- The attack would require the work of a few MKR whales or many minor MKR addresses.
- The cost of such an attack would be about $20 million, possibly more.
The Maker protocol currently holds $300 million in ETH, but is it as safe as investors believe? Micah Zoltu, a developer and the co-author of the original whitepaper for Augur, recently published a post that suggested that there’s a massive vulnerability with MakerDAO. In the blog, he states that this vulnerability could be attacked, pulling every bit of ETH from the MakerDAO system.
Often, users will lock ETH into the Maker protocol, allowing them to create loans involving the DAI stablecoin, which is pegged to the dollar. However, Zoltu points out that the way Maker is governed creates a problem, stating, “Some group of plutocrats can control how the system behaves.”
The only way that the attack could occur is if a few of the MKR whales decided to take fast action, though a sophisticated attack would only take about 40,000 MKR. Based on the voting system and the staking approach presently implemented for Maker, using 48,400 MKR would allow this attack to take place right away. Essentially, at least $20 million in cryptocurrency would be needed to make this possible, assuming that the price wouldn’t push upwards with this kind of purchase, which isn’t likely. Zoltu continued, writing,
“It is worth nothing that Maker Foundation could attack the system in this way right now if they wanted. What is worse, [venture capital firm] a16z has enough MKR on hand right now to executive the attack the patient way!”
Apart from the possibility of an inside job by individuals that want to see the DeFi application thrive, the ability to actually get all of the MKR needed for this type of attack is likely the biggest struggle. Joey Krug, who is a partner of Pantera Capital and has been made aware of this vulnerability, stated,
“I feel like it’d at least double the price. You could probably get a lot of whales to sell to you OTC if you were paying double market.”
In the open market, the price would skyrocket exponentially, in the event that the attacker had to start from square one.
As it stands, the MKR token governs the Maker protocol. There’s been a small amount burned already of the one million minted, but the Maker Foundation remains in control of a few hundred thousand in both treasury and smart contracts. At the time of writing, a single MKR sells for $499.16, and about $4 million to $10 million in turnover is processed daily.
By holding MKR, any investor has the ability to put up a smart contract, though Maker uses continuous governance to allow for changes at any time. The system just made the upgrade from the single-collateral DAI to the multi-collateral DAI, which means that a whole new version of the protocol is available. Now, there are two kinds of DAI, and users are being pushed to convert their old DAI to the current DAI.
While there are new security changes, like a delay on voted changes to take effect, Zoltu points to the biggest weakness, there is no governance delay. This means, any provision that is voted and approved will immediately take effect, which head of engineering Wouter Kampmann believes is better to have for now. Kampmann added, “It’s really a matter of finding that sweet spot there.”
When speaking with CoinDesk, Kampmann stated that all of the ETH that MakerDAO holds wouldn’t just be moved into a wallet that an attacker could control. Instead, Kampmann stated,
“The way permissionless, unstoppable code works is that there is certain business logic that determines the rules of how to interact with the contract – and these rules are unchangeable.”
This kind of attack would take substantial intelligence and planning, but anyone who remembers the DAO hack is probably a little nervous anyway. Zoltu’s attack theory would need to take place quickly, as the governance delay would likely be increased in the first quarter, possibly as early as January. However, this decision isn’t actually up to the foundation staff. Kampmann stated,
“You cannot just ignore the economics of it. The problem with the model that’s set forth is really in the incentive model.”
There are presently a few whales that already have accumulated enough MKR to attack in this way already, but it isn’t likely they will. The attack would ultimately cause the loss of their value in other assets as it shakes up Ethereum, costing them much more than they gain. Kampmann states that MKR holders should be staking their MKR on votes, if they care about making the protocol secure. Plus, there’s still a lot of MKR sitting on the sidelines. Krug added that, while MKR whales probably have good intentions, it would be unwise to “assume it for sure.”
Another option of this attack would require massive collaboration amongst many minor whales, which account for about 16,000 ETH addresses. If they combined forces without tipping off the MakerDAO community, it is possible that they could avoid the price movement while collecting enough tokens. Considering that MKR simply doesn’t move around that much, this type of cooperation is not likely at all, but Zoltu doesn’t believe that all of these assumptions make the protocol safe enough. Zoltu added,
“They [the Maker Foundation] are operating under the assumption that there are no dark pools of liquidity available to attackers. This is, kind of by definition, something one cannot know.”
As The Next Web’s Hard Fork points out, MakerDAO recently stated that there was another major security flaw in October, allowing the theft of Ethereum before the DAI upgrade was released.