Ethereum
$550.97 2.13%
ETH · 4w

Maker community scrambles to fix long-standing vulnerability to flash loans

The MakerDAO (MKR) community is urgently implementing measures to prevent voting manipulation through flash loans. This was precipitated by what is likely the first instance of the feature being used to influence a DeFi governance vote on Oct. 26.

According to a post published by community member LongForWisdom, someone used a flash loan to force a governance proposal through. BProtocol, a service that lets users pool liquidity to join in Maker debt auctions, came forward as the culprit.

The proposal would have whitelisted the project to access Maker’s price oracle, making it possibl to run decentralized keepers.

BProtocol used dYdX’s flash loan feature — an unbacked loan that is only granted if it is also returned within the same block. This requirement means that its users must have a predefined path for the money they borrow, and it is only useful for operations that can be completed instantly.

Maker community member Monetsupply explained to Cointelegraph that the governance contracts did not feature any lock-up period:

“Current MKR gov system allows voters to lock their tokens, immediately vote to pass a proposal, and then unlock the tokens all in the same block.”

Using flash loans to engage in governance can be seen as manipulative because the money is essentially free. Anyone could use them to execute their own proposals without being a Maker stakeholder.

The governance power is limited to how much MKR is contained in various DeFi protocols. In this specific case, MKR was sourced from Aave, but up to 64,000 MKR worth $34 million is available for flash loans. This is enough to influence at least some of the future governance proposals.

Due to this, the community is engaging emergency containment measures to make exploitation harder as they wait for a more definitive fix. A twelve hour delay between proposals passing and being executed — introduced to allow for the community to challenge malicious votes — wil...

Continue on cointelegraph.com
Recent news
ETH +2.13% · cryptorubic.medium.com · 8h

Rubic Weekly Report 11/27

1.We have released instant trades functionality on the Ethereum network. Now it is possible to create 2 types of trades: instant trades and p2p swaps using order book. RBC token is supported for all…
ETH +2.13% · medium.com · 10h

Introducing the Base Protocol

As cryptocurrency enthusiasts, we’re sometimes divided on which digital assets to buy — bullish on certain projects and bearish on others. But we all agree on one thing, which is that the overall…
12