The TL;DR

Funds are not safu!

The Summary

Anyone with ~40,000 MKR (about 20,000,000 USD) can steal all of the collateral in Maker DAO, both DAI and SAI, along with a good chunk of assets from Compound, Uniswap, and other Maker integrated systems (over 340,000,000 USD).

Maker DAO v2 (AKA Multi-Collateral DAI, AKA McDAI) was supposed to launch with safeguards (emergency shutdown and governance delay) against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.

The Bank

Maker DAO. It is the thing that makes DAI work. It currently has about 340M USD worth of ETH locked in it across their v1 and v2 releases. It also is a “governed” system, unlike https://uniswap.exchange or https://augur.net, which means some group of plutocrats can control how the system behaves.

The Design

The governance system can call a wide variety of internal functions that allow the governors to do just about whatever they want. Governance is a fairly simple “stake the leader” system, where you stake your MKR on the contract that you want to have control over the system, and the contract with the most staked MKR is given that control. Since the current executive contract (AKA: executive proposal) has about 80,000 MKR staked on it, the naive cost of doing just about whatever you want to the Maker contracts is about 80,000 MKR, or about 41M USD. To mitigate the threat of malicious actors, the system has a mechanism which makes it so after a new executive contract is chosen, there is a delay before it can take any actions. During this delay, anyone with a sufficient amount of MKR can trigger a global settlement of the whole system, effectively shutting it down before the new executive contract can do anything untoward. This means that if a thief showed up and tried to vote in their own executive contract that is programmed to steal all of the collateral, even if they had more stake than the other executive contracts they would have to wait for that delay and hope no one triggered the defense mechanisms during that time.

The Negligence

The problem is, Maker Foundation has decided that the appropriate value for this governance delay is 0 seconds. That is right, defenders have 0 seconds to defend against an attack launched by a wealthy but malicious party.

The Subtlety

Given the above, an attacker could do the following:

Acquire 80,000 MKR through whatever means possible. Create an executive contract that is programmed to transfer all collateral from Maker to you. Immediately (in the same transaction) vote on the contract. Immediately (in the same transaction) activate the contract. Ride off into the sunset with 340M USD worth of ETH (don’t bother going back for your MKR, it will be worthless after this).

This is incredibly profitable (8x ROI), but it is expensive to execute. Luckily, we can knock the cost of the attack down to 50% of that by simply being patient!

Remember above how we described the way the current voting system works is that the executive contract with the most votes is the one with all the control? Anytime a governance vote is proposed, there is a time period over which MKR stake migrates from the old executive contract to the new one. This never happens all at once, it usually happens over time as individuals migrate their votes forward. There will be a point in time where that 80,000 actively participating MKR will be split between two executive contracts, with each having approximately 40,000 MKR in it. A good script kiddie can easily time a transaction such that it lands right when the MKR is distributed optimally between the two contracts and execute the above attack at that time, only costing some amount over 40,000 MKR (~20M USD).

The Cash Register

If stealing 340M USD isn’t enough for you, you could also mint yourself a quadrillion DAI as part of the attack execution. In the same transaction as you rob Maker, you could take that DAI over to Uniswap and steal all of the ETH liquidity available in the DAI:ETH pair. For a bit of extra change from the pockets of hapless bank patrons you could also go over to Compound and lend out a quadrillion DAI and borrow all available lent capital (you would never repay the loan, just keep the borrowed assets). If you act quickly, you may even be able to cash-out on semi-decentralized exchanges like IDEX, Paradex, RadarRelay, etc. immediately after minting all that DAI.

The Crowd

But wait, there’s more! Ethereum is a system built on binding agreements! This means that one could create a smart contract where multiple people who don’t trust each other can collude under a strict set of rules. The set of rules might be something like this:

If this contract collects 40,000 MKR, then anyone can trigger it and it will immediately rob Maker. Upon successful robbery, the loot will be divided evenly up among MKR contributors. Upon failed robbery, MKR can be withdrawn by participants. At anytime anyone can withdraw their MKR.

This very simple contract is a binding agreement between everyone who contributes MKR to the contract, and there is no need for anyone to trust each other like with a traditional heist. No one can run away with all of the loot, no one can steal any other participant’s contribution, and no one can use the contributed MKR for anything other than executing the agreed upon heist.

One may argue (and Maker Foundation does), that any attackers must telegraph their presence to crowdsource, and Maker Foundation could simply break their rule of “we don’t participate in governance” to stop the attack by throwing all of the foundation’s MKR into the vote, thus making it now cost 400,000,000 MKR instead of 40,000 MKR. While it is true that Maker Foundation could prevent this if they saw it coming, there is no guarantee that they will see it coming. For example, the attackers may have capital elsewhere and they could use it to acquire MKR over time off of exchanges. The attackers also may be MKR holders who know other MKR holders with a certain moral turpitude and could coordinate in private.

Even if the binding agreement contract was public knowledge, it could be designed in a way to obfuscate the crowdsourcing. For example, you could have everyone who was interested submit a pre-signed transaction to a central service provider (no need to fully trust them) and then the central service provider would wait to broadcast those transactions until enough MKR was “ready to mobilize”. In such a scenario either Maker Foundation steps in to centrally control the system without knowing if anyone is actually contributing, or they do nothing and risk that at any moment the attack could happen and they would be powerless to respond in time.

The Insiders

It is worth noting that Maker Foundation could attack the system in this way right now if they wanted. They have way more than the 80,000 MKR necessary. What is worse, a16z has enough MKR on hand right now to execute the attack the patient way! There are a couple other MKR holders whose identity is unknown to me who hold enough to execute the patient version of the attack as well, and then after that there are a handful that would need to collude with one or two others to execute the attack.

What should scare you here is that this isn’t #DeFi, this is #CeFi, but instead of only one person being able to steal all your money (the bank), the bank or any of a number of large individual shareholders, or a group of smaller shareholders could decide to steal all of your money at any time.

The Fallout

So what happens to Maker users if someone executes this attack? For starters, everyone with a CDP/Vault would be wiped out. The direct theft is stealing all of the collateral. The knock-on effect of that is that DAI would become 100% undercollateralized and its price would likely go to zero. Following that, MKR value would like go to zero since their entire system basically failed, and resurrecting it is unlikely after that kind of failure. It is possible that Ethereum would take a bit of a licking as well since this would be yet-another massive failure within the Ethereum ecosystem. I suspect it would recover, because it still is a good platform, but a reminder that “people can build bad things on top of a good thing” is sobering for irrational exuberance.

The Defense

I have brought up this attack scenario with Maker and they have expressly stated that it is not worth them giving up instantaneous governance control to protect against this attack. The general theme of their defense arguments are as follows (paraphrased by me, talk to them if you want first hand statements), along with my rebuttals:

The attack vector has existed for quite a while, but things are fine so far.

Heartbleed (OpenSSL attack) existed for 10 years before it was found. Maker’s source code is notoriously hard to follow and a big complaint by a large portion of the Ethereum dev community. I have personally told them previously that I didn’t audit Maker’s contracts because it was too hard to read their code. I finally bit the bullet and dug into Maker v2 because it was supposed to be secure (unlike Maker v1 which was well known to be insecure, though I didn’t realize just how insecure it was). Just because no one has executed an attack yet doesn’t mean they will not execute the attack in the future. This is especially true when the vector becomes more widely known.

Heartbleed (OpenSSL attack) existed for 10 years before it was found. Maker’s source code is notoriously hard to follow and a big complaint by a large portion of the Ethereum dev community. I have personally told them previously that I didn’t audit Maker’s contracts because it was too hard to read their code. I finally bit the bullet and dug into Maker v2 because it was supposed to be secure (unlike Maker v1 which was well known to be insecure, though I didn’t realize just how insecure it was). Just because no one has executed an attack yet doesn’t mean they will not execute the attack in the future. This is especially true when the vector becomes more widely known. It is too expensive for anyone but a select few people to execute.

See The Crowd section above. Also note that it only takes one person to attack, so “too expensive but for a select few” doesn’t make a system secure.

See The Crowd section above. Also note that it only takes one person to attack, so “too expensive but for a select few” doesn’t make a system secure. An attacker would have to telegraph their attack.

Only if the attack comes from a large selection of MKR holders working together, and only if Maker is willing to put up a defense at the mere hint that someone might be prepping for an attack.

Only if the attack comes from a large selection of MKR holders working together, and only if Maker is willing to put up a defense at the mere hint that someone might be prepping for an attack. We would take legal action against any attackers.

This one basically spits in the face of #DeFi. A lot of people within the Ethereum ecosystem are expressly trying to protect themselves from totalitarian governments. Claiming that “your money is safe because those thugs that you are hiding from will protect you” is not reassuring at all. Also, it presumes that the attackers are not anonymous (see below).

This one basically spits in the face of #DeFi. A lot of people within the Ethereum ecosystem are expressly trying to protect themselves from totalitarian governments. Claiming that “your money is safe because those thugs that you are hiding from will protect you” is not reassuring at all. Also, it presumes that the attackers are not anonymous (see below). It is hard to be anonymous on Ethereum.

Yes, it is a bit tricky to be anonymous on Ethereum. Despite that, The DAO attacker is still unknown. Satoshi is still unknown. Many very wealthy ETH holders are unknown. Being hard isn’t a good defense against a massively profitable attack.

Yes, it is a bit tricky to be anonymous on Ethereum. Despite that, The DAO attacker is still unknown. Satoshi is still unknown. Many very wealthy ETH holders are unknown. Being hard isn’t a good defense against a massively profitable attack. It is a known risk, but there are unknown risks that may be worse.

I disagree pretty strongly with this risk assessment. You have a known risk where it is incredibly profitable to attack the system and that is being compared against unknown risks of unknown impact and unknown likelihood. This line of thinking is along the lines of, “there is no attack vector that is worth us giving up our control for.”

The Disclosure

Maker has been aware of this issue since before Maker v2 launched, probably since the beginning. Despite this, they are choosing not to plug the hole (the plug is easy). Because of that, I do not believe that it would be responsible for me to keep my mouth shut and hope that no attacker figures out what should be obvious to anyone who understands Maker’s governance model.

The Promotion

I rarely blog, but feel free to clap, comment, subscribe if you want a gem like this every now and then! If you want to watch me argue with people on the internet about things like this then follow me on Twitter @MicahZoltu.