- A first in the DeFi ecosystem, a protocol uses a flash loan to vote and influence its own governance decisions.
BProtocol Foundation, a platform concentrated on developing Bancor Network, raised a governance proposal vote on the Maker platform using a quick $7 million flash loan to pass its proposal. Maker warned users of the possibility of governance proposals being “rigged” through the use of flash loans following the successful vote completed by BProtocol last week.
— Maker (@MakerDAO) October 27, 2020
BProtocol submitted a vote on Maker to be whitelisted to access the latter’s decentralized price oracle on October 23. To make it happen, the team manipulated the governance vote by borrowing a flash loan and voting for themselves – winning the vote. However, this raised questions on the negative impact of flash loans on the emerging DeFi space.
Flash loans are lending agreements that allow a user to borrow a certain amount of Ethereum and return it within the same block. These loans allow holders to simultaneously buy lower-priced tokens and sell them at a higher price on another platform. However, as seen in the latest and former exploits such as the bZx exchange, flash loans cause unexpected risks and security qualms across the largely untested DeFi ecosystem.
In BProtocol’s case, the team proposed the vote on October 23 and three days later carried out the flash loan. Here’s how it worked:
BProtocol locked 50,000 ETH tokens on dYdX exchange to borrow wrapped ETH, wETH. The team then transferred the wrapped Ether to Aave Protocol to borrow $7 million in Maker governance tokens, MKR. These tokens were then transferred and locked on Maker’s platform to vote on their whitelisting. Once the vote was complete, BProtocol unlocked the funds and paid back the loan.
In a statement on the flash loan vote by Maker, the DAO claimed the increase of flash loan attacks is causing a “risk of malicious governance action [becoming] unacceptably high.” At current times over 63,400 MKR tokens are at susceptible risk of being accessed in flash loans. Still, there is no risk of a governance attack yet – only new executive governance proposals are at risk when submitted. The statement reads,
“In the event of a malicious governance attack that leads to a redeployment of the Maker Protocol before the introduction of flash loan guards into the governance process.”
“The community and domain teams should do everything possible to burn the MKR involved in the attack, regardless of whether the owner was directly involved in the attack.”
Maker DAO is currently looking at solutions to prevent such security breaches and flash loans affecting the decentralized voting process. The team plans to increase the waiting time to execute a proposal from 12 hours to 72 hours to give the community enough time to rectify contentious proposals. They also plan to increase MKR on the hat proposal to over 100,000 MKR to prevent flash loans executions.
The executive plan to add Yearn.finance (YFI) and Balancer (BAL) as collateral on Maker has also been delayed due to the recent attacks.