The Maker Foundation has announced a series of governance polls aimed at security after software developer Micah Zoltu explained how any hacker with $20 million at their disposal could stage an attack on the MakerDAO network and steal close to $340 million.
In a Dec. 9 blog post, the Maker Foundation interim risk team announced a series of governance polls into its voting system, with one poll asking the Maker community whether the governance security module (GSM) should be upgraded from 0 seconds to 24 hours.
Earlier on Dec. 9, Zoltu had made the claim that it would cost a hacker around $20 million to attack the MakerDAO network and potentially walk away with $340 million worth of Ether (ETH) locked within the MakerDAO. Zoltu said:
“Maker DAO v2 was supposed to launch with safeguards against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.”
Zoltu explained that MakerDAO attempts to mitigate the threat of nefarious exploits by enforcing the GSM delay after each new contract is chosen. This safety period allows for the network to check the contract and decide whether it was malicious or not.
However, during this delay it is also possible a malicious actor with sufficient funds, could show up and vote up their own contracts programmed to steal all of the collateral. Zoltu said that it currently would take around 80,000 Maker (MKR), or about $41million, to do “just about whatever you want to the Maker contracts.”
Zoltu further claimed that the value for the GSM delay is currently set at 0 seconds, which gives network defenders no possibilities “to defend against an attack launched by a wealthy but malicious party.”
Maker Foundation asks community whether to fix the issue
Although Zoltu stated in his blog post that Maker is not willing to give up instantaneous governance control to protect against this kind of attack, the Maker Foundation interim risk team did add a poll on the issue.
Should the proposal to introduce the governance security module (GSM) pass, then the GSM delay would be increased from 0 to 24 hours, giving defenders ample time to prevent or fight back against a malicious attack.