Stable Coin Provider MakerDAO in Distress: Zeppelin Uncovers Vulnerability | BTC-ECHO
Zeppelin, a blockchain company focused on IT security, reported in a blog post on a critical vulnerability in MakerDAO. The provider of the crypto-based stable-coin Dai had already in the past stability problems: The Dai course fluctuated noticeably in the past, which in principle Stable coins must not be the case.
Affected by the vulnerability is the DSChief Contract of the DappHub Library. In this, the MakerDAO system kept over $ 100 million in crypto assets. They found the security leak on April 22, the MakerDAO team has set up a new contract, they presented on May 2, according to Zeppelin.
MakerDAO, Dai and the MKR Token
MakerDAO offers a stable coin (Dai) that represents one dollar per token. Users can borrow these, but have to deposit security in Ether (ETH) or Bitcoin (BTC). These are secured with a smart contract and remain in the MakerDAO system until the users repay their debts. They pay a fee again, which they in turn pay with the MKR token.
However, this one has another function. It allows users to vote within the network when making decisions on MakerDAO.
Function of the MKR token
The MKR token provides the voting rights in the system. In addition, the fees associated with the voting process can be paid. Token owners of MKR can vote on actions and implementations within the network. Maker DAO is also designed as a Decentralized Autonomous Organization (DAO), through which the system regulates itself and thereby stabilizes the Dai Token.
Vulnerability in the contract
Exactly the latter function could have been exploited by the security leak in one of the Contracts. These again related to the voting mechanism at MakerDAO. In this regard, Zeppelin writes:
When a survey is opened for a governance decision, users can set their MKR tokens in the DSChief Contract to then vote for their preferred suggestions, which are (again) represented by their addresses in the system.
The error in the system, however, theoretically would have allowed it to intervene or manipulate this reconciliation process. Thus, any attackers would have had the opportunity to remove certain electoral votes and also freeze the tokens of other users for an indefinite period. Ultimately, it was possible for attackers to steal elections and freeze foreign tokens.
The problem is already fixed. MakerDAO responded by reprogramming or redesigning the contract. Users who keep their MKR tokens in an old voting contract should now move their MKR from the old contract into their personal wallet.
Additional info: If you would like to know more about stable coins, the tether drama and the reaction of Dai & Co. in the Bitcoin ecosystem, please refer to this article.
Are you a blockchain or crypto investor? The Digital Cryptocompass is the first digital currency stock market newsletter to provide you with monthly exclusive assessments and in-depth analysis of the current situation on the blockchain & crypto markets. Free test now
Be sure not to miss any important news related to Cryptocurrencies! Follow our news feed in the way you prefer; through Twitter, Facebook, Telegram, RSS or email (scroll down to the bottom of this page to subscribe). Bitcoin never sleeps. Neither do we .
Síguenos en Telegram