here is how important a role community members can play in shaping some of the largest products in the market. As many have come to regard Maker as the biggest DeFi project (in terms of TVL), this example goes to show that it is still not without flaws. While we may still be in a nascent market, it’s important to recognize that we are still learning, and articles such as the one mentioned above are a fantastic illustration of why sleuthing around open-source code is not only necessary but ultimately beneficial.

If one thing is for certain, this article points to a bigger call for governance participation at large. In a system that deals with millions (and soon billions) of dollars of capital, distributed governance schemas could pose serious risks in the event that participation is not higher.

In the coming year, I expect to see more token models that incentivize governance participation, gradually increasing the reasons why the average individual would *want* to vote on protocol upgrades in the first place.

In the meantime, we recommend staying up to date with everything surrounding the situation via the MakerDAO community governance forum, and on Rocket.Chat to discuss the latest on everything related to Multi-Collateral Dai.

For more information on all things DeFi, follow us on Twitter.