MakerDAO Initiates Executive Vote On Flash Loan Attacks

On October 30, MakerDAO announced that their Governance Facilitator and the Smart Contracts Domain Team have initiated an executive vote, which will allow users to vote on proposed security actions against malicious governance attacks.

The proposed changes come as a response to newly-detected voting behavior irregularities, which happened last week. If approved by the community, the GSM Pause Delay will be increased to 72 hours from the previous 12, which will allow the governance to effectively respond to a potential attack on the Maker protocol.

Moreover, the Oracle Freeze Module will be deauthorized to prevent freezing of the Oracle price feed by an attack using flash loans. This will also allow the governance to freeze the oracle without waiting for the GSM Pause Delay.

Another change proposed by the team is the deauthorizing of the Liquidations Circuit Breaker, which will prevent the freezing or unfreezing of vault liquidations by malicious third parties, with the Maker Governance being able to freeze or unfreeze liquidations without waiting for 72 hours.

Last week, the cryptocurrency community saw the first time in which an attacker uses flash-loans in order to alternate the governance vote. BProtocol flash borrowed $7 million worth of MKR tokens from the derivatives platform dYdX to swing the vote in its favor.

This happened after the available MKR liquidity exceeded the value of MKR on the hat, with the risk of malicious governance action being described as “unacceptably high”. A total of 63,445 MKR is currently accessible for borrowing through multiple platforms, which is enough to sway controversial new proposals.

The newly-announced executive vote will continue until the number of votes surpasses the total in favor of the previous one (a so-called continue approval vote), with members being able to join a community debate on these topics in the MakerDAO governance forum.