MakerDAO’s current governance system may be putting $340M in danger
Ethereum’s annual gathering, Devcon, announced the launch of MakerDao‘s MCD back in October. Since its launch on 18 November, the Maker Foundation’s newly collateralized asset has been at the end of some criticism from some quarters.
Coinmonks, a crypto-educational platform, recently highlighted the Foundation’s governance system which allowed MKR token holders to be the deciding factor for the upgrades via votes that the Foundation wishes to implement. In a way, the system in place does not uphold the same safety credentials that it initially boasted with its launch, CoinMonks said.
The article outrightly stated,
“Anyone with 40,000 MKR (about 20,000,000 USD) can steal all of the collateral in Maker DAO, both DAI and SAI, along with a good chunk of assets from Compound, Uniswap, and other Maker integrated systems (over 340,000,000 USD).”
Micah Zoltu, the author of the blog, explained that the Foundation’s governance process is extremely flawed if the network encountered a “well-thought-out/dedicated” attack. As mentioned previously, the Maker Foundation provides control to any contract which has the most MKR tokens staked on it.
Zoltu asserted that under the current executive contract scenario, anyone motivated enough to acquire 80,000 MKR tokens through malicious means can easily facilitate a hack, an event which could see the rogue entity create an executive contract that would transfer all the collateral from Maker to himself.
The author also admitted that such an attack could be avoided if the Foundation made it cost 400,000,000 MKR tokens to acquire control. However, Zoltu conceded that this was very unlikely to happen.
Despite appearing relatively easy on paper, such an attack may not happen in the Maker network. Whatever the logistics, however, the hypothetical scenario in question remains a possibility, the blog added.
The author also claimed to have approached Maker with the aforementioned scenario, to which he said the Foundation suggested that they would not give up governance control to avoid such a threat.
According to the post, Maker told Zoltu that an attacker would need to telegraph such an attack. In response to this assertion, Zoltu said,
“Only if the attack comes from a large selection of MKR holders working together, and only if Maker is willing to put up a defense at the mere hint that someone might be prepping for an attack.”
Although strong arguments have been put forward against the governance system of Maker, any substantial loopholes would be evident only if the system in place fails.