The Maker Foundation has announced a series of governance polls that aimed at security after Micah Zoltu (the Software Developer) explained how any hacker with $20 million at their disposal could stage an attack on the MakerDAO network and steal close to $340 million.
On December 9, it has been reported in a blog post that the Maker Foundation interim risk team announced a series of governance polls into its voting system, with one poll asking the Maker community whether the governance security module (GSM) should be upgraded from 0 seconds to 24 hours.
Earlier, on the same day, Zoltu had made the claim that it would cost a hacker around $20 million to attack the MakerDAO network and potentially walk away with $340 million worth of Ether (ETH) locked within the MakerDAO.
“Maker DAO v2 was supposed to launch with safeguards against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.”
However, Zoltu explained that MakerDAO attempts to mitigate the threat of nefarious exploits by enforcing the GSM delay after each new contract is chosen. This safety period allows for the network to check the contract and decide whether it was malicious or not.
During this delay, it is also possible a malicious actor with sufficient funds, could show up and vote up their own contracts programmed to steal all of the collateral. Zoltu said that it currently would take around 80,000 Maker (MKR), or about $41million, to do “just about whatever you want to the Maker contracts.”
Moreover, Zoltu also claimed that the value for the GSM delay is currently set at 0 seconds, which gives network defenders no possibilities “to defend against an attack launched by a wealthy but malicious party.”
Though Zoltu stated in his blog post that Maker is not willing to give up instantaneous governance control to protect against this kind of attack, the Maker Foundation interim risk team did add a poll on the issue.
Thus, it has been analyzed that if the proposal to introduce the governance security module (GSM) passes, then the GSM delay would be increased from 0 to 24 hours by giving defenders ample time to prevent or fight back against a malicious attack.
Source: blog.makerdao.com | cointelegraph.com